[02:20] i thought dpdk was only on linux [02:20] and that freebsd had netmap. am i mistaken? [02:21] there's a /new/ ssl flaw it seems. logjam. [02:26] ahh it's only if you have export grade ciphers enabled [04:12] ...and we have a new website! [04:12] although your guys' DNS may take time to update [05:09] Ooo, pretty. [05:38] it's a lot bolder than the old site [05:59] nice [06:12] those images are pretty impressive looking on 4k [06:13] well impressive not on 4k too :) [06:56] up_the_irons: looks nice [07:51] Nice hardware shots. [08:12] *** Seji has quit IRC (Ping timeout: 255 seconds) [08:24] *** Seji has joined #arpnetworks [08:25] up_the_irons: Huzzah! [08:25] (Were we always serving the website over v6? If not, yay for that too) [08:29] up_the_irons: Just a thought - the hover/highlight/tooltip/alt text on the images in the carousel should be something along the lines of "These are not stock photos but actual ARP hardware." [13:07] *** Seji has quit IRC (Ping timeout: 264 seconds) [13:11] up_the_irons: awesome new site [13:11] is it hosted on a dedicated now? Or another vps [13:17] @weather yyz [13:17] Toronto-Pearson International, Ontario: Partly Cloudy ☁ 63°F (17°C), Humidity: 27%, Wind: From the NW at 9 MPH Gusting to 18 MPH -- For more details including the forecast and almanac, see http://www.wunderground.com/cgi-bin/findweather/getForecast?query=43.67722321,-79.63055420 or re-request this with: @weather -v yyz [13:20] I suspect it's a VPS. Can't imagine a pretty static website like ours needing 8 cores and 8GB of RAM to serve. [13:21] Not to mention it would be a relatively large investment if he used a dedi box from inventory that could normally be earning him monthly income. [13:22] Still you have me thinking whether there's a good way to remotely determine whether a host is virtualized [13:26] if you could find out its MAC address - that would be a start [13:26] but you would have to be on the same VLAN [13:27] KVM / QEMU Mac vs SuperMicro etc [13:27] Yeah good thinking [13:27] alas the website is behind a router [13:27] at least for my ip blocks [13:29] for dedicated, it could potentially share say a logging server, or backup server rather than its own dedicated "dedi server" [13:30] brycec: I think I know another way to test [13:30] wget http://arpnetworks.com/100mb.bin from your dedi and see if it exceeds 100mbit [13:30] nice [13:30] never mind [13:30] 404 [13:31] lol yeah [13:31] I was going to say it exceeds 100Mbit from my VPS but... [13:31] I tested it from home and was confused unntil I saw the size :p [13:32] up_the_irons: FYI you broke the /100mb.bin speedtest with the new website [13:32] *** phlux has quit IRC (Ping timeout: 265 seconds) [13:32] I shoud have realized that even at 30MB/s it didn't take long enough [13:33] support.arpnetworks.com being dog-slow for anyone else or is it jut my connection? [13:33] nvm just me [13:33] up_the_irons: http://support.arpnetworks.com/kb/main/ip-address-for-ping-tests needs updating (or fixing) [13:34] *** phlux has joined #arpnetworks [14:32] *** Seji has joined #arpnetworks [14:38] anyone come across a firefox / chrome extension that allows you to specify get dns address from authoritative server fresh, rather than use cached responses, would help test while propagation takes place, without resorting to manually editing hosts files [14:41] mnathani_: what about just clearing Chrome's DNS cache? [14:41] chrome://net-internals/#dns [14:42] (And of course one could just set the TTL's low ahead of time to minimize most propagation) [14:50] brycec: i judged based on ping if something is dedicated or vm :/ [14:52] brycec: it was for me too last night [14:52] (support being slow) [14:53] oh that speed test worked for me last night when i checked it, but it must have been going to the old server [14:54] mnathani_: i just edited /etc/hosts myself :) [14:54] but i only did it for www [14:54] it seemes the speed test is at . [14:58] hmm nz had cable cut for internet [14:58] i wonder if that will make my net slow [15:03] I didn't need to do anything re:arpnetworks.com's update. [15:03] it was "live" when up_the_irons announced it. [15:04] (not that I had "www.arpnetworks.com" cached anywhere...) [15:07] * brycec always forgets about camelcamelcamel.com [15:09] i use camelcamelcamel a lot and forget about it [15:09] and then it emails me [15:10] lol [15:11] Dammit, missed a one-day $20 price drop by just 1 day. [15:12] on what? [15:12] http://www.amazon.com/dp/B0073W6YDA/ [15:12] Amazon: "IOGEAR 2-Port Dual-Link DVI Cable KVM with Audio (GCS982U)" [15:12] that kind of thing is probably cheaper on ebay [15:12] It was $95 yesterday [15:12] oh it does dual-link dvi [15:12] not just dual dvi [15:12] Yeah, bit of a niche product [15:13] Though supposedly this will do it for $30 http://www.ebay.com/itm/StarTech-10-ft-4-in-1-USB-Dual-Link-DVI-D-KVM-Switch-Cable-w-Audio-Microphon-/291286882111?pt=LH_DefaultDomain_0&hash=item43d20d173f [15:13] I'm weary... [15:13] i just use synergy :/ [15:13] it's so handy being able to cut and paste etc. [15:14] but if you don't have space for another monitor.. [15:14] When most products are $100 and this is $30, I question whether it's accurately listed. [15:14] mercutio: Yeeeaaah, or money for another 27" display :P Plus I don't need to use two computers simultaneously with it [15:14] I just don't want to unplug-replug when I switch computers [15:14] http://www.ebay.com/itm/Thinklogical-Velocitykvm-8-Velocity-8-KVM-Receiver-Extensuon-Dual-Link-DVI-/151449592509?pt=LH_DefaultDomain_0&hash=item23431962bd [15:14] i wonder what this is :) [15:15] i can't see the back [15:15] yes you can [15:15] oh click right arrow :) [15:15] not sure if UX failure, or mercutio failure :p [15:16] yeh it should auto scroll :) [15:16] i found a datasheet anyway [15:16] I just read the description from the front of the unit [15:16] it's not really what you want [15:16] still kind of nifty :) [15:17] lol, noooo not by a long shot :p [15:17] Great if I had to drive a video wall or similar, I suppose [15:18] Oh cool it looks like I can find the same $30 dual-link kvm on Amazon (for $30) [15:19] actually for cheaper [15:19] maybe it's worth trying [15:19] although is that just a cable? [15:19] ohshit, no, it's just a cable [15:20] http://www.ebay.com/itm/StarTech-2-Port-High-Resolution-USB-DVI-Dual-Link-KVM-Switch-w-Audio-/251967162711?pt=LH_DefaultDomain_0&hash=item3aaa69c957 [15:20] can't really fault them, they do say it... it just didn't stand out to me. [15:20] Yeah probably complements that [15:20] the other one looked nicer [15:21] probably why http://www.amazon.com/dp/B0073W6YDA/ ended up on my list :p [15:21] Amazon: "IOGEAR 2-Port Dual-Link DVI Cable KVM with Audio (GCS982U)" [15:21] yeah that's there too [15:21] it's more expensive on ebay for me [15:21] Though I do tend to prefer detachable cables. [15:21] but if i sort by price it doesn't show stufuf that doesn't ship to me [15:21] well you can use normal cables probably [15:22] (I wonder if I could just use usb cables I have laying around and cheap DL DVI cables off Monoprice with the $55 switch [15:22] lol [15:22] yeh probably [15:22] 3ft cable is $4.31 on Monoprice [15:22] and has the benefit of letting me "customise" the length [15:22] i'd want one of mine to be longer than that at least. [15:22] ahh. [15:23] i wouldn't bother with audio :/ [15:23] me either [15:23] (my tower sits just behind my monitor, so I don't need much length) [15:24] heh i'm using a really really short network cable [15:24] i think it's 60 cm [15:24] that's not /that/ short [15:24] it is for computer to computer [15:24] it's like 2 feet? [15:25] yeah 23" [15:25] I have something about that long here too. Again, don't need much - I have a switch on my desk [15:25] but because it's infiniband, it was much cheaper that way. [15:25] Ah IB [15:25] 32 gigabit :/ [15:26] i shoudl fix linux on my windows computer and see how fast it can go [15:27] i expect to only get like 20 gigabit out of it [15:27] but in windows it's more like 10 gigabit with samba [16:21] mercutio: are you doing ram to ram transfers, if not I would like to know what disks can sustain 10 gigabit reads / writes [16:22] /dev/md1: [16:22] Timing buffered disk reads: 4606 MB in 3.00 seconds = 1534.74 MB/sec [16:22] ssd raid :) [16:22] that's basically the limit on onboard sata. [16:23] there's 4x pci-e 2 for 20gbit then with 8/10 encoding pushing you to 16 gigabit. [16:23] then sata overhead etc [16:23] i7 processor? [16:24] i7-4770 on linux server [16:24] i7-3770 on windows desktok [16:24] both with ddr3-2000 @ cas 9 latency i'm pretty sure [16:24] but samba isn't multithreaded so it can use 100% cpu on one core of i7-4770 [16:25] i'm using zfs for normal data though [16:25] and have lz4 compression enabled.. [16:25] i have a feeling performance would be slightly higher with ext4. [16:26] but higher speeds are just nifty, i more care about not getting slow, snapshots, checksumming, redundancy [16:26] and by using ssd's it's easier to backup over the net [16:27] because you're not tempted to stick big files on there too much [16:28] brycec: I could clear my local dns cache, but most likely the upstream recursive dns server (either my ISP or Google DNS) has an old cache entry in there as well [16:30] mnathani_: dnsmasq automatically propogates /etc/hosts if you use that. [16:31] it's pretty handy for home networks. [16:37] so I would point local hosts to that designated name server box running dnsmasq? [16:38] yeh [16:38] and you get a local dns cache out of it too [16:39] not to mention single point of faliure [16:39] s/faliure/failure [16:39] not to mention single point of failure [16:39] I guess I could have 2 setup and use as primary and secondary dns [16:40] for home just having single dns is fine [16:40] you can alwyas set secondary to an extenral [16:41] i have a local resolver with Google Public DNS as a backup [16:41] i don't have any backup on my windows host i think [16:42] DHCP all the things [16:42] staticsafe: did your prefix ever get the right as path via NTT and Cogent? [16:42] yeah no backup [16:42] mnathani_: haven't checked [16:42] i can always change it if i have a hardware meltdown or something [16:42] i'd rather fix it if there is an issue though [16:43] does dnsmasq have a feature where it re-requests records as they are expiring so as to have a perpetual cache? [16:43] nope [16:43] unbound's doesn't really help in home situations much though [16:43] it's only if it's requested in the last 10% or something [16:44] so it more helps if you have a busy cache. [16:44] unbound's prefetch feature is indeed useless for small caches [16:45] it would be more useful for a ISP running resolver for their clients [16:45] basically unbound doesn't want to create significant extra dns load [16:45] so it's pretty conservative. [16:45] and i mean unbound is REALLY popular now. [16:45] so if unbound was aggressive people would probably notice. [16:46] i mean there's probably still more bind etc than unbound out there [16:46] but a lot of isp type situations have shifted to it. [16:46] yeah tonnes of BIND out there [16:46] and it's the more used dns that tend to have moved :) [16:46] especially since BIND comes preinstalled with some distros [16:46] *cough* [16:46] i hate bind. [16:47] i think arp is using bind and unbound for recursive [16:47] i wonder if prefetch is enabled. [16:47] i used to do dnsmasq and powerdns to have different servers for recursive. [16:47] authoritative at arp is poweredns with bind slave [16:47] but now days i just use unbound, and if there's an issue there's an issue. [16:47] i'm talking about recursive. [16:47] unbound is recursive only. [16:48] s/poweredns/powerdns [16:48] authoritative at arp is powerdns with bind slave [16:48] i still haven't tried nsd :) [16:48] keep meaning to [16:48] powderdns recursor isn't too bad. but the authorative looked a bit ick to me [16:50] mercutio: what do you guys use at $dayjob for recursive [16:50] unbound. [16:50] *3 [16:50] load balanced? [16:50] nope. [16:50] there's anycast on primary though [16:51] but 1 gets all the load. [16:51] hmm, haven't enabled dnssec yet though [16:52] we've got a list of blocked domains here too. [16:53] I love nsd. Don't think I'll ever look back at bind after I started using nsd. Super easy. [16:53] it got in the news, becauuse the list added baidu [16:53] I could switch to NSD for my auth. slaves, still need to use BIND for the master though [16:53] if its a simple dns block, cant your subscribers just use google dns or such [16:53] (And I used to love bind) [16:54] it's published by the fbi, then emailed to providers in nz. [16:54] staticsafe: What's keeping you on bind, if you don't mind my asking? [16:54] mnathani_: yeh they could, but it's really dodgy stuff. [16:54] well it's meant to be. [16:54] i use the auto-magic DNSSEC signing ability [16:54] (There are some things Bind can do that nsd canot) [16:54] in BIND [16:54] Ah [16:54] i skimmed through it, but it's huge [16:54] but that only needs to exist on the master [16:54] i completely missed baidu being on it [16:55] probably because it doesn't look like a word to me. [16:55] almost all of my zones are signed, even my PTR zones for my IPs [16:55] (I have no idea what automagic dnssec thing in bind you're talking about.) [16:55] Nice [16:55] it automatically signs and maintains signatures on domains [16:55] makes DNSSEC much less painful [16:55] i can't even sign my domains, because i use tinydns. [16:56] and don't have tcp enabled for dns. [16:56] even [16:56] yuck [16:56] well tcp for dns is yuck :/ [16:57] *shrug* [16:57] I should look into signing my zones someday... [16:58] Seems like it's just one extra step when making changes at least, run ldns-signzone [17:03] brycec: dont forget to provide your registrar with your zone signing key records zsk to place in the parent zone [17:08] yeah [17:09] hopefully you wont get a rep who goes DNS what? when you mention DNSSEC support [17:10] heh, which is why I use Gandi [17:10] they are a bit more expensive I recall [17:10] than say namecheap or godaddy [17:11] yeah [17:11] http://wiki.gandi.net/en/domains/dnssec [17:13] ugh, godaddy [17:14] m0unds: http://steamcommunity.com/sharedfiles/filedetails/?id=446246422 [17:14] i need that armor on all my vehicles [17:26] argh, steamcommunity is dragging its ass something fierce [17:29] lol - first autocomplete when typing namecheap was dnssec [17:32] (A quick Google suggests that Namecheap doesn't support DNSSEC, so I'll have to store in DLV) [17:32] (Then again looks like DLV is not long for this world either https://ripe70.ripe.net/wp-content/uploads/presentations/81-RIPE-DLV-timeline-20150513.pdf) [17:32] yeah [17:33] Apparently it's a requirement to be ICANN-accredited [17:35] 2013 "near future" https://twitter.com/Namecheap/status/294872690102267905 [17:35] TWITTER: @mdjanic Ah, we're adding DNSSEC support in the near future. Hang tight :) (Fri Jan 25 18:21:42 +0000 2013, in reply to @mdjanic) [17:36] 2013 heh [17:37] LOL Godaddy: https://twitter.com/GoDaddy/status/294874487713849344 [17:37] TWITTER: @mdjanic We'd certainly love to have your business :) ^C (Fri Jan 25 18:28:51 +0000 2013, in reply to @mdjanic) [17:38] that's... wow. I mean, I hate GoDaddy, but how the hell are they the "winner" in this? [17:43] For what little good it will do me https://twitter.com/brycied00d/status/601185958042697728 [17:43] TWITTER: Hey @ICANN how is @Namecheap still accredited? TWO YEARS since the 2013 RAA and still no DNSSEC - clearly violating their RAA. (Thu May 21 00:41:16 +0000 2015) [17:44] i think its because they are still reselling Enom [17:46] namesilo is another one I can recommend [17:46] you have a point, eNom is in breach of their RAA [17:48] Corrected/tweaked https://twitter.com/brycied00d/status/601187245828263936 [17:48] TWITTER: @ICANN I guess that as @Namecheap is reselling @enom, it's really eNom that is in breach of their 2013 RAA. @icann_president @NameCheapCEO (Thu May 21 00:46:23 +0000 2015, in reply to @brycied00d) [17:48] (And yes kids, I did double-check that eNom, Inc - the name on my whois record - is on ICANN's accredited list having signed the 2013 RAA) [17:49] ++ [17:53] (ty) [17:53] Enom is probably one of the biggest registrars [17:54] due to their resellers [17:54] Indeed they are huge [17:54] you would think banks and other institutions would really be a big DNSSEC driver. Preventing Man in the Middle DNS attacks. [17:54] So how can we be 5+ years later without dnssec? [17:54] image finally loaded staticsafe - reminds me of the tech-centric gang in saints row 3 [17:54] Except that banks etc don't represent a large customer to registrars [17:55] Banks are a handful of domains, and a registrar loses <$1000 if a bank changes to a dnssec reg. [17:55] they probably go to niche registrars online portfolio managers [17:55] markmonitor.com etc [17:56] I thought ^ was an enom reseller [17:59] (Apparently I'm wrong/thinking of something else/it's changed) [17:59] Oh look I have a new follower [18:00] :-) [18:29] m0unds: brycec mnathani_ : thanks! [18:29] brycec: it was on v6 b4 too [18:29] cool [18:31] brycec: i wonder how one sets the toolip/hover text... i'll ask the designer [18:32] mnathani_: still vps [18:33] perhaps the network test file should reside on a dedi for people to burst to 1gig [18:33] I think the alt attribute for img [18:34] (There are actually a handful of ways to do it. "alt" was the main method through HTML 4. HTML5 added tooltip and some other stuff, not to mention the things you can do with Javascript and custom elements) [18:37] brycec: fixed speed test link in kb [18:37] word [18:37] +1 for dedicated speed test [18:38] maybe have the ookla speed test? [18:39] it "kind of sucks" but it tests upload too [18:39] up_the_irons: FYI the KB link should be updated to https:// [18:39] ie. a link you can curl (curl'ing the http:// just returns the 301) [18:39] don't think kb supports https? [18:39] I meant the link provided ON the kb [18:39] curl -v http://arpnetworks.com/files/100mb.bin == 301 [18:39] oh right [18:40] there's a blanket rewrite [18:40] Yea [18:40] h [18:40] it's still not a+ on ssleay test :( [18:40] (Ideally the speedtest would be allowed to be http:// I think) [18:40] i'm not sure why it isn't. [18:40] brycec: done [18:41] brycec: ssl compression used to be common, and i really hated https speed tests [18:41] because they'd often give false numbers. [18:41] i think arp's using random data, not sure though [18:41] but shouldn't have ssl compression enabled anyway [18:41] I'm maxing 100mbps from the file to my ded :/ [18:41] i'm getting 3MB/sec [18:41] from vdsl. [18:41] 4 now. [18:41] (And yes that 100mbps was ipv4) [18:42] (I got it over v6 too, but that's no surprise) [18:42] yeh it's still on a vm [18:42] VM's can have GbE connections [18:42] /dev/null 47%[=========> ] 47.13M 11.1MB/s eta 5s ^C [18:42] ditto ^ [18:43] The only reason I mention this is that it will look like ARP only has 100mbps connection to the Internet for anyone testing with >100mbps pipe. [18:45] i'm getting 96.8mb/sec [18:46] (which for all intents and purposes can be rounded up 3.2mbps to 100 :P) [18:47] * brycec is overlooking that the 'm' prefix is milli. mb= "millibits" [18:47] err megabytes/sec that is [18:47] Really?? I'm still maxing at 11.1MB/s [18:47] yeh i'm using a different location [18:48] http://mirrors.arpnetworks.com/speedtest/100mb.bin [18:48] Oh ha [18:48] yeah I get GbE to the mirror [18:48] much better :P [18:48] I wonder why that link isn't in KB.. [18:48] it is [18:48] lol the page was *just* updated [18:48] heh [18:49] yeah [18:49] 90 seconds ago [18:50] I never noticed this before (a 5 year-old KB article) that the VM host machines only have a single 100mbps connection [18:50] http://support.arpnetworks.com/kb/vps/what-is-the-uplink-speed-of-a-vps [18:50] "Each VPS shares a 100 Mbps uplink with other VPS's running on the same host machine." [18:50] brycec: that's still the case. [18:51] i was a bit apprehensive about that when i first got my vps [18:51] but in practice it never seems to be an issue [18:51] except if someone ddos's. [18:54] I thought there were some people testing gigabit to VPS [18:55] My VPS' second NIC is GbE [18:57] acf__: it's not the default though [18:58] I'd always assumed the hosts had GbE and the guests were just limited to 100mbps to keep from overloading the link [18:58] nope [18:58] (I understand that assumption was wrong now) [18:58] yeh i questioned it when i first got my vps [18:59] is it because the hosts just happen to have fast ethernet cards [18:59] nah the hosts have gigabit cards. [18:59] or is that done intentionally to limit the rate? [18:59] it's the switch ports that are 100 megabit. [18:59] It's the switch [18:59] heh [19:00] interesting [19:00] the switch ports are "good" 100 megabit though. [19:00] (Quality Cisco stuff) [19:00] there is bad 100 megabit? [19:00] ie they don't have stupidly short queues. [19:00] There's cheap [19:00] ah [19:01] if you have three hosts on a cheap gigabit switch try doing concuurrent access to one port from both [19:01] if you send at all more than a gigabit to one port they tend to not behave well. [19:05] before switching was common, intel ethernet used to be faster because it was more aggressive. [19:10] vps hosts' primary interface plug into s1.lax, a Cisco 4500 with 48 port 10/100 Mbps linecard. 7 years ago, when I got it, that was expensive. that's why it's not 1gbps :) [19:11] can you get a cheap gigabit line card second hand now for it? [19:11] http://www.ebay.com/itm/Cisco-WS-X4548-GB-RJ45V-V05-Gigabit-PoE-Line-Card-From-Working-Catalyst-4507R-/191437209907?pt=LH_DefaultDomain_0&hash=item2c928c0133 [19:11] ? [19:11] :D [19:11] that's what i found acf [19:11] you don't want poe [19:12] can you just turn it off? [19:12] maybe [19:12] Still ends up being a waste of parts, power (even off), something else to break, etc [19:12] also if there's an issue, there's a lot of dependency on s1 atm [19:12] yea.. [19:13] do you know if they hot swap? [19:13] * brycec predicts "no" [19:14] 2015-02-28 s1.lax uptime is 6 years, 17 hours, 48 minutes [19:14] http://www.ebay.com/itm/Cisco-WS-X4548-GB-RJ45-Gigabit-Line-Cards-f-Catalyst-4506-4500-Switch-/291457935757?pt=LH_DefaultDomain_77&hash=item43dc3f298d [19:15] or http://www.ebay.com/itm/Cisco-WS-X4548-GB-RJ45-CATALYST-4500-Enhanced-48-Port-Gigabit-Module-/311360341076 [19:15] 50 euro [19:15] $30 for mine and it's near LA [19:15] that's better [19:15] bt it's poe [19:15] buuut [19:15] is it? didn't see that in the title [19:15] it's in the description [19:15] oh i see in the descr [19:16] Did Cisco make these cards withOUT poe?? That's all I'm finding [19:16] well both have the same model code [19:16] maybe they didn't. [19:16]