njsg, WG9s: the Finnish IT sector is completely broken, everything is just buzzwords and no-one actually knows how to do stuff anymore. Those Nokia days are long gone

And what comes to EU, it seems that Finland only implements the worst regulations that come from there and any good stuff is left unimplemented because "we have autonomy and don't need to follow EU rules in everything"

well I don;t do translations. I only do builds let me see who laded the fi changes

basically every governmental website stopped working on SeaMonkey and also has problems on Firefox

I keep getting IP banned from kela.fi because F5 bans my IP for some reason, and no-one knows why

Sompi: if you have issues with SeaMonkey trnslation ou should talk to frg_Away and pehaps vo;unteer to take over doing those.

F5 is an American company and for some reason our government buys hosting services from there

\spellcheckunderline{Nokia} Did you mean: (1) HMD (2) Microsoft

well imaent to say fi translations

our public sector uses Microsoft in everything and buys everything from random companies from USA

and that's not seen as a problem? Nobody is pointing out the issues with data transfer to/from the USA?

although Linux originates from Finland literally almost nothing here uses it

njsg: Actually it is commonly seen as a problem and many attempts have been made to address it

But somehow everything just goes back to how they are now

CIA agents infiltrate everything, they want our data

just yesterday Yle had a piece on an intrusion with data leak at Helsingin kaupunki

yes, our public sector has those data leaks every now and then and every time they "solve" that problem by acquiring more proprietary crap from american companies

because "security"

microsoft == secure

mbhahhahahahhaha

sorry, had something in my throat

Sompi: tor might help for you torproject.org

Sompi: ... speaking of localizations, do you use the fi one for SeaMonkey? or just en-US?

njsg: How do I check it? At least the user interface is in English

Sompi: wondering because there are at least a couple things I should fix if I create a pontoon account

Sompi: ah ok, it'd be in Finnish, if you had it

Sompi: so are you usisng later release or my nightly builds

2.53.18.2

for nightlies, WG9s also builds the langpacks as XPIs, for official releases I think the langpacks are also available, other than the localized builds

i think we should ditch the localized buillds and just do the langpacks becuase if the translation is bad you can then disable the langpack and translate the string on your osn, but that is just me

I suppose you could do te same by installing both the fi and en-US vrsion and compare that way

I'm at least recalling that the places window had an incorrect translation for the text shown in the search field

i also buidl an en-US langpack which if you install the fi version you can install the en-US langpack to find the en-US string of something that may have been incorrectly translated.

Usually the language packs are not a problem for programs like SeaMonkey that don't change their UI constantly

but for some of the locales I think no one actually familir with the language so for new stirngs sometimes depend on automated translation. and the issue here is that no one makes sure the en-US version is gramtically correct whcih confused the automated translation thing

Right now my IP address is banned from loading anything from kela.fi. The server doesn't even answer my TCP SYN segments. This problem has already existed for more than six month and I also contacted their technical support for this. They don't know what causes it

It is hosted by F5

Sompi: From tat this sounds like a block inposed by your ISP as an outbound rule

Randomly it works and randomly doesn't

so sounds like rehaps a routing issue. still talk to our isp or check to see fi an issue about one or more of the ip addresses advertised for kela.fi

the funny thing about F5 is they pick an ip for you to connect to and that is what you get from dns query. so need to find out from the kela.fi people what the list of ip addresses is and try each one separately and then talk to your ISP about the issue with contacting the ones that fail

WG9s: the people at Kela that are responsible for their IT stuff don't know these things

Issue is a stuip idea that tries to combind load blancing with firewalling so if there are 2 choices and the firesall does not pmit you to stop you to connecting but you can connect to the other oen, nothing prevents the way it does the load balancing on sing it for a cns server from shunting you to the one with different firewall rulds

Things are like this in every public sector institute. They just buy random IT stuff (usually from USA) that some random consult sells them. No-one knows what they actually bought and how things work and the IT people are completely incompetent

Everything is outsourced

exactly

at a time it is failing you need to capture what you are getting in response to a dns query and see if that differs form when i t works

And like I said, the IT sector here (and also its job market) is completely broken. The people doing responsible jobs are not competent.

Right now I get 91.223.107.77 and it works

I used to support internet connedctivity for a big company and had to figure this out and is a huge issue for companues who do not usnderstand how F5 firesalls and load balancing work in conjuction and screw this up. seems they outsourcd to a company tat does nto understand this either

one of the issues i have with these firwalls that say you don;t have to know anyting about firewalls or security and easy to do via a graphical interfaace. well that is all kind of a falicy

so seems the kela.fi people decided they did not enough expertise to to this right so outsourced to people who had no more of a clue.

so next time it does not work find out what ip address it is returning and complainn to both the kela.fi people and your ISP about the issue

finnish ISPs are also completely incompetent, they cannot even get IPv6 working properly

the way the f% thinkg works is if you can actually reach it it will accept the connection and give you a bad gatesay response if you are blocked

And Traficom (which is basically the government) mandates them to implement all kinds of random traffic limits, port blocking etc, for "security"

DNA blocks all incoming TCP and UDP packets with target port less than 1025

It also means that every 64. TCP handshake attempt fails

WG9s: The technical support from Kela told me to "erase browsing history", apparently they think that it fixes the problem that the server doesn't even answer my TCP SYNs

Sompi`if the load blancer has a list of IP addresses it could give, I would think they whould be able to tell ou what they are.

is kind of diestributed load balcing rhing =. there are local load balncers the you connect to them and they forward to one or more severs on the same netowrk.but then my be what are called global load balncers that actually are psuedo dns servers the tell you by returning a different Ip adddres which local load balancer to connect to. this is the way the whole F5 idea of how to do load...

...balancing works

I don't know. Nothing works and I'm tired of this shit

so,, what could be happening here becuase of misconfiguration of the F5 environmnt is there is an in country server farm and an outside country server farm and depending on lad mike decide to snd in country peopl to the outisde country server farm which might be restricted form serving in country only content

or your isp is restircted form being able to acces the outside country server farm

i sould add someting in yout hostst file to not use dns and associate the ip that works with kela.fi

so like add "91.223.107.77 kela.fi" to your hosts file

yeah, that should fix the issue

so like add "91.223.107.77 kela.fi" to your hosts file

but this is not a seamonkey issue

of course not

i suspect works no beter with any other browser

sorry for extra post did not realize i was scrolled backso thought it it not post

let me know how this works

usually, when the server stops responding, the browser loads the HTML of the front page successfully (so for some reason the first socket is established) but then the server stops responding after the browser tries to load more stuff

and then it does not answer to any TCP SYNs at all

it completely stops responding

I have the impression I've seen some kind of blacklisting like that, but it probably gave a result, just forbidden

I recall something about a site blocking people if requests were not done the way they expected. but that was a long time ago (over two years maybe?) and I don't even know for sure the site

checkmarks are there :-)

WG9s: Now kela.fi stopped working again. The /etc/hosts override did not fix it permanently

Now I'm also IP banned from that IP address that I put there

or maybe I also need to add an entry for WWW.kela.fi...

nope, didn't help. the server completely stopped responding

yes just add that to tend of that line

so "<IP-address> kela.fi www.kela.fi

but if it has banned you not sre shat that means

Sompi: DNS response still the same?

(well, of course that wouldn't affect going by IP, but I'm curious if anything changed

perhaps comparing traceroute is worth it, but probably that's just a shot in the dark that'll miss)

www.kela.fi still loads here as it did a few hours ago

njsg: the DNS response is still the same

traceroute only gets one packet back

two if I try with ICMP

I was just going to suggest that

most routers don't seem to send back any indication that the jump count was decremented to zero

actually! when I am "ip banned", the routing just seems to go somewhere infinitely

when it works, traceroute returns with 8 jumps

but maybe that's just because traceroute does not know that the server didn't respond so it just keeps incrementing the hop count until it gives up

paste.dy.fi/EKC that's how it looks like when it works

hm, here traceroute does 30 hops

Will Seamonkey ever start accepting new addons onto the store? Last time I submitted one I got an email saying no one approves them. So it never went up.

Sompi: last meaningful one is 213.192.184.79 and that's behind two Elisa nodes

Sompi: you need to talk to your isp those 172.16 things are private non-routable ip addresses so mst be something withing your isp

I was just wondering who was these two 172.*

That's weird. I have a public IP address myself so there should not be private IP addresses after my router

my route looks like this: local ISP, cw, Elisa

My router has a public IP address and thatThat first hop should be the last pricate IP address in that route chain

Tre_block: I'm not acquainted with the add-ons site

private*

I didn't know that 172.16.x.x addresses are also considered private

who's handling that, Thunderbird?

Aompi: rfc 1918 defines private ip space it is these;

24-bit block 10.0.0.0 – 10.255.255.255 10.0.0.0/8 (255.0.0.0)

20-bit block 172.16.0.0 – 172.31.255.255 172.16.0.0/12 (255.240.0.0)

16-bit block 192.168.0.0 – 192.168.255.255 192.168.0.0/16 (255.255.0.0)

Sompi: so the ISP is DNA? what was the setup, again, a GSM modem?

I think he've talked about the network connectivity a couple times recently but I don't recall if we talked about the kind of connection on your side

(well, I guess the name of the first hop answers that too)

njsg: the ISP is Elisa but the router is originally from DNA

Hi

hello

OK so if this is mobile issue some mobile providers inject caching proxy into the path to attempt to get you fster response. but if the ISP has multiple such servers then if one of them is banned for acessign the site that would explain what is going on here

but why is there private IPs in the route after my router?

My router has a public IP address

this can ahppen if somone else using your isp attacked the site and so got one of the posy ip addresses banned.

That 192.168.1.1 is just what my computers see because the router is also a NAT

then your access would be chancy

but from the outside my router's IP is 84.231.179.240

so if 2 of these caching accelertors would wod 50% of the time etc.

if 3 would work 66% of the time

but if that is the case you need to get ou ISP talking to the kela.fi folk to fix this. ou can not fix tis on your own

Sompi: any chance you have a laptop or the like you could take somewhere else to test via a different connection (and time to do so)? might be easier said than done, but if possible at least could help knowing whether to suspect Elisa in this

(would be funny, given from what I see it looks like they're behind elisa anyway - or is Elisa just the first hop and I just don't get a full traceroute?

at least we know that Elisa has some misconfigured routers there because they send back a packet with source IP that begins with 172.16.

what happens if you try to traceroute 486servu.dy.fi?

Sompi: goess all the way to 30 but last one at 14. is 84-231-179-240.elisa-mobile.fi

that's because my TCP/IP stack cannot answer those packets properly

but do you see any private IPs there?

Sompi: but if you ISP is transparently cahing content in multiple prosy servers and someone else using same isp launched an attack on the site and got the ip banned it could be banning the caching proxy rather than the attacker

I suspect that is what happend here.

it's possible

working issues like this is what i sued to do before I retired so i am not blowing smoke here

Sompi: via two different connections the last two hops before your node show as "* * *", I gather these would be from Elisa?

they should be, at least

last visible before yours is also elisa at least in one of the connections, 213.192.184.79

Sompi: so i still think our best plan would be to contact your ISP tech support and and find out if there are caching proxies in you path to kela.fi. if so it seems that at least one of them is being blocked by kela.fi. and let them take it from there

They probably don't know

then ask to be bumped up to next level support

they should know if they are using cahing to try to accelerate your web access

they sell this as a benefit of thier service over those who do not

gets you fater access

because the data is cached closer neteork wise to where you are

I LOVE fedora's community spirit of fellowship and user empowerment and encuragement.. dpaste.org/sgeNP

WP:SARC?

?

enwp.org/WP:SARC :-P

some IRC channels do tend to attract people with that kind of mindset, and it'd not be the first time where I'd see a second channel being used to just avoid almost all conversation, with rules changed from "distro is on-topic" to "only this subset of issues"

won't easily reach the extreme of a person creating a channel so that they could then just dismiss any criticism of their approach to handle something in a distro...