#networking

no gov is good

And btw that's why I want a Linux mobile smartphone

they alreddy exsist

postmarket os

How lawmakers and the police think technology works: https://www.youtube.com/watch?v=JMIHNiR3CP8

lol

fairphone runs a de-google'd android, thats the closest thing i know

tbh i find degoogled android kinda unstable

I know
But there isn't really any hardware for it, beside old one plus 6 for example or the shitty pinephone
Also you can't have your banking app or other apps that you NEED anyway ... So you still need two smartphones

Unstable? But it's basically identical

my bank app just pops up a warning you have root/jb

The only difference is Play Services not being present (which can be a problem)

I'm talking about Linux mobile, no android osp or whatsoever, "real" linux

nothing limited coz root/jb just a warning popup every few weeks

Oh you can hide that from your apps using Magisk though you shouldn't have to

Imagine if your bank warned you if you were running an OS on your desktop you installed yourself

No thanks

magisk hide useless now
the guy that made it now makes software to detect magisk hide

he changed teams

Realistically any API an Android app can use you can make lie

<put changed teams meme here>

Still if you got Linux mobile you won't even have the apps anyway
You'll need to use waydroid or smth, and I'm pretty sure this comes with lots of problems

If Magisk is no longer relevant, it's still going to be quite possible to make something else do the same thing

one app i dont know why has to detect root or not is wetherspoons

https://tenor.com/view/denmark-den-ita-italia-uefa-euro2020-gif-22256495

i just wanna order a drink why do you cair i have root

here ya go

Solution 2 is to just refuse to use everyone's shitty apps

I like that one quite a bit

I like it too

just not needed

Not everyone needs to have their dumb app on my phone

But that's not alWays possible

I mean the banking app ? Can't really do without it

Use the website

I don't have all the options

have you seen most banking sites on moble

And yeah they are shitty

Yes

they not at all worth it

like reddits mobile website

Reddit's mobile website is... fine

Not great, but fine

reddit just keeps showing them dam popups to use there shitty app

Discord went out of their way to ruin the web experience on mobile

yeah but someone seeing discord on my phone isnt as bad as reddit

I will never install the Reddit app

same

On Android I use Reddit mobile website to not have ads
Also I don't want their freaking app
So when I have a popup forcing me to go to the app, I leave the website

Not ever, I can't be convinced

Same

some apps i can unoficaly use via web with a little api messing
like the bus tracker app

Hmm that's interesting

If Reddit blocked mobile and old.reddit fully tomorrow, I would simply just not use it

Same

I guess one day it will come

tryed to use it with microg but dident work so next best plan
reverce the app and make a crappy web ui

They are really close to the point where I stop using it already

I'm seeing everything become shit to use and frankly we all lived before apps and I am happy to do so again even if it involves binning everything that refuses to comply

i dony expect a small bus company to make a very good app
hell they will still give you a cd with app source on it now if you just ask
like you know github exsists lol

Dear Google,
You should be like the small bus companies,
Kind regards

True but there are things you don't have a choice

Like my pingID app for work ...

Work wants an app? Provide a phone to me to run that app

So I hope the way they'll emulate apps on Linux mobile will be stable

My phone doesn't do apps anymore, sorry

the app can also melt your phone just zoom out and load every stop lol

Or I'll run it in the dev simulator

Yeah ...
But then they'll tell you to use the windows pingID app on the laptop they give you
And I honestly don't want to use this shit ever

we need this modded into cyberpunk

¯_(ツ)_/¯

lol

so mutch optmization could happen here with loading every bus stop
but it do be a very very nice way to stress out your phone

Knowing they call me with my personal phone I guess I could ask for one ... But pretty sure they'll won't accept

Me phone doesn't need that to be stressed

lol

It's looking like Android app compatibility's becoming more of a thing for Linux-based phones

mine just turns on its fan to keep cool when i zoom out lol

If they want to insist on the security features or break bin them

wait there are phones with fans?

Yeah a few

ye red magic 3 lol

Oh that's nice
Still need to have at least one recent smartphone supported though ...

They all have awful specs because they don't have volume and the good SoC's don't have open drivers

only has enabled in game mode but made my own rom for android 10 and added temp control to fan

I know and that's the most annoying thing

only things not working now is
rgb strip
game mode switch (idfk what to use it for)
triggers work but no way to bind to anything

other than that and 1 or 20 bugs its fine

one annoying af bug
if you dont end call
phone still thinks its on a call and dont let you change audio volume only call volume

could fix
cba
no one realy calls me anyway 😭

a fun simple app you can make
capture bluetooth data that iphones always transmit

im still rocking my hand-me-down iphone 7(?)

interesting, thanks

fun to go to an apple store and see demo allover lol

can also show who has a icloud locked device

interesting way for a scammer to prove they're ur grandma ig

disabled = icloud locked

off is phone is off
and who tf uses siri is someone useing siri

siri used to be good when u can ask her where u could hide a dead body

true lol

now shes boring

there is also other data thats sent out
like encripted clipboard data
encripted audio streams if on call

wow ok thanks for another excuse to get an android

its just to keep a mac and ios in sync
like calls in mac and stuff

you can jailbrake it to turn them off when you select off

Cool - so you can turn off sending data everywhere if and only if your iPhone is vulnerable to a known exploit capable of persistant or semi-persistant privilege escalation. Cool

and yet you cant sideload apps

Oh you can. You just have to either use a developer key and sign them yourself, or use a version of iOS with a known exploit capable of persistent or semi-persistent privilege escalation.

-As you do

have to resign app every week tho
or every month if your a developer
and limited to 3 apps as user
5 if developer

@clear igloo I am surprised Linus was allowed to do all of that lol

"allowed"

LMFAO

They're more like guidelines 😄

rules are like a nose
only there to be broken

Do what?

https://youtu.be/P32OKr74NPQ

Go into their telco's rack & switch, change out transceivers to do simplex Internet from their ISP switch to their CPE & use the other fiber to go from their switch to another switch for building to building

"hey lets let linus come and swap a cable what could go wrong"
linus: drops all the servers

^ Anybody in Ontario know wtf somebody wanted with my Bell box

I found it open just now and the open seal was on the ground like 10m away

I'm not on DSL or fibe but does the rogers coax go thru there as well?

I looked inside. One of the coaxes are cut. Everything still works though. Any thoughts on wtf this could mean appreciated.

I mean either way I'll call Bell but it's gonna be a btch because I'm not their customer.

BGP But you're going to need to pump those numbers up

LOL

I need more than 26 routes?

Le'groan.... BiDi is great for SOME things... CWDM is a way easier way to overcome lack of fiber

26 routes is NEVER enough

More accurately, any x number of routes will eventually be not enough

I'll just remove everything and send everything out to wan /s

I'm not a network pro so BGP is black magic to me. I just know enough to know that when someone says "X number is more than we will ever need" say NO

BiDi is always preferred if possible and in budget. Very common in SP space

I was commenting on the latest LTT video

Love BiDi Cisco 40gb/100gb

Those are nice 😄

Although multimode only though, great for in rack gear or short haul if your plant has MM

Setup ExaBGP and see how how much of full tables their end can handle

lmfao

bgp is just my friend announcing his routes to me and vice versa

bc we got lazy & tired of static routes

and it required both of us to update our routers every time we wanted to change a subnet or add one

Anyone else remember when TCAM hit 512K routes in 2014?

IPv6 is pushing us to the next breaking point at the current rate

I heard you need more /127s 😄

And now a nexus 9300-fx/fx2 is verified up to 471,500 yet at that time, that many crashed the internet

You should see the S1 9800 😄

I think our MX10k3s are rated for 80m/7m in RIB/FIB and the latest Trios pushing a tad bit more

In our isolated network we use 9504s as our routers so I have no idea what those do but we don't really push them

Depends on the linecard, the 9500s with EX hold less routes than the FX

@clear igloo 😭 ITS removed Make Me Admin rights

I can't get local admin on our broadcast machines anymore

i'm looking to get a Mikrotik CRS317-1G-16S+ but i'm not familiar with any of the 3rd party websites that they're sold on. does anybody have recommendations for a store to purchase it from?

Everything I've seen about those seem a LITTLE bit sketchy

Not like red flag level but don't expect Cisco/juniper/dell/ubiquiti quality

mtik are fine, just routerOS is not that polished

I bought my hex off amazon

yea the OS seems basic but really just need something basic with a decent amount of 10G ports

Amazon? so brave, i wouldn't risk doing that 😄

I finally installed a Intel X520-DA1 in my server today, and went to run 10G SFP+ modules on both my router and server. But for whatever reason the router did not seem to like the 10G module, it just was refusing to properly negotiate. Router is running an Intel X520-DA2 for context.

https://cdn.discordapp.com/attachments/758872589741064232/1127359604888698941/P_20230708_180359.jpg

https://cdn.discordapp.com/attachments/758872589741064232/1127359605442359376/P_20230708_180414.jpg

Had to run 1G Cisco SFP+ instead and its working now. Not sure if its just a driver issue on OpenWRT?

should we pull both cables? no there no reason too. 🤣

https://youtu.be/P32OKr74NPQ?t=1106

You forgot to also use 127.0.0.0/8 for something

I am still sort of at a loss, with SWAG, anyone available to help? I know I asked yesterday but hoping someone is out there

I have it set up, ports are forwarded just need help implementing a proxy-pass to jellyfin, it seems to be HTTPS only, so not sure how to get there. I can access swag remotely from WAN, but when I enter my subdomain it defaults to the SWAG correct setup default page.

Rather than being jellyfin.example.com it just defaults to example.com

Same if I do pihole as well. Im missing something somewhere

have you watched any videos from linuxserver or space invador one about setting it up and the config files? or asked in the linuxserver discord?

isn't it literally the same issue they shown in that LTT video linked above, about error corrections being different, and/or about some devices not liking certain SFP+ modules ?

Did you know with a bridge adapter you can share connections to multiple routers, LAN, wifi at the same time? I found it today.

are ugreen's ethernet cables okay?

i've had a few of their products since anker shit itself and they've done exactly what they've said on the tin, just wondering if there are any known issues with their ethernet cables in particular

and i'd rather go with a brand i've actually heard of than the slew of amazon specials

i mean it's probably not hard to fuck up an ethernet cable but i've been surprised before

and since the ltt sponsorships i figured they were okay

and their charging stuff has been flawless for me

cables2go, monoprice, infinite cables, or cable matters are my go to

thank you!

i will have a look around

Do you need preterminated or bulk cables?

oh, i'm not looking at fibre optic stuff

just a straight up standard ethernet cable lol

I know, but you can get bulk ethernet cable or pre-terminated

IE do you just want like a 7 foot cable or do you need 200+ feet 😛

ahh, sorry

the former

all good, if you just need a set lenght and aren't making your own then yah any of those brands are fine

The issue with bulk (ie rolls of cable) is a lot of companies sell CCA (copper clad aluminum/aluminium) cables which are junk since it's much more brittle/prone to breaking and cannot be used with power over ethernet

hm!

thank you

also, how come i see companies like ugreen advertising cat7, even cat8 '40Gbps' stuff when the more reputable, less 'out-there' companies you've mentioned do not?

is it just a matter of 'weh, we'll just slap this on it'?

Basically slap crap on it

Cat6 or 6a is all that you need and is legit

yes

Cat7 doesn't have any electrical standard to adhere too and technically to be "in spec" needs a not RJ45 end
Cat8 is a real spec but nothing exists to do 25Gbps or 40Gbps over copper RJ45

hm

The reason is 10G copper uses a LOT more power than fiber. I think a 10G fiber optic is like 0.1 watts of power compared to a copper port at 2w and a 10g copper SFP+ module is like 2.5 to 5 watts

right

tf is up with this lol

amazon moment

Mikrotik has a list of approved resellers on their website, I'd buy directly from one of those in your region for support reasons. Here in Australia I use Duxtel, wisp.net or Streakwave depending on price and availability https://mikrotik.com/buy/

They're very reliable in my experience, I've only seen two dead out of hundreds in 5 years - one was installed sideways in a muddy puddle by a customer and the wireless transmit stopped working in it, the other I broke the bootloader on while screwing around

I'd rather go mik over ubi any day 😛

Yeah likewise.

Would I necessarily buy one as a core switch handling billions of dollars of transactions? Perhaps not, though redundant architecture matters more than vendor anyway when there is big dollars to be made or lost

Yah, for SMB or home Mik is great, or WISP too

They get used a lot in small ISPs

Yah, I've noticed that

which is cool 🙂

I have a habit of building product-like solutions around them and am outgrowing their OS a bit that way, but couldn't have even started with UniFi

haha, yah, unifi is great for set/forget and easy setups

If to you a router is a router and an AP is an AP unifi is fine until your iPhones and Surfaces inexplicably refuse to connect

yup

Do you think for short runs it's better to use fiber or direct attach cables ?

Like inside a rack

DAC, easy
Unless you have fiber already run or swap things often

Ok, even though it has higher power consumption?
And why if I swap things often

DACs are much lower power consumption

Copper is higher when doing 8p8c/RJ45 ends

Oh yeah SFP+ copper module isn't the same as a dac

yah, DACs are a pita to unplug a bunch and I've had plenty of instances with the tab breaking off

Humm that's concerning
And beside high power consumption there is nothing else ?

Price I guess

DACs are crazy cheap yah, I can get a 400Gb DAC for like $100 compared to several hundred+ for two QSFP-DD modules

DAC > Fiber > twisted pair copper in terms of power usage and heat
Fiber > DAC > twisted pair in terms of ease to work with inside a rack (imo) most of the time
DAC > twisted pair > Fiber in terms of cost (usually at 10G and below)

Is there any compatibility issues with DACs like with transceivers ?

Oh and I have (still in shipping) a mikrotik switch with 2 SFP+
I should use mikrotik transceivers ? And for the network card I'll probably buy a used mellanox connect-x3, is there any difficulty choosing the transceiver ?

Mik is usually pretty agnostic for transceivers and DACs are usually more flexible

For NIC cards outside of Intel branded ones I've not had issues with specific ones not working from various vendors when it comes to SFP modules

What would cause a laptop to randomly just turn on and off the wifi

stupid pfsense2.7 fresh install,
can't install packages because it cannot retrieve package data or so.
dns is working absolutely fine, it can resolve internet hostnames, traceroute also works fine when I trace 1.1.1.1 for example

Anyone here use or know of TCPoptimizer and do u know if its safe?

not needed

Used it LONG ago, not needed these days

@clear igloo

fu aja

gehhfhj?

All of their 12G converters are SINGLE MODE ONLY

oh, lol

all of our other fiber stuff is multimode

rip

Wait

I wonder if I could just swap out the optics

Do they offer compatible optics?

yea

nvm actually

the compatible optics are just single mode

rip

In regards to DAC cables, Intel are fantastic. At least when using Cisco cables in my experience. They just work every time.

Wait, what are you media converting there? Some make sense like HDMI but are some of those just form factor conversation?

I think it is just transmitting the 12G-SDI over a fiber instead of copper

The internet either isn't helping or my question is phrased wrong.
If I have 5gig lan but my motherboard is capped at 2.5, would a 5gig lan card improve my speed or would it still be capped at 2.5?

5gig lan card ? Did you mean 10Gig ?

I was trying to get help to choose my hardware for my server in the tech chat channel but people keeps telling me that the cpus i'm looking at are bad for gaming or whatever lmao

So i'm asking here
I see some e5 v4 14c/28t for around 25eur on ebay, or 300eur with the x99 motherboard+32gig of memory
Do you guys think it's a good idea ? If not what do you recommend ?

SDI which typically goes over coaxial but this makes it go over fiber

I don't understand, you are recommending me the same ones as the ones that you are telling me to not buy ....?

I was trying to buy the cpu + a compatible motherboar, not go for an off the shelf refurbished server

I don't know, you can just type e5 2680 v4 on ebay for example you'll see a bunch of those CPUs sold like thatt

Oh yeah true
But aren't those super noisy ? I worked with dell poweredge servers and I don't want this in my garage lmao. Even if i guess i can always change the case/cooling/fans
Also I don't like proprietary thingies like idrac and co

Yeah okay
And i guess you don't interact that much with it anyway

If you want efficient and quiet consider spending the money on a desktop motherboard and CPU, modern cores go way further

yeah but then a modern desktop mb and cpu are either more expensive or less performant for the same price

300EUR might get you an old server motherboard but it'll also buy you a new one and more

Performance of cores of that generation is significantly less than a modern desktop CPU per-core

Per core yes

So yes you get less cores. But your cores might do double the work.

Overall a 2680v4 cost 25eur and has the performance of a r5 5600X while having more pcie lanes

Well you said you're paying 300EUR for a motherboard

Older used RAM is tons cheaper

So be it

https://www.ebay.fr/itm/266306937843

Lenovo servers are fine as long as you don't buy absolute minimum spec

I remember one genius I worked with who specced a server with no NICs

that is an awesome website

Dude no offence but Dell and HP aren't be-all-end-all for everyone and being overly dismissive isn't constructive.

They're overpriced as fuck for one

I've refurbished dell and lenovo servers and they felt similar build wise etc

That said buying rack servers for home use sucks

They're louder

Less expandable

All those PCIe lanes you spoke of often aren't reachable in 2U

Well refurbished isn't the right wording, more like the company was the one that manages the logistic of "demo servers for future clients", so when they came back from potentail clients we had to make sure everything was okay + reset them

Yes exactly what I thought

That's why those atx chinese x99 motherboards that go for 100eur are so tempting

Is there a lab gopher for europe

Do you think before you talk? 2U uses risers for PCIe, and has limited slots

often only 1 or 2 U, often there is not a lot of slots in the case etc

Most only expose either half-height PCIe or only 2 full slots

Servers with more PCIe slots in that size are a fairly new thing

yeah or use strange 90degree adapters

That's the riser

Yep, they exist

But most won't give you that many unless you pay extra for it

Additionally those cards are size constrained over a tower

That and your rack server is likely quite new

Yeah OK so it's a 2U chassis explicitly designed to have a lot of PCIe expandability

Though I will say it's not that awful, if still constrained

They covered it up by hiding a USB NIC behind the server and not telling anyone why

"Oh we encountered a driver problem"

God knows why Lenovo lets you spec a server with only a BMC NIC and none for the server itself lol

dell will let you spec without a NIC as well now

Oh fun

mainly the OCP ones

wait nvm, there's still 2 Gigabit ports on the board.

I thought those were from the OCP.

And why is it that hard to find the same kind of refurbished servers for epyc ?

epyc is relativity new

Epyc's still quite new

all of the cheap under $1k servers you are finding on ebay are Xeon v2/v3, maybe v4

xeon v4 is just one year younger

Same reason why you aren't finding Xeon scalable for cheap either

Expected server lifespans are getting longer at the same time too

And then you have the people going cloud/hybrid

ooooh : https://pt.aliexpress.com/item/1005003879036882.html

Oh it's not the price for the whole combo haha

ziply

Hello, recently my isp switched me to fiber and everything is fine, but they changed my router and i cant access its settings page(it doesnt load). The ip is on the back of the router and it matches my default gateway when i look it up(192.168.100.1). I restarted my router and my pc a couple of times and tried accessing it through my phone and that doesnt work either. My friend told me to call them to ask for access, but im trying to avoid that. 😄 can anyone offer some suggestions or help?

Have you tried carrying a laptop and an ethernet cable to where the ISP's router is, plug directly into the back of it (most have 4 client ports), and access it from there?

i havent, but can try that

still does the same

times out

My isp only provides a fiberswitch for fiber.
Just to confirm this is an actual router?
Some CGNAT do 192.168.. ,Some do 10...* And some do 172.16.. -172.31..

its a router/modem pretty sure, my pc (tho i had to get a basic switch to extend the cable that goes to my pc cuz i cba pulling cables through walls) and the tvbox are plugged into it and nothing else

its some huawei unit, says its ip is 192.168.100.1 on the back of it and so does my default gateway when i checked it, but doesnt load(says it times out every time i try it)

Try importing the security certificate in your browser from the router ip, and then try using both http://192.168.100.1 and https://192.168.100.1

i think i tried that before, but i tried again just now, it times out with just http, but with htttps its just unable to connect

nvm give me a bit

i cant find a way to import the router security certificate to my browser wihtout having access to my router page, but my browser isnt in https only mode so not sure if that will help

use firefox

it allows you to bypass private certs. Chrome blocks them

i am

tried on edge as well just in case

any recommendations on a router i should get, i need at least wifi 6 at 1GB but i feel like 6e would be more future proof

So you want a router/AP combo

pretty much

Do you want mesh or a standalone

it’s just that it has a coax modem so i was wondering if i got an adapter to use coax if it would work like a router

either or, it doesn’t really matter

Can you passthrough your modem to a router

I guess your current ISP provided modem is a modem/router/AP combo

no, so they provided me with just a modem. along with the router they provide for free. I have this old router/modem/ap combo that i want to use with the others, probably as a mesh tho

this is the modem i have

and i want to try and use this as the AP/router

Top list imo:
Netgear RAXE300 $340 (if you need more streams/coverage go up to the RAXE500 $550)
Deco XE75 Pro $300 + Upgradeable if you need more coverage and 2.5g lan
Ubiquiti Dream Router $200 (Great ecosystem & management, only wifi 6 not 6e)

Netgear's Orbi series is very good for a mesh system but insanely expensive compared to Deco...

but would this modem/router work with my other modem if i got the correct adapter?

The netgear you sent?

yes

Yeah it should work, where is the modem going into currently

the modem is currently going into this router

It would be Wall modem coax > netgear router > switch or whatever else you plan to do

And you want to remove that router altogether

the thing with this is that there is no coax that comes out of modem, it’s just ethernet cause we have fiber now

Wait so you have fiber into your home?

yeah

Why would you want to go fiber to coax

I don't believe you would be able to use that netgear router then... As it doesn't have any WAN ports

I want it to go from the modem ethernet to an coax adapter into the netgear router and have the router as my AP

The only thing I know of is a moca adaptor, which is intended to be used from the router into the coax ports in your home

I don't believe it can be used as an ethernet > coax > router

But I may be wrong

yeah, that’s what i originally thought i just didn’t want the old guy to go to waste

That's understandable

You could use it as a switch but I think that would be all

is there a sticker with the model number on it? they might host the web interface on a nonstandard port

does the router matter that much

Not with AT&T

AT&T requires their gateway with their ONT

As the gateway does authentication

I have AT&T fiber, and switched my gateway into "transparent mode" so my own firewall system has the IPv4 address directly on it.

the problem with IPv6 is they use 6-over-4 gateways, and while they do issue me a /60 address, they don't route the whole thing to my firewall, so I'm stuck on a single /64

Incorrect-ish
They actually split the /60 into 2x /61s so you can get 8x /64s and they hold 8x /64s for some stupid reason but only allow you to request in /64 increments

Depending on your router you can request multiple /64s from that /61

Usually :xxx0 through :xxx7 are reserved and then 8 through f are handed out per /64 PD request

If you have OPNSense or pfSense then you can use this method:
https://github.com/lilchancep/att-pfsense-ipv6
There are similar options for Unifi too iirc

@clear igloo Can this stupid company stop using public IP ranges for internal NAT

never!!!

i want this to stop

I had multiple customers that I had to explain that just because it starts with 172. does not mean it's private

yeah...

it's only 172.16.0.0/12 lel

I had not read that tidbit before. Thanks. I'll give it a try

Yep. A customer's internal network started at 172/8 and subnetted throughout their network. Well they were attempting to move some of their services to the cloud and lo and behold, a lot of that cloud providers space was in 172. After escalating to me (because they blamed us), attitude change once I pointed it out over a vendor meet.

NOOOOO

bruhhh

I could hear the anger in the silence. I only needed to see part or their routing table but it was at least a few hundred /24s that they had to re-engineer

that's what happens when u pull a stupid

Just pick up a WAG-D20 and spoof your AT&T gateway and get rid of that thing, true ip passthrough!

• get SFP+ & 10gig

That's classic. I worked for a company that widely used what I consider "Illegal IP ranges", because they didn't own all of them. Of course, they could never interact with the actual owners, but mostly they stuck with US and UK militaries ranges, and they weren't customers.

They used them as if they were all private IPs, all internally. Still, it was simply poor IP planning that required that. They didn't NEED a /24 in every location

@clear igloo Dad: "Why can't I print?"
Also dad:

typically, what style of antenna will be better, a sharkfin or the generic looking pencil shaped antennas?

i googled one of the nubers at the back which turned out to be the model number and apparently i control it through my isps website...

and im given access to limited settings

@hollow marlin WHAT

MY ISP is doing INSIDE ONTs NOW???

And that’s a way smaller ONT than what I have

Looks like a Gigaspire

Yeah they moved from ZyXEL routers to Calix stuff

My ONT is an Adtran

Previous job I worked with Adtran 5k chassis, but never their ONTs. I hear their solid and cheap. We deploy Calix and have been deploying Gigaspires too but their license cost are quite high

I want my parents to cut isp voice

And either just ditch home phone entirely or go full voip at least

so I can rip the voice cat5e line out

If the voice line is already fed from the ONT, it's already SIP (99% of the time anyway)

Yeah its just POTS out of the ONT

I want no POTS

If the ISP is friendly enough, its a simple config change then lol

lol

I will say that I honestly have no clue what this is in that pic

I mean, its not a big deal since the power goes inside anyways to my UPS but I'd love for it to be inside

? Maybe their XGS-PON stuff?

I bet that's how my ISP is doing 2/1G and 10/5G

with my luck since I already have an outdoor box they probably deploy these?

or since its a big change anyways they move it inside? Idk

Can XGS-PON run with GPON down the same fiber?

I mean we deploy ONTs inside without the housing all the time

GIMME

I'd love to just shove that into a switch and carry my WAN over a VLAN into my router

In theory sure because they are different wavelengths. But that would be a mess

oh

that makes sense yea

Tbh I don't even trust my ISP to give me 10gig to anywhere on the internet lol

We can guarantee you the bandwidth, but I am still waiting on the customers that NEEDED 10G to even break a gig lol

I believe we have XGS-PON in the pipeline for orders but not sure when we are getting them. Primarily AE right now

AE would be cool but not practical

Yep, that's why it's being considered now. We're scaling too fast and cannot run the fiber fast enough

isp here:
yea just leave bare fiber spool next to the ont
(not mine bc i dont have fiber but same country)

I would be surprised if they can hold a solid connection

who?

My ISP? lol

oh

that would kinda explain why steam downloads are fast

Home -> ISP network -> (5) ISP peer IRIS Networks -> (6) Telx Colo/IX -> Steam

because steam can max my gigabit connection

The photo of the bare fiber lol

wait

I DID NOT SEE THAT LOL

my adsl be like
loose connection for 2 seconds just to mess with gaming

home Internet to AWS

honestly not bad lol

I want my ISP to hand out IPv6 tho

Having worked with ADSL, that's just a feature

Well, "hand out" lol

Fios deployed it then blackholed routing a day later. I still get DHCPv6-PD but cannot route outside Verizon

rip

I don't get anything with this :(

packet cap doesn't show any RAs or anything

also i know that they have main fiber line 150 meters from my property yet the provider claims that it doesent know about it

You technically don't need RAs for DHCPv6 to work. Did you try requesting a /64 and see if you get any hits?

oh true for dhcpv6

yeah 64 no change

Yep, but BCP is to always enable it

What if you ping FF02::1 on that interface?

100% loss, nothing

RIP

yup...

When I asked them a year ago At this time we do not support IPv6, however this is something that will be supported in the future.

the way my ISP is setup, they are under another ISP that is doing IPv6

cant you just switch to that isp that is doing ipv6?

No

sounds like a monopoly then

The electric coop owns fiber, they lease fiber to the ISP. Which is a dba with the main company being the other company

here most of the infrastructure is operated by national telecom
but any isp can leese that infrastructure and still have competitive pricing
or they can lay their own infrastructure

also that's not really what a monopoly is

I have other ISPs I can choose from to get services from

And the electric coop still owns the fiber, they can choose to not lease to the current ISP

Who owns the poles plays a larger role in fiber deployment than people realize as well

here their pricing is
5.97 eur/month from distribution box to customer
6.60 eur/ month for 1u rack (passive optics)

The electric coop owns them :D

They own literally every pole in the area including all of the ones near homes

And backhaul too

Along with all of the underground

electric coop needs to start a isp themselfs

The only issue like that, ownership, they’ve ran into is the biggest HOA

No poles allowed in the HOA, all underground required

I wish I had your networking problems

That’s why they did fiber and lease out

Being an actual ISP is a lot of work for them

Yep and most likely a hell of a lot cheaper per month than paying licensing. I believe we pay somewhere in the $17-25 per pole/month

That they don’t wanna do

i should do fiber and leese said fiber

Do you have the capital and rights for poles/whatever

Damn and that adds up

neighbors prolly wouldnt be against it

"but why does my internet cost $100/m?!?!!"...well that is a large reason lol

ISP underpriced Spectrum & AT&T

Both of who get pole space from the electric coop lol

i will run fiber this summer to my garage as a test anyway
i will use mechanical splices

Last I heard is our cost per customer is around $30/m. That's just infrastructure, electric, licensing, fees, etc

Splicing is simple as long as you have a decent unit. If you do, do not touch a bare fiber BTW

i dont have fusion splicer lmao
for fiber equipment all i have is fiber strippers and fiber cleaver

Apparently we have a splicer at work???

We have all of the shit to do LC ends and spools and spools of OS2 and OM3 & 4

meanwhile 2eur/pcs

or 1e for connector

Although all of that fiber stuff is mainly for installs we do

Im surprised they have one. You need to test it out

All of our “touring” fiber isn’t made by us

We buy it from camplex or lanshack

@hollow marlin https://www.bhphotovideo.com/c/product/1030157-REG/camplex_hf_troc4m_0328_opticalcon_quad_multimode_fiber.html

It’s so expensive for what it is lol

tactical

tAcTiCaL

We’ll still find a way to break it

what is it used for?

Events, concerts, festivals, etc

with those 12g media converters you posted a day ago?

No, this one is for our main network

I thought it was full of marketing buzz words, but turns out it a thing in the broadcast space lol

Yup…..

Welcome to broadcast space cables

But yeah thats expensive for internal use

Our current fiber that we are replacing is just 100m of fiber not on a reel with ST ends

The opticalcon is just like XLR but instead of 3 connectors it’s 2/4/MPO fiber lol

They also have “ethercon” which is similar but RJ45

I hate ST connectors, not as much as FC but still. I can see it for this use case though

I HATE ST lol

It’s not cheap either like it’s baddd lol

We have a few COs with a couple ST panels and a couple FC. FC is worse because it's like ST but threaded and you get .00001mm of space to work with

This is just a fancy Ethercon to RJ45 coupler that mounts in a Neutrik D Series panel

Nooo that’s awful

Damn, at $12 each, your infrastructure will cost more than the equipment

how many times did the voices tell you to break it to excuse a replacement that doesent suck

Tell me about it

LOL

Pretty damn close when one of the few times I had to deal with it and I couldn't get the damn lock loosened lol

The only thing Ethercon has going for me is the lock isn’t relying on the flimsy plastic latch

It’s metal so in the field where it’s being constantly plugged and unplugged it won’t break

I assume that the cable will give far before the connector does

Yea

But then it leads to stupid stuff like this

Where you have a long ethercon run but need to actually plug it into something without Ethercon

So you gotta use a barrel LOL

Which is like fucking $20 bullshit

lol that new Adtran ONT is almost comparable in size

I wanna move more of our stuff to IP though. I really love IP stuff

But the majority of people at work don’t understand IP & networking well

Usually ends with the people that understand the legacy stuff age out or the legacy stuff becomes too expensive

I will soon be finally dealing IP video as our merger completed and parent company serves IPTV. Finally may actually make use of my MC knowledge

Our only issue with IP stuff is just reliability

Most stuff is fine but you’ve got the stuff that isn’t so…lol.

Hello, I can my client pc can ping the host pc but the host pc cannot ping client PC. Any idea what it could be? I cannot get a tracert output as well.

Probably your a firewall on your client PC/network is blocking it.

Yeah thought it might be that. Many thanks

@rocky badge found in the wild

lol

In my parents' home they have multiple coax connections in two different rooms, one of those connections in the living room is connected to our cable modem and the other ones are unused. We don't use cable TV. I went to the basement where the coax cables seem to all go, and it seems like they are all connected to several splitters and amplifiers (there are other people living in other floors of the house, it's not just my parents'). We want to have a moca link from the living room to the other room that also has coax (they are pretty far apart). Could we just disconnect the cables that belong to these two coax ports from the splitters and connect them directly together to make it work with moca?

I don't see why not

Ok good, thanks

Is there some way to find out which cables are which without potentially unplugging our neighbour's internet? The cables aren't labeled very well.

not that I know of, ik there are ways when the cable isn't plugged into anything but live not an easy way at least

there may be a tool for that, but the normal way is to plug into a device and it makes a tone, problem is that iirc that would interfere with everyone else's connection

@clear igloo @hollow marlin Dorm network provider just took like...3 minutes to hand out a DHCP lease

That's fine right? 😛

noooo

It's a shared network, got to pass the token around the ring

I'm glad TR was phased out by the time I got in this career

Heya folks, I'm redoing my home network setup and decided to decently partition clients and servers on my network, with vlans if necessary.
I wanted to use the 10.0.0.0/8 range, but some folks tell me that's not the best idea in terms of broadcast message and potential vpn conflicts but I'm not sure if those would actually pose an issue? Does anyone have any insight on this?

@clear igloo@hollow marlin Old HS.

Tracing route to one.one.one.one [1.1.1.1]
over a maximum of 30 hops:

  1    <1 ms    <1 ms    <1 ms  172.28.104.1 (Theatre Router)
  2     1 ms     1 ms     1 ms  96.4.x.x (School district's /24)
  3     1 ms     1 ms     1 ms  172.22.6.201
  4     4 ms     3 ms     3 ms  172.22.64.45
  5     *        *        *     Request timed out.
  6     2 ms     2 ms     2 ms  100.127.64.73
  7     3 ms     9 ms     3 ms  static-74-218-4-96.unallocated.tn.ena.net [96.4.218.74]
  8     9 ms     8 ms     8 ms  be2-2902.bb02.atlaga01.bb.ena.net [207.191.187.102]
  9    13 ms     8 ms     8 ms  te0-0-0-9.bb01.atlaga01.bb.ena.net [207.191.191.158]
 10    16 ms    17 ms    17 ms  198.32.132.136
 11     8 ms    11 ms    12 ms  172.71.28.2
 12     8 ms     8 ms     8 ms  one.one.one.one [1.1.1.1]

Trace complete.
``` damn lol

Using 10.0.0.0/8 is fine for the most part, but don't use 10.0.0.0/8 itself, subnet it properly, most likely using /24 s

Are Brocade Layer 3 Switches vender locked for modules of SFP/SFP+ and QSFP/QSFP+ ports? I didn't know if Amazon generic ones would work

Some people say they had no problems, though I'd confirm for your specific model of switch if it's old

It was the Brocade ICX6610-48P-E. I glossed over the manual but couldnt find anything. That's why I'm asking

-License fee to use 10gbps on the SFP+ ports

Damn that's a tad rich

Yeah people are talking about using all sorts of third-party modules in them so probably fine

what would happen?
we haven't paid for 4 months to the ISP, the ISP would cutout the connection when you haven't paid for that month.
They replaced the Wi-Fi Router when the old one was broken long time ago.
we moved to another ISP now we have 2 Wi-Fi.

Debt collectors probably

I could do with some networking advice. I'm getting a new fibre connection fitted tomorrow with ½ Gigabit. I'm hoping to get a NAS soon too.

The internet comes in the living room downstairs, but our home office is upstairs and this is where the NAS will have to be. We live in an old rental house, no ethernet ducts, and no easy way to lay them without damaging walls or leaving them exposed for my cat to pull on.

Any easy renter friendly ethernet methods I could use? Or is that fancy new wifi 6 worth paying for a expensive access point? Our house is fairly small so WiFi signal shouldn't be an issue.

Pretty common on enterprise gear. Wait to find out that Ciena requires a license to even configure VLANs on their switches

SP gear is nuts sometimes!! lol
Even Cisco doesn't charge for VLANs 😛

I got mine with the license included but that is rough for any other owner

Yep...VLANs? RSTP? SSH? Those are "advanced features of a switch, LICENSE!!!"

Here are the license for say even our 3928s and not included in the base

wow!! Well at least telnet isn't advanced right? 😛

oooof, even static routing?!?!?!

Thankfully we have global keys....prior to that I cannot confirm nor deny that many were telnet only because the license cost exceeded the hardware of a 3903

That's wild

Outside of that and their terrible CLI, at least they are rock solid. If you can get them that is lol

Yah, stability is key

Juniper is at least for the most part honor based. On commit it will say, "Hey, you need a license for this, but Ill configure it anyway". That is slowly shifting with Flex licensing though which is sad

Yah, Cisco (for now) is mostly honor based as well but of course smart licenses and whatnot 😄
Of course the 8000 series routers are different, can't even do an upgrade if you're not in compliance x.x
That's not to say you wouldn't get in trouble if you did run a ton of stuff in prod without licenses but of course if you're doing that you're probably not paying for TAC either

I did not realize some things are honor based with Cisco!

Yah, the only stuff that requires a license to enable and function is HSEC encrpytion and the like for most things*

I'm looking for a cheap network switch that has at least 2x 10G ports and 6x 2.5G any recommendations? I found this one from qnap but that only has 4x 2.5G https://www.qnap.com/en/product/qsw-2104-2s

@tawny moat https://nl.aliexpress.com/i/1005005118650350.html?gatewayAdapt=gloMsite2nldPcglo2nld

this guy has 8x 2.5 and one 10gbe

@tawny moat https://www.servethehome.com/insane-48-port-2-5gbe-2x-25gbe-2x-10gbe-managed-chinese-e-sports-cafe-and-hotel-switch-microchip-micron-sandisk/ a bit more expensive and overkill but also an option

do you want sfp+ ports or rj45?

more then 2x the ports for less then 2x the price so per port its still on budget 😛

oh wow thanks for the recommendation

whatever is cheaper

but probably sfp+

sfp+ is cheaper but its harder to run

it really depends on cable lenght and ammount

and cabling is more expensive
but nic-s are also cheaper

for short runs rj45 is cheaper, for long runs fiber

but oversimplyfied awnser ofc

for really short runs you cant beat dac

for 1-2.5gbe?

for 10 gig

yeah DAC's are great, but also very stiff and not very bendy...

so again it really depends on usecase

I have an issue, i bought a server mobo from ebay and it has a static IP for its BMC set. Its in a range i cannot reach from my home network as its out of the dhcp range

https://www.amazon.com/dp/B0C64X3625 8x 2.5g 1x 10g
https://www.amazon.com/Port-Umanaged-SFP-Compatible-YuanLey/dp/B0C64N2QN7 4x 2.5g 2x 10g
probably uses same switch chip as aliex one

i tried resetting the bmc but that doesnt work

any idea how to get to a BMC ip from a network out of range?

do you know what ip is set?

yes 10.1.5.141

my home network is like normal 192.168.1 etc

try pluging in directly to a nic
that mobo > cable> laptop/pc
and try to access that ip then

Connect directly and set your computer range to be within that

how do i do that?

windows

So you can do 10.0.0.0/8

IP settings, static IP

and turn of wifi i guess, or can i have 2 networks?

You can have 2

In theory, as long as IPs don't conflict which I don't think will

And set static on Ethernet

thanks guys, Also any recommendations for a bit bigger switch? something with 8x 2.5G and maybe 4x 10G?

i havent seen that particular combo
tipically its 2 10 gig ports and then either gigabit or 2.5g ports

https://www.aliexpress.com/item/1005004869154465.html?gatewayAdapt=glo2nld
this one is alot bigger but still worth looking at

Does anyone know how I would setup a reverse proxy (nginx proxy manager) and a custom domain for a jelly fin server (I have the domain from google and the domain is connected through cloudflare)

Yes

thanks for this, actually worked!

Do you need a ubiquiti router/switch to run ubiq access points?

No

@hollow marlin I want fortigates at work if it didn't require a safe shutdown lol

Juniper is the same. Sudden power loss is almost always a corrupted OS

:(

Yup, that's freeBSD flexing it's strengths

Pfsense lab Hello Everyone. I have recently started a pfsense router insite of a virtualbox network. I have gotten dhcp and network traffic working. One thing i wanted to do was test blocking sites just for lab porpuses. I have tried creating a fw rule and using pfblockerng and yet the websites i try to block such as youtube twitch or reddit still pass through. this installation does not have much customization. Does anyone know what I could be missing?

How are you blocking?

I tried using the firewall rules to block out bounced traffic and i have tried pgblockerng and tried blocking categories

but how are you blocking? IP? DNS?

pfblockerng has different ways to block

trying to do dns

make sure your browser isn't using private dns

If you use Chrome, click on Settings->Privacy and Security-> Security then under Advanced, see if you have "Use secure DNS" turned on. Turn it off to use your local DNS server instead of ignoring it.

You may also want to block UDP/53 and TCP/53 outbound from anything but the firewall, to prevent bypassing your DNS filters, but beware, it may break some IoT devices, like Amazon Echo, thermostat, etc.

¿Did anyone look over my application?

@hollow marlin @clear igloo I am surprised dorms & the main university network don't peer with each other here lol
or that they don't have any sort of interconnect, traffic destined to the university network from dorms go out to the public internet

Like completely outside their AS?

Yeah dorm and main university are on different AS

Bro dorm or uni traffic with compsci faculty people on it...

Could be the most certain way to find most cancerous traffic. Uni kids age plus enough knowledge to like metasploit or some sht

When I was in res, we had like 3 different wifis per floor. What i did was take over one of the routers for myself lmfao. Everybody else just started using one of the other networks

You cant block next ip of bounced traffic with rules by ip. Thats the whole point. DNS i dont even get what youre trying to do. DNS cant block anything really

My uni just have huge trunks to verizon and spectrum

If youre getting proxied or ddos connections, your only hope is block w rules by port. Inbound and you have say ssh on 22 tcp. Just make rule to drop all and only accept from your ips lol 100% will work

Better to only open a VPN port and only allow ssh connections over the VPN network 👍 If wanna go farther

Another way is by protocol. Smart filters exist which can even analyze traffic and block based on analysis

Well if only youre on vpn. But why. If you know youll always have a static wan ip thats yours and only it will need access to ssh... probably safest possible thing to whitelist only that ip

You know 100% unless somebody has physical access to that lan if there be one or hijacks the access point machines themselves... nobody but you will ever connect with that address

Also allowing all from any match and blacklist ban after is just a bad practice in the abstract sense. Your goal is to 'have certain people allowed to shell' most likely. Your vpn rule would mean in practice 'allow all from this iface or ip mask whatever'

Sure but opens you up to physical attack (unlikely unless you're the like a major company) plus then limits you to only being able to access the network while on that network considering how often I've had to access my machine from not my network

Well yeah but physical attack lets be real lol. Even the vpn solution would probably be no less prone to it in the same ways.

Besides theres always ultimate physical attack by going straight to target endpoint and skipping ssh access lmao.

Still would need private keys with a VPN to get in but as I said unlikely with physical attacks lol. And for the VPN you can still make it so only certain VPN users have access they all get their own static IPs when you set it up so you don't have to give the whole subnet access

If they have to break and enter same thing both remote and target box... might as well not bother and hit the target one :kekw:

True lol

Btw how would you make that rule?

Firewall rules you can just say only allow connections to port 22 from 10.10.0.5 for example

By ip or allow as separate interface which is the vpn's. Your firewall is technically blocking and allowing interfaces and ip ranges that happen to be special blocks. Nobody 'should' be on those in the internet

Only people who could be on it would be people with the VPN keys

Plus Encryption is always a nice bonus with VPNs

You know hamachi's ip range. It's 25.0.0.0/8 pretty sure. Nobody uses them. Hamachi claimed first. But those are valid wan ip technically. Also you cant do that for hamachi because they assign random ips from that range to all users

Doesnt matter which network you joined. Everybody has random 25.x.x.x
On network level, something like firewall cant do anything at all

Isn't that where a VPN would be even more useful tho where your IP is random you VPN into the machine and access whatever it is you want to

VPN is a virtual private network. Usually you want the opposite. It depends on use.

Yeah but we were talking about specifically for ssh which is something you'd want to be private

Exactly. So why even open up to 'anyone who auths onto your vpn'. Even of vpn ip and iface, why not just your ip :kekw:

In a physical sense, Id bet vpn is actually more dangerous than real wan ips to some mininal extent whether you like it or not. Youre always just adding extra things no matter what.

Honestly you dont want even shell access to be private all the time. Minimally you always want access to every individual user to be private because thats their intended use. Even still, linux users or actual os, sure. But for ssh you truly want the very username you auth with for ssh itself

Best security is no connection

Here security gets pretty real and unforgiving. You usually dont even have anything logged which differentiates clients in real world. Even ip. Case and point even ips and all other factors of network connection arent meant to be used as personal user identification. VPN maybe lol its technically better if you auth with same account as billing and crap on service

Thats the old air gap defense as they call it sometimes :p

Thats not really a true firewall. At least for sure not in the networking sense. It's perhaps one of the only widely enough available layer 1 firewalls :kekw:

Honestly whats sad is today thats not an uncommon problem with wireless. Imagine having modem/router which doesnt allow manual firmare updates. On top of that, you cant disable some antenna power or wifi. At most mac filter. After that, wpa2, idk all you have left

So you dont even have practical means of airgapping which doesnt involve custom firmware update through some bug mostly or opening it up and soldering out antenna somehow.

But youre right. No physical connection isnt just the best security. It's the only 100% guaranteed efficient.

even that can be compromised by human error/ social engineering
example: Stuxnet

Just get rid of the humans easy solution lol

Well i mean social engineering can get pretty dumb in not uncommon practical best cases:

You gotta either convince someone to plug cable back into wall lmao

Or maybe like assume false identity of someone they trust enough to change their mind and plug back in

Did you just watch Secret Invasion lol

Btw change their mind plays a big role too lmfao because convincing anybody who airgapped their machine in first place sounds potentially paranoid af and sweaty as bawlz

Body snatchers? Like the old or remake? Not sure about 'secret'

just use capslock light to exfiltrate data

Im on phone screen portrait lol

Marvel's Secret Invasion

new series?

yup

i will most likely wait untill they finish season or 2 and then binge

Oh idk. But social engineering is a special real life component of attack. It factors into every attack technically if you consider minimally the target itself being information always ultimately reflects some tiny remaining assumptions about how and what the data reflects irl. Whenever its 'personal data' getting stolen, it means already its got something to do w a human owner irl

So hacking somebody's gmail which youve seen them use for dozen other sites as recovery and not one other inbox: you can assume some bank logon you want will also use that email likely. If usernames are only that email, youve gotten the login itself likely

Just host your own email server

Thats social engineering though pretty sure. Or credential stuffing. You just assume like 99.69 of people use same password across all websites. So you try to use some massive leaked email-password pairs on diff popular service.

Don't actually do it it sucks

How many hops? Curious is it's just that both are peered already at an IX

Have you ever done it? Youre in a world of pain if you do so... trust me.

For instance, a big portion of email providers even big ones (those are the worst tbh). Imagine your servers getting blocked from like all yahoo.com inboxes

You first and foremost absolutely need rdns record for that server. Then you have to bash your head trying to reach their admins to manually unblock you

Its actually kind of sad though. The web is already has really polarized influence on some things like email. Gmail, microsoft, etc any other small or worse yet personal email server can get blocked from the whole world basically

But in the end its everybodys fault for switching to gmail immediately when it was beta lmfao. I ran like the wind into googles warm embrace. Now everybody uses and hosts entire common form of communication w private corporation lol.

Btw that would mean your own interface and auth to that mailbox. Minimally auth. Like tls and imap or pop3 idk lol. Then you connect and get mail with mail client. Its separate thing from web browser

If you want https web access and login, you gotta also run web server just like for sites and buy or find free mail portal on PHP. Or any service which can go through http. Then get ssl cert because especially emails lol. Its doable all free but such a headache. But you still minimally need reverse dns and your own tld.

Sorry tld lol. 2ld. I mean if own tld maybe that could work too. And youre a boss or government somewhere 👍

That's not much work, there's lots of solutions out there for that, the hardest part is the pain of deliverabily

If you are not 100% up to speed on administration and upkeep of hosting your own mailserver stack, you shouldn't touch it, at all.

Yeah the actual deliverability and even having a physical way to accomplish is bad enough. But i remember gmail was a blessing. A nice chunk of my life was before those giants. A lot more people (perhaps majority) were separated into way more tiny mail servers or personal. We had personal one. But spam was insane. Only decent shot tbh was using public spam filter dbs.

There are other things which turn out to also be entirely physical. Like being on personal server means nobody else there by default to get any statistics from when it comes to spam filter

Today, any leet spamma knows that they kiss minimally entire address goodbye if they mass mail people on google or yahoo (idk yahoo because theyve shown 0 friggs given for basic things before..)

All gmail sees is burst of mail origonating from same ip or domain etc to their boxes with no visible history of correspondence at all. Banned. Whatever was common between all flood messages is what they can just autoban without any monitoring. If you used your own private server then sucks lol. Youve just been banned from all google again. And this time admins will review just like before regardless... only tell you to get lost because it's legit reason honestly

It's a lot more complex than that with gmail. You need to configure your dmarc, google postmaster tools, and a bunch of other stuff though.

We got a whole dozen /24's badrepped by gmail because our ops team misconfigured the dmarc record and we sent an email blast to 10 million subscribers 😓

Legit subscribed email list has to have certain requirements met I remember first hand:

• Anybody who gets them must have opted in
• There has to be visible immediate opt out link accessible by all w no requirements
• Must be legit email in of ifself for sure etc

Oof. But irl Ive experienced personally that if you 100% dot is and cross ts, it can take like 1 report even by somebody and you get banned

Now you have to appeal. Theyll probably lift ban but still doing that every couple months? Eek. And try reaching some of their admins in the first place lmfao. Yahoo I legit had to find it first. Then you wait for email back :/

Once you establish a sender reputation (by either domain(s) or ip(s)) with google (and yahoo), it takes a hell of a lot more than a single report (it is percentage based), and you actually have a human review your appeal. Was pretty trivial to get sorted, used to be WAY worse.

So already youre not using your server for at least couple hrs if you did everything as fast as humanly possible

This is why we have numerous pre-warmed ip pools on our outbound mta's. If one drops rep, it is suspended from the outbound pool, and another is rotated in. Not a standard transactional email setup, obviously 😄

Thats my whole point. I think its futile even for mid-sized corporation servers. Like 100 boxes. For legit newsletters, I think you get banned first time regardless lol. Again, it looked like just autoban based on simultaneous incoming identical message

ya, you have to warm your ip's before you ramp up your send. Sounds like you didn't warm! 🙂

Well actually now that you bring this up wouldnt that mean you could as easily get notoriously pre-abused ips. Lol it was over from beginning. But here i think its still always doable. I mean theres the dns record and ip/server pair right? If you buy both domain and internet from same person w bad rep... lol nugunhappen irl

yup. You can get that info via postmater tools, but you have to actually have mail flowing before data will show up there. Doing large-scale (legitimate) bulk mailing properly and consistently is a minefield.

Idk. Ours were really warm for sure up until the burst. Thats the whole thing. We had like long correspondences w gov officials for a lot of states (also lol tbh its also kinda messed some of them had official mailboxes on yahoo or gmail). But then whenever our boss sent out those marketing messages... boom. Banned again on same providers even

And we even got banned by hawaii state gov or something lmfao. They personally contracted us and knew who we were but their private mail server was blocking us from the getgo

Ya. This is why you do transactional and marketing from different ranges. Sounds like your ip's were fine for transactional, but had not been warmed for marketing blasts.

Hmm. Well still, consider how google and yahoo will never block eachother lol. They are on eachothers' whitelists for sender reputable on whole next level of the meaning

When warming new ip ranges for marketing, we cap at 1k/day per mta per domain, and increase it by 500% every 24h (with automatic back-off if the recipient MTA gives a warn response, etc)

Already you have private mail servers guaranteed to never be 100% uptime. But the leading tech giants are exact opposite. And even an hour of being blocked for email is horrible. It defeats the whole purpose of email addr. Its assumed to be where they can reach you lol

mmhmm. I did say not to host your own email :p

Yeah I was stressing to the other guy who pitched the idea lol. Its mission critical

Btw we actually were hosted on microsoft. But one or two of the robots were on our own smtp which we had for some reason...

If i remember correctly, even just the address and personal domain can become issue. So after getting through from server, your mass emails still easily end up in everyones spam on gmail

yup. Large scale email is an art, been doing it for a bit over a decade now. Hate it, but it's part of our toolkit, so

If anything, it might not take more than two people (probably one person irl with two gmails in that case) to report you.

Well perhaps the real large scale is separate and a bit more hidden. It's the real culprit to me: everybody relied on the giants entirely for their 100% personal comminication

can't block gmail, but gmail can block you..

yup. These days it's Google's sandbox, they just let the rest of us play in it (with caveats)

I had issues with deliverability with protonmail a while back, using fastmail now with no issues

Without getting too political ill just say some things got autospammed which i already knew the next place to look was spam folder It wasnt even like wait half a minute first. They defs had decent enough internet and host speeds at their scales. On top of that, every single person like myself had to opt in for real. And I imagine whenever it was reported, it oppositely was only as not spam

yeah gmail spam is kinda weird, clicked multiple times for my selfhosted (outbound only) UPS email alerts to not be spam, still in spam

Meanwhile on fastmail, clicked once, works just fine

Well again, I feel like today unless you have literally like a third of all peoples main personal inboxes, youll always have some non-zero chance of running into issues. And I stress how with things such as this, it's a showstopper..

What i dont get is those temp email sites. Dont they have to change 2ld and ip all the time?

Like minute mail?

That's really only recive only iirc

Yeah. I feel like they dont send to certain email providers. If its against their policy maybe. Others must not care

Fastmail and others now have this masked mail feature which is a random email you can use for a service, and it's receive only

Because in practice, like think about it: even sender cant guarantee which address they land with sometimes. It prevents you from ever knowing anything about sender except they got your email somehow

So unless you sent that email from temp box, its either fraudster or prank lol. Both kinda amp up seriously with the personal factor though

Oh right derp. Thats how it works usually. No wonder. Kinda cool that its literally impossible to do temp address sending tho

I mean there's alisases you can create too

unlimited

Yeah but it can still get banned outbound just as well. It would make sense too in practice because the whole point is usually verification or recovery method

And I mean you can create as many subdomains as you want, eventually somebody will see that and ban the entire 2ld you own. Tbh if anybody uses subdomain of one you own, sucks lol. I doubt anybody bans anything less than entire 2ld for this crap.

And aliases idk if it makes any diff. You still have the physical ip and its just different domain idk. Aliases i think technically span entire address but not sure

well it's on a service, they def don't use unique addresses for a domain

Honestly, idk if Im even talking any sense anymore. Still dont even understand fully. Like the email addresses arent exactly even a thing from what i understand. Just that theres an expected domain name following a 'name' for user or inbox i guess. We only allow one @ probably because thats delimiter and theres always 2 tokens

no, I have one domain, I can create multple "users" ex: user1@example.com

Just the domain part cant have characters or format that isnt valid for domain. But what about the rest? I guess we make name also valid chars for domain out of simplicity

Honestly a good place to start would be seeing what happens w like postfix and other popular gnu crap when you make linux user name something invalid for maybe gmail to accept outgoing

Or even smtp servers in general. Because there could be user names on linux or something you should deliver to if its set up that way. But nobody sends mail with some character idk.

Whole point is i think it started from user names. Like user@machinehostname. But the email name before @domain doesnt have to be reflective of any user. Nor does it mean its even separate mailboxes

yeah no

Well thats mail tbh. I remember being so lazy one time that i had php sendmail configured to just send root

I wrote i think root@actualsitename.com and only configured that domain name to be servers alias or something. Same with the user. I think i ended up wildcarding somehow everyone to root mail for actual linux user

I was going to say probably on smtp and was correct from the looks of it. The key is in supporting utf8 encoded headers before anything. The two parts making up the address are referred to as 'domain' and 'local' portions. At least in one part of article

https://en.m.wikipedia.org/wiki/Unicode_and_email

It makes sense the last part is like fully qualified domain already or some sht. On top of that, it has to resolve because thats the part they chose to indicate where it goes over network minimally lmao. Problem is that its not uri and entire domain name itself is used to identify a real destination over network. Probably exactly why rdns is needed now.

sorry reread my message and by yeah no I was agreeing that it doesn't even have to be a seperate user/mailbox

well yeah, domain tells it the MX server to send to

building a home network, first time, thoughts?

pretty standard, see no issues at a physical side

Smtp is already shoddy asfk. Imo the 'local' part should implement utf8 the same way they did for domains. So not really implement but make the old characters have an equiv unicode representation

rdns iirc is a method just to verify origin server

not needed for actual delivery over the wire, but to get past spam

I don't have rdns setup for home IP, can receive email from home just fine

Yes. But do you need it when connecting to http server? Ftp? No. And its not because you send things one way either

thanks

no?

which switch will you get?

Im pretty sure youre stuck with rdns because exactly that mail server is on network. Everything it transfers with all else is over network. Network endpoints are identified by ip address. You only resolve domain to ip. Nameservers or even names themselves arent used for the actual networking and connectivity.

I am looking at a "TP-Link TL-SG108PE"

yes ik, but it's not needed strictly

as a basic managed switch it looks fine but i would suggest that you get something like Mikrotik CSS326-24G-2S+RM

ultimately depends on what the needs for the network are

Right but ip is the real thing you need no matter what for transferring over network. It also depends on 'network' you could say but thats in a whole other way. Like reserved blocks tbh you know its network thats separate from wan. 127.0.0.1 you know its not even anything beyond network iface itself

Looks good, so does "• Port Mirroring

• One to One
• Many to One" allow for mirroring for both ingress/egress to one port? saw it on the specs

yes, that's what a DNS lookup is for

send mail to example.com? lookup MX, send to that IP

just regular dns

Yes. To resolve an ip which at any given point represents exactly one endpoint on network generally. So why do you not need it at all for things like http ftp, rtsp, etc

you do

I don't understand your point

Email addresses are poor standard to this day. Like even just 'hostname' portion doesnt even support all new ones. Imo should be done exactly like they did with hostnames call me crazy lmfao

isn't that heavily implementation specific

https://en.wikipedia.org/wiki/Unicode_and_email

https://datatracker.ietf.org/doc/html/rfc6531

My point is youre referring to actually the very idea of URL. Theres actual technically valid and invalid url. It splits up first and foremost as protocol and everything else is generally an address. But I think thats actually just URI so far. URLs if I remember correctly are valid URI but not necessarily vice versa. The URL begins to define additionally separate part of address (so the token that isnt proto or their delimiter). First half is either full host name or ip addr. The rest is 'path relative to docroot'. But what is the first part generally and why?

well email is old, it's similar to telnet and ssh in the way addresses are defined

username@computer

It's put generally as the network address. It is actually ip address which tells you where http will do the second t part. Because this transfer protocol is over network. The rest is local always with respect to that ip or hostname just like 'user or inbox' is to the second half in email

yes

Right. My whole point exactly. Emails seem to be based on traditions we had with just mail. Unix mail looks exactly like that tbh still. The @ symbol just became defacto the representation of any user on something... lol

That something is minimally a single machine i guess

it's just how it started, no one changed it, and now we are stuck with it

imo it's perfectly fine

apparently it was Ray Tomlinson who made that system

Yup :/
Its far from fine. Because you have secure mail transfer protocol just like any other transfer protocol on same networks. Only the unique addresses for endpoints are not ip address. Literally save an email entirely to eml file. Header body and all. Not sure if even ip it was delivered from is anywhere in there

?

there's received from

     by sloti49n35 (Cyrus 3.9.0-alpha0-531-gfdfa13a06d-fm-20230703.001-gfdfa13a0) with LMTPA;
     Wed, 12 Jul 2023 16:28:16 -0400```

Ah ok so thats actually in header? With ip?

yes

yes, copied and pasted

Also that looks like rdns isnt set up pretty sure lol. I know its 10 addy but still

actually that's internal email system from

here's one X-Spam-source: IP='54.240.37.196', Host='a37-196.smtp-out.amazonses.com', Country='US', FromHeader='com', MailFrom='com'

Which shows the very thing tbh. You chose to use emails second half for some reason as validated hostname resolving to physical dest server ip. But the transfer itself happened over network from some ip. So you use rdns to find out name

yes and no

Ideally it matches the from address name right? Im not getting it wrong am i?

no

that one was from notifications@stripe.com

rdns is used as one factor in spam scoring and acceptance rules. Determining who it came from is not from rdns at all, but from the "FROM" portion of the header.

there's a From header

^

that's what I'm trying to say

Well i mean in practice idk why you cant just pick yourself the sender to be name@s22-305.east.comcast.50ld.us.com.comcast.com

Theres a diff though

that's the thing, you can put anything in the FROM

You can, but unless you ALSO pass the spam scoring, your email isn't getting through.

at least not in any meaningful way

that's the reason for SPF

SPF, DMARC, and rdns. (plus other things specifically for bulk)

yep

also DKIM

yup

But if email was standardized as valid url just with smtp://samemail.com/userOrInboxWhatev

the format doesn't matter

The addresses not the mailto

it's the underlying protocol

Well again the protocol does pretty much the same thing as http etc. It operates over the exact same layers of network i think. Honestly problem with email could be you rely just on network identity of any sort as persisting information kind of similar to web browsing

SMTP is designed as a Server <-> Server protocol, not really USER <-> Server these days

Only you expect to be replying later to same email which should have the exact same one human as first exchange

you could achieve that with the current format, the problem is again the protocol itself

Wait but smtp is no diff. Its just obscured a bit by how we practically see it. Theres sending mail which is also one way. Theres a difference in I guess the software and even smtp perhaps but only with respect to one another.

If you build an http server into browser, i feel like it would be barely any different

The protocol itself on network though is designed i guess with more than one port for starters lol

But again, I maintain that as protocols, they minimally share transfer over network via tcp at least. Udp actually is actually somehow possible to specify the same exact way potentially. But only implementation would still be different... unless you permit nothing getting across guaranteed

So the to and from have truly at least ip. Forget even making sure hostname anything and all that rdns crap. You have literally cant connect to anything without exactly one ip and port. Net protocols often take care of port separately.

SMTP is over tcp iirc

so idk what you are trying to say

OH!

Irl were assuming that two corresponding sides are on their mail servers. But I think the real problem they both assume they resolve eachothers hosts to same addresses. That it?

?

an email server can send on behalf of a domain

15

Yes thats how they fix it. By claiming their own hostnames in the message. Again, as whole email address pretty sure. Why? Lol. Doesnt have anything to do with most protocols involves either. I could be wrong but...

Pay attention to like pop and imap. Isnt username (and its pass) for auth separate from the name@ in email addy

yes, because you are connecting to the IMAP server, not MX

Btw which you get to retrieve mail from same server. Not sending. In fact, is thunderbird or outlook an smtp server? Theres a good way to show what i mean

Mx as in dns record you mean? You dont connect to those at all. Mx ill be honest idk exactly what it does along with most of other record types lmao. Ultimately i know though it is resolved into another name but eventually ip somehow

If a record in dns is another name, you resolve it. Tbh maybe not all. Again, idk what all of them do lmfao. I know cname a and aaaaaaaaa. You also have v4 or v6 address. One or the other. You can fit v4 into v6 but thats not resolution

Mx i think is just smtp server record. Should resolve to ip just like always

When (s)he said MX, (s)he meant MTA, the mail delivery server. An MX record states where incoming mail should go to.

Right. Ideally you want mx to resolve directly to destination no? Either way, still an endpoint correct? The mail travels over network. Again dns confuses me a lot. This is one of those places. I dont even get the correlation between mail exchange and dns. I usually set mx to another hostname like jsbxjxkd.google.com

MX record says "this is the server that should receive email for this domain"

It can point to an IP address, or to an A or CNAME record i.e. ggg.googlemail.com

Right. And what does it ultimately resolve to? How does 'this server' look like?