jasongrossman has quit [Quit: ERC (IRC client for Emacs 26.1)]
jasongrossman has joined #nixos-chat
<colemickens>
"Why though?" I think the answer is that <1.0 is a big fat red sharpie strikethrough for a lot of places.
<gchristensen>
"why the heck is ofborg's agent timing out????" (me for the last 4hrs)
<gchristensen>
"oh, I blocked everything but 443, 80, 21"
<samueldr>
related to your testing infra tweet?
<gchristensen>
yea
<colemickens>
rubber duck debugging, but it's just cleaning up and commenting your own code before pushing a gist to ask for help.
jasongrossman has quit [Ping timeout: 252 seconds]
drakonis has joined #nixos-chat
buckley310 has quit [Remote host closed the connection]
drakonis has quit [Quit: WeeChat 2.3]
Arahael has joined #nixos-chat
jasongrossman has joined #nixos-chat
jasongrossman has quit [Client Quit]
drakonis has joined #nixos-chat
jasongrossman has joined #nixos-chat
jasongrossman has quit [Client Quit]
jasongrossman has joined #nixos-chat
endformationage has quit [Quit: WeeChat 2.4]
Myhlamaeus has quit [Ping timeout: 264 seconds]
manveru has quit [Read error: Connection reset by peer]
manveru has joined #nixos-chat
manveru has quit [Max SendQ exceeded]
manveru has joined #nixos-chat
jackdk has quit [Ping timeout: 250 seconds]
drakonis has quit [Read error: Connection reset by peer]
drakonis has joined #nixos-chat
__monty__ has joined #nixos-chat
pie_ has joined #nixos-chat
<tilpner>
elvishjerricco: Re hidden vdev: zfs remap sounds like it might help there
<ar>
tilpner: ah, so there is a mechanism to drain them?
<tilpner>
I don't know, I have no way to verify if the hidden vdev is still there
<tilpner>
But it sounded like that
pie_ has quit [Ping timeout: 252 seconds]
<Taneb>
Idea: NixOS configurations emit an ignorable warning if running a server but not opened the corresponding port (presuming most modules know which ports they want opened)
pie_ has joined #nixos-chat
<eyJhb>
Any CSS wizz available?
<averell>
i think i remember that flexbox is always the answer. so i guess i'm kind of an expert.
<eyJhb>
I ended up just hardcoding `-8px`, should do the trick! :p
drakonis_ has joined #nixos-chat
drakonis has quit [Ping timeout: 258 seconds]
<srhb>
arf.. Can it really be true that I can't delegate GSSAPI creds if I'm not authed via GSSAPI?
<srhb>
This is presenting problematic chicken-and-egg issue...
jasongrossman has quit [Ping timeout: 250 seconds]
jasongrossman has joined #nixos-chat
drakonis_ has quit [Read error: Connection reset by peer]
drakonis_ has joined #nixos-chat
drakonis has joined #nixos-chat
drakonis_ has quit [Ping timeout: 246 seconds]
tilpner_ has joined #nixos-chat
tilpner has quit [Remote host closed the connection]
das_j has quit [Quit: "Bye!";]
nckx has quit [Ping timeout: 264 seconds]
nckx has joined #nixos-chat
tilpner_ is now known as tilpner
Synthetica has joined #nixos-chat
endformationage has joined #nixos-chat
buckley310 has joined #nixos-chat
drakonis_ has joined #nixos-chat
drakonis has quit [Ping timeout: 258 seconds]
pie_ has quit [Ping timeout: 240 seconds]
Ralith has joined #nixos-chat
drakonis has joined #nixos-chat
drakonis_ has quit [Ping timeout: 258 seconds]
drakonis1 has joined #nixos-chat
drakonis1 has quit [Quit: WeeChat 2.3]
drakonis_ has joined #nixos-chat
drakonis has quit [Ping timeout: 255 seconds]
Myhlamaeus has joined #nixos-chat
drakonis_ has quit [Ping timeout: 258 seconds]
pie_ has joined #nixos-chat
<pie_>
is there anyone that might be able to handhold me through makeScope / related sometime?
jasongrossman has quit [Ping timeout: 246 seconds]
__monty__ has quit [Quit: leaving]
<infinisil>
What is this bullshittery, first of all, I have connection just fine: ping 1.1.1.1 PING 1.1.1.1 (1.1.1.1) 56(84) bytes of data. 64 bytes from 1.1.1.1: icmp_seq=1 ttl=55 time=36.9 ms
<infinisil>
But I can run `dig @1.1.1.1 google.com`, to which I get: ;; connection timed out; no servers could be reached
<infinisil>
This is the reason I've been using a VPN for all my internet traffic, because I get such problems without one
<infinisil>
The ISP can't block all TCP traffic right?? How am I the only one in our houshold with this problem??
pie_ has joined #nixos-chat
<joepie91>
infinisil: DNS is UDP, not TCP
<infinisil>
Oh and it's not the router either, I can `curl fritz.box` (the domain of my router) just fine, `curl google.com` times out
<infinisil>
joepie91: Oh right
<joepie91>
what does 8.8.8.8 say?
<infinisil>
joepie91: Nope, can't connect
<joepie91>
weird
<infinisil>
Oh also funny, I am connected to IRC over this very connection right now
<pie_>
joepie91, afaik dns can be over txp too now?
<pie_>
joepie91, are you using ipv6
<pie_>
(no specific idea)
<joepie91>
pie_: you're probably thinking of DNS-over-HTTPS / DNS-over-TLS
<joepie91>
and yes, I have IPv6, but I'm not the one with the broken internet :)
<pie_>
joepie91, nah, i thought you could just do dns over tcp
<pie_>
joepie91, oops meant infinisil :P
<joepie91>
not afaik
<infinisil>
I think DNS has been possible over TCP for a long time
<infinisil>
Man this is screwed up, I want to know what's behind this
<joepie91>
oh huh, DNS *does* work over TCP
<joepie91>
sort of
<pie_>
infinisil, wonder if theres any way you can check the status of ongoing connections
<pie_>
i always figured linux *has* to have / needs better networking debug tools
<pie_>
:/
<infinisil>
Well DNS over UDP doesn't even work, there's no connections involved with that
<infinisil>
I'll try mtr
<infinisil>
That's a nice debugging tool
<samueldr>
could the router or the isp block dns resolution outside their own servers?
<infinisil>
samueldr: Interesting take, but I don't think that's it
<pie_>
i guess someone could put something on their tcp port 53 and see if infinisil can see it
<pie_>
s/tcp//
<infinisil>
I can get an ICMP traceroute to 1.1.1.1 just fine, but switching to using TCP/UDP instead fails (sudo mtr -u 1.1.1.1/sudo mtr -T 1.1.1.1)
<pie_>
or, if infinisil can even nmap port 53 on normal servers
<pie_>
inb4 its never mtu
<joepie91>
lol
<infinisil>
Hmm what port does mtr use though
jasongrossman has joined #nixos-chat
<infinisil>
Aha!
<gchristensen>
mtr is icmp
<infinisil>
Port 53 fails, port 80 succeeds
<gchristensen>
(ie, no port)
<infinisil>
gchristensen: It also supports tcp/udp as I just mentioned above, with -T and -u
<infinisil>
Oh, I guess 1.1.1.1 doesn't serve on port 80 in any case
<infinisil>
Wait no I think it does
<infinisil>
(can't check right now because DNS doesn't work..)
<infinisil>
Oh and I said it succeeded
<infinisil>
Well it doesn't succeed anymore
<infinisil>
But ICMP pings still work
<pie_>
this is why we need declarative debugging
<pie_>
"i think it worked" "oh wait?"
<infinisil>
You can't really debug this stuff though
<infinisil>
It's just layers upon layers of abstraction you have no insight into whatsoever
<gchristensen>
script all your tests so they're written down? dunno, pie_
<pie_>
gchristensen, ya basically i guess
<pie_>
infinisil, i had two issues this week i tried to use a debugger for and had to end up using completely orthogonal means of solving :(
<gchristensen>
there are tools to debug these things, there is insight to be found, they're just not trivial to pick up and use
<infinisil>
Oh and another weird thing: after a couple seconds, mtr exits with "Address in use"
<infinisil>
Guess I'll go back to traceroute
<pie_>
infinisil, randomized source port?
<infinisil>
pie_: Oh yeah it might have something to do with that
<pie_>
?thing is unless some kind of socket option is used, you cant reopen a port until some sort of timeout has passed due to tcp round trip time or something?
<pie_>
and related to the closing of ports and sending the closing pakcet
<gchristensen>
what do you get when you dig 4.2.2.2 ?
<gchristensen>
dig @4.2.2.2 google.com
<infinisil>
gchristensen: Nothing, timeouts
<infinisil>
This shouldn't have anything to do with NixOS' default firewall, right?
<gchristensen>
no
<infinisil>
Well, there is this correlation of people that have internet problems and people that use NixOS in our house
<infinisil>
pie_: I can't even open that because of my problems xD
<gchristensen>
what does <<ping -s 65507 4.2.2.2>> do for you, infinisil?
<infinisil>
(will open on phone though)
<pie_>
infinisil, oh right, dont lose your irc connection! :P
<pie_>
infinisil, do you irc over a bouncer on your lan or something
<infinisil>
gchristensen: Prints the default header, then nothing
<gchristensen>
Ctrl-C shows packet loss?
<infinisil>
gchristensen: Yup, 100% loss
<gchristensen>
infinisil: how about this one? ping -s 23515 4.2.2.2
<pie_>
(is this loss)
<infinisil>
gchristensen: That one works :o
<infinisil>
How what why
<gchristensen>
infinisil: how about ping -s 44519 4.2.2.2
<infinisil>
Nope
<infinisil>
Should I bisect that? :D
<gchristensen>
yep
<infinisil>
That's interesting
<gchristensen>
22:22 <pie_> inb4 its never mtu
<gchristensen>
your mtu is set wrong, you're not fragmenting, and an upstream is dropping your large packets :)
<infinisil>
Ohhh!
<infinisil>
Well, sorry for not fragmenting then!
<infinisil>
Wait, how do I do that
<gchristensen>
I don't know how with `ip` just `ifconfig`
<gchristensen>
(ifconfig eth1 mtu 9000 up, for example)
<gchristensen>
nicely guessed, pie_ :P
<gchristensen>
infinisil: `ifconfig eth1 mtu 1500` is a pretty conservative place to get started and get you back up and running
<infinisil>
Um, regarding the bisection, it seems that there's no fixed threshold
<gchristensen>
it is okay, just set it to 1500 and see what happens
drakonis has joined #nixos-chat
<infinisil>
My default interface lists an mtu of 1500 already, but I guess I'll try
<gchristensen>
hrm
<infinisil>
Yeah that seems to be a noop
<gchristensen>
hrm.
<gchristensen>
how about 555? :)
<joepie91>
"Someone once described the corporate culture of Google as one where everyone covets working on the next big thing, but nobody wants to do legacy maintenance or support for the long haul. That's why there are ao many major projects launched and then quickly abandoned after a while. No idea if that's true, but it fits with what we observe from the outside."
<infinisil>
gchristensen: "Network not reachable" on first ping run, after which the mtu automatically gets set to 604 apparently, then I can ping without that error, but it still fails on higher packet sizes
<gchristensen>
hrm.
<gchristensen>
I'm out of ideas, sorry
<joepie91>
gchristensen: a comment on an article about Google abandoning their plans for a retail store in Chicago: " Google moving on to canceling projects before they're released. "
<gchristensen>
haha
<infinisil>
gchristensen: pie_: Thanks you two, now I know at least something about the problem
<infinisil>
I need a probabilistic binary search, so I can create a probability map of how big the chance is for a packet of a certain size to be dropped
<infinisil>
I'll make the same test on my laptop now
pie_ has quit [Ping timeout: 258 seconds]
drakonis has quit [Ping timeout: 240 seconds]
<infinisil>
Yup, fails the exact same way
<infinisil>
Guess I'll try over my laptops wlan too, just to be sure
<infinisil>
Ehh although, even through my VPN connection which works no problem (even with DNS and everything), -s 60000 fails all the time
<infinisil>
So that doesn't seem to be it after all..
<gchristensen>
hrm
<infinisil>
gchristensen: Does that work for you?
<gchristensen>
yeah
<infinisil>
Odd
<infinisil>
I wonder how useful wireshark would be for this
<gchristensen>
probably useful
pie_ has joined #nixos-chat
<pie_>
gchristensen, im not even good at networking, its just never mtu xD
<pie_>
honestly, why are mtu problems even a thing still
<pie_>
i was thinking about that the other day
<pie_>
the computers should be able to figure this junk out
<infinisil>
They do?
<gchristensen>
last I hadf them it was due to VPNs
<gchristensen>
VPN's tun had a high mtu but the underlying connection had a low MTU, and it caused problems
<pie_>
gchristensen, probably the context in which i heard of the problems, but still
<pie_>
i think iodine automatically checked for something equivalent, but thats a special case
<pie_>
(iodine tunnels over dns)
<gchristensen>
in my case it was a poorly configured openvpn
<infinisil>
Oh well this is interesting
<infinisil>
(hold on, confirming before I blurt nonsense)
<infinisil>
Yeah, it works over Wifi!
<infinisil>
No problems whatsoever over wifi, internet works as normal
<infinisil>
And the only thing that's between the internet and both my machines via ethernet is..
<infinisil>
my switch!
<infinisil>
Ohh you are in trouble now!
<infinisil>
I'm going to replug my cables to not go through that potential evil-doer
<infinisil>
It's not the switch, I didn't realize my machine wasn't connected through the switch after all
<infinisil>
The only confirmed thing between the internet and both my machines is actually these devolo powerline boxes
<infinisil>
Last test: connecting to my router directly, without this powerline crap inbetween
<pie_>
i know information over powerline is a thing but huh, didnt know people actually use that for internet
<infinisil>
(Problem: I don't have an ethernet cable on my laptop, so I can't actually test that)
<infinisil>
pie_: Well our house doesn't have cables for ethernet throughout, it's a pretty old house. So going through the powerlines is the only option
<pie_>
i see
<infinisil>
We have multiple of these devolo boxes in our house though, and mine seems to be the only one not working..
<infinisil>
And we actually even upgraded these devolo things recently
<infinisil>
But it's not like the internet problems started with the upgrade, they were there previously too
<Synthetica>
I also have those devolo boxes, and a unplug-replug can help
<infinisil>
So does that mean the powercable to my room drops too large packets or what??
<infinisil>
Synthetica: Yeah.. have to do that occasionally..
<pie_>
infinisil, tubez r clogged
<infinisil>
But seriously, if anybody has built a TCP packet inspector into my power cables, I swear I'll find you
<gchristensen>
they'd be doing a pretty crap job if you found it because it broke your network :)
<Synthetica>
pie_: I was also surprised how good powerline is these days
<pie_>
pff why put it *IN* the cables when EM EMISSIONS EVERYWHERE
<Synthetica>
Basically no lag, about 400 mbit throughput
<pie_>
(ok maybe there arent actually that much em emissions, idk)
<samueldr>
that unsuspicious pebble might be sniffing the powerlines!
<Synthetica>
Good stability, when wifi slows to a crawl at night due to high residential area usage
<infinisil>
Synthetica: Well we've had a lot of trouble with it..
<Synthetica>
(ymmv)
<Synthetica>
(That was also the advice I gathered everywhere before I bought it, "get it at a shop with a good return policy")
<infinisil>
The biggest motivation for moving out from my parents home is to finally have good internet for once
<infinisil>
Well, not the biggest, but a big one
pie_ has quit [Ping timeout: 258 seconds]
<clever>
infinisil: somebody cooking something in a microwave?