| ↑back Search ←Prev date Next date→ Show only urls | (Click on time to select a line by its url) |
| Who | What | When |
|---|---|---|
| *** | visinin has quit IRC (Quit: leaving) | [00:27] |
| .... (idle for 16mn) | ||
| up_the_irons | toddf: roger on openbgpd and megaraid; i have a feeling you're not using 'megacli' (the one LSI wrote) | [00:43] |
| ............... (idle for 1h11mn) | ||
| *** | [FBI] starts logging #arpnetworks at Mon Mar 08 01:54:54 2010
[FBI] has joined #arpnetworks | [01:54] |
| ........... (idle for 52mn) | ||
| [FBI] starts logging #arpnetworks at Mon Mar 08 02:46:29 2010
[FBI] has joined #arpnetworks | [02:46] | |
| [FBI] starts logging #arpnetworks at Mon Mar 08 02:55:33 2010
[FBI] has joined #arpnetworks | [02:55] | |
| ...... (idle for 26mn) | ||
| ziyourenxiang has joined #arpnetworks | [03:21] | |
| ...... (idle for 25mn) | ||
| boogeyman has quit IRC (Remote host closed the connection) | [03:46] | |
| boogeyman has joined #arpnetworks | [03:55] | |
| [FBI] starts logging #arpnetworks at Mon Mar 08 04:00:05 2010
[FBI] has joined #arpnetworks [FBI] starts logging #arpnetworks at Mon Mar 08 04:01:05 2010 [FBI] has joined #arpnetworks | [04:00] | |
| visinin has joined #arpnetworks | [04:10] | |
| [FBI] starts logging #arpnetworks at Mon Mar 08 04:21:54 2010
[FBI] has joined #arpnetworks | [04:21] | |
| ..... (idle for 21mn) | ||
| nuke` has quit IRC (Ping timeout: 245 seconds)
visinin has quit IRC (Quit: sleep) | [04:42] | |
| ......... (idle for 44mn) | ||
| toddf | up_the_irons: but of course, megacli is not open source ;-)
up_the_irons: just use bioctl on OpenbSD, it `works' ;-) | [05:28] |
| up_the_irons | yeah, but on my other systems, non-openbsd, megacli blows
sleep is consuming me cd $bed | [05:29] |
| ......... (idle for 44mn) | ||
| *** | vtoms has joined #arpnetworks | [06:15] |
| toddf | there is a reason why a common raid interface at the userland level makes tons of sense, one can do the oss thing and make it useful, let the os do its job and abstract the hardware as it can | [06:19] |
| *** | visinin has joined #arpnetworks | [06:25] |
| toddf | yes, OpenBSD may not have all the spiffy features of say zfs, but it is sad it is often alone speaking up for what is right
vendor supplied drivers and user interface bits are windows models, not unix models *sigh* | [06:26] |
| visinin | i really like openbsd but i'm getting fairly dismal httpd performance compared to freebsd | [06:28] |
| toddf | there are rather conservative settings on by default
if you do not tune anything yes your system may not perform optimally for a http server you might consider tuning | [06:28] |
| visinin | yeah, i've been doing some research but i'm not coming up with much
can you give me some pointers in regards to what i should tweak? | [06:29] |
| toddf | net.inet.{tcp,udp}.recvspace=262144
(the above via cmdline to sysctl and in /etc/sysctl.conf)... s/ffs/ffs,softdep/ in /etc/fstab if you have a kernel recent enough to sport kern.bufcachepercent, then set it to 90 (what mem is not used by apps up to 90% of system mem will become disk buffers, giving way to application allocations instead of swapping though) those should get you started.. | [06:29] |
| visinin | i'd already made the recvspace and sendspace changes and that only got me about 15Kbps more throughput
i'll try the softdep change, and my kernel's not new enough for bufcachepercent i've been wondering whether a lack of sendfile() could be to blame for some of the slowdown | [06:32] |
| *** | schmir has joined #arpnetworks | [06:39] |
| toddf | might try a current snapshot which is pretty stable btw .. if you want to test the bufcachepercent=90 thing | [06:43] |
| visinin | going to try a different webserver, too (been playing with cherokee but it's giving me trouble) | [06:46] |
| toddf | the softdep thing mainly helps if you have lots of files created or removed at once, but there are other benifits also | [06:47] |
| mike-burns | I do nginx (with thin for Rails apps).
On FreeBSD though. | [06:47] |
| epid | same here
on OpenBSD though :) | [06:48] |
| toddf | there are various webservers in ports.. | [06:48] |
| ...... (idle for 28mn) | ||
| visinin | well, turns out it was the webserver!
let it be known that cherokee on openbsd is abominably slow | [07:16] |
| *** | baklava has quit IRC (Quit: Game Over. Please insert another token into the ring.) | [07:25] |
| visinin has quit IRC (Quit: sleep) | [07:35] | |
| toddf | any chance you tried the httpd that comes with base? | [07:35] |
| *** | nuke` has joined #arpnetworks | [07:43] |
| ......... (idle for 43mn) | ||
| schmir has quit IRC (Ping timeout: 265 seconds) | [08:26] | |
| ........ (idle for 35mn) | ||
| ziyourenxiang has quit IRC (Quit: ziyourenxiang) | [09:01] | |
| .................................... (idle for 2h55mn) | ||
| hiram is now known as BarberRonny | [11:56] | |
| ..................................... (idle for 3h3mn) | ||
| visinin has joined #arpnetworks | [14:59] | |
| ....... (idle for 30mn) | ||
| vtoms has quit IRC (Quit: Leaving.) | [15:29] | |
| ......... (idle for 40mn) | ||
| coil has quit IRC (Ping timeout: 256 seconds) | [16:09] | |
| coil_ has joined #arpnetworks | [16:16] | |
| ........ (idle for 36mn) | ||
| coil- has joined #arpnetworks
coil- is now known as coil coil has quit IRC (Changing host) coil has joined #arpnetworks coil_ has quit IRC (Ping timeout: 260 seconds) | [16:52] | |
| .............. (idle for 1h8mn) | ||
| islandfo1 has joined #arpnetworks
islandfox has quit IRC (Read error: Connection reset by peer) islandfo1 is now known as islandfox | [18:02] | |
| islandfox | is there any sort of incoming ssh connection throttling that has been applied? | [18:06] |
| up_the_irons | islandfox: yes, it has always been this way. more than 10 ssh syn's in 1 minute will lock your IP until the next minute or so
protection from dictionary attacks | [18:07] |
| islandfox | ah, I haven't sone rapid ssh until recently | [18:07] |
| RandalSchwartz | is that for all boxes? | [18:07] |
| up_the_irons | islandfox: it is applied to port 22 only; so if you hate it, you can move your port | [18:07] |
| islandfox | that also explain the lack of much attacks I suppose | [18:07] |
| up_the_irons | RandalSchwartz: yes | [18:08] |
| RandalSchwartz | that hurts some SVN applications
do you have a FAQ that says "move your SVN port"? | [18:08] |
| up_the_irons | no, but, good idea :) | [18:08] |
| RandalSchwartz | because that's being discussed right now on the freebsd pages
as in "why not throttle incoming ssh" and that was one of the response | [18:08] |
| islandfox | I'll just implement connection multiplexing in my app I suppose | [18:09] |
| RandalSchwartz | or get off port 22. :)
which isn't a bad idea anyway 22 = Very Low Hanging Fruit | [18:09] |
| up_the_irons | only like 2 customers have ever noticed the throttling phenomenon; yet bandwidth graphs for dictionary attacks were slammed to the floor when i implemented it; == win :) | [18:10] |
| RandalSchwartz | so I impressed Neil yesterday. told him I hosed my IP settings for my box, and yet was able to reboot the box remotely, login with the console, fix the settings and reboot again | [18:10] |
| up_the_irons | RandalSchwartz: yeah he *better* be impressed ;) | [18:11] |
| islandfox | I just discovered it when running a new backup script against it a few days ago :) | [18:11] |
| RandalSchwartz | a backup that *doesn't* use rsync? :) | [18:11] |
| islandfox | not really worried about dictionary attacks since I only allow public key auth, but I might change the port on the main VM if I am too lazy to implement multiplexing for a while... | [18:12] |
| RandalSchwartz | well at $previous_hosting, that would have required a pair of helping hands | [18:12] |
| islandfox | RandalSchwartz: yes, a script managing zfs snapshots+send/recv | [18:12] |
| RandalSchwartz | aha.
ok - yeah, multi-connections | [18:13] |
| up_the_irons | I love the fact that customers can do their own repairs also ;) | [18:13] |
| RandalSchwartz | less work for you | [18:13] |
| up_the_irons | I can click Acknowledge in Nagios a lot more... | [18:14] |
| islandfox | anyhow, thank up_the_irons, good to know I'm not going crazy, I had thought it was unfiltered :) | [18:15] |
| up_the_irons | islandfox: np! sorry to temporarily make u crazy | [18:15] |
| shmget | i mentioned changing ssh ports one time to my friends on facebook, and they mumbled "security through obscurity" | [18:22] |
| *** | mart1n has quit IRC (Ping timeout: 256 seconds)
mart1n has joined #arpnetworks | [18:30] |
| up_the_irons | shmget: yeah, if that's the only thing you do; but on the flip side, if everyone used random ssh ports and port 22 was not used at all, break-ins through dictionary attacks would be reduced; i find it hard to be able to refute that
it's not "security" per-se, but it makes a concrete difference | [18:40] |
| shmget | right
it at least makes intruders search for the right port (by running SSH on a different port, you can also get through corporate firewalls that disallow port 22) | [18:43] |
| up_the_irons | yeah | [18:44] |
| shmget | i'm surprised I haven't been caught yet, been doing it for years
i made a simple vpn one time before the company i worked for had one i had a freebsd server that checked my mail on an exchange server. if i emailed myself an email at work with my IP address at home, it would initiate an SSH connection to my home computer. then, I did another tunnel back through, and did what I needed to do it worked great no one busted me for it i have heard they only bust you when you transfer large amounts of data, as it could be someone trying to send out corporate docuements/secrets | [18:45] |
| *** | amdprophet has joined #arpnetworks | [18:49] |
| amdprophet | up_the_irons: you around? | [18:54] |
| up_the_irons | shmget: interesting
amdprophet: yes | [18:55] |
| amdprophet | having some slowdowns on our vps, just wondering if there's any known issues | [18:55] |
| up_the_irons | amdprophet: migrating a VM to the kvr04 server (not sure if that is you or not); maybe I should ionice that...
(done) | [18:57] |
| amdprophet | thanks | [18:58] |
| up_the_irons | np | [18:59] |
| amdprophet | i think it's worse now lol
http://aelatis.com/ we are on kvr04 btw | [19:07] |
| up_the_irons | this migration is a pain :( | [19:09] |
| amdprophet | :( | [19:10] |
| any ETA as to when it will be doe?
done & done * | [19:19] | |
| up_the_irons | 7G left, 7.3 MB/s | [19:24] |
| 2G left
corrupt disk image <sigh...> | [19:34] | |
| jeev | raid sucks | [19:50] |
| up_the_irons | ddrescue is pretty cool | [19:51] |
| jeev | up_the_irons, i think you should give in and use a real distribution, a.k.a. slackware. | [19:52] |
| ............. (idle for 1h4mn) | ||
| *** | heavysixer has quit IRC (Quit: heavysixer) | [20:56] |
| .............................. (idle for 2h28mn) | ||
| visinin has quit IRC (Quit: sleep) | [23:24] | |
| .... (idle for 16mn) | ||
| jeev has left | [23:40] | |
| ↑back Search ←Prev date Next date→ Show only urls | (Click on time to select a line by its url) |