[00:31] <up_the_irons> Rada: I found a hung VM, suspected it was yours and rebooted it :)
[01:13] *** visinin has quit IRC ("word")
[01:32] *** bobbyw has joined #arpnetworks
[06:48] <sroute> up_the_irons: looks like more than just that one vm was affected, mine is down
[07:06] *** sroute has quit IRC (Remote closed the connection)
[07:07] *** sroute has joined #arpnetworks
[08:13] *** bobbyw_ has joined #arpnetworks
[08:13] *** bobbyw has quit IRC (Read error: 54 (Connection reset by peer))
[08:13] *** bobbyw_ is now known as bobbyw
[08:16] *** bobbyw_ has joined #arpnetworks
[08:16] *** bobbyw has quit IRC (Read error: 54 (Connection reset by peer))
[08:16] *** bobbyw_ is now known as bobbyw
[08:58] *** heavysixer has joined #arpnetworks
[09:41] <dj_goku> openbsd 4.6 was just released!!
[10:00] <mhoran> Yee-haw!
[10:37] <dj_goku> up_the_irons: you around?
[11:18] <sroute> OpenBSD is only at 4.6?
[11:18] * sroute fires up python
[11:18] <sroute> 'FreeBSD 7.2 is %0.2f%% better than newly released OpenBSD ;-)' % ((7.2-4.6)/4.6*100)
[11:18] <sroute> 'FreeBSD 7.2 is 56.52% better than newly released OpenBSD ;-)'
[11:18] * sroute 's toungue is firmly planted in cheek...
[11:26] <dj_goku> hehe
[11:46] *** dj_goku has quit IRC ("leaving")
[11:57] *** visinin has joined #arpnetworks
[12:32] *** dj_goku has joined #arpnetworks
[12:43] *** timburke has quit IRC ("Leaving")
[12:51] *** timburke has joined #arpnetworks
[13:05] *** dj_goku has quit IRC ("leaving")
[14:38] *** bobbyw has quit IRC ()
[14:49] *** vtoms has left 
[15:42] *** ballen has joined #arpnetworks
[15:57] *** ballen is now known as ballen|away
[16:03] *** ballen|away is now known as ballen
[16:31] *** visinin has quit IRC ("out out")
[16:37] *** ballen has quit IRC ()
[17:05] *** ballen has joined #arpnetworks
[17:08] <toddf> sroute: you forgot to take into calculation your maths about freebsd and security issues vs openbsd .. 2 in 12 years, beat that! *grin*
[17:24] <jeev> any good movies just come out on dvd?
[18:19] <sroute> toddf: I get that, no argument. But a BSD OS is more than the core... one can't just look there.
[18:19] <sroute> http://www.openbsd.org/security.html - a great many more than 2 security issues listed over the years when one looks at the total OS.
[18:20] * sroute likes all BSDs but decommissioned last OpenBSD a couple years ago
[18:20] <sroute> I just like managing one is all.
[18:22] <jeev> i think he means by default install or something
[18:27] <toddf> the record is about during a current release
[18:27] <toddf> aka if people updated as they should have
[18:31] <toddf> and also the 2 holes have to do with only remote root exploits
[18:31] <toddf> but still, if you compare remote exploits in the current release of openbsd through the years (2 total) vs any other os you still come up with quite a wide gap
[18:45] <mhoran> Sure, but Apache 1.3.29 is pretty useless ...
[18:46] <ballen> whats wrong with apache 1.3?
[18:47] <ballen> although .29 is pretty dated
[18:47] <mhoran> No worker MPM, inferior mod_proxy, ...
[18:47] <ballen> mofo's rock solid though
[18:47] <mhoran> Sure, for serving static content.
[18:47] <ballen> mod_perl
[18:48] <mhoran> Hah.
[18:48] <mhoran> Okay.
[18:48] <ballen> ;-)
[18:48] <mhoran> :)
[18:48] <mhoran> Just saying. It's rock solid but not bleeding edge.
[18:49] <mhoran> If you run the non bleeding edge stuff in FreeBSD, you'll be pretty safe as well.
[18:49] <ballen> heh, yea I think it would be about the farthest from bleeding edge you can get
[18:49] <ballen> and still be using a support app
[18:49] <mhoran> There are also more people running FreeBSD in production, which exposes more vulns (The BIND effect, etc.)
[18:49] <ballen> supported*
[18:49] <mhoran> Also, app performance on OpenBSD is horrid.
[18:49] <mhoran> I think the lighttpd guys benchmarked it. Might have been someone else.
[18:50] <mhoran> But it didn't scale at all.
[18:50] <mhoran> But it's a great firewall!
[18:50] <mhoran> (pf rocks.)
[18:50] <ballen> yea pf is on FreeBSD though
[18:50] <mhoran> Yup.
[18:50] <mhoran> I wish m0n0wall used pf.
[18:50] <ballen> even though I use ipfw
[18:51] <ballen> yea def a fan of FreeBSD over OpenBSD or NetBSD
[18:52] <ballen> and the few guys that I've met that work on or have worked on FreeBSD project are awesome
[18:52] <ballen> of course I've never met anyone that's worked on NetBSD or Open
[18:52] <ballen> so not much comparision
[18:52] <mhoran> Yeha. There was a FreeBSD dev on the floor I was on while at Cisco but I never talked with him.
[18:52] <mhoran> Not sure if Ron ever met him ...
[18:52] <ballen> no idea
[18:53] <ballen> he's never mentioned it to me
[18:56] <ballen> I met one at Google who was a core dev up until FreeBSD 4 or so
[18:57] <ballen> left the project because they added Periodic when they were already using Cron
[19:25] *** Nat_RH has quit IRC (Remote closed the connection)
[19:31] *** Nat_RH has joined #arpnetworks
[19:41] <sroute> I used to be a commerical unix guy (DG/UX); even though it was Sys V R4 I grew to like FreeBSD quickly. I like how it is managed... is why I never went the Linux route.
[19:42] <toddf> you should give OpenBSD a spin ... pkg_add -uri is hard to beat ;-)
[19:42] <sroute> when I left DG an 8 core box cost a few hundred thousand. Ah, the good ol' days.
[19:43] <toddf> heh
[19:43] <ballen> toddf, FreeBSD has pkg_add -r <pkg_name>
[19:43] <ballen> if you're so inclined
[19:44] <sroute> I'm sure I'd like OpenBSD but I do more app wrangling now and the broad availability of ports is often handy. Can't disregard app performance either.
[19:44] <ballen> yep FreeBSD ports is the shiznas
[19:45] <sroute> must admit I do prefer pf to ipfw
[19:45] <ballen> yea either or
[19:45] <ballen> pf is more advanced
[19:45] <sroute> nice that fbsd has it now; auto blocking brute force attackers is so simple in pf
[19:46] <ballen> sroute, or you just turn off password auth ;-)
[19:46] <sroute> ballen: I do, except for one account - a backdoor
[19:46] <toddf> did freebsd ports ever make packages then install from packages or does the Makefile in the ports tree still do manual mucking?
[19:46] <ballen> toddf it makes a pkg first
[19:47] <ballen> does a staged install
[19:47] <ballen> then installs from the pkg
[19:47] <sroute> ballen: I use my blocking config to block them to ALL services, not just ssh.
[19:47] <ballen> aahhh
[19:47] <toddf> thats new, they didn't used to do that, openbsd did that for years first .. ;-)
[19:47] <ballen> that makes more sense
[19:47] <ballen> make package or make pkg
[19:47] <toddf> so you could have one freebsd system build packages for a farm of servers?
[19:47] <ballen> will put a .pkg file in the port dir
[19:47] <ballen> you could
[19:48] <sroute> I even have a fake HyperVM listener running on some boxes and accounts - back when the HyperVM exploit was making the news in VPS hosting land, a few chinese dudes were trying to hack em... of course I don't run it here.
[19:48] <ballen> hah
[19:48] <ballen> why?
[19:48] <sroute> because I can; mostly was interested to see how active the bad dudes were over that one.
[19:49] <ballen> fair enough
[19:49] <sroute> not very it turned out.
[19:49] <sroute> I think I ended up blocking 4 IPs in the past few months.
[19:49] <sroute> vs hundreds aimed at ssh
[19:49] <ballen> yea ssh brute forcing is constant
[19:49] <sroute> silly morons
[19:50] <ballen> must be getting in somewhere
[19:50] <ballen> or just script kiddies
[19:51] <sroute> right now someone is trying to gain access to PlcmSpIp = some sort of ip phones I think
[19:52] <ballen> anyone know of a simple script that will poll snmp for a single item and update a graph with the data over time
[19:52] <ballen> specifically for the os x platform
[19:53] <sroute> last word on blocking- I notice less of this offending activity on my VM at arp -- believe Garry is doing some filtering up stream
[19:53] <ballen> yea he filters ssh brute forcing
[19:54] <ballen> or at least limits the connection rate
[20:04] *** bobbyw has joined #arpnetworks
[20:11] <jeev> fuck man
[20:11] <jeev> wayport/starbucks/att internet fucking sucks
[20:11] <jeev> always nasty lag
[20:11] <ballen> hmm
[20:11] <ballen> ever try VPN'ing somewhere?
[20:12] <jeev> sroute, that's what my polycom has in it's phone log
[20:12] <jeev> huh ballen
[20:12] <jeev> i am vpn'd
[20:12] <ballen> ah
[20:12] <ballen> just wondering if they were shaping traffic
[20:12] <jeev> it's 400ms-600ms
[20:12] <ballen> and if a UDP vpn would get past it
[20:12] <jeev> i have to call every fucking time i'm here
[20:12] <jeev> i dont understand how they dont know there's a problem
[20:12] <jeev> and why then they always say "i spotted the probme"
[20:12] <ballen> its not that they don't know... its that they could give a flying fuck
[20:12] <jeev> well.. i know having 150 servers aint anything close to the nodes att has
[20:12] <jeev> but i can detect an issue on my server within a minute
[20:13] <jeev> i dont know how they let this go on so long
[20:19] *** sentabi has quit IRC (pratchett.freenode.net irc.freenode.net)
[20:19] *** sentabi has joined #arpnetworks
[21:04] *** dj_goku has joined #arpnetworks
[21:58] <ballen> gawd damn Vim's master site is down
[21:58] <ballen> ports could def set the timeout on downloads to be a lot faster
[21:58] <ballen> also FYI: IGNORE_MASTER_SITE_VIM=YES in /etc/make.conf
[21:59] <ballen> and it will fetch it directly from freebsd.org
[22:00] <jeev> heh
[22:01] <jeev> yea the timeout issue is stupid
[22:01] <jeev> i wish while cvsuping, you could get a real0time working list
[22:01] <jeev> real-time
[22:03] <jeev> i wonder if there are precompiled ports packages for updated ports
[22:04] <jeev> ahh, if running -stable
[22:11] <ballen> that the hell is wrong with fetch...
[22:11] <ballen>  /usr/bin/fetch -4ApRr -T 2 -S 2611 http://ftp.vim.org/pub/vim/patches/7.2/7.2.052
[22:12] <ballen> why does that not timeout after 2 seconds
[22:12] <jeev> wish fetch showed progress too..
[22:12] <jeev> can't tell if sometimes ports are working or slow downloads
[22:12] <jeev> the downloads that is
[22:13] <ballen>      -T seconds  Set timeout value to seconds.  Overrides the environment
[22:13] <ballen>                  variables FTP_TIMEOUT for FTP transfers or HTTP_TIMEOUT for
[22:13] <ballen>                  HTTP transfers if set.
[22:14] <ballen> the vim port is such a pain in the nuts
[22:14] <ballen> freaking 150+ patchsets it needs to download
[22:15] <jeev> vim sucks
[22:18] <ballen> solution is:
[22:18] <ballen> add IGNORE_MASTER_SITE_VIM=YES
[22:18] <ballen> and set FETCH_ARGS="-4ApRr"
[22:19] <ballen> forcing fetch to use IPv4 and freebsd.org
[22:19] <ballen> for whatever reason it fails randomly when using ipv6
[22:19] <ballen> SOLID
[22:19] <ballen> and we're up to patch set 239
[22:19] <ballen> not hard to release a gawd damn new version
[22:25] <dj_goku> up_the_irons: how do upgrades work? can I reinstall myself?
[22:27] <jeev> dj_goku, there are ways you could but he'd probably hvae to start your vps with the cdrom mounted and you'd have to connect via console
[22:28] <dj_goku> I don't need a cdrom I can do it all remotely through ssh actually.
[22:28] <ballen> freebsd-update ?
[22:28] <dj_goku> I just want to keep it as standard so if I need help up_the_irons can help me.
[22:29] <dj_goku> ballen: I use openbsd.
[22:29] <ballen> awwww
[22:29] <ballen> download the tar balls and extract them?
[22:30] <dj_goku> yaifo
[22:30] <dj_goku> is a kernel + sshd
[22:30] <ballen> is there anything special he had todo the obsd kernel to get it to run in KVM?
[22:31] <dj_goku> no idea.
[22:31] <dj_goku> probably not.
[22:31] <dj_goku> I recompiled other than 1 blip, I didn't change anything.
[22:32] <ballen> yea
[22:32] <dj_goku> ballen: all I can think of is the user that is created.
[22:33] <ballen> http://scie.nti.st/2009/10/4/running-openbsd-4-5-in-kvm-on-ubuntu-linux-9-04
[22:33] <dj_goku> yup
[22:33] <ballen> k
[22:33] <dj_goku> I haven't ever upgraded openbsd so I don't know how to do that.
[22:33] <ballen> well
[22:33] <dj_goku> If I did I would probably do that.
[22:34] <ballen> what I used todo
[22:34] <ballen> was litterally go download the new .tgz files
[22:34] <ballen> from the mirror
[22:35] <ballen> and extract them
[22:35] <dj_goku> on what distro?
[22:35] <ballen> over the system
[22:35] <ballen> openbsd
[22:35] <ballen> thats all the installer does
[22:35] <dj_goku> right.
[22:35] <ballen> you may want to back up /etc though
[22:35] <ballen> as its a rather blunt way of upgrading
[22:36] <ballen> http://www.openbsd.org/faq/upgrade36.html
[22:36] <dj_goku> if there were a way to say download click this and be ugpraded I would love that :)
[22:37] <dj_goku> http://www.openbsd.org/faq/upgrade46.html
[22:37] <ballen> meh way over complicated these days
[22:38] <dj_goku> haha
[22:38] <dj_goku> Or I can backup /etc /home and reinstall :)
[22:38] <ballen> i liked my tar -xf base36.tgz
[22:38] <ballen> yea thats basically what you're doing, just in place
[22:39] <ballen> bring up a new vm, and migrate
[22:39] <dj_goku> 4 minutes to reinstall
[22:39] <dj_goku> I already moved my router over to openbsd 4.6
[22:39] <ballen> mmk have fun
[22:39] <dj_goku> My router is a VM, :D
[22:40] <dj_goku> esxi FTW
[22:40] <ballen> yea I do love esxi
[22:40] <ballen> run the fucker on a 1gb sd card
[22:41] <ballen> use normal local disks for the storage pool
[22:41] <dj_goku> I have always wanted a via board, since it has the crypo chip on-board.
[22:42] <ballen> yea if you're going for low power
[22:42] <ballen> pretty slow chips though
[22:42] <dj_goku> who cares its a router
[22:42] <ballen> in that case checkout: http://www.liantec.com/product/lpc/LPC-5842.htm
[22:42] <dj_goku> a home router none the less
[22:43] <ballen> and if you happen to figure out how to get one of the boxes in the US let me know
[22:44] <ballen> I know you can import than directly from Taiwan
[22:44] <ballen> them*
[22:44] <ballen> but its rather expensive
[22:44] <dj_goku> ballen: I have a am2 system that I use as my esxi host, I don't plan on buying a mini-atx system.
[22:45] <ballen> ah
[22:45] <ballen> those boxes are quite good for throughput / watt consumption
[22:47] <dj_goku> *shrug* its currently running a total of 4vms, openbsd (router), openbsd (dev), win2k3, win2k8, xp
[22:47] <sroute> I just build vim from scratch from cvs/svn sources.
[22:47] <dj_goku> I just use emacs :)
[22:47] * dj_goku runs
[22:48] <sroute> emacs hurts my hands ;)
[22:48] <ballen> get your emacs' loving crap outta here
[22:48] <sroute> vim hurts my head but I use it anyway LOL
[22:48] <ballen> yea should just use ee
[22:48] <sroute> actually... not. You know you are adicted when you do ESC:wq in a text box on a web page
[22:48] <ballen> yea I've done that
[22:48] <dj_goku> echo/cat works too.
[22:49] <sroute> lol
[22:49] <ballen> better yet :wq at the end of an IM
[22:49] <dj_goku> hehe
[22:49] <dj_goku> I still do that.
[22:50] <dj_goku> though it is nice that a lot of the emacs shortcuts are used in other apps.
[22:51] <dj_goku> I like that I can use emacs CTRL + A now that I am using tmux instead of screen.
[22:52] <sroute> ... like tmux too
[22:53] <dj_goku> anyone using opensmtpd in here? I don't think I will ever run my own mail server again since I use google.
[22:58] *** bobbyw has quit IRC ()
[23:03] <toddf> wrt openbsd 'bsd -c' or 'config -ef /bsd' and 'disable mpbios' is `the trick to get openbsd current/4.6 to run on kvm'
[23:03] <toddf> opensbsd starting with 4.5 and better with 4.6 has 'sysmerge' to merge /etc and such
[23:04] <dj_goku> toddf: so are you a fan of upgrade or clean installs?
[23:04] <toddf> I most definately am for upgrades
[23:04] <dj_goku> I can see the benefit, but it seems like a lot of work :)
[23:04] <toddf> clean installs tend to suggest something in the (massivly simplified) upgrade process is borked, aka the cheating way out
[23:04] <toddf> for me, if I'm doing a reinstall
[23:05] <toddf> I have to do lots of customization afterwards
[23:05] <toddf> while I do have siteXY.tgz and my own custom packages to help
[23:05] <toddf> it is so much easier to just upgrade it isn't funny
[23:05] <toddf> I use afs and kerberos and such so my experience may be different than most
[23:05] <toddf> fresh installs also tend to blow away any existing data
[23:06] <toddf> backing up /etc and re-installing then getting /etc back and merging it by hand is by far a more painful procedure than doing the upgrade of the base sets, then sysmerge the conf files and finally 'pkg_add -uri' ;-)
[23:06] <jeev> wow man
[23:07] <jeev> i've said it before, i have over a hundred servers easy
[23:07] <jeev> i've been updating ports on 3 all day.
[23:07] <jeev> this is killing me an dpissing me off
[23:07] <jeev> freebsd die ina fire
[23:08] <dj_goku> jeev: diaf is easier :)
[23:08] <jeev> i hate acronyms, except the old school ones
[23:08] <dj_goku> lol
[23:15] *** ballen is now known as ballen|away
[23:20] *** ballen|away is now known as ballen
[23:52] *** sroute has quit IRC ("WeeChat 0.3.0")
[23:55] *** sroute has joined #arpnetworks
[23:55] *** sroute has quit IRC (Client Quit)
[23:59] *** sroute has joined #arpnetworks