[00:32] *** fink has quit IRC (Quit: fink)
[01:06] *** amdprophet|sleep has quit IRC (Quit: amdprophet|sleep)
[01:23] *** schmir has joined #arpnetworks
[01:24] *** schmir has quit IRC (Remote host closed the connection)
[01:43] *** fink has joined #arpnetworks
[01:48] *** fink has quit IRC (Ping timeout: 252 seconds)
[02:20] *** schmir has joined #arpnetworks
[03:05] *** nerdd_ has joined #arpnetworks
[03:10] *** nerdd has quit IRC (Ping timeout: 264 seconds)
[04:15] *** ziyourenxiang has joined #arpnetworks
[04:27] *** LT has joined #arpnetworks
[04:42] *** infrared has quit IRC (Ping timeout: 276 seconds)
[04:46] *** infrared has joined #arpnetworks
[04:59] <cedwards> up_the_irons: ping re: second vps serial console access.
[05:14] *** heavysixer has joined #arpnetworks
[05:14] *** ChanServ sets mode: +o heavysixer
[06:16] *** vtoms has joined #arpnetworks
[06:33] *** nesta- has joined #arpnetworks
[06:52] *** heavysixer has quit IRC (Quit: heavysixer)
[07:17] *** heavysixer has joined #arpnetworks
[07:17] *** ChanServ sets mode: +o heavysixer
[08:03] *** fink has joined #arpnetworks
[08:37] *** mick_laptop has quit IRC (*.net *.split)
[08:37] *** coil has quit IRC (*.net *.split)
[08:37] *** cedwards has quit IRC (*.net *.split)
[08:38] *** mick_laptop has joined #arpnetworks
[08:38] *** coil has joined #arpnetworks
[08:38] *** cedwards has joined #arpnetworks
[08:44] *** fink has quit IRC (Quit: fink)
[08:48] *** infrared has quit IRC (Read error: Operation timed out)
[08:53] *** infrared has joined #arpnetworks
[08:55] *** schmir has quit IRC (Remote host closed the connection)
[09:00] <cedwards> good morning everybody.
[09:02] <nesta-> heya cedwards :)
[09:02] *** nesta- is now known as aem
[09:03] *** fink has joined #arpnetworks
[09:18] *** LT has quit IRC (Quit: Leaving)
[09:23] *** ziyourenxiang has quit IRC (Quit: ziyourenxiang)
[09:32] <cedwards> question for the BSD folk. how large do you normally make / when you partition?
[09:33] <RandalSchwartz> cedwards - using zfs, so it doesn't matter. :)
[09:33] <cedwards> I've yet to dabble in the magic that is zfs :(
[09:33] <aem> cedwards: about a 1gb but it does not even need that
[09:33] <cedwards> perhaps now is a good time to learn
[09:34] <cedwards> aem: I just reinstalled my second VPS and did 512M, which is my normal default, but it hit 100% on / when I tried rebuilding world.
[09:34] <cedwards> I have /tmp, /var, /usr, and / (1G, 2G, remaining and 512M respectively)
[09:35] <aem> yes I had this same issue cedwards
[09:35] <cedwards> aem: figure out why?
[09:35] <aem> trying to recall heh
[09:35] <aem> but I do remember I reformatted and made my root 1gb
[09:35] <aem> and was fine :)
[09:36] <cedwards> hmm. hate to lose a morning of work, but I guess that might be worth it.
[09:44] <fink> cedwards: i agree with randall, use zfs
[09:44] <fink> less hassle
[09:44] <cedwards> I suppose I need to break out the handbook and do some reading them.
[09:44] <cedwards> s/them/then/
[09:45] <RandalSchwartz> many here have gone on the path ahead of you, and set up signposts. :)
[09:46] <fink> cedwards: randall gave me this link: http://wiki.freebsd.org/RootOnZFS/GPTZFSBoot
[09:46] <fink> i'm using it on the 768 slice
[09:46] <fink> i mean vps ;)
[09:46] <cedwards> old slicehost customer? :)
[09:47] <fink> yup
[09:48] <cedwards> I was, once upon a time as well. Went to Linode, and then here.
[09:48] * fink likes it here
[09:52] <cedwards> ok, following those zfs instructions, which option should I select at fixit?
[09:53] <cedwards> cdrom, usb, floppy, shell
[09:53] <RandalSchwartz> cdrom I think
[09:53] <RandalSchwartz> whatever gets you to a shell :)
[09:53] <RandalSchwartz> but not the holoshell
[09:53] <RandalSchwartz> I think it's "6" then '1"
[09:53] <RandalSchwartz> been a whiel
[09:54] <RandalSchwartz> ... http://wiki.freebsd.org/RootOnZFS/GPTZFSBoot
[09:54] <RandalSchwartz> and know that the network interface is "em0", not "re0"
[09:54] <RandalSchwartz> and you can't use DHCP, so you have to put your real info there
[09:55] <RandalSchwartz> when you get down to step 2.5
[09:55] <RandalSchwartz> I think the rest was just as written
[09:55] <cedwards> I'm still stuck on the first gpart command(s)
[09:56] <cedwards> file exists on create. file busy on destroy.
[09:56] <RandalSchwartz> you might have booted wrongly then
[09:56] <RandalSchwartz> ad0 should be free
[09:57] <cedwards> i boot from CD. Select fixit, and cdrom..
[09:57] <RandalSchwartz> try df or mount.  see what's mounted
[09:57] <RandalSchwartz> make sure ad0 isn't mounted
[09:57] <cedwards> just md0 and acd0
[09:58] <RandalSchwartz> ahh.  might need to destroy the existing label
[09:58] <cedwards> how do i do that?
[09:58] <RandalSchwartz> dd if=/dev/random of=/dev/ad0 bs=1m count=1
[09:58] <cedwards> good 'ol dd
[09:58] <RandalSchwartz> then you should be able to do the create
[09:59] <RandalSchwartz> gpart was trying to prevent you from hurting yourself
[09:59] <cedwards> yup
[09:59] <RandalSchwartz> but you... uh... know better. :)
[10:00] <cedwards> riggght.
[10:05] *** j3m has joined #arpnetworks
[10:09] <cedwards> what can I prune from 2.2 if I normall just install minimal?
[10:09] <cedwards> just use base?
[10:12] <cedwards> trying base + lib32
[11:00] <cedwards> ok. machine is finally back up and ready to use.
[11:00] <cedwards> going to have to get used to having so many entries in 'mount' and 'df' using zfs
[11:01] <fink> cedwards: gpart destroy ad0
[11:01] <fink> sorry, late to the party
[11:02] <fink> gpart delete -i 1 ad0
[11:03] <cedwards> lol, yeah. we got a little destructive with dd instead :)
[11:04] <fink> i had that same problem following that guide
[11:04] <dxtr> Hrm, are there any security measures one can take for local users?
[11:04] <fink> did you do `zfs unmount -a` yet?
[11:04] <dxtr> I mean, so they don't get to root or get any sensitive information
[11:04] <fink> dxtr: no sudo
[11:04] <dxtr> And, yes, except for jailing them :P
[11:04] <cedwards> dxtr: plenty.
[11:04] <dxtr> fink: I'm only allowing sudo to myself
[11:05] <cedwards> make sure you have a good passwd
[11:05] <dxtr> I've actually disabled user passwords too (Except for myself so I can sudo)
[11:05] <dxtr> Are there any directories and/or files I can change permissions on to make sure they don't get any sensitive information?
[11:06] <cedwards> remind me what you're running? BSD?
[11:06] <dxtr> FBSD :)
[11:06] <cedwards> check out login.conf for additional restrictions.
[11:06] <cedwards> do you pan on having a lot of (untrusted) users on the machine?
[11:07] <dxtr> Not alot, no :P
[11:09] <cedwards> I'd say consider what these users do/don't need. if its a simple chroot shell consider ssh chroot config or jails.
[11:10] <cedwards> definitely check out login.conf, set a more private umask perhaps.. don't allow sudo, etc.
[11:10] <dxtr> I'll look into it :)
[11:17] <cedwards> does anyone know why bind9 comes as part of base FreeBSD?
[11:17] <mike-burns> As opposed to what?
[11:18] <cedwards> unless you're going to run / need a name server, why include it?
[11:18] <cedwards> wouldn't it be enough to make sure resolution works via /etc/resolv.conf, and then install bind from ports as needed for name servers
[11:18] <mike-burns> Ah, I see. Nope, no idea.
[11:19] <cedwards> just comes to mind because I'm updating /usr/src and the only updates are for src/contrib/bind9/
[11:30] <aem> hm, anyone here use their arp ipv6 with afraid.org for DNS ?
[13:19] <toddf> I use my arp IPv6 to serve dns, why use someone else? ;-)
[13:21] <aem> please tell me how
[13:21] <aem> lol, I have been reading google links for 2 days
[13:21] <aem> I have an _idea_
[13:21] <aem> but DNS is a slippery fish
[13:26] <aem> right now I have a seperate dns server on a Debian machine, I am going to try to hget my ipv6 reversed with it
[13:26] <aem> :)
[13:26] * aem prays
[14:07] *** vtoms has quit IRC (Quit: Leaving.)
[14:20] <dxtr> aem: Piece of cake :)
[14:21] <aem> hehe
[14:21] <aem> I am still struggling here
[14:21] <dxtr> I'm running nsd \o/
[14:21] <dxtr> Thanks to up_the_irons
[14:21] <aem> gave up on the Debian, I was completely off track there
[14:21] <aem> nsd is name server daemon yeh?
[14:25] <cedwards> I've not done IPV6 with bind, but I can't imagine it would be that much different than IPV4.
[14:26] <cedwards> AAAA vs A is all as far as I know..
[14:27] <dxtr> cedwards: We're talking reverse here. But yeah, there's no huge difference there either
[14:28] <cedwards> of course I am assuming experience maintaining DNS, which not everyone has.
[14:30] <aem> yeah heh
[14:30] <aem> i have precisely 0
[14:30] <aem> gettign there though :P
[15:12] *** fink has quit IRC (Quit: fink)
[15:18] *** fink has joined #arpnetworks
[16:05] *** fink has quit IRC (Quit: fink)
[16:34] *** dbgi has quit IRC (Ping timeout: 240 seconds)
[16:34] *** dbgi has joined #arpnetworks
[16:34] *** dbgi has quit IRC (Changing host)
[16:34] *** dbgi has joined #arpnetworks
[17:24] <cedwards> anyone have any suggestions on how to auto-start/re-connect to a screen session on login?
[17:25] <infrared> screen -r
[17:25] <infrared> :P
[17:26] <aem> edyou mean like when you login ?
[17:26] <DaCa> -xRR
[17:26] <aem> cedwards: ^
[17:26] <cedwards> I've seen some examples of: if [ $TERM != "screen" ]; then screen -dr; fi
[17:26] <aem> yeah
[17:27] <cedwards> I'm not getting it to work consistently though. thought ya'll might have some suggestions.
[17:59] <cedwards> just for documentation sake, I added 'screen -dRR' to .bash_profile and it seems to work as expected.
[18:33] <cedwards> is it appropriate to run ntpd on these? I recall with xen that the time was only updated via the host. is that the same for kvm/qemu?
[18:33] <aem> cedwards: fwiw, I run ntpd
[18:34] <cedwards> do you have a preference between ntpd and openntpd?
[18:35] <aem> I don't know enough about either to have one really
[18:35] <aem> I juse used ntpd because it was in the Handbook I think
[18:48] *** heavysixer has quit IRC (Quit: heavysixer)
[18:48] *** heavysixer has joined #arpnetworks
[18:49] *** ChanServ sets mode: +o heavysixer
[19:39] *** dbgi has quit IRC (Ping timeout: 276 seconds)
[19:41] *** anders has joined #arpnetworks
[19:45] *** dbgi has joined #arpnetworks
[19:45] *** dbgi has quit IRC (Changing host)
[19:45] *** dbgi has joined #arpnetworks
[19:51] *** heavysixer has quit IRC (Quit: heavysixer)
[19:55] <mike-burns> cedwards: I use this to shell into my box: ssh -t uesr@server screen -rd
[19:55] <mike-burns> (I've a shell alias locally, obv.)
[19:59] <cedwards> mike-burns: I do similar. i run jails at home for local services, one of which is an ssh bastion.
[19:59] <cedwards> mike-burns: that requires 'ssh -t user@host1 ssh -t user@host2 "screen -dr"'
[20:00] <cedwards> but, that alias will fail if no screen is present on the other end.
[20:02] <mike-burns> Ah, I see.
[20:02] <mike-burns> In unrelated news, I just found this on the OpenBSD Journal blog thingie: http://devio.us/
[20:04] <cedwards> yeah. I have an account with them.
[20:05] <mike-burns> What do you use it for?
[20:05] <cedwards> can't have too many random shell accounts when it comes to external testing and bypassing firewalls ;)
[20:05] <mike-burns> Ha true.
[20:05] <cedwards> I use distributed shell accounts to test dns propagation and firewall verification.
[20:06] <infrared> uh huh
[20:06] <infrared> where were you when dalnet was ddos'd?
[20:06] <infrared> :P
[20:08] <cedwards> uhh, i don't know what you're talking about :)
[20:08] <infrared> hah
[20:14] <cedwards> infrared: I'm afraid to ask, but how's the dvorak coming?
[20:15] <infrared> :(
[20:19] <cedwards> anyone done zfs based jails?
[21:11] <CESSMASTER> cedwards: you sloppy bastard it survived
[21:16] *** schmir has joined #arpnetworks
[21:24] *** dbgi has quit IRC (Read error: Connection reset by peer)
[21:49] *** anders has left