--- Log opened Thu Aug 06 00:00:40 2020
00:07 -!- DrArkaneX [~Doc@107.77.240.44] has joined #se2600
00:07 -!- DrArkaneX [~Doc@107.77.240.44] has quit [Client Quit]
00:11 -!- crashcartpro [uid29931@gateway/web/irccloud.com/x-achfxsdcijmttmym] has quit [Quit: Connection closed for inactivity]
06:39 <@Evilpig> https://imgur.com/a/SPP4arn
06:39 < PigBot>  Photons %| Photᵉoffs - Album on Imgur (at imgur.com) http://tinyurl.com/y2bm2bq6
06:39 <@Evilpig> I guess I had broked resolv.conf and should have tested
06:39 <@Evilpig> stupid fat finger
06:49 < aestetix> big boned finger
06:51 <@Mirage> Starting the morning off right: https://www.youtube.com/watch?v=X6I_dKUYyI4
06:51 < PigBot> Statler and Waldorf Classic Compilation Awesome - YouTube (at www.youtube.com) http://tinyurl.com/y3qxz98h
07:01 <@Evilpig> I'm starting off with star trek: lower decks
07:39 -!- rpifan_ [~rpifan@p200300d2671a3f424c79a7a3c2955a8b.dip0.t-ipconnect.de] has joined #se2600
07:41 -!- rpifan [~rpifan@p200300d2671a3f32f9e67be1b33bdbdd.dip0.t-ipconnect.de] has quit [Ping timeout: 260 seconds]
08:49 <@Dolemite> mr0ning, be0tches and h0ez!
08:49  * aestetix hugs Dolemite 
08:55 < aestetix> damn, no chance of all-online phreaknic this year?
08:55 < aestetix> then maybe I could attend
09:42 <@Mirage> In a meeting our account lead for a customer bitches that someone asked a question "in the slack channel", but no one responded in a timely manner.  And then proceeded to want to know why....
09:43 <@Mirage> I said, well..for one thing the question was asked after 11PM and we're, according to you, only supposed to support this customer during normal business hours.
09:44 <@Mirage> And furthermore because all of the "new ticket in queue" and "new alert" messages generated by the various monitoring APIs and such send all those messages to that same channel, there's so much crap going on that is outside of our scope of responsibility that it all just becomes noise.
09:45 <@Mirage> He then, of course says.."Well, if you would give feedback on it then we could tune it to reduce the noise."
09:46 <@Mirage> My response, which he wasn't happy with, was "Yeah, I've given my feedback several times over the past 6 months on this subject and it always falls on deaf ears, so what's the point?"
10:00 <@Dolemite> Your feedback will, once again, fall on deaf ears.
10:51 <@Mirage> Of course.
11:18 <@Dolemite> Anybody good with LDAP/AD search filters?
11:18 <@Dolemite> Evilpig?
11:18 <@eryc> sup
11:18 <@Dolemite> I am trying to match on a value contained within an array
11:19 <@Dolemite> ie, altSecurityIdentities: [ 'val1', 'val2', 'val3' ]
11:19 <@Dolemite> so if CertFingerprint = 'val2'
11:20 <@Dolemite> I want a filter that will let me find the AD record where ${CertFingerprint} is in array altSecurityIdentities
11:21 -!- rhia [~rhia@66.235.79.125] has quit [Remote host closed the connection]
11:21 -!- rhia_ [~rhia@66.235.79.125] has quit [Remote host closed the connection]
11:21 <@eryc> i think you can just do "(altSecurityIdentities=val2)"
11:21 <@Dolemite> Nope, that was the first thing I tried
11:22 <@eryc> does it give any useful error?
11:22 <@Dolemite> Lookup failure
11:23 -!- rhia [~rhia@66.235.79.125] has joined #se2600
11:23 -!- mode/#se2600 [+o rhia] by ChanServ
11:28 <@eryc> do you get anything with =* ?
11:30 <@eryc> lookup failure seems different than eg "bad query"
11:30 <@eryc> the ldap docs say that if val2 matches any of the values it will return
11:37 <@Evilpig> Mirage: we've sent all that typeof crap in slack to an "integrations" channel that gets mostly ignored unless someone is looking for something that happened earlier
11:37 <@Evilpig> only crap that goes to our regular discussion channel are merge request notices because they need approval and bitches need to get on that
11:50 <@Dolemite> eryc: It seems that the object I'm trying to search on isn't being parsed from the certificate, so in that case, it will never work.
11:50 <@Dolemite> When I did a raw dump of the data I get from the certificate authentication, that field/attribute isn't there
11:50 <@Dolemite> so that explains the issue
11:52 <@Mirage> all the arrays and values as arrays thing can be a pain with LDAP, depending on what you're using to do the searching, filtering, matching.
11:52 <@Mirage> I mainly do all that w/ PHP
11:54 <@Dolemite> This is with PingFed, which uses some obscure apache scripting language
11:54 <@Dolemite> ognl I think
11:57 <@Mirage> if you're on a windows box you should be able to connect up w/ ldp.exe to look at the schema and play with some search strings
12:10 <@Dolemite> I'm usind dsquery
12:10 <@Dolemite> using
12:10 <@Dolemite> anyway, the attribute I'm trying to search with doesn't exist.   I know the issue, now.
12:29 <@eryc> the ldap query can list which attributes to return
12:29 <@eryc> but yea if no existo no existo
13:02 -!- rpifan_ is now known as rpifan
13:14 -!- Mirage [~mirage@raw.thehippo.net] has quit [Ping timeout: 264 seconds]
14:31 -!- Mirage [mirage@ra.thehippo.net] has joined #se2600
14:31 -!- mode/#se2600 [+o Mirage] by ChanServ
14:31 <@Mirage> fucking cable companies...
14:32 <@Mirage> Spectrum apparently sent out an update to my Business Gateway which enabled reset everything back to defaults
14:33 <@Mirage> So it was essentially just acting as a NAT gateway...outbound worked fine, inbound not part of an existing session not so much
14:35 <@Mirage> oh, yeah...and the flood of queued emails begins
14:41 <@opticron> Mirage, can you get a modem that doesn't include the poorly managed features?
14:41 <@opticron> or are you locked into that one that spectrum controls?
14:42 <@Mirage> for gigabit service I have to have the modem and the business gateway
14:45 <@opticron> oh...it's a separate device that's also managed by spectrum
14:45 <@opticron> great
14:47 <@Mirage> yeah...and such an awesome device that i've had to have them replace it 3 times in the past for fucking up
14:48 <@opticron> no way to have your real router pretend to be it?
14:55 <@Mirage> no.  it's a cable device, therefore it's provisioned in their system by MAC
14:56 <@opticron> so it's two different cable-attached devices...that's even weirder than I was imagining
14:56 <@Dagmar> Well, the real show stopper is the coax
14:56 <@Dagmar> Transparently intercepting traffic including stealing their mac is pretty easy
14:57 <@Mirage> Looking at my server logs I was able to narrow down when it was broken to between 8/4 00:46:25 and 8/4 01:46:26, which this chick was then able to look up and see that there was scheduled maintenance at that time.
15:20 <@Mirage> While I was on the phone w/ them I asked yet again if they could fix the PTR record for 72.128.159.203 so that there was only one entry and that it be the right entry, which just absolutely confused the shit out of the poor girl on the phone.
15:21 <@Mirage> Unfortunately she asked her supervisor if she could escalate and they said no.  Of course this same supervisor was also wanting her to submit a request to remove the custom domain PTR altogether and replace it with their default rrcs-72-128-159-203.sw.biz.rr.com which I immediately told her would completely break my stuff and was NOT an option.
15:22 <@Mirage> If you do nslookup 72.128.159.203 multiple times you should see it flip between "ra.thehippo.net" and "raw.thehippo.net"
15:23 <@Dagmar> what the absolute fuck
15:23 <@Mirage> Which is of course not great, but at least it's better to have the reverse correct ~1/2 the time than not at all
15:23 <@Dagmar> Holy fuck they're morons
15:23 <@Dagmar> ;; ANSWER SECTION:
15:23 <@Dagmar> 203.159.128.72.in-addr.arpa. 86400 IN   PTR     ra.thehippo.net.
15:23 <@Dagmar> 203.159.128.72.in-addr.arpa. 86400 IN   PTR     raw.thehippo.net.
15:25 <@Mirage> When I initially called in after I got the service setup and saw that they had "raw.thehippo.net" in there incorrectly and called in to get it changed to just "ra" they claimed they didn't even show the "raw" entry in their system, which is how I wound up having two.
15:25 <@Dagmar> That's because you were dealing with a Tier I flunkie who doesn't actually know fucking DNS
15:25 <@Dagmar> They definitely managed to publish multiple goddamn PTR records for your IP
15:25 <@Dagmar> Jesus
15:26 <@Mirage> The guys at FiOS were awesome because I literally just sent them then proper PTR records to have in bind format and they slapped them in w/o any problems.
15:26 <@Mirage> I must commend myself on not losing my shit talking to her because I realized that she didn't know any better.
15:26  * Mirage goes to get a beer to celebrate
15:28 <@Dagmar> I've just learned to say "Okay... You're not paid enough to know things to this detail, so don't worry about it, but it does need to be escalated to someone who might be fired if they didn't know it"
15:28 <@Mirage> On a separate note, if sometime next week I'm unresponsive in channel and there's a news article about a murder/suicide in McKinney TX, it's probably my wife and I because she's decided that we both need to stop smoking once the cartons we have right now run out.
15:29 <@Dagmar> Not eveyrone realizes their shiny GUI tool isn't smart enough to do more than just pick the first response record it sees and show that alone
15:29 <@Dagmar> Dig, on the other hand, just reports what it's told
15:30 <@Mirage> Yeah, she was having to open an internal ticket for the request to fix it and I had her read it to me, then suggested some edits to clarify it better.   I also told her to open cmd and run nslookup against the IP mulitple times and then attach a screenshot of that to the ticket.
15:30 <@opticron> hmm...I wonder if things looking up PTR records will use CNAME
15:33 <@Mirage> I had to add in a CNAME for raw to make some things work correctly for fwd/rev validation..not buying an SSL cert for it though.
15:37 <@Dagmar> opticron: Think carefully about what you just said
15:37 <@Dagmar> opticron: Keep in mind that a PTR lookup is just like any other lookup
15:38 <@Dagmar> The resolving library doesn't freakin' care
18:19 <@Mirage> Heh, just had the supervisor of the girl from earlier call me to double check that the submitted request was correct before he pushed to have it escalated to the engineering group.
18:21 <@Mirage> He was also non-technical...at least with respect to DNS, so I had to explain it to him all over again in laymans terms so that he could understand what the ticket said.
18:22 <@Mirage> If they'd just allowed her to escalate me to the engineers while I was on the phone it should have been easily conferred and resolved in short order.
18:23 <@Mirage> This is pretty much the exact opposite of what Dag and I used to have to deal with at VU where we'd have to call and explain to the departmental people submitting requests how their request either made no sense or broke RFC guidelines.
20:09 -!- rpifan is now known as misspwn
20:09 -!- misspwn is now known as misspwn_
20:09 -!- misspwn_ is now known as misspwn__
20:10 -!- misspwn__ is now known as notnotmisspwn
20:11 -!- notnotmisspwn is now known as notmisspwn
20:16 -!- notmisspwn is now known as notrpifan
22:00 <@Evilpig> Mirage: not wanting to go the vape route to quit or at least transition?
22:03 <@Mirage> We'll be going on the patch..not cold turkey.  But still...when you've been smoking for 20+ years it's a hard habit to break.
22:04 <@Mirage> On a sep note, I just found this on youtube and have been about pissing myself laughing so hard.  I need to find this game and get a NES.  https://www.youtube.com/watch?v=INzXO48oh20
22:04 < PigBot> Beavis and Butthead: Virtual Stupidity (1995) PC Complete Playthrough - NintendoComplete - YouTube (at www.youtube.com) http://tinyurl.com/y37dzulk
22:05 <@Mirage> I would say PC, but I seriously doubt it'd play on modern PC's
22:09 <@Evilpig> ash switched to the vape and that raspy shit cough she had was gone in a week or two, she stepped the nicotine dose down over a few months and just refuses to quit the rest of the way.  always has an excuse
22:10 <@Evilpig> I'm out.  anyone have any two port pci-e sata controllers they like for linux?  My virtual server has two drive bays that aren't connected because the motherboard only has 6 sata connectors
22:11 <@Evilpig> key aspect being cheap but dependable
22:12 <@Evilpig> I was looking at this.  https://www.amazon.com/IO-Crest-Controller-Non-Raid-SI-PEX40064/dp/B00AZ9T3OU/
22:12 < PigBot> Amazon.com: I/O Crest 4 Port SATA III PCI-e 2.0 x1 Controller Card Marvell 9215 Non-Raid with Low Profile Bracket SI-PEX40064: Computers & Accessories (at www.amazon.com) http://tinyurl.com/y3rx36u4
22:22 <@Mirage> Never tried one of those like that.  For my FreeNAS box I got one of these: https://www.amazon.com/gp/product/B002RL8I7M/
22:22 < PigBot> Amazon.com: SAS9211-8I 8PORT Int 6GB Sata+SAS Pcie 2.0: Electronics (at www.amazon.com) http://tinyurl.com/y68v8ux6
--- Log closed Fri Aug 07 00:00:41 2020