lol And suddenly you're back. What, were you off with your /other/ family again? Ugh. /s lol yes Has anyone had problems with IPMI? when I click on cd-rom image, it just says I don't have priviledges to perform this action, then my session times out and I have to log in again. I don't remember having any issues with the virtual CD. sorressean: I trust that you logged back in and tried it again with the same result? eah. yes* Meh. this IPMI java interface is not accessible. Is there a serial console? Welcome to the nature of most IPMI web interfaces on the market :( But fortunately it's your standard IPMI interface so tools like ipmitool will work too (And just to clarify - The vast majority of server BMC/IPMI web interfaces suck, terribly and horribly. Just know that it's not ARP's fault.) indeed Yeah, I figured it was'bnt. submitted the needed paperwork to ARIN, now we wait \o/ thanks, going to try ipmitool Hooray staticsafe I want an ASN of my own... just to have, not for any real purpose. heh unfortunately ARIN frowns upon that Yeeeaaaah That they do. I just want to feel important. For many months after I was abruptly terminated from Intel, the ASN for intel corp was still in my name might have even been years... I forget. it was some amazingly low number. :) lol AS99? Yeah, that was it RegDate: 1987-02-19 Seems like it's no longer used yeah - I don't even remember why we got it, or why my name ended up attached to it. oh - it's because we had an internal net, and two connections to the world doesn't appear to be in the routing table Because it's not announcing anything Yeah, not sure how they're doing it now huh, bgp.he.net says it was seen as recently as Oct 2014 weird I thought Intel had a /8 but I don't see it now so I'm guessing they gave that back too. for a while, they used 128.215 inside the company, but it didn't belong to them. :) lol. I wonder who it does belong to... Oh wait... that was the right number one part of the company was using a routable number, but just made it up eventually became a problem when we got "the net" You stay classy, Intel! so they had to do a great renumbering eventually joining 128.215 hm ARIN needs an invoice, I guess I'll have to wait for billing to run today staticsafe: What's wrong with last month's invoice? my last ARP invoice was in April 2014 :P Oh I see, returning to the fold then static: with 32bit asn's you'd think they wouldn't see the need for such things? or are requeusting a short ASN? I think they just realized that there's no point in being reckless, that's how we end up with /8's used by a single company. i don't that was a bad thing in the first place. i just don't think anybody expected the internet to last so long without changes Well sure nobody planned ahead/expected it. But I still don't think Ford Motor Company needs 16.8 million public IP addresses. that could have been fixed 18 years ago or something though Practically everything could have been fixed in the past... hindsight and whatnot yeah I have less of an issue with /8s that are assigned to computer companies (Apple, HP, DEC) or whole governments and transit providers, but COME ON why does an car company need 17 million IP's?!? Or an oil company? Or financial services? gotta put those PLCs on the public internet brycec (That being said, I still don't think the United States Dept. of Defense needs 201 million public IP's, especially when they run their own non-Internet networks) lol m0unds yeah well we know ipv4 is a mess (And MIT's /8 is just MIT holding out to be dicks. True story.) so now we're trying to screw up ipv6 the ip address side of ipv6 is fine.. but how the hell do you multihome? heh do you need a /48? do you need a /32? Anyone done any installs with IPMI using ipmitool? trying to install BSD over SoL. it's just hanging, not sure if there was anything special I needed to do. I usually spend an enormous amount of time and effort trying to make it work and eventually give up and try to get someone else to do it the sol is configured normally, but you need to make sure whatever you're using is outputting to serial java works awshit. i think i did java okay, maybe I can do that from FreeBSD installer mercutio++ Yeah, the java one isn't accessible with a reader. There is literally no way for me to do this. Some installers start a serial terminal by default alongside VGA. I think Debian does, for instance. multihoming with /48 works just fine static: yeh i think it generally does atm but if everyone wanted to do it, there might be a push to become more restrictive Hrm. wonder if I can get arp to deploy bsd for me, given my issues and it goes back to the way of doing things that happened in ipv4 This is fun learning, but I need this working so I can start the switch with people using "provider" space to multihome sorressean: you can't get java wokring? oh right sorressean: Which BSD? if it's OpenBSD, I'll do it for you. mercutio: applet is not accessible brycec: it's FreeBSD blech :P I'm not cool enough for OpenBSD. :p I like my jails. jails aren't necessarily secure No, they're not. But they make my life a lot easier sometimes. It's nice to have logical machines :) (I can easily just wipe them out and rebuild if I need. So I have a development jail) cool it's not a hatred of FreeBSD or anything, just that I have far less experience installing it (and there are more questions involved, etc) (oh and it takes longer) That's what she said!! yeah as long as you're not overvalueing security from them, they're probably pretty useful Too often people think of VM's and containers and jails as magical security cures. Gotta correct those people before they do damage. brycec: i think vm's are introducing less security in general :) it's a complex problem though Yeah, it's useful in a sense, but it's not really the base of my security Good. like 4 vm's are more likely to have a hole than 1 server. (all my jails communicate over lo - now THERE's some network security :D) *lo0 (er, lo1 actually) lo1 brycec: I do that too. 100ge7-2.core1.lon2.he.net thats a lot of bits It's cool because you can limit what connects where and resource usage of groups of services it's only ge * 100 :) heh youu can get 100 gigabit ethernet cards for pc now i thnk like connectx-4 does 100ge i thikn @exch 56.49 usd to cad 56.49 USD -> 68.20224117 CAD (as of Thu, 30 Apr 2015 13:01:02 -0700) the GBP to CAD exchange rate is painful @exch 72.50 gbp to cad 72.50 GBP -> 111.26679936831 USD -> 134.33607868174 CAD (as of Thu, 30 Apr 2015 13:01:02 -0700) yeah damnit have to request quote to get price for 100gbe card :/ heh i wonder what rouuting performance would be like on linux near 100gbe :/ http://arstechnica.com/security/2015/04/30/spam-blasting-malware-infects-thousands-of-linux-and-freebsd-servers/ this souunds like they've put some effort into doing a good job. what openbsd has a bug with mailformed executables. It happens sometimes That's what she said!! And specifically, maliciously-formed ELFs yeah hmm hammer2 may be getting ported to openbsd :) gsoc project <-- not holding his breath neither that's why i said may may overload whoever is doing it oh openbsd 5.7 is out already gah, one of my fans sounds sick sounds like an old garage door opener at least fans are cheap but nobody has received it in the mail yet oh? it's usually early :( isn't it? i don't like cd's it used to be the new shipper is in England, that won't help us in North America i don't even have a cdrom drive :/ the idea mostly is for support and to make it easier to write it off as a business expense rather than to actually use i think most people who buy cd's still download it i'm starting to even use usb sticks less now eh.. it'll arrive by the time I have a chance to install it and I only need it on my thinkpad locally at least i can just do pxe boot over network now I'll download it a million times to install on servers why in the world do they do this? https://blog.mozilla.org/security/2015/04/30/deprecating-non-secure-http/ what just title :) what i want is in between http and https i want validation of content, cacheable and validation of where something's coming from- having keys etc on packgaes etc gives a reasonable certainty and doesn't require https i'd actually like extended attribute stuff to be done more on unix like when you download a file it stores where it came from but yeah i'm kind of irrate at the way that caching is going out hte window if you have 20 cellphones in an office you can't have a local proxy it cache updates s/it/to/ if you have 20 cellphones in an office you can't have a local proxy to cache updates http was supposed to do that well not on android, as all the updates go via https. the rfc describes all sorts of caches and proxies yeah i haev a local proxy https screws it up it's even on ssd's :) it's very noticable with things like updating packages on two hosts. because it's like 100x the speed :) I wish I had more than one openbsd machine at work why's that? everything would work much better if only we'd scrap linux like what? no more systemd systemd is fine actually that's not a fair complaint because I don't think we're ever going to really upgrade past centos 6 i find stability and predictability are better with openbsd but upgrades can be a pita exactly lots of people still use centos5 i hate centos they go changing crap every six months on linux or else it's one of the old centos 6 machines what's with that fastmirror crap it doesn't even work reliably and it takes ages we have a mirror but fastmirror can't figure that out and there's like 5 mirrors on internet2 closer that it can't find either new zealand is actually good for mirrors in general and most mirrors will do 60 to 80mb/sec+ there's no openbsd mirror in new zealand though. yeah it's 5 mirrors on internet2 that's the issue i can understand it not finding a local mirror... if it's just your own mirror but it seems to be bad even with public mirrors I think we have a public mirror It's a university oh oh taht's even worse :) should be 1Gbit/s the problem with universitys can sometimes be that file storage is non-local and slow oh I never considered he might put the files on NFS so there may be plenty of network capacity and slow disk I hope not it depends, is nfs everywhere there? it used to be extremely common in sun days it's not so common for newer setups, that are more linuxy ;/ we use it all over the place, but I don't know anything about how it's run but it's making a come back with vmware sorressean: did you get sorted ok? hello, can i please request that the OpenBSD 5.7 install CD be added to the list of CD-ROMs available in the control panel? The amd64 URL is http://ftp5.usa.openbsd.org/pub/OpenBSD/5.7/amd64/install57.iso the i386 url is http://ftp5.usa.openbsd.org/pub/OpenBSD/5.7/amd64/install57.iso er...http://ftp5.usa.openbsd.org/pub/OpenBSD/5.7/i386/install57.iso it'll probably be added shortly mordac it's less than 24 hours since release. mkb, mercutio - if you hadn't heard there are manufacturing issues with the CD's so they're late. (It's still best to send an email so up_the_irons has a todo item to cross off) mercutio: I make the request because it was my request that got 5.6 up in November. I don't mind making the request and it seems to get the job done. :) ahh ok heh Oh mordac, typical OpenBSD nerd... Well up_the_irons tells me my dedicated machine has been upgraded, and indeed it's back up and running... but for whatever reason I cannot SSH in. *sigh* ipmi? looks like it. Damn firewall... worked fine before the shutdown, now I'm apparently locked out. <3 "sol activate" yeah it's convenient. what'd you do to it? Second hard drive and more RAM wtf, Linux... "ip route add...." "RTNETLINK answers: No such process" and I have no routes heh my network configs are apparently totally screwy. Thank goodness for IPMI sol! hmm uubuuuntu trusty? Debian Wheezy oops leaning on keys ahhh that shouldn't have anything weird about it's setup Seems like it might be having some odd issues with bridging atop bonded interfaces sh oh purely script-wise. Technically it works fine. For whatever reason when Debian's ifup adds the ipv4 to the bridge, it doesn't take. No errors or anything, and I can manually run the ip commands later and get it up. well here goes nothing... hooray! everything is just fine removed the inet6 configuration and everything came up just fine