brycec: i live in california and don't know spanish
i'm learning german... (not very useful in cali, i suppose, but i like the language)
i want to learn spanish
but no-one around here speaks spanish
I used Duolingo to learn a bit of Spanish in the run up to a trip through Argentina last year. It wasn't too hard to get up to the level of being able to order food in a restaurant without looking like a complete idiot.
The confusing bit was flying through Brazil to get there. Are they talking Spanish to me and I am jetlagged and don't understand them, or was that Portugese?
mercutio: well, *nobody* speaks german around here, but with a little resourcefulness i found that wasn't a problem.  ant and i chat in #arpnetworks-de; with skype / whatsapp / etc... i also chat daily with germans/austrians/swiss
yeah chatting daily   is the closest to immersion you can get without actually living somewhere german speaking
mercutio: yeah
up_the_irons: one of my VMs just spontaneously rebooted. Thoughts? The one on kvr12 (or whatever the higher kvr is).
Dirty disk on reboot, so it would seem the host rebooted it
would have been venom patch
mhoran: we're rebooting hosts to patch venom
hmm it doesn't get acpi shutdown notification?
Kvr10 actually. Cool. It did not shut down cleanly, it seems.
kvr15 doesn't seem to have rebooted
Well as long as I didn't get hacked, hooray
mah vps was rebooted
qbit: venom patch
ah
makes sense.. but i wish there had been a notification or something :D
there was something on twitter
but yeah no email strangely
up_the_irons: you didn't mail everyone?
this time around, i did not email everyone.  i really wanted to focus on actually patching things asap.  I put it on Twitter though (i know it's not the best way to announce, but something...)
And I don't twitter.
sorry
No worries just wanted to know what happened.
I was worried because we did maintenance of our own last night
And if course I woke up to see it was down.
Oh... that would also explain one of my client's hosts downtime this morning.
luckily, I don't have my phone on anything but vibrate. :)
twss
Okay! twss! 'luckily, I don't have my phone on anything but vibrate. :)'
or I would have been notified of pagerduty pings. :)
I'm still wondering why my stonehenge.com box hasn't been rebooted.
so there were reboots last night then?
Yes, but not on all hosts
Yea.. Just the hosts my clients are on.. YAY :)
haha
my personal host but not my company's VPS (and naturally our dedicated box is unaffected yay)
up_the_irons are the rest of the hosts going to need a reboot as well? (assuming so)
my landlord is finally installing fiber to each apartment in my building
I wish I could suspend my vm let up_the_irons reboot the host and resume. So many tmux windows
with CRIU, you could. :)
Next time it might be good to inform this channel of a system reboot. Though I don't know: maybe more customers use Twitter than IRC these days.
mnathani_: I feel your "pane" *rimshot*
I dumped my tmux servier-info so I have a snap of what I had arranged at least
(and my ps to be sure I restarted everything I had running by hand)
And now I'm taking the opportunity to grow my disk (been running on my original 10GB partition table forever even though I upgraded to a 40GB disk) and upgrade to Jessie.
mike-burns: I wish he would e-mail. That's the way I'd expect news like that to come from him.
Yea, that's how it should be delivered.
I had to find out there was issues from clients
I suppose it's nice and considerate that ARP almost *never* emails... but maybe that needs to change slightly
I have a fresh install of arch in virtualbox
what is the precise order of things that need to install in order to have a functioning xorg server where startx launches plasma (kde)
the last couple of times I tried I failed
RandalSchwartz: whats CRIU?
@google criu
(Sorry, BryceBot is offline for the moment)
his BNC is here though
:)
Yep (ZNC)
Just upgraded to ZNC 1.4 and excited to play with its new features too (notably support for networks-under-users)
(rather than one user=network as it has been in the past)
Google API failure :(
And now the wonders of running BryceBot behind a bouncer - it can catch up
(sadly it can also fail
"PHP message: cURL_error: Protocol "https" not supported or disabled in libcurl"
the fun of upgrades :D
brycec: lol on the use of pane / pun I am just re-reading
:)
Our PCI-compliance scan requires that I now disable even TLSv1.0
they made us remove SSLv2 and v3 two months ago
problem is... apache22 freebsd port compiled against the system openssl...
those are the only three protocols it knows!
oops
so now I have to recompile everything against the openssl port instead :)
criu http://twit.tv/show/floss-weekly/334
thanks RandalSchwart
RandalSchwartz: is that freebsd 8?
no... now 9
we moved off 8 for all the machines in his cluster
I still have to do stonehenge, but I'm more confident that it's gonna be straightforward
so even freebsd 9 doesn't support tls 1.1 ?
the core openssl is 1.0
so no.
but the port openssl is 1.0.2
so probably I should have switched to that already :)
OpenSSL 1.0.2a 19 Mar 2015
i have 1.02a it sems
i wish versions would go in bigger jumps
i wonder if reebsd will shift to libressl
lol RandalSchwartz
Been there and dealt with that from the other side. We had to add a checkbox to our product to specifically enable TLS 1.0 for old/legacy browsers that don't support 1.1. (originally TLS 1.0 was enabled by default, but it triggered too many customers' PCI scans)
NoScript is kind of annoying tbh
the web is kind of annoying too :)
it has become so important to not communicate so much as to present information
and so you can't just view a whole lot of information nicely, but instead you have to put uup with animations, etc.
the ad thing has got way out of hand too
i don't get why
well i don't get why on tech sites.
is there any way to pre-populate a slight-variant poudriere so I don't have to always build all the packages from scratch?
hmm.  maybe I should ask that in #freebsd
mnathani_: i wish i could easily suspend them as well
pjs: mkb KILLALLHUMANS01 : I'm sorry guys for not sending an email.  I rebooted hosts in haste; was kinda scared.  I've never had so many people open tickets about a vulnerability, asking, "When are you gonna patch yo' shit?"
some sites were advising people to ask their host about when it was being patched.
http://www.nbcnews.com/tech/security/venom-new-security-bug-scary-it-sounds-n359836
i mean people are going around saying it's worse than heartbleed
http://www.zdnet.com/article/venom-security-flaw-millions-of-virtual-machines-datacenters/
like zdnet is saying it's bigger than heartbleed
lol up_the_irons sorry for adding to that pile.
(KILLALLHUMANS01 = brycec)
oh zdnet have upgraded, potentially exploitable to  "can break out of virtual machine"
s/".*/"literal description of what the vulnerability is"
<mercutio> oh zdnet have upgraded, potentially exploitable to  "literal description of what the vulnerability is"
can you actually break out of the virtual machien?
" That can allow a hacker to break out of their own virtual machine to access other machines -- including those owned by other people or companies."
That's what it is, yeah. Allows you access to host memory (well, that which is available to the qemu process running on the host0
i thought it was just an overrun
that doesn't necessarily mean it's exploitable
It's considered exploitable until proven otherwise
because it's *potentially* exploitable
i prefer to keep it at potentially exploitable, until known exploitable.
it's hard to prove something isn't exploitable.
Once you have access to memory at random, you can theoretically do whatever
how much memory do you get access ot?
to?
I don't know for sure, would have to look at the source to be sure, but could be quite a bit, probably at least 64kb
The host's best defense would be ASLR at least
up_the_irons: Did you see this http://www.venomfix.com/ supposedly a way to patch without rebooting.
(It's a save/restore state deal)_
brycec: np
brycec: tnx
the thing about venom is, it is good marketing.  it's called VENOM.  we've seen vulnerabilities a handful of times where someone could "break out" of a guest.  Why is everyone freaking out over VENOM?  On Ubuntu, they are still confined to the AppArmor profile, which is pretty restrictive.
I'm just happy it works as a backronym and isn't a completely silly name
haha
sounds like an 80s villian
villain
probably because there have been a handful of villains named "venom"
ARPNetworks: Now 100% VENOM-free!
My favourite is Spiderman's Venom
brycec: thanks for the rebootless patch info.  I would almost use it, but i think there may even be other kernel patches that _should_ probably go in with the venom fix.  and since everyone else is experiencing downtime and reboots at this point (like, at other providers), seems like a good time to bounce everything.
heh np - just passing it along off the venom website
http://img.phluxbox.com/screenshots/sher2E.png
mercutio: a cursory glance of the source looks like it could allow access to 2,147,483,647 (INT_MAX)
mercutio: you can see that fdctrl->fifo[] is addressed by an int (presumably 32-bit, could be larger, prior to the patch) https://github.com/qemu/qemu/commit/e907746266721f305d67bc0718795fedee2e824c#diff-516dcbd6a7e99f71c8340895ff28816bL2007
Github Commit: "fdc: force the fifo access to be in bounds of the allocated buffer by Petr Matousek"
phlux: LOL
well, guys, i'm not done YET
still got a lot of hosts to go...
like kvr18
so I think VirtualBox > qemu as far as running X goes
also, up_the_irons: do you like Megadeth?
I know that my server hasn't been rebooted yet
I presume you're gonna eventually reboot every one
RandalSchwartz: i think your VM is on an old host (the bad: it's old, the good: no new VMs get provisioned there, so over time you get more of the machine to  yourself ;)
(the bad: You don't actually get control of the host still, or more RAM/HDD provisioned :P)
lol "pfSense® VMware® Ready Virtual Firewall Appliance"
RandalSchwartz: those hosts will probably not be patched at this time, instead they'll be upgraded fully to Ubuntu 14.04.  Upgrades like this generally have a 1.5 hour maintenance window (downtime).
up_the_irons++
yeah
well - other than chris0 going silent, none of neil's hosts have been reset either.
So I presume more things will happen soon
wait - prior to patching, I *can* get full control of the host!
lol RandalSchwartz no you only get access to as much as the qemu process has access to, which isn't much because it's walled
uh oh
rip arpnetworks
RandalSchwartz is going to take over the host and destroy the business
nice knowing you all
heh
phlux: LOL
randal is going to take over the hosts and replace all the linux with freebsd.
replace all the guests linux that is
"we've secretly replaced this client's linux with an actual unix distro..."
"let's see if he notices..."
mercutio: lol
"wait... what... where are my 45 options for ls?"
haha
gnu ls comes with freebsd doesn't it?
it can be installed
oh
the default ls is the *real* ls
it comes with solaris
ahh cool
lolol RandalSchwartz
not the gnu monstrosity
yeah i'm pretty anti gnu
and in the latest freebsd, gcc is now no longer the default
yeah that's cool
or so I'm led to believe
I wonder if you could get away with replacing bash with another bourne shell, if "anyone" would notice...
clang is on par with gcc for performance in my basic experiments
yeah
and it has nicer error messages.
clang that's it
Much nicer :)
ooh and way faster compiles.
less memory uusage when compiling too
is it compatible?
can I introduce it incrementally?
brycec: ksh!
I think that might be a bit too different from bash... who knows
i think it's easy to notice shell replacements cos tehy all act slightly different
i've got this long standing issue with bash ... it seems to somehow randomly lose history lines
so you upress up arrow and it's not there!
err it seems to be when i cut and paste things in usually
How odd. I can see that happening with separate bash shells because they handle history files "weird" (one usually prepends its entire active history to the other). But in the same shell instance, not a clue
this is with a single
i'm always remote logged in
i never use bash locally :)
but i've had it happen on more than one different system
(okay that's closer to 8/10 I think)
but yeah there is the multi shell history thing that makes me want to use zsh too
It's really handy
up-arrow and complete for a command I just ran in a different window
I don't chsh, but I do set tmux default shell to zsh
(well I ^R more)
i chsh
that way, if zsh ever breaks, I can still ssh and fix things
even on openbsd root shell
wow... trusting
:O
and then i find that all packages stop working with update :)
Yeah no kidding.
root's shell is *always* something from base (as in, always ksh)
that bit me with the reinstall all packages openbsd thing
yeah
it wasn't too bad to fix
http://paste.ee/p/KPlaq#385gqSTRyEF59W1HJlGFS16tTxnR627h interesting route selection there (VIBE Communications lg)
god that's long
what's interesting about it?
god that's long
twss
Okay! twss! 'god that's long'
mercutio: its picking the route via Portlane instead of the ARP Networks one
 45177 45177 45177 45177 42708 6.733 i
that's what i see through vibe
becuase i have upstream with vibe
but it's picking 17746 4610 4826 25795 6.733 i
vibe are on any2ix though
and the slightly shorter route is hitting any2ix
i see the community tags for any2ix
i thought it was taking a different path before
i mean the any2ix path
202.49.71.24 is an ip that should come back via any2ix/vibe
static: what made you check vibe for lg?
i've been checking LGs all over the place to see how routes are
ahh
oh vibe is screwy
they're on linx
been troubleshooting a v6 routing issue with Portlane atm, it dies inside their network for some reason
and they don't seem to add hops for it
but it looks like they're peering directly with portlane, or linx doesn't add their asn in
they're also peering directly with arp though..
is portlane... portland++ :)
BGP Peers Observed (v4): 1,080 - portlane peers with a lot of folks
portlane is some sweden provider i think
(lol RandalSchwartz )
RandalSchwartz: heh, wrong side of the world
yeah its a Swedish company
Same as C++ != D
perl -le '$x = "portland"; $x++; print $x'
heh
@py "portland" + 1
TypeError: cannot concatenate 'str' and 'int' objects
bah
python is so weak
BryceBot: WHO CARES ABOUT PROPER LANGUAGE GRAMMAR
or sigils... think of the sigils!
... http://en.wikipedia.org/wiki/Sigil_(computer_programming)
Sigil (computer programming) :: In computer programming, a sigil (/ˈsɪdʒəl/ or /ˈsɪɡəl/; plural sigilia or sigils) is a symbol attached to a variable name, showing the variable's datatype or scope, usually a prefix, as in $foo, where $ is the sigil.  Sigil, from the Latin sigillum, meaning a "little sign", means a sign or image supposedly having magical power. In 1999 Philip Gwyn adopted the term "to mean the funny character at the front 
mercutio: Portlane's promoscuous peering seems to result in some interesting routes
portlane's promiscuious peering... PPP!
hah
BryceBot: time in Sweden
aw
@wa time in sweden
current time in Sweden;4:36:43 am CEST -> Saturday, May 16, 2015;Stockholm, Sweden, , 4:36:43 am  CEST, Saturday, May 16;2:36:43 am GMT -> Saturday May 16, 2015
ahh
protip: You can't just invent syntax.
@protip
Protip #4: Packup a 40GB ISO of data, then have up_the_irons attach that to your VPS. Voila, free read-only storage!
lololol
@wa where am i
current geoIP location;IPv4 address->107.178.195.232, IPv6->::ffff:6bb2:c3e8, (as seen by Wolfram|Alpha)
what address is that? :)
Google
The WA API endpoint logic runs on a Google Cloud thinger
@wa next solar eclipse visible from north america
Error fetching URI.
oops :)
(That's the exact error back from said WA API thinger)
@wa 300 USD to MXN
Error fetching URI.
oops
(If I were in control, it would be a much more useful API)
rate-limit?
@exch 300 USD MXN
300 USD -> 4506.933 MXN (as of Fri, 15 May 2015 19:01:08 -0700)
^ different API at least
oooh.  that was 4666 two weeks ago
highest I've ever seen it
@exch 300 USD MXN 2015-05-01
300 USD -> 4651.335 MXN (as of Fri, 01 May 2015 16:00:00 -0700)
I should have gone long
I wonder what $1 in Prussian Franks is now
I have some venezuelan money from before the re-evaluation
something like a 20,000 note
which was about $10 or so
... The government announced on 7 March 2007 that the bolívar would be revalued at a ratio of 1 to 1000 on 1 January 2008
so these were from before 2008
@exch 1 USD VEF
1 USD -> 6.318536 VEF (as of Fri, 15 May 2015 19:01:08 -0700)
@exch 1 USD VEF 2000-01-01
RandalSchwartz, I didn't recognize 'VEF'.
oops
Yeah I think BryceBot only recognizes current currencies
or dates
or something
@exch 1 USD MXP 1990-01-01
I'm sorry, I couldn't fetch the data: historical/1990-01-01
ahh
@twitter -r 599413951554723840
brycec: Successfully retweeted __briancallahan (599414076582670337): Just submitted a #vBSDcon 2015 talk proposal with @brycied00d (Sat May 16 03:19:57 +0000 2015, retweeted 2 times)
staticsafe: apparently vibe use community 30301 to mark linx traffic, and that's why i had so many prepends
so yeah they're not repeating their own asn in the path..
the whole thing about dealing with bgp communities to get good paths is kind of annoying.
it means you end up having to special case stuff, but at least when you know that linx is "ages away" and can prepend it's not so bad.
well assume you have multiple paths
up_the_irons: got the email regarding reboots. Much appreciated
it'd be nice if it knew who was on what host
oh maybe it does know
or brycec has laggy email
(then again it's probably only for those to be affected0
it says "if" you have host on one of four machines
brycec: lol on that 40gb free read-only storage
9, 14, 15, 16
i'm on 15
as long as the iso is a wget'able URL
Don't think that was "my" protip but thanks mnathani_
I actually got 2 emails
i only got one
one for my vps another for my customers vps
oh right
Hm no reboot for 18 then?
I wonder if 18 is one of those "older" hosts
maybe not yet
or maye it's been
or maybe it's older
ok :)
18 hasn't been rebooted yet. "12:26AM  up 3 days, 12:15, 0 users, load averages: 1.19, 1.06, 1.00"
i'm surprised it's happening so late
late in what respect?
5:30 am or something isn't it
5 to 5:30
currently 9:30pm in ARP Daylight Time
(well 21:27)
yeah i know
Oh up_the_irons specified 5am?
yes
(Not receiving the email, I don't know what was said :p)
i mean why 5 am and not 3 am?
so i dunno if there's another window for other hosts.
Because that's when up_the_irons is up?
heh
he's up at 3 too then :)
He rebooted this vm's host around 6am
yeah
it's hard to know what a good time is really
so 6 am PST is 9 am on eastern time?
yes
is 1pm GMT I believe
That's what she said!!
and it would have been friday
BryceBot: no
Oh, okay... I'm sorry. 'is 1pm GMT I believe'
so normally i'd say that earlier is probably better
for US centric
but tbh, to my mind it's better to be quick than get the time right :)
there's no PST right now
not until november
so mercutio... wrong. :)
technically there still *IS* PST, it's just not accurate :P
No... there's no place that is observing PST at all
This feels like a "if a tree falls in a forest" joke now
whatever.
timezones are important to me.
Sure, nobody is observing it. Doesn't stop it from existing. PST = GMT-8, always.
They are to me as well, and I didn't catch mercutio's slip and I feel bad :(
sure, but it doesn't actually exist for half the year
brycec: i used pst as per the email
shame on up_the_irons then
well in the end it doesn't really matter.
do you call it PT as a standard
https://www.youtube.com/watch?v=aFwcBBmgOe0 ?
YouTube video: "Bohemian Rhapsody - Queen" by Carla Pax
is it EST for east coast?
mercutio: PST/PDT
EST/EDT
i suppose if you used PST and EST, it wouldn't be ambiguous
MST/MDT
CST/CDT
M is mainland?
Mountain
Ahh
Central
Pacific, Eastern
(there are a couple others too for Hawaii and Alaska)
daylight saving is just confusing.
although i do find it amusing that uptheirons seems to go to bed around the same time as me.
even though he's 5 hours ahead (minus a day)
(so 19?)
yeah
(just checking)
i just find +5 hours minus a day easier to grok
Ditto
i'm +13 GMT
err +12 GMT
damn i forget when i'm in daylight saving or not
okay that makes sense
i am ST
but daylight saving for me is +13
mercutio: And when does dst start for you?
it just ended like a month ago?
it's a few weeks different than the US
so sortof-reverse of the Northern hemisphere
that's a very vague month btw
(since US just started in March)
yeah
it's aroound easter iirc
5th april to 27th september
is st
Somehow it feels much later than just 00.00 here :/
Always annoying when the internal clock is fast