<DocScrutinizer05>
Oksana: for really heavy headache consider *this*: GDC paid VAT for the 12..13% they subtracted
<DocScrutinizer05>
it's only a 19% of a 13% of donations, but ut's quite enough to nake you want shoot your forehead when you want to get it *right*
<DocScrutinizer05>
I gave up on it and accepted we possibly pay VAT twice on 13% of maybe 30% of early donations
<DocScrutinizer05>
background: we have no invoice with VAT lsited, for the 13% GDC subtracted
<Oksana>
Does Goldelico have the invoice, or was it swallowed-lost by time?
<DocScrutinizer05>
there's no total invoice. GDC sent invoices to each single customer
<Oksana>
So, if the customers sent you the invoices, would it help?
<DocScrutinizer05>
those invoices have the VAT that been charged. However that VAT is virtually impossible to recover for the transferred funds GDC->Neo900_UG
<DocScrutinizer05>
((if the customers sent you the invoices)) that would complicate matters even more
<DocScrutinizer05>
for a 19% of 13.xxx% of your original donation
<DocScrutinizer05>
as mentioned above. it's wiser and cheaper to accept we pay VAT twice for those 0.13*0.19*X
<Oksana>
Okay...
<DocScrutinizer05>
when your original donation to GDC been the (standard) 100 bucks, the loss will be <3 bucks
<DocScrutinizer05>
no matter what we try to fix that, it will inevitably cost more than that (on work hours, fees for tax advisers etc)
<DocScrutinizer05>
NB this whole problem only applies to the funds you originally donated to GDC and then got transferred (directly or indiectly) to Neo900_UG
<DocScrutinizer05>
our worst headache are the funds GDC refunded to you and you transferred them to Neo900_UG yourself
<Oksana>
Because they are even more difficult to match...
<DocScrutinizer05>
for us that's a donations from Mr/Ms XY of for example 83.56Eur which we nevertheless need to take into account as worth a 100.-, depending on date you did the transfer
<DocScrutinizer05>
you pay 83.56, we owe you 100.- --- my tax adviser will kill me
<Oksana>
It would be easier, imho, to just take all people who ever donated to GDC, and consider that you received 13.xxx% from these 100EUR-something (it does not matter whatever happened later)
<Oksana>
And then treat all 83.56 as "normal" transfers.
<Oksana>
Is it possible?
<DocScrutinizer05>
I think I can't follow
<DocScrutinizer05>
maybe wpwrak can
<Oksana>
Like, people donated 100EUR-something to Goldelico. 13.xxx% was used-for-something-Neo900-related and thus automatically counts as Neo900-owing-the-GDC-donators. 8x.xxx% was left with GDC, and later transferred either to Neo900 directly (as normal donation, Neo900-owes-to-donator) or to donator (and then a normal donation from human to Neo900).
<Oksana>
Then, you pay 83.56, we owe you 100 problem disappears. Instead, a convoluted donator->GDC->something-Neo900-related->Neo900 remains for 13.xxx% of GDC donations.
<wpwrak>
Oksana: one problem: we only have those (partial) customer records from GDC where a direct transfer from GDC to Neo900 UG was made
<wpwrak>
german data protection law wouldn't let GDC just dump their customer / order database to us
<wpwrak>
so anyone who didn't request that the refund go to neo900 ug has "disappeared" from the structured world of that database
<Oksana>
(german data protection law wouldn't let GDC just dump their customer / order database to us) Not even selective-database of those who donated-to-Neo900?
<Oksana>
It's like, people donated to GDC -> GDC was owing donators. "future goods" were transferred to Neo900 -> Neo900 should have database of those who already bought part of these goods from GDC, so that Neo900 would be owing these donators.
<wpwrak>
yes, these we have. well, date, amount, name, e-mail, and a few technical items
<Oksana>
I mean, did GDC dump to Neo900 whole database of customers who donated to Neo900 through GDC website?
* Oksana
thinks that they should have...
<wpwrak>
to neo900 ug, yes. to the neo900 project (while at GDC), no
<DocScrutinizer05>
no
<DocScrutinizer05>
we have no record of those4 cistomers that received refund to their own account from GDC
<Oksana>
Is it possible to do it now? Because whatever goods the donators were paying for, were transferred to Neo900, so whatever debts GDC owed to donators, should be transferred to Neo900, too?
<DocScrutinizer05>
no
<DocScrutinizer05>
when you didn't instruct GDC to transfer your donation to Neo900_UG directly then there's no way GDC let Neo900_UG know about you and your receipt of refund of 83.56 out of an original 100.-
<Oksana>
Okay... /The legalities are convoluted.../ So it's basically the word of donator "see, I donated to GDC earlier, here is my order number, they returned money to me, and I am forwarding them to you", and based on this word, you need to "up" their 83.56 to 100.
<DocScrutinizer05>
and GDC doesn't know if you ever sent those 93.56 to Neo900_UG
<DocScrutinizer05>
exactly, and we asked donors to send exactly this content/info in an email to us
<DocScrutinizer05>
we got several such emails
<Oksana>
GDC does not have to know this. GDC should just "transfer" this debt of 13.xxxEUR-whatever to Neo900, together with the whatever-assets-which-were-bought-with-this-donated-money.
<DocScrutinizer05>
they are one of the 5 sources of info mentioned above which need to get merged into one database
<DocScrutinizer05>
sure, when GDC would have transferred 100% to UG and then sent an invoice, everything easy
<DocScrutinizer05>
alas GDC decided to withrdaw 13.xxx% before refunding the rest to whomever
<Oksana>
In the worst case, you can tell your tax advisor that "upping" debt of 83.56 to debt of 100 is reward for early donators, or something. Stores do not have to specify reasons for their gifts to customers...
* Oksana
hates paperwork...
<DocScrutinizer05>
yes
<DocScrutinizer05>
for now the problem at hand is to get the whole stuff sorted and merged into one comprehensive correct database, to create vouchers from that
<DocScrutinizer05>
once that's done, we're cheering easy
<DocScrutinizer05>
the 0.13*0.19... meh! nevermind
Humpelst1lzchen has joined #neo900
<DocScrutinizer05>
worst case
<DocScrutinizer05>
~50000*0.13*0.19
<infobot>
1235
Humpelstilzchen has quit [Ping timeout: 272 seconds]
<DocScrutinizer05>
and that's probably factor 5 to factor 10 worse than it actually will be
<wpwrak>
naw, looks pretty consistent with my data
<DocScrutinizer05>
for now *my* problem is: 400 customers * 10min/customer to sort it out
<DocScrutinizer05>
we need to streamline/optiize that process
<Oksana>
~400*10/60
<DocScrutinizer05>
and we need a decent and scaling infra to hold our data. Some relational database or whatever
<infobot>
66.666666666667
<Oksana>
~400*10/(60*24)
<infobot>
2.777777777778
<Oksana>
~400*10/(60*8)
<infobot>
8.333333333333
<DocScrutinizer05>
Oksana: I can't work 24h/d on this
<DocScrutinizer05>
;-)
<Oksana>
So, 1.5weeks.
<DocScrutinizer05>
yeah
<Oksana>
Actually...
<Oksana>
~400*10/(60*8*5)
<infobot>
1.666666666667
<DocScrutinizer05>
and that's not taking into account the time to define and create a decent matching database set of tables etc
<DocScrutinizer05>
this would basically be the time to accomplish the task with paper cards
<DocScrutinizer05>
we got dolibarr and prestashop, and we got egg-sell shiits and stuff
<DocScrutinizer05>
we need to find the proper scaling method to handle all this now
<DocScrutinizer05>
I'd prefer a way inside prestashop
<DocScrutinizer05>
since we gonna go webshop anyway, for *all* our customers
<DocScrutinizer05>
nevertheless what we got now are: account-turnover csv fron Deutsche Bank, PayPal csv, GDC SQL dumps for direct transfersm and emails to donationsAT neeo900,org for indirect transfers
<DocScrutinizer05>
plus a half a dozen side channels like IRC etc
<DocScrutinizer05>
for now stuff is in a number of egg-sell sheets and 3 people are working on those. Pretty annoying to find the latest and avoid merge collisions
<wpwrak>
took me a while to realize that "egg-shell" doens't refer primarily to fragile software :)
<Humpelst1lzchen>
thats alot cheaper then announced
<DocScrutinizer05>
hhe
<Humpelst1lzchen>
funny everything english but "Haftungsbeschraenkt" and "Amtsgericht"
<DocScrutinizer05>
hehe even. Yes we used arbitrary but low prices, so we can confirm real PP payments etc
<Humpelst1lzchen>
also missing Umlaut on "Haftungsbeschränkt", Nürnberg has them
<Humpelst1lzchen>
and why the US date format?
<DocScrutinizer05>
such webshop is somewhere between software and hardware development in requirements. You still could fix stuff later on, but mess that happens to your customers when something doesn't work as supposed might be *very* difficult to fix
<DocScrutinizer05>
the US date format makes me puke, I asked dos1 to fix that
<DocScrutinizer05>
(umlauts) I generally try to avoid them wherever possible, they are a major source of trouble in computing
<DocScrutinizer05>
the invoice template is basically unchanged original that shipped with prestashop
<DocScrutinizer05>
my "hmm" above was regarding that - maybe we need to tweak that template a little to beautify stuff
<DocScrutinizer05>
but for the next 4 or so hours, spreadsheet imposition is scheduled, to get the most recent payments into our crappy database, before we even try converting that crappy database into a good one
<DocScrutinizer05>
seems wpwrak made a fine script to create voucher codes automatically then
<DocScrutinizer05>
then we'll import that csv list of vouchers into shop, so the vouchers are available to new customers
<DocScrutinizer05>
then we send out the voucher codes in a email to all our customers, asking them to please create an account and "buy" one of either Neo900-complete-device_DOWNPAYMENT or NeoN-board-for-N900-DIY-upgrade_DOWNPAYMENT
<wpwrak>
s/made/will make/ # still need to adapt the critter i used for the interest guesstimates :)
<DocScrutinizer05>
:-)
<DocScrutinizer05>
both products will be available in a number of "colors": LTEmodem-US, LTEmodem-EU, UMTSmodem, UMTS+CDMAmodem...
<Wizzup>
how hard would it be to switch the modem? </stupid q>
<DocScrutinizer05>
switch?
<Wizzup>
swap
<Wizzup>
physically I mean
<bencoh>
change
<Wizzup>
yes
<DocScrutinizer05>
basically impossible
<Wizzup>
ack
<DocScrutinizer05>
it's soldered
<bencoh>
is the sim reader directly connected to the modem ?
<DocScrutinizer05>
alas there's no reasonable way to make it plug-able
vakkov has joined #neo900
<DocScrutinizer05>
err, almost directly. We have a mux in there for the dual-SIM
<bencoh>
(well ... is there a sim reader ?)
<bencoh>
oh, okay
<bencoh>
wait, dualsim ?
<DocScrutinizer05>
yes, for now dead silly stupid assisted swap
<bencoh>
didnt know we'd have that
<DocScrutinizer05>
nevertheless we plan to support DualSimDualStandby whenever Gemalto will support it in their modem firmware
<DocScrutinizer05>
(not that I'd have high hopes for that ever happening)
<DocScrutinizer05>
imsi-catcher detector. could be done on N900 and Neo900 as well, aiui
<DocScrutinizer05>
it's just a software monitoring some more "arcane" network data provided by modem
<DocScrutinizer05>
e.g comparing the cellID to a database of known and legit cellIDs and locations of those
<bencoh>
false positive yay
<DocScrutinizer05>
:nod: that will happen every now and then
<pigeons>
i get silent text message alerts on some devices something about the way google voice forwards sms to cause a notification
<pigeons>
or maybe just a bug
<pigeons>
i got a string of sms where the sender, message, everything was displayed as some characters unrecognizable by me and i briefly wondered if that was a binary exploit directed at the sim card
<pigeons>
when i'm at the edge of serivce i get a lot of "unknown LOC" alerts
<pigeons>
airports often seem to trigger the imsei catcher alarm, probably valid there
<bencoh>
the subway as well
<bencoh>
and I often end up not finding my cell in opencellid
<bencoh>
so it's definitely not an accurate way to detect imsi-catchers
<DocScrutinizer05>
there is no accurate way basically
<DocScrutinizer05>
in the end of the day a legit BTS could act as IMSI catcher
<DocScrutinizer05>
it's the contemporary equivalent to listening for strange noise in POTS call that *might* indicate somebody is eavesdropping by tapping the wire
<DocScrutinizer05>
of course not all wire tapping will create crackling noises, and a lot of other less suspicious sources of noise happen all the time
<DocScrutinizer05>
same with IMSI-catcher detection. No reliable detection and lots of false positives
<bencoh>
yeah
<DocScrutinizer05>
it's basically just a hint
<DocScrutinizer05>
when you see a black van with dark windows parking in front of your house several days, this *may* mean they're observing you. However "no such car" doesn't mean they don't. And the car - if there's any - also may be harmless and owned by your neighbor
<DocScrutinizer05>
for IMSI catchers further investigation may confirm something is fishy, when for example the range of the suspicious "cell" is only a 100m radius.
<DocScrutinizer05>
in subways they basically operate legit non-rogue (usually) "IMSI-catchers". Actually those are relays that extend the network coverage for the otherwise uncovered subway tubes
<DocScrutinizer05>
depending on how much effort they put in, the relay will cover one station only, or as well may cover a several km of tube
<DocScrutinizer05>
I see the latter here in Nuernberg
<DocScrutinizer05>
ca 11km covered by two relays
<DocScrutinizer05>
they use pipe antenna running along the tube full length
mvaenskae has quit [Ping timeout: 250 seconds]
freemangordon_ has quit [Quit: Leaving.]
freemangordon_ has joined #neo900
paulk-collins has joined #neo900
freemangordon_ has quit [Quit: Leaving.]
rjeffries has quit [Ping timeout: 250 seconds]
rjeffries has joined #neo900
<paulk-collins>
DocScrutinizer05, hey, RMS is interested by contacts for evaluating stuff related to electronics and freedom. Are you interested and if so, what email address should I provide him with?
<DocScrutinizer05>
paulk-collins: he sent me mails already and received answer from me. My mail addr is same as always: joerg AT openmoko DOT org
<paulk-collins>
alright
<paulk-collins>
thanks
<DocScrutinizer05>
((already)) some maybe 12 months ago
<paulk-collins>
yeah
mvaenskae has joined #neo900
rjeffries has quit [Ping timeout: 248 seconds]
rjeffries has joined #neo900
rjeffries has quit [Ping timeout: 255 seconds]
rjeffries has joined #neo900
arcean has joined #neo900
<demure>
If things go perfectly, how many years out do we thing the neo900 will be?
<pigeons>
<1 i hear still
<specing>
well
<specing>
the hardware is already 5 years out-of-date
<rjeffries_>
I assume there's some hope that after initial Neo900 is available there will be a follow-on with more recent tech? Or am I dreaming?
<specing>
you are dreaming, neo900 is the follow-on
<pigeons>
i am not involved with the project, but i think they would be interested in working on such a thing perhaps, but it would certainly not be anytime soon at all
<specing>
the problem is probably more that the newer tech is NDA'd over 9000
<pigeons>
in some ways the hardware is state-of-the-art. where else can you get a hardware isolated baseband?
<DocScrutinizer51>
the follow up is called STEP2 and will be based on OMAP5
<specing>
"hardware isolated"
<wpwrak>
neo900 can certainly be a basis for more ambitious projects. vastly different hw is out of scope already for compatibility reasons. but if you can crack that problem (and good luck with that - it's much harder than most people think), why not have fun
<specing>
try "open hardware baseband"
<wpwrak>
DocScrutinizer51: we should encourage those who daydream of bleeding edge specs to start their own project. when they come back after a while, licking their wounds, they'll appreciate our work more ;-)
<bencoh>
krkr
<freemangordon>
:)
<rjeffries_>
wpwrak. that is not quite fair. I am wondering how Neo900 may eveolve. I fully understand the tough challenge. what is practical in terms of (over time) improved non-baseband specs?
<bencoh>
(STEP2 does sound better, though ;)
<rjeffries_>
and no I am nOT a candidate to do it, but a low-key question about what happens once this ships is not unreasonable IMO ;)
<rjeffries_>
I did not ask for "bleeding edge specs." Maybe that was someone else? <grin>
<wpwrak>
rjeffries_: it seems that getting out of omap could be an advantage. omap is quite heavy for what it does. the chinese critters (allwinner etc.) seem to be friendlier. but that's just a high-level interpretation of what i've heard from various sources, no proper research
<CaptHindsight>
specing: the hardware might be a few years old but you software guys are always years behind :)
<specing>
I'm stuck in the 8 bit days
<wpwrak>
as long as the CP/M emulator works ... :)
<specing>
only recently started migrating to 32 bits
<CaptHindsight>
wpwrak: the problem with Allwinner is that they are no longer open, they joined Linaro and now post lots of Blobs
<bencoh>
specing: omap3 is bliss then ;p
<wpwrak>
CaptHindsight: okay, that's bad. how are rockchip doing ? haven't heard of them for a while
<CaptHindsight>
wpwrak: rockchip was better and now nvidia went full open with their 132 (or similar device)
<wpwrak>
oh, really ? didn't know that
<rjeffries_>
Rockchip seems promising IMO. a few cool dev boards now that seem (to me, and I am a poor judge) rather open
<specing>
What about freescale?
<specing>
the religious guys already have software for it
<CaptHindsight>
imx6 is open except for the Vivante GPU
<rjeffries_>
specing by teh next century you'll be using 64 bit. LOL
<specing>
rjeffries_: maybe I'll jump straight to 128
<specing>
rjeffries_: like I skipped 16
<wpwrak>
where are the bit slice cpus ? :)
<rjeffries_>
16 bits was a dead end. LOL. wait, remeber 12 bit from Digital?
rjeffries has quit [Ping timeout: 250 seconds]
rjeffries_ is now known as rjeffries
<specing>
there are 16 bit micros
<CaptHindsight>
the $150 Chromebooks are using RK3288
<specing>
TI MSP430
<wpwrak>
will be nice to have a rsa4096 r0, r1, r2 instruction one day :)
rjeffries_ has joined #neo900
<specing>
wpwrak: rsa4096 is imho already inadequate
<CaptHindsight>
the PRU's are useful for real time machine control, and it could serve as a dev platform for the next gesmartphone
<CaptHindsight>
gesmartphone/smartphone
<wpwrak>
hmm ... is it ... (((real time) machine) control) or ((real time) (machine control)) or (real ((time machine) control)) or ((real (time machine)) control) ... ?
<x29a>
please let it be the last
<x29a>
wpwrak: which looks like the second from the last ;)
<CaptHindsight>
heh #2
<wpwrak>
they're close :) 2nd to last means that control may be an issue, last means that there are fake time machines out there
<CaptHindsight>
but has that slow GPU SGX530 Graphics Engine
<CaptHindsight>
I still hate the TI site
arcean has joined #neo900
vakkov has quit [Ping timeout: 246 seconds]
rjeffries_ has quit [Ping timeout: 248 seconds]
rjeffries_ has joined #neo900
CaptHindsight has quit [Read error: Connection reset by peer]
norly has joined #neo900
vakkov has joined #neo900
vakkov has quit [Ping timeout: 250 seconds]
atos has joined #neo900
<atos>
Question: are there any similarities between the new versions and the old n900? I'm looking for a pinout of the motherboard connector. Making my own pipboy.
<DocScrutinizer05>
atos: could you please elaborate?
<freemangordon>
~seen jonwil
<infobot>
jonwil <~jonwil@27-33-80-219.tpgi.com.au> was last seen on IRC in channel #neo900, 5d 9h 34m 17s ago, saying: 'hi'.
<freemangordon>
:(
<freemangordon>
someone wanna play with IDA? Seems my next victim will be the location-xxx stuff. Need volunteers to help.
<freemangordon>
oh, wait, this seems to be HW-guys only channel :P
vakkov has joined #neo900
<DocScrutinizer05>
I guess IDA isn't really needed to re-implement liblocation. Its API is well documented and it's pretty clear what it does internally, and how we could re-implement parts of it (not the prolly proprietary skyhook(?) stuff that tries to decide on location based on WiFi APs visible)
<freemangordon>
DocScrutinizer05: it is not about liblocation, but liblas1, location-proxy and location-daemon
<DocScrutinizer05>
never heard of either
modem has quit [Ping timeout: 256 seconds]
<freemangordon>
liblas1 talks to libisi, location-proxy to supl servers and location-daemon puts them al together (it seems)
<freemangordon>
all even
<DocScrutinizer05>
liblas1 is obsolete then since we don't need to talk to (lib)isi
<DocScrutinizer05>
dunno why talking to SUPL is a proxy, well we prolly need *some* sort of deamon process for it, naming irrelevant
<freemangordon>
actually... it seems location-daemon implements freedesktop.gypsy dbus service, at least a aprt of
<DocScrutinizer05>
then you need to use xterm on N900
<Openbot>
ssh -l root $IP_OF_YOUR_N900 lols of output
<DocScrutinizer05>
might get a tad awkward
<Openbot>
na tell me i am on learner
<DocScrutinizer05>
Openbot: open xterm
<atos>
DocScrutinizer05: I got an N900, and I'm planning on adding some other hardware instead of the orig lcd, digitiser, camera etc.
<DocScrutinizer05>
type `root` (without the `)
<Openbot>
atos go get drunk
<DocScrutinizer05>
atos: funny project
<Openbot>
done
<DocScrutinizer05>
Openbot: type `id` and see if you're root
<Openbot>
now
<atos>
I hope so.
<atos>
Is that an order or a suggestion btw Openbot?
<Openbot>
root
<atos>
lol could've swore you were an eggdrop at first.
<Openbot>
alos just having fun
<Openbot>
now
<DocScrutinizer05>
now please ask freemangordon how to attach strace to your location-proxy and redirect strace output to a file. Once you accomplished that and opened a GPS app so supl.google gets used, you pastebin the file
<Openbot>
fremangordon pls
<Openbot>
wat about ssh
<Openbot>
i was learning
<freemangordon>
Openbot: 1st, make sure you have strace installed
<Openbot>
apt get it :
<freemangordon>
type strace in the terminal
<freemangordon>
yep, but it is in sdk (or tools) repos
<DocScrutinizer05>
Accept packets with SRR option. conf/all/accept_source_route must also be set to TRUE to accept packets with SRR option on the interface<<
<DocScrutinizer05>
Pali: anyway when your silly InternetProvider claims the whole 192.168.xxx.xxx/16 for themselves, it's probably a poor idea to try and run a local network in same address range
<Pali>
net.ipv4.conf.all.accept_source_route was 0, net.ipv4.conf.default.accept_source_route was 1 and net.ipv4.conf.eth0.accept_source_route was 1
<Pali>
so was it enabled or disabled?
<Pali>
I did not understand that description if it was enabled or disabled...
<Pali>
DocScrutinizer05: I do not care about internals of ISP
<Pali>
192.168 is private block and everybody can use it for its own
<DocScrutinizer05>
so why you're asking here?
<Pali>
I can have two subnetworks (behind nat) with same 192.168.X.Y
<Pali>
because I wanted to know to to tune that linux to stop adding implicit rules to routing table...
<DocScrutinizer05>
when your IP sends a packet with routing info saying to route all packets addressed to 192.168.x.x via your NIC, then you don't need to wonder why stuff starts failing
<Pali>
I'm not using internal internet provider network
<DocScrutinizer05>
*shrug*
<Pali>
everything works fine, until kernel adds those implicit rules
<freemangordon>
Pali: just firewall your local subnet at ISP's ehternet card
<DocScrutinizer05>
*sigh*
<Pali>
and kernel do that only if I unplug my eth1 card where is my private newtwork
<Pali>
its hard to firewall that as I want to have internet access from my private network
<Pali>
I do not know exaclty which packets cause them
<freemangordon>
Pali: why don;t you try to clean arp in your ifup-eth1?
rjeffries_ has joined #neo900
<freemangordon>
arp cache that is
<Pali>
because that rule is in routing table
<Pali>
cleaning arp cache does not change routing table
<freemangordon>
ok, clean the routing table as well :)
<Pali>
yes adding some script which clean routing table could work
<Pali>
but I need to know what to clean...
<Pali>
and still it is better to prevent adding shits into routing table
<Pali>
as trying to cleanup shits everytime when somebody drop it
<freemangordon>
I mean clean from the routing table all addresses that fall into your private network
<Pali>
I understood
<DocScrutinizer05>
AIUI when you unplug your eth1 then there's no more local network 192.168.x.x?
<Pali>
now I turned that accept_source_route
<Pali>
DocScrutinizer05: yes
Openbot has quit [Quit: Leaving]
<DocScrutinizer05>
then your ping gets routed to default gateway and you IP answers with a SRR packet telling "yes those are all mine" - wild guess
<Pali>
yes, something like that
vakkov has quit [Ping timeout: 276 seconds]
rjeffries_ has quit [Ping timeout: 252 seconds]
<DocScrutinizer05>
hardly anything wrong with that
<Pali>
default getway (or something other) sends some packets with routing info
<Pali>
in IP header
<Pali>
or in ICMP
<Pali>
no idea of exact packet type
<DocScrutinizer05>
use what freemangordon suggested, only accept own gateway IP from DHCP, nothing else
<Pali>
already configured
rjeffries_ has joined #neo900
<Pali>
and it is not enough
<Pali>
accept_source_route is now totally disabled in kernel
<Pali>
for all interfaces
<DocScrutinizer05>
also, why do you even unplug eth1?
<Pali>
so maybe this helps...
<Pali>
unplug = remove device from kernel and init it again (rmmod, modprobe)
<Pali>
just for reinitializing network
<freemangordon>
Pali: I guess it should be ICMP
<Pali>
in this way I know that kernel lost everything about eth1 and initialize it in same way as after reboot
<Pali>
every cache is cleaned...
<freemangordon>
can't you tcpdump what happens when you unplug your eth1 and ping 192.168.x.x?
<DocScrutinizer05>
just make sure there's always a local 192.168.x.x network so the routing never gets deleted and no packets addressed to 192.168.x.x ever go across gateway to IP
<freemangordon>
that way you'll have a clue who to blame
<DocScrutinizer05>
freemangordon: pinging 192.168.x.x with eth1 unplugged is nonsense and shouldn't ever get done
<DocScrutinizer05>
when you rmmod/modprobe the eth1 driver, add proper route for 192.168.x.x. immediately
<DocScrutinizer05>
as long as you don'T have a routing rule saying that 192.168.x.x is local, it *of course* will get forwarded via gateway to next hop in network
<DocScrutinizer05>
nothing in kernel or routing has a notion about this particular IP not supposed to be public
<Pali>
freemangordon: I can, but I do not know to break network again :-)
<Pali>
DocScrutinizer05: I always add proper address and route for eth1 after link going up
<Pali>
but problem is that my route is /24 and that implicit one is /32
<Pali>
and /32 has higher priority in routing kernel algo
<Pali>
so my /24 rule is just ignored
<DocScrutinizer05>
sure
<freemangordon>
Pali: ipv6 has accept_ra
<freemangordon>
but I guess it doesn't play for ipv4
<Pali>
I know ipv6 in linux kernel enough
<DocScrutinizer05>
aiui that /32 rule only gets added when you try to reach the addr (ping) while eth1 down and thus no proper /24 rule established
<Pali>
accept_ra is something else
<Pali>
but similar
<Pali>
DocScrutinizer05: yes, but after plugging eth1, then /24 is not deleted
<Pali>
s/24/32/
<DocScrutinizer05>
yes, of course
<DocScrutinizer05>
you need to delete it in your script
<Pali>
yes, maybe I should implement it :-(
<DocScrutinizer05>
when bringing up your own 192.168.x.x local network
awett has joined #neo900
<Pali>
I wanted to prevent adding those "implicit" routes
awett has quit [Client Quit]
<DocScrutinizer05>
they are correct the time they get added
vakkov has joined #neo900
<DocScrutinizer05>
prolly freemangordon's suggestion to firewall all 192.168.x.x traffic on eth0 is a brilliant idea
<DocScrutinizer05>
or s/eth0/whataver-your-gateway/
<DocScrutinizer05>
when you don't want to talk to IP's 192.168.x.x : block it
<DocScrutinizer05>
otherwise there's hardly anything wrong at large in IP answering your ping to 192.168.x.x
<freemangordon>
Pali: or add route to 192.168.x.x in your ifdown-eth1
<DocScrutinizer05>
where to?
<freemangordon>
lo?
<DocScrutinizer05>
possible
<freemangordon>
or even to eth0
<DocScrutinizer05>
what I said above: make sure there's always a valif 192.168.x.x local network with according route
<DocScrutinizer05>
what I said above: make sure there's always a valid 192.168.x.x ***local*** network with according route
<DocScrutinizer05>
eth0 != local
<freemangordon>
anyway, I need some sleep :)
<freemangordon>
night guys
<DocScrutinizer05>
I need some work getting done
<DocScrutinizer05>
night freemangordon :-)
arcean has quit [Read error: Connection reset by peer]
rjeffries has quit [Ping timeout: 252 seconds]
Pali has quit [Read error: Connection reset by peer]