Rada: I found a hung VM, suspected it was yours and rebooted it :) up_the_irons: looks like more than just that one vm was affected, mine is down openbsd 4.6 was just released!! Yee-haw! up_the_irons: you around? OpenBSD is only at 4.6? 'FreeBSD 7.2 is %0.2f%% better than newly released OpenBSD ;-)' % ((7.2-4.6)/4.6*100) 'FreeBSD 7.2 is 56.52% better than newly released OpenBSD ;-)' hehe sroute: you forgot to take into calculation your maths about freebsd and security issues vs openbsd .. 2 in 12 years, beat that! *grin* any good movies just come out on dvd? toddf: I get that, no argument. But a BSD OS is more than the core... one can't just look there. http://www.openbsd.org/security.html - a great many more than 2 security issues listed over the years when one looks at the total OS. I just like managing one is all. i think he means by default install or something the record is about during a current release aka if people updated as they should have and also the 2 holes have to do with only remote root exploits but still, if you compare remote exploits in the current release of openbsd through the years (2 total) vs any other os you still come up with quite a wide gap Sure, but Apache 1.3.29 is pretty useless ... whats wrong with apache 1.3? although .29 is pretty dated No worker MPM, inferior mod_proxy, ... mofo's rock solid though Sure, for serving static content. mod_perl Hah. Okay. ;-) :) Just saying. It's rock solid but not bleeding edge. If you run the non bleeding edge stuff in FreeBSD, you'll be pretty safe as well. heh, yea I think it would be about the farthest from bleeding edge you can get and still be using a support app There are also more people running FreeBSD in production, which exposes more vulns (The BIND effect, etc.) supported* Also, app performance on OpenBSD is horrid. I think the lighttpd guys benchmarked it. Might have been someone else. But it didn't scale at all. But it's a great firewall! (pf rocks.) yea pf is on FreeBSD though Yup. I wish m0n0wall used pf. even though I use ipfw yea def a fan of FreeBSD over OpenBSD or NetBSD and the few guys that I've met that work on or have worked on FreeBSD project are awesome of course I've never met anyone that's worked on NetBSD or Open so not much comparision Yeha. There was a FreeBSD dev on the floor I was on while at Cisco but I never talked with him. Not sure if Ron ever met him ... no idea he's never mentioned it to me I met one at Google who was a core dev up until FreeBSD 4 or so left the project because they added Periodic when they were already using Cron I used to be a commerical unix guy (DG/UX); even though it was Sys V R4 I grew to like FreeBSD quickly. I like how it is managed... is why I never went the Linux route. you should give OpenBSD a spin ... pkg_add -uri is hard to beat ;-) when I left DG an 8 core box cost a few hundred thousand. Ah, the good ol' days. heh toddf, FreeBSD has pkg_add -r if you're so inclined I'm sure I'd like OpenBSD but I do more app wrangling now and the broad availability of ports is often handy. Can't disregard app performance either. yep FreeBSD ports is the shiznas must admit I do prefer pf to ipfw yea either or pf is more advanced nice that fbsd has it now; auto blocking brute force attackers is so simple in pf sroute, or you just turn off password auth ;-) ballen: I do, except for one account - a backdoor did freebsd ports ever make packages then install from packages or does the Makefile in the ports tree still do manual mucking? toddf it makes a pkg first does a staged install then installs from the pkg ballen: I use my blocking config to block them to ALL services, not just ssh. aahhh thats new, they didn't used to do that, openbsd did that for years first .. ;-) that makes more sense make package or make pkg so you could have one freebsd system build packages for a farm of servers? will put a .pkg file in the port dir you could I even have a fake HyperVM listener running on some boxes and accounts - back when the HyperVM exploit was making the news in VPS hosting land, a few chinese dudes were trying to hack em... of course I don't run it here. hah why? because I can; mostly was interested to see how active the bad dudes were over that one. fair enough not very it turned out. I think I ended up blocking 4 IPs in the past few months. vs hundreds aimed at ssh yea ssh brute forcing is constant silly morons must be getting in somewhere or just script kiddies right now someone is trying to gain access to PlcmSpIp = some sort of ip phones I think anyone know of a simple script that will poll snmp for a single item and update a graph with the data over time specifically for the os x platform last word on blocking- I notice less of this offending activity on my VM at arp -- believe Garry is doing some filtering up stream yea he filters ssh brute forcing or at least limits the connection rate fuck man wayport/starbucks/att internet fucking sucks always nasty lag hmm ever try VPN'ing somewhere? sroute, that's what my polycom has in it's phone log huh ballen i am vpn'd ah just wondering if they were shaping traffic it's 400ms-600ms and if a UDP vpn would get past it i have to call every fucking time i'm here i dont understand how they dont know there's a problem and why then they always say "i spotted the probme" its not that they don't know... its that they could give a flying fuck well.. i know having 150 servers aint anything close to the nodes att has but i can detect an issue on my server within a minute i dont know how they let this go on so long gawd damn Vim's master site is down ports could def set the timeout on downloads to be a lot faster also FYI: IGNORE_MASTER_SITE_VIM=YES in /etc/make.conf and it will fetch it directly from freebsd.org heh yea the timeout issue is stupid i wish while cvsuping, you could get a real0time working list real-time i wonder if there are precompiled ports packages for updated ports ahh, if running -stable that the hell is wrong with fetch... /usr/bin/fetch -4ApRr -T 2 -S 2611 http://ftp.vim.org/pub/vim/patches/7.2/7.2.052 why does that not timeout after 2 seconds wish fetch showed progress too.. can't tell if sometimes ports are working or slow downloads the downloads that is -T seconds Set timeout value to seconds. Overrides the environment variables FTP_TIMEOUT for FTP transfers or HTTP_TIMEOUT for HTTP transfers if set. the vim port is such a pain in the nuts freaking 150+ patchsets it needs to download vim sucks solution is: add IGNORE_MASTER_SITE_VIM=YES and set FETCH_ARGS="-4ApRr" forcing fetch to use IPv4 and freebsd.org for whatever reason it fails randomly when using ipv6 SOLID and we're up to patch set 239 not hard to release a gawd damn new version up_the_irons: how do upgrades work? can I reinstall myself? dj_goku, there are ways you could but he'd probably hvae to start your vps with the cdrom mounted and you'd have to connect via console I don't need a cdrom I can do it all remotely through ssh actually. freebsd-update ? I just want to keep it as standard so if I need help up_the_irons can help me. ballen: I use openbsd. awwww download the tar balls and extract them? yaifo is a kernel + sshd is there anything special he had todo the obsd kernel to get it to run in KVM? no idea. probably not. I recompiled other than 1 blip, I didn't change anything. yea ballen: all I can think of is the user that is created. http://scie.nti.st/2009/10/4/running-openbsd-4-5-in-kvm-on-ubuntu-linux-9-04 yup k I haven't ever upgraded openbsd so I don't know how to do that. well If I did I would probably do that. what I used todo was litterally go download the new .tgz files from the mirror and extract them on what distro? over the system openbsd thats all the installer does right. you may want to back up /etc though as its a rather blunt way of upgrading http://www.openbsd.org/faq/upgrade36.html if there were a way to say download click this and be ugpraded I would love that :) http://www.openbsd.org/faq/upgrade46.html meh way over complicated these days haha Or I can backup /etc /home and reinstall :) i liked my tar -xf base36.tgz yea thats basically what you're doing, just in place bring up a new vm, and migrate 4 minutes to reinstall I already moved my router over to openbsd 4.6 mmk have fun My router is a VM, :D esxi FTW yea I do love esxi run the fucker on a 1gb sd card use normal local disks for the storage pool I have always wanted a via board, since it has the crypo chip on-board. yea if you're going for low power pretty slow chips though who cares its a router in that case checkout: http://www.liantec.com/product/lpc/LPC-5842.htm a home router none the less and if you happen to figure out how to get one of the boxes in the US let me know I know you can import than directly from Taiwan them* but its rather expensive ballen: I have a am2 system that I use as my esxi host, I don't plan on buying a mini-atx system. ah those boxes are quite good for throughput / watt consumption *shrug* its currently running a total of 4vms, openbsd (router), openbsd (dev), win2k3, win2k8, xp I just build vim from scratch from cvs/svn sources. I just use emacs :) emacs hurts my hands ;) get your emacs' loving crap outta here vim hurts my head but I use it anyway LOL yea should just use ee actually... not. You know you are adicted when you do ESC:wq in a text box on a web page yea I've done that echo/cat works too. lol better yet :wq at the end of an IM hehe I still do that. though it is nice that a lot of the emacs shortcuts are used in other apps. I like that I can use emacs CTRL + A now that I am using tmux instead of screen. ... like tmux too anyone using opensmtpd in here? I don't think I will ever run my own mail server again since I use google. wrt openbsd 'bsd -c' or 'config -ef /bsd' and 'disable mpbios' is `the trick to get openbsd current/4.6 to run on kvm' opensbsd starting with 4.5 and better with 4.6 has 'sysmerge' to merge /etc and such toddf: so are you a fan of upgrade or clean installs? I most definately am for upgrades I can see the benefit, but it seems like a lot of work :) clean installs tend to suggest something in the (massivly simplified) upgrade process is borked, aka the cheating way out for me, if I'm doing a reinstall I have to do lots of customization afterwards while I do have siteXY.tgz and my own custom packages to help it is so much easier to just upgrade it isn't funny I use afs and kerberos and such so my experience may be different than most fresh installs also tend to blow away any existing data backing up /etc and re-installing then getting /etc back and merging it by hand is by far a more painful procedure than doing the upgrade of the base sets, then sysmerge the conf files and finally 'pkg_add -uri' ;-) wow man i've said it before, i have over a hundred servers easy i've been updating ports on 3 all day. this is killing me an dpissing me off freebsd die ina fire jeev: diaf is easier :) i hate acronyms, except the old school ones lol