<Shados>
clever: The pirates vs industry thing is rather hilarious. By their very nature as a collection of disparate, competing business entities, legal distribution groups can never manage to acquire and keep the advantage that pirating has: the convenience of being able to get all your shit in one place, and do whatever you like once you have it. Netflix briefly attained an approximation of this by being the only *worthwhile* online distributor, hence the huge
<Shados>
popularity, but that is already declining as more are popping up and content is being segmented again :).
<clever>
Shados: and then there is the silly licensing problems with netflix
<clever>
Shados: for years, i just accepted the fact that star trek wasnt on netflix, and one day as i told others that, i checked, and noticed, it was ...
<Shados>
Yeah. Like I said, it was an "approximation" only.
<clever>
but i was on linux, so i knew it wouldnt play (pre widevine days)
<clever>
so i went to windows, and wut, star trek isnt on netflix?
<clever>
further investigation revealed, linux supports v6 by default, windows needed it enabled manually
<clever>
and my v6 tunnel exits in america, so its basically a proxy
<clever>
one click later, and windows was able to play the entire american lineup!
<Shados>
Heh.
<clever>
a year later, netflix caught on, and if your v4 and v6 dont agree on what country your in, netflix just turns itself off
<clever>
so now i must do the reverse, and disable v6 support, or it wont work
<clever>
and on android, you need root to disable v6 support
<clever>
so, i have to choose between rooting every android device
<clever>
disabling v6 on the whole network
<clever>
or pirating everything
<Shados>
Ah, intersecting locked-down systems multiplying their individual pain.
<Shados>
Nice.
waleee-cl has quit [Quit: Connection closed for inactivity]
Synthetica has quit [Quit: Connection closed for inactivity]
cjpbirkbeck has joined #nixos-chat
<ashkitten>
hmm
<ashkitten>
how do i set up wireguard so i can talk to a peer-of-a-peer?
<clever>
ashkitten: you want to turn on forwarding and use the node as a gateway
<ashkitten>
what does that mean, exactly?
<clever>
boot.kernel.sysctl = {
<clever>
"net.ipv4.ip_forward" = true;
<clever>
this will allow you to forward packets to other machines you can access
<ashkitten>
and then i changed each client's peer config so that the server has the whole /24 block
<ashkitten>
and that worked
<ashkitten>
suddenly glad i chose to get a server in canada and not france
<ashkitten>
ping between my desktop and laptop through the server is 300-1100ms
jasongrossman has joined #nixos-chat
Guanin has quit [Remote host closed the connection]
<ashkitten>
hnggg
<ashkitten>
takes 6 seconds to ssh into my desktop thru wireguard
<ashkitten>
which doesnt exactly make sense given that it only takes 1.8 seconds to ssh into the server
<ashkitten>
okay, interesting thing
<ashkitten>
i get consistent 100ms ping to the server, but wildly varying 300-800ms ping between my clients thru wireguard
cjpbirkbeck has quit [Quit: Quitting now.]
<Ralith>
no packet loss?
jasongrossman has quit [Ping timeout: 272 seconds]
<ashkitten>
Ralith: if there is it's on the other end
<ashkitten>
Ralith: i did a traceroute and it always says ~100ms on the first hop and much higher on the second
<ashkitten>
i've no idea why
<MichaelRaskin>
clever: I think you also have an option on Android to use OpenVPN to a VM with desired routing properties, no?
<clever>
MichaelRaskin: yeah, the vpn interface in android lets you pass a tun device to the app, and then it can do whatever it wants
drakonis_ has joined #nixos-chat
drakonis has quit [Ping timeout: 272 seconds]
<Ralith>
ashkitten: I mean, do you measure any?
<ashkitten>
Ralith: you mean dropped ping packets?
<colemickens>
Can we curse in here?
<Ralith>
ashkitten: for example
<ashkitten>
colemickens: there's no rules against it but as i have been told we want to keep the atmosphere light
<ashkitten>
Ralith: i haven't seen any
jasongrossman has joined #nixos-chat
<Ralith>
strange
<ashkitten>
yeah idk because like, a ping shows up as just two packets on the physical interface on both receiving and sending ends
<ashkitten>
so it's not some round-trip overhead
<Ralith>
I wouldn't expect data overhead to cause wildly erratic latency, anyway
<ashkitten>
yeah me either
<ashkitten>
i honestly have no idea what the issue could be
<ashkitten>
idk much about networking or anything specific about wireguard
drakonis1 has quit [Quit: WeeChat 2.5]
<ashkitten>
and like, all i did on the server was enable ip forwarding, the only thing i did on the clients was use it through wireguard as a gateway for the vpn subnet
<ashkitten>
i dont see the issue
<ashkitten>
i can only assume it's some weird bug in wireguard
drakonis has joined #nixos-chat
<Ralith>
server's not heavily loaded, is it?
<Ralith>
might be worth reporting, wireguard is pretty new
drakonis_ has quit [Ping timeout: 250 seconds]
MichaelRaskin has quit [Quit: MichaelRaskin]
<gchristensen>
colemickens: preferably not
drakonis has quit [Read error: Connection reset by peer]
drakonis has joined #nixos-chat
jasongrossman has quit [Read error: Connection reset by peer]
drakonis has quit [Read error: Connection reset by peer]
drakonis_ has joined #nixos-chat
kisik21 has joined #nixos-chat
endformationage has quit [Ping timeout: 258 seconds]
jasongrossman has joined #nixos-chat
drakonis has joined #nixos-chat
drakonis_ has quit [Ping timeout: 268 seconds]
jasongrossman has quit [Ping timeout: 246 seconds]
veske has joined #nixos-chat
__monty__ has joined #nixos-chat
<elvishjerricco>
Anyone know much about networking on macOS? I'm trying to use openconnect, but DNS isn't working. I can nslookup a host on the VPN, but I can't ping it.
<elvishjerricco>
I can ping the IP address manually, but I need to be able to access it through its domain name.
<__monty__>
The name resolves to the wrong address?
<elvishjerricco>
__monty__: Nope. Works fine if I use this VPN on Linux.
<elvishjerricco>
and nslookup gives the right address
<__monty__>
Oh, didn't catch the "on linux" implication.
<elvishjerricco>
well I've been using this VPN on linux, and now I want to use it on macOS
<gchristensen>
has anyone considered a email rule to automatically archive mail over, say, 7d old?
<__monty__>
elvishjerricco: Could you dig a domain, that's the part that's not working, right?
<elvishjerricco>
__monty__: That also works fine
<elvishjerricco>
It's weird. DNS lookup seems to work for nslookup/dig/scutil, but not ping/firefox
<__monty__>
Sensible info in the ANSWER section?
<elvishjerricco>
yea
<__monty__>
Hmm, yeah DNS seems to be working fine.
<elvishjerricco>
Yea so I'm not sure how it can work for some applications but not for others
<__monty__>
Pinging IPs through the VPN works?
<elvishjerricco>
yep
<elvishjerricco>
I can even visit the site I want to use with its IP address, but it's unusable since logging in redirects to google and then back to the domain name.
<joepie91>
Taneb: ended up in a blockchain discussion
<joepie91>
it appears to have kept going all night
<Taneb>
joepie91: oh no
<joepie91>
Taneb: the worst part is that it's a discussion among generally competent people, which means that there's actually stuff worth reading in there
<elvishjerricco>
Looks like the commands that work implement their own resolvers, and its the system resolver that is not working.
<joepie91>
it's more like a lengthy technical mailinglist thread that ended up on Twitter by accident
<joepie91>
lol
<__monty__>
elvishjerricco: Maybe the order of the DNS servers matters? Put the VPN at the top?
<__monty__>
I'm out of my depth tbh.
<elvishjerricco>
Can't reorder them in system preferences for some reason :/ But I've also read that macOS doesn't have a strict ordering or something
<__monty__>
I can rubber duck with the best of 'em (the ducks) though.
<elvishjerricco>
I am way out of my depth lol
<elvishjerricco>
I'm just gonna add things to /etc/hosts until everything I need works :P
<ashkitten>
i'm excited for the cosmo communicator to actually reach production stage
<infinisil>
aanderse: Ah yeah of course, I could just sync everything all the time and be done with it
<infinisil>
Except perhaps sync conflicts
<aanderse>
i have 4 laptops, 1 desktop, 1 file server/backup desktop, and 2 htpcs... syncthing for the data you *need* everywhere, sshfs (and friends) for the other stuff
<ashkitten>
finally got the money yesterday to buy one, i just hope it goes well
<infinisil>
aanderse: Okay but here's where I'm also a bit curious: If you syncthing data to all machines, do you still do backups?
<infinisil>
Because that is already a backup in a way
<gchristensen>
yes
<aanderse>
infinisil: only if configured properly can syncthing be considered a backup
<gchristensen>
those aren't backups, those increase your risk of losing your data
<infinisil>
Ah you can't roll back to arbitrary times with syncthing
<gchristensen>
("oops I deleted them all on machine A... oh dang, syncthing deleted them all on machine B")
<aanderse>
but yeah, anything which is actually important gets a real backup
<infinisil>
Got it
<aanderse>
gchristensen: syncthing is very flexible in this regard
<aanderse>
by default it propagates deletes, but this isn't required
<gchristensen>
ah
<ldlework>
+1 for syncthing
<ldlework>
so helpful
<infinisil>
But this is kind of where I'm saying "This could be better"
<infinisil>
I add a 1GB file on one machine, it syncthings it over to the others
<infinisil>
And then the other machines get backed up to my current machine
<infinisil>
That's like a lot of unnecessary data moving
<infinisil>
For something that was originally here already
<aanderse>
yeah you shouldn't backup that sort of data on the same machine twice
<aanderse>
that is redundant
<infinisil>
We just agreed that syncthing isn't a backup though
<aanderse>
gchristensen stated that
<aanderse>
while i agree it isn't a backup solution for really important things...
<infinisil>
You're fine with using syncthing as a more-or-less backup then?
<aanderse>
if you set syncthing to either never propagate deletions or keep n versions of files then it is backup "enough" for files which aren't *that* important
<infinisil>
And I guess backups are anyways more to guard against hardware loss than accidentally deleting files
<aanderse>
don't forget ransomware
<infinisil>
Ah yeah
<aanderse>
my backup solutions involves a machine with a 2 disk zfs mirror, 3 local machines with single disk, a usb drive backed up monthly, 2 offsite backups which run nightly, and 2 cell phones
<aanderse>
:)
<infinisil>
Damn!
<aanderse>
but i only do that for important stuff... pictures and videos of my kids :D
<infinisil>
How much data is that?
<__monty__>
infinisil: Maybe look into backup systems that do dedup? I think borg does this? Maybe restic too.
<infinisil>
__monty__: I don't think that would help a lot with the above case I described
<infinisil>
I guess this is where I have an advantage because I don't have a life lol, I'm taking like 2 pics a year
<aanderse>
oh just wait until you have stinkin' cute kids and a wife who loves cameras
<__monty__>
infinisil: What do you mean? It's similar to how rsync works, right? If the file's already in the backup repo it's not sent over again.
<ldlework>
i use syncthing more as a private bittorrent tracker with friends and collaborators
<infinisil>
__monty__: I mean, if you add a 1GB file in your ~ on host A, which is getting synced with syncthing to host B, then backed up from B to A. How would it avoid sending A -> B -> A?
<infinisil>
Specifically B -> A I mean
<__monty__>
Because you run the local backup first. Or it finishes faster in any case.
<infinisil>
Ahh got it
<infinisil>
Yeah that would work
<__monty__>
Or, you blacklist certain locations on the remotes from getting backed up altogether. Not ideal, but it'd work in your case because if A can't back it up it's probably down and none of the others would be able to back it up either.
<sphalerite>
gchristensen: I'm intrigued by this slowloris boot thing. My main question is: wat?
<gchristensen>
hehe
<tilpner>
Is slowloris a host name or a DOS attack?
<gchristensen>
DoS but in my case a way to make servers boot very fast
* samueldr
thinks both
<gchristensen>
when you press the power button on a server, it takes several minutes for it to do firmware / cpu / ram / disks / NICs / etc. before it even gets the chance to boot a real system
<samueldr>
concurrency?
<joepie91>
"wat" is always an excellent first question
<gchristensen>
and then if there is no OS, it goes to iPXE which (can, and in this case does) queries an HTTP server for what to do next. so my suggestion is just apply the slowloris attack on the iPXE client at the server. when a clinet wants a new server, instead of booting a new machine just have all the machines slowly consuming headers from your provisoning infra. once the client request comes in do an HTTP
<gchristensen>
so it reduced the provision time of my Packet.com server to 10% of what it used to be (about 6min to 45s)
<gchristensen>
make sense?
<sphalerite>
hahahaha
<gchristensen>
=)
<samueldr>
I don't understand where the 5 minutes would come from
<gchristensen>
that is all the time it spends thinking about RAM and firmware and CPUs and firmware and NICs and firmware and disks and firmware and RAID and firmware
<samueldr>
is that you have a machine warmed in iPXE waiting?
<samueldr>
is it that*
<gchristensen>
the idea here is that when a customer request comes in, have it already ready to receive an ipxe url, isntead of having to go through all the rigamarol of getting the motherboard ready
<samueldr>
>> instead of booting a new machine just have all the machines slowly consuming headers from your provisoning infra
<Church->
gchristensen: Hey we use packet at work for two serviers
<gchristensen>
oh cool :D
<samueldr>
right, then I guess that is it
<Church->
I can migrate those finally to linode
<gchristensen>
noo
<Church->
gchristensen: 500GB ram servers that need 32GB at a max
<Church->
Like what was the infra guy a few back thinkking....
<samueldr>
that's not something that actually allows an end-user to skip the 5 minutes boot, bot something at the infra level that allows machines to be pre-warmed, right?
<gchristensen>
samueldr: right
<samueldr>
makes sense now, I thought this was something you would end up implementing as an end-user
<gchristensen>
you colud implement it yoruself, but you'd be paying for it full time
<samueldr>
yeah
<samueldr>
I wonder if an iPXE rom could be made to suspend and wait for WoL
<gchristensen>
yeah
<samueldr>
because that would needlessly consume power I guess, while it waits
<Church->
Hmm... off hand I wanna say yes
jackdk has quit [Quit: Connection closed for inactivity]