brycec: And suddenly you're back. What, were you off with your /other/ family again? Ugh. /s up_the_irons: lol
yes ***: mnathani_ has quit IRC ()
mnathani_ has joined #arpnetworks
carvite has quit IRC (Ping timeout: 252 seconds)
carvite has joined #arpnetworks sorressean: Has anyone had problems with IPMI? when I click on cd-rom image, it just says I don't have priviledges to perform this action, then my session times out and I have to log in again. brycec: I don't remember having any issues with the virtual CD. sorressean: I trust that you logged back in and tried it again with the same result? sorressean: eah.
yes*
Meh. this IPMI java interface is not accessible.
Is there a serial console? brycec: Welcome to the nature of most IPMI web interfaces on the market :( But fortunately it's your standard IPMI interface so tools like ipmitool will work too
(And just to clarify - The vast majority of server BMC/IPMI web interfaces suck, terribly and horribly. Just know that it's not ARP's fault.) staticsafe: indeed sorressean: Yeah, I figured it was'bnt. staticsafe: submitted the needed paperwork to ARIN, now we wait o/ sorressean: thanks, going to try ipmitool brycec: Hooray staticsafe
I want an ASN of my own... just to have, not for any real purpose. staticsafe: heh
unfortunately ARIN frowns upon that brycec: Yeeeaaaah
That they do.
I just want to feel important. RandalSchwartz: For many months after I was abruptly terminated from Intel, the ASN for intel corp was still in my name
might have even been years... I forget.
it was some amazingly low number. :) brycec: lol
AS99? RandalSchwartz: Yeah, that was it brycec: RegDate: 1987-02-19
Seems like it's no longer used RandalSchwartz: yeah - I don't even remember why we got it, or why my name ended up attached to it.
oh - it's because we had an internal net, and two connections to the world twobithacker: doesn't appear to be in the routing table brycec: Because it's not announcing anything RandalSchwartz: Yeah, not sure how they're doing it now twobithacker: huh, bgp.he.net says it was seen as recently as Oct 2014 RandalSchwartz: weird brycec: I thought Intel had a /8 but I don't see it now so I'm guessing they gave that back too. RandalSchwartz: for a while, they used 128.215 inside the company, but it didn't belong to them. :) brycec: lol. I wonder who it does belong to... RandalSchwartz: Oh wait... that was the right number
one part of the company was using a routable number, but just made it up
eventually became a problem when we got "the net" brycec: You stay classy, Intel! RandalSchwartz: so they had to do a great renumbering
eventually joining 128.215 ***: acf___ has joined #arpnetworks
SpaceDum1 has joined #arpnetworks
anis has joined #arpnetworks
acf__ has quit IRC (*.net *.split)
CaZe has quit IRC (*.net *.split)
SpaceDump has quit IRC (*.net *.split)
anisfarhana has quit IRC (*.net *.split)
ix33 has quit IRC (*.net *.split)
ix33 has joined #arpnetworks staticsafe: hm ARIN needs an invoice, I guess I'll have to wait for billing to run today brycec: staticsafe: What's wrong with last month's invoice? staticsafe: my last ARP invoice was in April 2014 :P brycec: Oh I see, returning to the fold then ***: hive-mind has quit IRC (Ping timeout: 256 seconds)
hive-mind has joined #arpnetworks mercutio: static: with 32bit asn's you'd think they wouldn't see the need for such things?
or are requeusting a short ASN? brycec: I think they just realized that there's no point in being reckless, that's how we end up with /8's used by a single company. -: brycec should upgrade zeit.arpnetworks.com to Jessie... mercutio: i don't that was a bad thing in the first place.
i just don't think anybody expected the internet to last so long
without changes brycec: Well sure nobody planned ahead/expected it.
But I still don't think Ford Motor Company needs 16.8 million public IP addresses. mercutio: that could have been fixed 18 years ago or something though brycec: Practically everything could have been fixed in the past... hindsight and whatnot mercutio: yeah brycec: I have less of an issue with /8s that are assigned to computer companies (Apple, HP, DEC) or whole governments and transit providers, but COME ON why does an car company need 17 million IP's?!? Or an oil company? Or financial services? -: brycec rages m0unds: gotta put those PLCs on the public internet brycec brycec: (That being said, I still don't think the United States Dept. of Defense needs 201 million public IP's, especially when they run their own non-Internet networks)
lol m0unds mercutio: yeah well we know ipv4 is a mess brycec: (And MIT's /8 is just MIT holding out to be dicks. True story.) mercutio: so now we're trying to screw up ipv6
the ip address side of ipv6 is fine..
but how the hell do you multihome? brycec: heh mercutio: do you need a /48? do you need a /32? sorressean: Anyone done any installs with IPMI using ipmitool? trying to install BSD over SoL. it's just hanging, not sure if there was anything special I needed to do. mkb: I usually spend an enormous amount of time and effort trying to make it work and eventually give up and try to get someone else to do it mercutio: the sol is configured normally, but you need to make sure whatever you're using is outputting to serial
java works sorressean: awshit. mercutio: i think i did java sorressean: okay, maybe I can do that from FreeBSD installer brycec: mercutio++ sorressean: Yeah, the java one isn't accessible with a reader.
There is literally no way for me to do this. brycec: Some installers start a serial terminal by default alongside VGA.
I think Debian does, for instance. staticsafe: multihoming with /48 works just fine mercutio: static: yeh i think it generally does atm
but if everyone wanted to do it, there might be a push to become more restrictive sorressean: Hrm. wonder if I can get arp to deploy bsd for me, given my issues mercutio: and it goes back to the way of doing things that happened in ipv4 sorressean: This is fun learning, but I need this working so I can start the switch mercutio: with people using "provider" space to multihome
sorressean: you can't get java wokring?
oh right brycec: sorressean: Which BSD? if it's OpenBSD, I'll do it for you. sorressean: mercutio: applet is not accessible
brycec: it's FreeBSD brycec: blech :P sorressean: I'm not cool enough for OpenBSD. :p
I like my jails. mercutio: jails aren't necessarily secure sorressean: No, they're not.
But they make my life a lot easier sometimes. brycec: It's nice to have logical machines :) sorressean: (I can easily just wipe them out and rebuild if I need. So I have a development jail) mercutio: cool brycec: it's not a hatred of FreeBSD or anything, just that I have far less experience installing it (and there are more questions involved, etc)
(oh and it takes longer) BryceBot: That's what she said!! mercutio: yeah as long as you're not overvalueing security from them, they're probably pretty useful brycec: Too often people think of VM's and containers and jails as magical security cures. Gotta correct those people before they do damage. mercutio: brycec: i think vm's are introducing less security in general :)
it's a complex problem though sorressean: Yeah, it's useful in a sense, but it's not really the base of my security brycec: Good. mercutio: like 4 vm's are more likely to have a hole than 1 server. brycec: (all my jails communicate over lo - now THERE's some network security :D)
*lo0
(er, lo1 actually) mercutio: lo1 sorressean: brycec: I do that too. staticsafe: 100ge7-2.core1.lon2.he.net thats a lot of bits sorressean: It's cool because you can limit what connects where and resource usage of groups of services mercutio: it's only ge
* 100 :) staticsafe: heh mercutio: youu can get 100 gigabit ethernet cards for pc now i thnk
like connectx-4 does 100ge i thikn mnathani_: @exch 56.49 usd to cad BryceBot: 56.49 USD -> 68.20224117 CAD (as of Thu, 30 Apr 2015 13:01:02 -0700) staticsafe: the GBP to CAD exchange rate is painful
@exch 72.50 gbp to cad BryceBot: 72.50 GBP -> 111.26679936831 USD -> 134.33607868174 CAD (as of Thu, 30 Apr 2015 13:01:02 -0700) staticsafe: yeah mercutio: damnit have to request quote to get price for 100gbe card :/ brycec: heh mercutio: i wonder what rouuting performance would be like on linux near 100gbe :/
http://arstechnica.com/security/2015/04/30/spam-blasting-malware-infects-thousands-of-linux-and-freebsd-servers/
this souunds like they've put some effort into doing a good job.
what openbsd has a bug
with mailformed executables. brycec: It happens sometimes BryceBot: That's what she said!! brycec: And specifically, maliciously-formed ELFs mercutio: yeah
hmm hammer2 may be getting ported to openbsd :)
gsoc project brycec: <-- not holding his breath mercutio: neither
that's why i said may
may overload whoever is doing it
oh openbsd 5.7 is out already m0unds: gah, one of my fans sounds sick
sounds like an old garage door opener mercutio: at least fans are cheap mkb: but nobody has received it in the mail yet mercutio: oh?
it's usually early :(
isn't it?
i don't like cd's mkb: it used to be
the new shipper is in England, that won't help us in North America mercutio: i don't even have a cdrom drive :/
the idea mostly is for support
and to make it easier to write it off as a business expense
rather than to actually use
i think most people who buy cd's still download it
i'm starting to even use usb sticks less now mkb: eh.. it'll arrive by the time I have a chance to install it and I only need it on my thinkpad locally at least mercutio: i can just do pxe boot over network mkb: now I'll download it a million times to install on servers
why in the world do they do this?
https://blog.mozilla.org/security/2015/04/30/deprecating-non-secure-http/ mercutio: what
just title :)
what i want is in between http and https
i want validation of content, cacheable
and validation of where something's coming from-
having keys etc on packgaes etc gives a reasonable certainty mkb: and doesn't require https mercutio: i'd actually like extended attribute stuff to be done more on unix
like when you download a file it stores where it came from
but yeah i'm kind of irrate at the way that caching is going out hte window
if you have 20 cellphones in an office you can't have a local proxy it cache updates
s/it/to/ BryceBot: <mercutio> if you have 20 cellphones in an office you can't have a local proxy to cache updates mkb: http was supposed to do that mercutio: well not on android, as all the updates go via https. mkb: the rfc describes all sorts of caches and proxies mercutio: yeah i haev a local proxy mkb: https screws it up mercutio: it's even on ssd's :)
it's very noticable with things like updating packages on two hosts.
because it's like 100x the speed :) mkb: I wish I had more than one openbsd machine at work mercutio: why's that? mkb: everything would work much better if only we'd scrap linux mercutio: like what? mkb: no more systemd mercutio: systemd is fine mkb: actually that's not a fair complaint because I don't think we're ever going to really upgrade past centos 6 mercutio: i find stability and predictability are better with openbsd
but upgrades can be a pita mkb: exactly mercutio: lots of people still use centos5
i hate centos mkb: they go changing crap every six months on linux or else it's one of the old centos 6 machines mercutio: what's with that fastmirror crap
it doesn't even work reliably
and it takes ages mkb: we have a mirror but fastmirror can't figure that out
and there's like 5 mirrors on internet2 closer that it can't find either mercutio: new zealand is actually good for mirrors in general
and most mirrors will do 60 to 80mb/sec+
there's no openbsd mirror in new zealand though.
yeah it's 5 mirrors on internet2 that's the issue
i can understand it not finding a local mirror...
if it's just your own mirror
but it seems to be bad even with public mirrors mkb: I think we have a public mirror
It's a university mercutio: oh
oh taht's even worse :) mkb: should be 1Gbit/s mercutio: the problem with universitys can sometimes be that file storage is non-local and slow mkb: oh I never considered he might put the files on NFS mercutio: so there may be plenty of network capacity and slow disk mkb: I hope not mercutio: it depends, is nfs everywhere there?
it used to be extremely common in sun days
it's not so common for newer setups, that are more linuxy ;/ mkb: we use it all over the place, but I don't know anything about how it's run mercutio: but it's making a come back with vmware
sorressean: did you get sorted ok? ***: dj_goku has quit IRC (Remote host closed the connection)
mordac has joined #arpnetworks mordac: hello, can i please request that the OpenBSD 5.7 install CD be added to the list of CD-ROMs available in the control panel? The amd64 URL is http://ftp5.usa.openbsd.org/pub/OpenBSD/5.7/amd64/install57.iso
the i386 url is http://ftp5.usa.openbsd.org/pub/OpenBSD/5.7/amd64/install57.iso
er...http://ftp5.usa.openbsd.org/pub/OpenBSD/5.7/i386/install57.iso mercutio: it'll probably be added shortly mordac
it's less than 24 hours since release. brycec: mkb, mercutio - if you hadn't heard there are manufacturing issues with the CD's so they're late.
(It's still best to send an email so up_the_irons has a todo item to cross off) mordac: mercutio: I make the request because it was my request that got 5.6 up in November. I don't mind making the request and it seems to get the job done. :) mercutio: ahh ok brycec: heh
Oh mordac, typical OpenBSD nerd...
Well up_the_irons tells me my dedicated machine has been upgraded, and indeed it's back up and running... but for whatever reason I cannot SSH in. *sigh* mercutio: ipmi? brycec: looks like it. Damn firewall... worked fine before the shutdown, now I'm apparently locked out.
<3 "sol activate" mercutio: yeah it's convenient. what'd you do to it? brycec: Second hard drive and more RAM -: brycec gets to look forward to an online RAID build in-production, w00t brycec: wtf, Linux... "ip route add...." "RTNETLINK answers: No such process" and I have no routes
heh my network configs are apparently totally screwy. Thank goodness for IPMI sol! mercutio: hmm
uubuuuntu trusty? brycec: Debian Wheezy mercutio: oops leaning on keys
ahhh
that shouldn't have anything weird about it's setup brycec: Seems like it might be having some odd issues with bridging atop bonded interfaces mercutio: sh
oh brycec: purely script-wise. Technically it works fine.
For whatever reason when Debian's ifup adds the ipv4 to the bridge, it doesn't take. No errors or anything, and I can manually run the ip commands later and get it up.
well here goes nothing...
hooray! everything is just fine
removed the inet6 configuration and everything came up just fine