11:46:57 njsg, WG9s: the Finnish IT sector is completely broken, everything is just buzzwords and no-one actually knows how to do stuff anymore. Those Nokia days are long gone 11:47:56 And what comes to EU, it seems that Finland only implements the worst regulations that come from there and any good stuff is left unimplemented because "we have autonomy and don't need to follow EU rules in everything" 11:48:04 well I don;t do translations. I only do builds let me see who laded the fi changes 11:48:31 basically every governmental website stopped working on SeaMonkey and also has problems on Firefox 11:48:53 I keep getting IP banned from kela.fi because F5 bans my IP for some reason, and no-one knows why 11:49:23 Sompi: if you have issues with SeaMonkey trnslation ou should talk to frg_Away and pehaps vo;unteer to take over doing those. 11:49:34 F5 is an American company and for some reason our government buys hosting services from there 11:49:34 \spellcheckunderline{Nokia} Did you mean: (1) HMD (2) Microsoft 11:49:51 well imaent to say fi translations 11:50:33 our public sector uses Microsoft in everything and buys everything from random companies from USA 11:50:58 and that's not seen as a problem? Nobody is pointing out the issues with data transfer to/from the USA? 11:50:59 although Linux originates from Finland literally almost nothing here uses it 11:51:29 njsg: Actually it is commonly seen as a problem and many attempts have been made to address it 11:51:50 But somehow everything just goes back to how they are now 11:52:04 CIA agents infiltrate everything, they want our data 11:53:17 just yesterday Yle had a piece on an intrusion with data leak at Helsingin kaupunki 11:54:26 https://yle.fi/a/74-20088448 11:54:56 yes, our public sector has those data leaks every now and then and every time they "solve" that problem by acquiring more proprietary crap from american companies 11:55:00 because "security" 11:55:06 microsoft == secure 11:55:11 mbhahhahahahhaha 11:55:19 sorry, had something in my throat 11:55:46 Sompi: tor might help for you https://www.torproject.org/ 11:55:56 Sompi: ... speaking of localizations, do you use the fi one for SeaMonkey? or just en-US? 11:56:21 njsg: How do I check it? At least the user interface is in English 11:56:24 Sompi: wondering because there are at least a couple things I should fix if I create a pontoon account 11:56:38 Sompi: ah ok, it'd be in Finnish, if you had it 11:56:51 Sompi: so are you usisng later release or my nightly builds 11:57:15 2.53.18.2 11:57:20 for nightlies, WG9s also builds the langpacks as XPIs, for official releases I think the langpacks are also available, other than the localized builds 11:58:39 i think we should ditch the localized buillds and just do the langpacks becuase if the translation is bad you can then disable the langpack and translate the string on your osn, but that is just me 11:59:34 I suppose you could do te same by installing both the fi and en-US vrsion and compare that way 12:00:22 I'm at least recalling that the places window had an incorrect translation for the text shown in the search field 12:01:00 i also buidl an en-US langpack which if you install the fi version you can install the en-US langpack to find the en-US string of something that may have been incorrectly translated. 12:05:25 Usually the language packs are not a problem for programs like SeaMonkey that don't change their UI constantly 12:08:17 but for some of the locales I think no one actually familir with the language so for new stirngs sometimes depend on automated translation. and the issue here is that no one makes sure the en-US version is gramtically correct whcih confused the automated translation thing 12:08:53 Right now my IP address is banned from loading anything from kela.fi. The server doesn't even answer my TCP SYN segments. This problem has already existed for more than six month and I also contacted their technical support for this. They don't know what causes it 12:08:57 It is hosted by F5 12:12:04 Sompi: From tat this sounds like a block inposed by your ISP as an outbound rule 12:12:44 Randomly it works and randomly doesn't 12:21:31 so sounds like rehaps a routing issue. still talk to our isp or check to see fi an issue about one or more of the ip addresses advertised for kela.fi 12:24:39 the funny thing about F5 is they pick an ip for you to connect to and that is what you get from dns query. so need to find out from the kela.fi people what the list of ip addresses is and try each one separately and then talk to your ISP about the issue with contacting the ones that fail 12:27:02 WG9s: the people at Kela that are responsible for their IT stuff don't know these things 12:28:22 Issue is a stuip idea that tries to combind load blancing with firewalling so if there are 2 choices and the firesall does not pmit you to stop you to connecting but you can connect to the other oen, nothing prevents the way it does the load balancing on sing it for a cns server from shunting you to the one with different firewall rulds 12:28:36 Things are like this in every public sector institute. They just buy random IT stuff (usually from USA) that some random consult sells them. No-one knows what they actually bought and how things work and the IT people are completely incompetent 12:28:43 Everything is outsourced 12:29:03 exactly 12:29:42 at a time it is failing you need to capture what you are getting in response to a dns query and see if that differs form when i t works 12:29:47 And like I said, the IT sector here (and also its job market) is completely broken. The people doing responsible jobs are not competent. 12:30:44 Right now I get 91.223.107.77 and it works 12:31:45 I used to support internet connedctivity for a big company and had to figure this out and is a huge issue for companues who do not usnderstand how F5 firesalls and load balancing work in conjuction and screw this up. seems they outsourcd to a company tat does nto understand this either 12:33:00 one of the issues i have with these firwalls that say you don;t have to know anyting about firewalls or security and easy to do via a graphical interfaace. well that is all kind of a falicy 12:37:34 so seems the kela.fi people decided they did not enough expertise to to this right so outsourced to people who had no more of a clue. 12:38:55 so next time it does not work find out what ip address it is returning and complainn to both the kela.fi people and your ISP about the issue 12:39:50 finnish ISPs are also completely incompetent, they cannot even get IPv6 working properly 12:40:03 the way the f% thinkg works is if you can actually reach it it will accept the connection and give you a bad gatesay response if you are blocked 12:42:16 And Traficom (which is basically the government) mandates them to implement all kinds of random traffic limits, port blocking etc, for "security" 12:42:45 DNA blocks all incoming TCP and UDP packets with target port less than 1025 12:43:18 It also means that every 64. TCP handshake attempt fails 12:46:16 WG9s: The technical support from Kela told me to "erase browsing history", apparently they think that it fixes the problem that the server doesn't even answer my TCP SYNs 12:47:55 Sompi`if the load blancer has a list of IP addresses it could give, I would think they whould be able to tell ou what they are. 12:50:53 is kind of diestributed load balcing rhing =. there are local load balncers the you connect to them and they forward to one or more severs on the same netowrk.but then my be what are called global load balncers that actually are psuedo dns servers the tell you by returning a different Ip adddres which local load balancer to connect to. this is the way the whole F5 idea of how to do load... 12:50:54 ...balancing works 12:53:23 I don't know. Nothing works and I'm tired of this shit 12:54:40 so,, what could be happening here becuase of misconfiguration of the F5 environmnt is there is an in country server farm and an outside country server farm and depending on lad mike decide to snd in country peopl to the outisde country server farm which might be restricted form serving in country only content 12:55:48 or your isp is restircted form being able to acces the outside country server farm 12:56:57 i sould add someting in yout hostst file to not use dns and associate the ip that works with kela.fi 12:58:00 so like add "91.223.107.77 kela.fi" to your hosts file 12:58:12 yeah, that should fix the issue 12:58:29 so like add "91.223.107.77 kela.fi" to your hosts file 12:59:04 but this is not a seamonkey issue 12:59:18 of course not 12:59:27 i suspect works no beter with any other browser 13:01:08 sorry for extra post did not realize i was scrolled backso thought it it not post 13:02:13 let me know how this works 13:10:08 usually, when the server stops responding, the browser loads the HTML of the front page successfully (so for some reason the first socket is established) but then the server stops responding after the browser tries to load more stuff 13:10:44 and then it does not answer to any TCP SYNs at all 13:10:44 it completely stops responding 13:24:18 I have the impression I've seen some kind of blacklisting like that, but it probably gave a result, just forbidden 13:25:17 I recall something about a site blocking people if requests were not done the way they expected. but that was a long time ago (over two years maybe?) and I don't even know for sure the site 15:13:31 checkmarks are there :-) 21:59:16 WG9s: Now kela.fi stopped working again. The /etc/hosts override did not fix it permanently 21:59:30 Now I'm also IP banned from that IP address that I put there 22:00:07 or maybe I also need to add an entry for WWW.kela.fi... 22:00:32 nope, didn't help. the server completely stopped responding 22:01:24 yes just add that to tend of that line 22:02:00 so " kela.fi www.kela.fi 22:02:15 but if it has banned you not sre shat that means 22:02:28 Sompi: DNS response still the same? 22:02:52 (well, of course that wouldn't affect going by IP, but I'm curious if anything changed 22:03:26 perhaps comparing traceroute is worth it, but probably that's just a shot in the dark that'll miss) 22:03:47 www.kela.fi still loads here as it did a few hours ago 22:04:34 njsg: the DNS response is still the same 22:05:20 traceroute only gets one packet back 22:05:46 two if I try with ICMP 22:06:33 I was just going to suggest that 22:06:58 most routers don't seem to send back any indication that the jump count was decremented to zero 22:07:23 actually! when I am "ip banned", the routing just seems to go somewhere infinitely 22:07:57 when it works, traceroute returns with 8 jumps 22:08:53 but maybe that's just because traceroute does not know that the server didn't respond so it just keeps incrementing the hop count until it gives up 22:09:24 http://paste.dy.fi/EKC that's how it looks like when it works 22:11:12 hm, here traceroute does 30 hops 22:11:26 Will Seamonkey ever start accepting new addons onto the store? Last time I submitted one I got an email saying no one approves them. So it never went up. 22:11:48 Sompi: last meaningful one is 213.192.184.79 and that's behind two Elisa nodes 22:13:00 Sompi: you need to talk to your isp those 172.16 things are private non-routable ip addresses so mst be something withing your isp 22:13:51 I was just wondering who was these two 172.* 22:14:20 That's weird. I have a public IP address myself so there should not be private IP addresses after my router 22:14:29 my route looks like this: local ISP, cw, Elisa 22:14:51 My router has a public IP address and thatThat first hop should be the last pricate IP address in that route chain 22:15:08 Tre_block: I'm not acquainted with the add-ons site 22:15:10 private* 22:15:34 I didn't know that 172.16.x.x addresses are also considered private 22:15:37 who's handling that, Thunderbird? 22:17:46 Aompi: rfc 1918 defines private ip space it is these; 22:17:47 24-bit block 10.0.0.0 – 10.255.255.255 10.0.0.0/8 (255.0.0.0) 22:17:49 20-bit block 172.16.0.0 – 172.31.255.255 172.16.0.0/12 (255.240.0.0) 22:17:50 16-bit block 192.168.0.0 – 192.168.255.255 192.168.0.0/16 (255.255.0.0) 22:17:57 Sompi: so the ISP is DNA? what was the setup, again, a GSM modem? 22:18:42 I think he've talked about the network connectivity a couple times recently but I don't recall if we talked about the kind of connection on your side 22:19:04 * njsg only knows DNA as a mobile carrier, and just the name 22:21:06 (well, I guess the name of the first hop answers that too) 22:29:23 njsg: the ISP is Elisa but the router is originally from DNA 22:30:32 Hi 22:31:13 hello 22:31:28 OK so if this is mobile issue some mobile providers inject caching proxy into the path to attempt to get you fster response. but if the ISP has multiple such servers then if one of them is banned for acessign the site that would explain what is going on here 22:32:05 but why is there private IPs in the route after my router? 22:32:10 My router has a public IP address 22:32:35 this can ahppen if somone else using your isp attacked the site and so got one of the posy ip addresses banned. 22:32:37 That 192.168.1.1 is just what my computers see because the router is also a NAT 22:32:48 then your access would be chancy 22:33:00 but from the outside my router's IP is 84.231.179.240 22:33:18 so if 2 of these caching accelertors would wod 50% of the time etc. 22:33:46 if 3 would work 66% of the time 22:34:55 but if that is the case you need to get ou ISP talking to the kela.fi folk to fix this. ou can not fix tis on your own 22:35:26 Sompi: any chance you have a laptop or the like you could take somewhere else to test via a different connection (and time to do so)? might be easier said than done, but if possible at least could help knowing whether to suspect Elisa in this 22:36:15 (would be funny, given from what I see it looks like they're behind elisa anyway - or is Elisa just the first hop and I just don't get a full traceroute? 22:36:16 at least we know that Elisa has some misconfigured routers there because they send back a packet with source IP that begins with 172.16. 22:36:37 what happens if you try to traceroute 486servu.dy.fi? 22:37:55 Sompi: goess all the way to 30 but last one at 14. is 84-231-179-240.elisa-mobile.fi 22:38:34 that's because my TCP/IP stack cannot answer those packets properly 22:38:44 but do you see any private IPs there? 22:38:49 Sompi: but if you ISP is transparently cahing content in multiple prosy servers and someone else using same isp launched an attack on the site and got the ip banned it could be banning the caching proxy rather than the attacker 22:39:05 I suspect that is what happend here. 22:39:29 it's possible 22:39:46 working issues like this is what i sued to do before I retired so i am not blowing smoke here 22:41:01 Sompi: via two different connections the last two hops before your node show as "* * *", I gather these would be from Elisa? 22:42:01 they should be, at least 22:42:30 last visible before yours is also elisa at least in one of the connections, 213.192.184.79 22:49:34 Sompi: so i still think our best plan would be to contact your ISP tech support and and find out if there are caching proxies in you path to kela.fi. if so it seems that at least one of them is being blocked by kela.fi. and let them take it from there 22:49:51 They probably don't know 22:50:22 then ask to be bumped up to next level support 22:50:59 they should know if they are using cahing to try to accelerate your web access 22:51:29 they sell this as a benefit of thier service over those who do not 22:55:01 gets you fater access 22:55:29 because the data is cached closer neteork wise to where you are 23:24:23 I LOVE fedora's community spirit of fellowship and user empowerment and encuragement.. https://dpaste.org/sgeNP 23:27:45 WP:SARC? 23:30:39 ? 23:30:51 http://enwp.org/WP:SARC :-P 23:31:25 some IRC channels do tend to attract people with that kind of mindset, and it'd not be the first time where I'd see a second channel being used to just avoid almost all conversation, with rules changed from "distro is on-topic" to "only this subset of issues" 23:31:47 won't easily reach the extreme of a person creating a channel so that they could then just dismiss any criticism of their approach to handle something in a distro...