| ↑back Search ←Prev date Next date→ Show only urls | (Click on time to select a line by its url) |
| Who | What | When |
|---|---|---|
| up_the_irons | Rada: I found a hung VM, suspected it was yours and rebooted it :) | [00:31] |
| ......... (idle for 42mn) | ||
| *** | visinin has quit IRC ("word") | [01:13] |
| .... (idle for 19mn) | ||
| bobbyw has joined #arpnetworks | [01:32] | |
| ................................................................ (idle for 5h16mn) | ||
| sroute | up_the_irons: looks like more than just that one vm was affected, mine is down | [06:48] |
| .... (idle for 18mn) | ||
| *** | sroute has quit IRC (Remote closed the connection)
sroute has joined #arpnetworks | [07:06] |
| .............. (idle for 1h6mn) | ||
| bobbyw_ has joined #arpnetworks
bobbyw has quit IRC (Read error: 54 (Connection reset by peer)) bobbyw_ is now known as bobbyw bobbyw_ has joined #arpnetworks bobbyw has quit IRC (Read error: 54 (Connection reset by peer)) bobbyw_ is now known as bobbyw | [08:13] | |
| ......... (idle for 42mn) | ||
| heavysixer has joined #arpnetworks | [08:58] | |
| ......... (idle for 43mn) | ||
| dj_goku | openbsd 4.6 was just released!! | [09:41] |
| .... (idle for 19mn) | ||
| mhoran | Yee-haw! | [10:00] |
| ........ (idle for 37mn) | ||
| dj_goku | up_the_irons: you around? | [10:37] |
| ......... (idle for 41mn) | ||
| sroute | OpenBSD is only at 4.6?
sroute fires up python 'FreeBSD 7.2 is %0.2f%% better than newly released OpenBSD ;-)' % ((7.2-4.6)/4.6*100) 'FreeBSD 7.2 is 56.52% better than newly released OpenBSD ;-)' sroute 's toungue is firmly planted in cheek... | [11:18] |
| dj_goku | hehe | [11:26] |
| ..... (idle for 20mn) | ||
| *** | dj_goku has quit IRC ("leaving") | [11:46] |
| visinin has joined #arpnetworks | [11:57] | |
| ........ (idle for 35mn) | ||
| dj_goku has joined #arpnetworks | [12:32] | |
| timburke has quit IRC ("Leaving") | [12:43] | |
| timburke has joined #arpnetworks | [12:51] | |
| dj_goku has quit IRC ("leaving") | [13:05] | |
| ................... (idle for 1h33mn) | ||
| bobbyw has quit IRC () | [14:38] | |
| vtoms has left | [14:49] | |
| ........... (idle for 53mn) | ||
| ballen has joined #arpnetworks | [15:42] | |
| .... (idle for 15mn) | ||
| ballen is now known as ballen|away | [15:57] | |
| ballen|away is now known as ballen | [16:03] | |
| ...... (idle for 28mn) | ||
| visinin has quit IRC ("out out") | [16:31] | |
| ballen has quit IRC () | [16:37] | |
| ...... (idle for 28mn) | ||
| ballen has joined #arpnetworks | [17:05] | |
| toddf | sroute: you forgot to take into calculation your maths about freebsd and security issues vs openbsd .. 2 in 12 years, beat that! *grin* | [17:08] |
| .... (idle for 16mn) | ||
| jeev | any good movies just come out on dvd? | [17:24] |
| ............ (idle for 55mn) | ||
| sroute | toddf: I get that, no argument. But a BSD OS is more than the core... one can't just look there.
http://www.openbsd.org/security.html - a great many more than 2 security issues listed over the years when one looks at the total OS. sroute likes all BSDs but decommissioned last OpenBSD a couple years ago I just like managing one is all. | [18:19] |
| jeev | i think he means by default install or something | [18:22] |
| toddf | the record is about during a current release
aka if people updated as they should have and also the 2 holes have to do with only remote root exploits but still, if you compare remote exploits in the current release of openbsd through the years (2 total) vs any other os you still come up with quite a wide gap | [18:27] |
| mhoran | Sure, but Apache 1.3.29 is pretty useless ... | [18:45] |
| ballen | whats wrong with apache 1.3?
although .29 is pretty dated | [18:46] |
| mhoran | No worker MPM, inferior mod_proxy, ... | [18:47] |
| ballen | mofo's rock solid though | [18:47] |
| mhoran | Sure, for serving static content. | [18:47] |
| ballen | mod_perl | [18:47] |
| mhoran | Hah.
Okay. | [18:48] |
| ballen | ;-) | [18:48] |
| mhoran | :)
Just saying. It's rock solid but not bleeding edge. If you run the non bleeding edge stuff in FreeBSD, you'll be pretty safe as well. | [18:48] |
| ballen | heh, yea I think it would be about the farthest from bleeding edge you can get
and still be using a support app | [18:49] |
| mhoran | There are also more people running FreeBSD in production, which exposes more vulns (The BIND effect, etc.) | [18:49] |
| ballen | supported* | [18:49] |
| mhoran | Also, app performance on OpenBSD is horrid.
I think the lighttpd guys benchmarked it. Might have been someone else. But it didn't scale at all. But it's a great firewall! (pf rocks.) | [18:49] |
| ballen | yea pf is on FreeBSD though | [18:50] |
| mhoran | Yup.
I wish m0n0wall used pf. | [18:50] |
| ballen | even though I use ipfw
yea def a fan of FreeBSD over OpenBSD or NetBSD and the few guys that I've met that work on or have worked on FreeBSD project are awesome of course I've never met anyone that's worked on NetBSD or Open so not much comparision | [18:50] |
| mhoran | Yeha. There was a FreeBSD dev on the floor I was on while at Cisco but I never talked with him.
Not sure if Ron ever met him ... | [18:52] |
| ballen | no idea
he's never mentioned it to me I met one at Google who was a core dev up until FreeBSD 4 or so left the project because they added Periodic when they were already using Cron | [18:52] |
| ...... (idle for 28mn) | ||
| *** | Nat_RH has quit IRC (Remote closed the connection) | [19:25] |
| Nat_RH has joined #arpnetworks | [19:31] | |
| sroute | I used to be a commerical unix guy (DG/UX); even though it was Sys V R4 I grew to like FreeBSD quickly. I like how it is managed... is why I never went the Linux route. | [19:41] |
| toddf | you should give OpenBSD a spin ... pkg_add -uri is hard to beat ;-) | [19:42] |
| sroute | when I left DG an 8 core box cost a few hundred thousand. Ah, the good ol' days. | [19:42] |
| toddf | heh | [19:43] |
| ballen | toddf, FreeBSD has pkg_add -r <pkg_name>
if you're so inclined | [19:43] |
| sroute | I'm sure I'd like OpenBSD but I do more app wrangling now and the broad availability of ports is often handy. Can't disregard app performance either. | [19:44] |
| ballen | yep FreeBSD ports is the shiznas | [19:44] |
| sroute | must admit I do prefer pf to ipfw | [19:45] |
| ballen | yea either or
pf is more advanced | [19:45] |
| sroute | nice that fbsd has it now; auto blocking brute force attackers is so simple in pf | [19:45] |
| ballen | sroute, or you just turn off password auth ;-) | [19:46] |
| sroute | ballen: I do, except for one account - a backdoor | [19:46] |
| toddf | did freebsd ports ever make packages then install from packages or does the Makefile in the ports tree still do manual mucking? | [19:46] |
| ballen | toddf it makes a pkg first
does a staged install then installs from the pkg | [19:46] |
| sroute | ballen: I use my blocking config to block them to ALL services, not just ssh. | [19:47] |
| ballen | aahhh | [19:47] |
| toddf | thats new, they didn't used to do that, openbsd did that for years first .. ;-) | [19:47] |
| ballen | that makes more sense
make package or make pkg | [19:47] |
| toddf | so you could have one freebsd system build packages for a farm of servers? | [19:47] |
| ballen | will put a .pkg file in the port dir
you could | [19:47] |
| sroute | I even have a fake HyperVM listener running on some boxes and accounts - back when the HyperVM exploit was making the news in VPS hosting land, a few chinese dudes were trying to hack em... of course I don't run it here. | [19:48] |
| ballen | hah
why? | [19:48] |
| sroute | because I can; mostly was interested to see how active the bad dudes were over that one. | [19:48] |
| ballen | fair enough | [19:49] |
| sroute | not very it turned out.
I think I ended up blocking 4 IPs in the past few months. vs hundreds aimed at ssh | [19:49] |
| ballen | yea ssh brute forcing is constant | [19:49] |
| sroute | silly morons | [19:49] |
| ballen | must be getting in somewhere
or just script kiddies | [19:50] |
| sroute | right now someone is trying to gain access to PlcmSpIp = some sort of ip phones I think | [19:51] |
| ballen | anyone know of a simple script that will poll snmp for a single item and update a graph with the data over time
specifically for the os x platform | [19:52] |
| sroute | last word on blocking- I notice less of this offending activity on my VM at arp -- believe Garry is doing some filtering up stream | [19:53] |
| ballen | yea he filters ssh brute forcing
or at least limits the connection rate | [19:53] |
| *** | bobbyw has joined #arpnetworks | [20:04] |
| jeev | fuck man
wayport/starbucks/att internet fucking sucks always nasty lag | [20:11] |
| ballen | hmm
ever try VPN'ing somewhere? | [20:11] |
| jeev | sroute, that's what my polycom has in it's phone log
huh ballen i am vpn'd | [20:12] |
| ballen | ah
just wondering if they were shaping traffic | [20:12] |
| jeev | it's 400ms-600ms | [20:12] |
| ballen | and if a UDP vpn would get past it | [20:12] |
| jeev | i have to call every fucking time i'm here
i dont understand how they dont know there's a problem and why then they always say "i spotted the probme" | [20:12] |
| ballen | its not that they don't know... its that they could give a flying fuck | [20:12] |
| jeev | well.. i know having 150 servers aint anything close to the nodes att has
but i can detect an issue on my server within a minute i dont know how they let this go on so long | [20:12] |
| *** | sentabi has quit IRC (pratchett.freenode.net irc.freenode.net)
sentabi has joined #arpnetworks | [20:19] |
| .......... (idle for 45mn) | ||
| dj_goku has joined #arpnetworks | [21:04] | |
| ........... (idle for 54mn) | ||
| ballen | gawd damn Vim's master site is down
ports could def set the timeout on downloads to be a lot faster also FYI: IGNORE_MASTER_SITE_VIM=YES in /etc/make.conf and it will fetch it directly from freebsd.org | [21:58] |
| jeev | heh
yea the timeout issue is stupid i wish while cvsuping, you could get a real0time working list real-time i wonder if there are precompiled ports packages for updated ports ahh, if running -stable | [22:00] |
| ballen | that the hell is wrong with fetch...
/usr/bin/fetch -4ApRr -T 2 -S 2611 http://ftp.vim.org/pub/vim/patches/7.2/7.2.052 why does that not timeout after 2 seconds | [22:11] |
| jeev | wish fetch showed progress too..
can't tell if sometimes ports are working or slow downloads the downloads that is | [22:12] |
| ballen | -T seconds Set timeout value to seconds. Overrides the environment
variables FTP_TIMEOUT for FTP transfers or HTTP_TIMEOUT for HTTP transfers if set. the vim port is such a pain in the nuts freaking 150+ patchsets it needs to download | [22:13] |
| jeev | vim sucks | [22:15] |
| ballen | solution is:
add IGNORE_MASTER_SITE_VIM=YES and set FETCH_ARGS="-4ApRr" forcing fetch to use IPv4 and freebsd.org for whatever reason it fails randomly when using ipv6 SOLID and we're up to patch set 239 not hard to release a gawd damn new version | [22:18] |
| dj_goku | up_the_irons: how do upgrades work? can I reinstall myself? | [22:25] |
| jeev | dj_goku, there are ways you could but he'd probably hvae to start your vps with the cdrom mounted and you'd have to connect via console | [22:27] |
| dj_goku | I don't need a cdrom I can do it all remotely through ssh actually. | [22:28] |
| ballen | freebsd-update ? | [22:28] |
| dj_goku | I just want to keep it as standard so if I need help up_the_irons can help me.
ballen: I use openbsd. | [22:28] |
| ballen | awwww
download the tar balls and extract them? | [22:29] |
| dj_goku | yaifo
is a kernel + sshd | [22:30] |
| ballen | is there anything special he had todo the obsd kernel to get it to run in KVM? | [22:30] |
| dj_goku | no idea.
probably not. I recompiled other than 1 blip, I didn't change anything. | [22:31] |
| ballen | yea | [22:32] |
| dj_goku | ballen: all I can think of is the user that is created. | [22:32] |
| ballen | http://scie.nti.st/2009/10/4/running-openbsd-4-5-in-kvm-on-ubuntu-linux-9-04 | [22:33] |
| dj_goku | yup | [22:33] |
| ballen | k | [22:33] |
| dj_goku | I haven't ever upgraded openbsd so I don't know how to do that. | [22:33] |
| ballen | well | [22:33] |
| dj_goku | If I did I would probably do that. | [22:33] |
| ballen | what I used todo
was litterally go download the new .tgz files from the mirror and extract them | [22:34] |
| dj_goku | on what distro? | [22:35] |
| ballen | over the system
openbsd thats all the installer does | [22:35] |
| dj_goku | right. | [22:35] |
| ballen | you may want to back up /etc though
as its a rather blunt way of upgrading http://www.openbsd.org/faq/upgrade36.html | [22:35] |
| dj_goku | if there were a way to say download click this and be ugpraded I would love that :)
http://www.openbsd.org/faq/upgrade46.html | [22:36] |
| ballen | meh way over complicated these days | [22:37] |
| dj_goku | haha
Or I can backup /etc /home and reinstall :) | [22:38] |
| ballen | i liked my tar -xf base36.tgz
yea thats basically what you're doing, just in place bring up a new vm, and migrate | [22:38] |
| dj_goku | 4 minutes to reinstall
I already moved my router over to openbsd 4.6 | [22:39] |
| ballen | mmk have fun | [22:39] |
| dj_goku | My router is a VM, :D
esxi FTW | [22:39] |
| ballen | yea I do love esxi
run the fucker on a 1gb sd card use normal local disks for the storage pool | [22:40] |
| dj_goku | I have always wanted a via board, since it has the crypo chip on-board. | [22:41] |
| ballen | yea if you're going for low power
pretty slow chips though | [22:42] |
| dj_goku | who cares its a router | [22:42] |
| ballen | in that case checkout: http://www.liantec.com/product/lpc/LPC-5842.htm | [22:42] |
| dj_goku | a home router none the less | [22:42] |
| ballen | and if you happen to figure out how to get one of the boxes in the US let me know
I know you can import than directly from Taiwan them* but its rather expensive | [22:43] |
| dj_goku | ballen: I have a am2 system that I use as my esxi host, I don't plan on buying a mini-atx system. | [22:44] |
| ballen | ah
those boxes are quite good for throughput / watt consumption | [22:45] |
| dj_goku | *shrug* its currently running a total of 4vms, openbsd (router), openbsd (dev), win2k3, win2k8, xp | [22:47] |
| sroute | I just build vim from scratch from cvs/svn sources. | [22:47] |
| dj_goku | I just use emacs :)
dj_goku runs | [22:47] |
| sroute | emacs hurts my hands ;) | [22:48] |
| ballen | get your emacs' loving crap outta here | [22:48] |
| sroute | vim hurts my head but I use it anyway LOL | [22:48] |
| ballen | yea should just use ee | [22:48] |
| sroute | actually... not. You know you are adicted when you do ESC:wq in a text box on a web page | [22:48] |
| ballen | yea I've done that | [22:48] |
| dj_goku | echo/cat works too. | [22:48] |
| sroute | lol | [22:49] |
| ballen | better yet :wq at the end of an IM | [22:49] |
| dj_goku | hehe
I still do that. though it is nice that a lot of the emacs shortcuts are used in other apps. I like that I can use emacs CTRL + A now that I am using tmux instead of screen. | [22:49] |
| sroute | ... like tmux too | [22:52] |
| dj_goku | anyone using opensmtpd in here? I don't think I will ever run my own mail server again since I use google. | [22:53] |
| *** | bobbyw has quit IRC () | [22:58] |
| toddf | wrt openbsd 'bsd -c' or 'config -ef /bsd' and 'disable mpbios' is `the trick to get openbsd current/4.6 to run on kvm'
opensbsd starting with 4.5 and better with 4.6 has 'sysmerge' to merge /etc and such | [23:03] |
| dj_goku | toddf: so are you a fan of upgrade or clean installs? | [23:04] |
| toddf | I most definately am for upgrades | [23:04] |
| dj_goku | I can see the benefit, but it seems like a lot of work :) | [23:04] |
| toddf | clean installs tend to suggest something in the (massivly simplified) upgrade process is borked, aka the cheating way out
for me, if I'm doing a reinstall I have to do lots of customization afterwards while I do have siteXY.tgz and my own custom packages to help it is so much easier to just upgrade it isn't funny I use afs and kerberos and such so my experience may be different than most fresh installs also tend to blow away any existing data backing up /etc and re-installing then getting /etc back and merging it by hand is by far a more painful procedure than doing the upgrade of the base sets, then sysmerge the conf files and finally 'pkg_add -uri' ;-) | [23:04] |
| jeev | wow man
i've said it before, i have over a hundred servers easy i've been updating ports on 3 all day. this is killing me an dpissing me off freebsd die ina fire | [23:06] |
| dj_goku | jeev: diaf is easier :) | [23:08] |
| jeev | i hate acronyms, except the old school ones | [23:08] |
| dj_goku | lol | [23:08] |
| *** | ballen is now known as ballen|away | [23:15] |
| ballen|away is now known as ballen | [23:20] | |
| ....... (idle for 32mn) | ||
| sroute has quit IRC ("WeeChat 0.3.0")
sroute has joined #arpnetworks sroute has quit IRC (Client Quit) sroute has joined #arpnetworks | [23:52] | |
| ↑back Search ←Prev date Next date→ Show only urls | (Click on time to select a line by its url) |