http://chattanooga.craigslist.org/sys/1691930492.html damn... I think i'm picking that one up tomorrow yawn. 1850s are okay. i could probably talk him down 250 on that dell's lights-out shit sucks ass though (and I'm not even sure if it's on those offhand) maybe 2 i built my quad core xeon (x3360) rig for like $600, brand new mind you, it's not rackmount i likerackmount takes up less space nice and neat yea they're cool man i need to quit fucking around and get back to work so i can get some sleep its beenn fun i've got a few rackmount boxes, dual xeon 2.8, dual g5 xserve ttyl lates Sorry if I'm late to the game, but is anyone else having trouble getting to their VPS? (This is mike-burns .) let me see i can get to both Oh I can get in now. Weird. 5:27 am... Nice and early. still chuckling last night that he confused me for being some official rep, and just wouldn't shake that notion loose and if he's *not* 17, he definitely stopped maturing about then. :) I sometimes can't connect to my vps via ssh. http/https work fine. anyone else noticed that? nope RandalSchwartz: looks more like you were getting confused, not him schmir: I believe there's a rate limit on SSH, perhaps that's what you're hitting? Wraithan - I was clearly not confused. he was addressing me like I worked for ARP even after I told him twice RandalSchwartz: he was addressing the channel, and even explained that mhoran: can't imagine. I can't connect for 5 minutes... RandalSchwartz: you were the one being confused tbh i thought that too trouble with irc i guess, easy to misunderstand/misread :) morning. Hiyo no... he was chatting with me, and said "on your website"? clearly, he thought, and continued to think, that I was staff. That was an initial misuderstanding but he wasn't thinking that after you said you weren't staff i think it was just an unlucky turn of phrase to use i think he expected someone from ARP would read back up their log and see it no - it continued after that. ... i was rly looking forward to getting one of the vps' tonight but i'll - just get one when you guys get some more in again.. ."you guys" he was making general statements due to the fact that this channel is ARP's channel, so speaking in the plural you is natural yeah, i think it's just general usage yeah i'd do the same tbh and i wouldn't mean it in the way you've taken it either way I'm sorry... when I'm chatting *with* people, I presume I'm talking *to them*. Call it a human trait. RandalSchwartz: did he tag your name on the front of the message? i don't think he was talking to you so if I say "you" here, it's Wraithan and bob. not Arp that's a very human thing to expect RandalSchwartz: if not, it wasn't directed only at you you're right on that, but i think he was directing his comments at the channel (ARP) rather than you hehe symantics of language... fun :) then he should have said "when arp gets more boxes" not "when you get more boxes" lol @ my typo semantics, even :) I mean seriously, have we really ruined communication skills that far? maybe he was drunk or something it is a plural you dude, it is part of our language, other languages have a more explitic plural you that isn't confused with singular you And the world makes fun of Texas for "y'all" even with plural you... to mean it means "the people currently participating in the conversaion" even if I said "y'all" right now, it'd be the four people who have spoken here in the past few minutes not the 25 idlers why not the idlers too to you, to him he obviously (and explained as such) meant the company because they're not talking what happens if you drop into a channel and go 'hey yall' you wouldn't be aware of who had just been talking before you joined so... you'd be addressing everyone I'd expect it to mean the same thing as if I did that in real life all depends on context :) which initially would be "everyone in the room" you'd be addressing the current active people implicitly 20:34:18 RandalSchwartz │ who the hell are you talking to? 20:34:27 mrbit │ the arp staff but if people start talking to me, the focus narrows 20:34:33 RandalSchwartz │ yeah, they aren't here 20:34:35 RandalSchwartz │ not right now 20:34:41 mrbit │ yeah well i'm sure they'll see it later randal ^^ that he assumed they'd scroll back correct, and that means he should stop using "you" to mean "them" which is probably not an unreasonable assumption, and he was polite enough about it too anyway, moot point since to me "you" is "me" he's gone now if you're talking so hey ho hes still here idling oh hehe :) .... waiting ready to pounce on ... YOU yeah i refered him to arp eep! because i've had great service RandalSchwartz: your rules surrounding English aren't the only ones. me too coil :D but i wish people wouldn't speak for the company that aren't staff I can see plainly why he used you, though you are correct that he could have been less ambiguous and make someone lose business well hopefully your friend will still use ARP :) RandalSchwartz: I floss daily. Har har. hee hee yeah, never heard THAT one before :D Okay I'm about to do my last course now! The second course in Local Networks \o easy stuff :D :D Hmm... Five common operating systems for servers GNU/Linux, FreeBSD, OpenBSD.. Windows Server? solaris hpux I'll go with HPUX :) solaris is more prevalet prevalent since it came out earlier Don't hate eh? :) just trying to be accurate Hehe if you don't need accuracy, just make things up Well, doesn't say any specific Just "Five common server operating systems" I'm going to write up on their history, differences and s tuff Piece of cake (Wich is why I saved this for last) oh yes, there's the Cake operating system. :) That would be awesome Huge splash screen saying "The cake is a lie" or something when one boots it oh yeah, and PortalOS(tm) pfft IRIX hmm http://is.gd/cqg4S had some neat things I'd never heard of before. Hmm About OpenBSd I've never gotten this: Wikipedia says FreeBSD is a UNIX-like operating system, but OpenBSD a derivative Isn't it same-same? :P Because as far as I understand FreeBSD is a derivative too I don't know about the derivative comment, but I understand they have to say 'UNIX-like' because of a trademark on the term 'UNIX' unless you pay the piper you can't call yourself 'UNIX' (something OS X has done) ahha ..at least that is my understanding. I have been wrong before. both obsd and fbsd are in the same camp and both are derived from real unix, so I'd call them "derivative" where I'd call linux "unix like" since it shares no original code Hmm RandalSchwartz: er... can't imagine fbsd/obsd still have original code since proper unix licensing restrictions are, er, more restrictive than the BSD license. they have "real" BSD code I consider BSD to be "real" unix, because that's how it was shipped as in, it was inherently blessed by AT&T before AT&T turned over the trademark to the Open group er my understanding is that FreeBSD (and the rest) were descended from BSD a very big deal was made of BSD not containing any AT&T code. yes.. but it contains code that was shipped in something that was full-out called "unix" er, sorry, BSDi whether it has any AT&T code doesn't matter at that point so originally, unix = "just at&t" for a while, unix = "at&t + bsdi" now freebsd = "bsdi + other" so yes, I consider freebsd to be real unix, since it contains parts that were shipped accurately under the unix label even if they didn't come from at&t nothing on the linux side can claim that hence, linux = "unix-like" RandalSchwartz: you were saying you use HE's tunnelbroker on openbsd right? I had, yes. no wait. I used sixxs with openbsd now I'm using HE with Airport Extreme but I *could* have used HE with openbsd it's just that I already had sixxs sixxs predated HE ahhh gotcha i'm having issues with it, it's probably PF getting in the way but... yeah... pf is gonna be crazy outer rules for the ipv4 which is the one that provides a bare tunnel and which requires a client? inner rules for the ipv6 sixxs needs a gif interface he configures just fine with airport extreme ah pf and HE works fine on OpenBSD, I have several systems tunneling to HE from OpenBSD you need to understand that on the physical interface 'inet proto ipv6' is what must be passed for gif(4) to work, and then separately filtering v6 on the gif(4) interface ... wow the Mojolicious test suite is garbage why on earth would testing apache cgi/fastcgi require osx... why on earth is it trying to listen to (and connect on) a privileged port... eesh. all of that sounds very "Ruby" to me, although I'm not familiar with Mojolicious. it appears to just be one of my favorite CPAN complaints. Everything works fine on Linux, someone is likely deciding all the world's GNU... hm, how did one easily calculate the amount of addresses in an ipv6 subnet? 2^(128-subnet)+ ? My mind is blank at the moment :P dxtr: yes Where does the 2 come from? do* power of 2 Yeah, what I thought don't ask that if you're taking computer classes or i will hit you with a noob stick Haha :D I'm doing my report in Local Networks B LOLZ $ make search key=dspam Port: dspam-3.8.0p0-sqlite3 Path: mail/dspam,sqlite3 Info: anti-spam filter Maint: Todd T. Fries ... toddf is a popular guy :D toddf: so do you prefer dspam over, say, spamassassin? I've run dspam for several years on Linux, and liked it quite a bit, but now that I'm redoing my mail server in OpenBSD, I'm revisiting spamassassin / amavis-new just b/c there is so much "support" for it (easy to find docs / how-tos) ever compared the load generated by those two? up_the_irons: my experience with dspam is that it's (of course) much faster and less unpleasant with ram than perl, and more accurate given a large enough corpus and effort to keep it trained. DaCa: dspam used a lot less resources jdoe: yeah that's basically my experience too. training kinda sucks though up_the_irons: indeed :) up_the_irons: training isn't *that* bad if it's just you. DaCa: what do you use? setting up training for multiple users is a pain though. ... and then you have to figure out if you want a global data set, per-user training, etc. which is why I always bitch out and use SA ;) jdoe: yeah, i'd need a multi-user setup. i mean, why not have my training benefit the whole server jdoe: haha yeah fwiw if you get dspam's web thing working properly, that's not bad. but that sucks if you have multiple domains awww weak. Mojolicious doesn't play nice with taint mode :/ up_the_irons: OpenBSD spamd (greylisting+bob beckÃ's spamtrap list+dnswl.org whitelist)and vgrep :) jdoe: i had dspam's web thing working nicely, but it was pretty slow after a lot of spam signatures were archived over the years there's some maintenance job that has to run periodically to prune old signatures. I forget the option offhand, I haven't used dspam in a while. I have been saying for more than 5 years that whenever vgrep gets too harsh I'll add dspam to the mix but didn't feel the necessity yet vgrep? visual grep I recall inventing that term 25 years ago nice to see it come back ground although might just be a parallel invention <<== old fogey DaCa: what is "bob beckÃ's spamtrap list"? RandalSchwartz: dict shows it both in the jargon file and foldoc do they quote me? :) I'm officially done with everything now your life is over? Now I'll just have to wait and see if the teachers say I've missed something Yeah, high school is my life :( oh. not *everything* Btw guys One thing. How the hell would I trace an IP if my webpage had a poll that got spammed? up_the_irons: uatraps in the default spamd.conf, itÃ'sa list which blacklists spammers caught at the university of alberta using greytrapping (also a function of spamd) for 24 hours "trace"? Doesn't say if it's distributed or not whois -a "10.1.1.1" RandalSchwartz: Like, find the perpetrator so one can report it to the ISP up_the_irons: bob beck is an openbsd dev and admin there that'll tell you who owns the IP from there, it's up to getting cooperation from them RandalSchwartz: But what if it's distributed? "distributed"? Like a botnet spammed my poll Oh. good luck not a chance That's what I thought :) you *did* have a captcha, right? uhm.. yeah... ofcourse :P if not, there's your lesson for next time It's an assignment, RandalSchwartz what's an assignment? Like.. school stuff I mean, how is a poll an assignment? DaCa: oh oik The school assignment is about tracing IP-addresses *ok ahh. so the answer is... "too bad" botnets are highly sophisticated now that's why spam is outta control DaCa: default spamd.conf in which openbsd version? I have 4.6 and there is no /etc/spamd.conf.. The assignment is: "Your boss have discovered a spam attack on your companys poll on the website. And now he wants to get the perpetrator (Is it called perpetrator, btw?). How do one do that? How do you get the IP? How do you trace an IP once you got it?" I'm saying "Check the logs, do an whois " But.. WHY IS THIS A GROUP ASSIGNMENT? dxtr: yeah, that's pretty much the basics oh - that's not a botnet that's a single IP up_the_irons: isn't it in /etc/mail? and yes, whois -a that.addr and follow up with the owners of that IP RandalSchwartz: It doesn't specifically say so :p well - in one case, you might have a solution in another, you can't which do you think you got assigned? :) But still, I just asked if there's a way to find some source if it's distributed unless he's just trying to tweak you :) DaCa: oh duh, thanks! But how do these botnet guys sometimes get caught anway anyway* the botnet people have to convert on the other side it's like drug running at some point, you have to connect with customers and exchange things for money Ah, right botnet operations are highly sophisticated and international, just like drug trafficking but it all comes down to making a profit and that's nearly always the weak link or you have someone in your org that turns on you cool because you piss them off or don't pay them on time so yeah, the parallels are quite obvious once you think about it the only difference is the actual product since the product in both cases is pretty much internationally illegal, although to varying degrees Yeah So that's how they get caught. I thought it was years and years of international investigation after a DDoS that leads to a conviction :p and to report the sophistication of these guys... their command-and-contact domain names are often based on the tweeting trends list like, pseudo-randomness? as in... a bot wakes up, pulls the tweeting trends, computes a hash value from that, contacts hashvalue.org and gets its next instruction it's hard to get in the middle of that :D especially when a successful contact will then transmit a new hashvalue computation so if you haven't been in touch from the beginning, good luck : :) as I said - sophisticated stuff By the way, RandalSchwartz. Speaking of FLOSS weekly Downloaded episode 120 - and that guy in the beginning is hot! Anyway, do you have a way of like.. downloading EVERY episode? Or do I have to click through every single episode? :D No, I can't watch one episode. I'll have to see every one! pull down the RSS feed it has the most recent 20 eps on it rght Right* ryan or aaron? huh+ "guy in the beginning" you, smartass uh... not sure I like being called "hot", unless you happen to be female. I was kind of joking.. You know..? Fun..? that...comes across weird. please don't do that. :D That usually happens around me then again, you're in high school... still not adjusted. :) To be honest I think it's cultural. quite possibly "hot" has to come from MOTAS for us and if not from MOTAS, we object MOTAS? member of the appropriate sex Haha Here we laugh about it :P yeah - definitely cultural then just beware when dealing with us crazy americans We usually say that when, for example, someone's on TV. Either "God that guy is hot/whatever" or the opposite someone = someone we know If we say the positive we usually have sarcasm in the voice though So.. Yeah.. I guess it's cultural :P yeah - that doesn't come through either if you had smileyfaced "hot", I might have let it slip it's why the smiley was invented sarcasm doesn't come through in teext You never nkow know* Oh... I know. Believe me... I know. :) Haha http://imgur.com/gallery/9AKYl hmm RandalSchwartz: you're a cranky old perl guy, can you weigh in on something for me? I'm more than cranky about Perl I have a wide range of cranks :) taint mode in cgi: useful, unnecessary, or somewhere in between? Yes. unhelpful response ;) too broad a question so if you give me a question that hasn't had quantum collapse, I respond likewise :) I'm talking with the Mojolicious developers. I noticed that their module does not play nice with -T and found a reference to a mailing list discussion on a list that no longer exists, so I went to ask why it's broken and if it's going to stay that way or if someone's working on it, or... ... and I'm being told that -T for CGI is silly and why on earth would you want that, and so on and so forth. the problem is that it's horrible for absolute beginners, because they then cut-n-paste the code that untaints everything including some babble I don't fully understand about how "parsers" automatically untaint everything. When pressed on what "parsers" covers I got "HTTP, CGI, PSGI, chunked" etc. it's great for initial to intermediate hackers and it's horrible again for experts if you're playing with Mojolicous, you're probably in the expert category I'm not convinced that's true ;) you asked my opinion. :) I wouldn't hand Mojo to any intermediate person too early in the cycle, too underdocumented too bizarre true. Can you elaborate on why it's so horrible to have programmers of any skill level forced to sanitize input? and too likely to change in the next release that's a completely separate question you asked about taint is it? yes taint is a detection for failure doesn't taint force (or at least encourage) sanitizing input? not a means to sanitize it forces the same rules on all data some data it doesn't matter for example if you know you'll be carefully inserting this data into a database using a placeholder, then you don't need to sanitize at all or if you'll be using it as an arg in a multi-element system call, and you know what that's calling so taint is a broad brush sometimes you want a smaller brush thus... good for beginners to intermediate bad for advanced and bad for early beginners tempted to work around it I don't need taint like I don't need warnings enabled. I *know* the good practices. and warnings enabled just make me do stupid things like $foo =~ /bar/... no wait, I have to use ($foo || '') =~ /bar/ too much crappy code like htat anyway, you asked, I told jdoe? RandalSchwartz: By the way, when you get a weird question like that in the beginning The standard answer is "How long is a string?" not for me or rope I like to be a bit more clever heard "how long is a string" too many times :) maybe you haven't, you tyke. :) I think that one is clever because it still makes people think for a while not if you've heard it 100 times :) I think having to think about what a "Yes" answer means for that is more fun Unfortunately, yes :/ That's more "wtf" actually you should hear what I do for false dichotomies :) But I might be damaged from my mom "should I use Apache on my next project? or Squid?" I can ask stuff like "What do you want to eat? Pizza, burgers or something else?" and she's like "uhm, yeah" my reply might be "should I take my lunch or the bus to work" "Mom, wtf?" - "Oh, what did you say?" ok. time to sync the iphone... and head down to happy hour I'm getting an HTC Desire \o that would not be as useful for me as an iphone is Sure it would! channel poll: how do you subscribe to mailing lists? do you use, say, your regular email (gdolley@arpnetworks.com) or an email + extension (gdolley+ml-openbsd-misc@arpnetworks.com) email + ext, for automatic filtering into folders it depends on whether my email is revealed to others up_the_irons: I haven't gotten that last to work with postfix :/ any place where it might be, I just use merlyn@ RandalSchwartz: sorry, I'm distracted by real work and an increasingly irritated mojo dev :P but if I know it'll always be hidden, I tag it dxtr: mail + ext works really easily with postfix using dovecot as the LDA there's more than one mojo dev? well, if he's not a dev, than an op. RandalSchwartz: gotcha especailly when dealing with companies every single time some $vendor wants my email, I use "merlyn.$vendor@" up_the_irons: LDA? so that I can tell when my name gets sold Legal Drinking Age? and then quickly block that spam, and yell at $vendor Low density amorphous ice? Ah RandalSchwartz: roger silly me Ignore that, up_the_irons :D dxtr: local delivery agent It's just me being tired ok I've had one vendor repeatedly sell my email, regardless of the checkboxes but I can't switch because I have a contract with them for a good number more years. So postfix doesn't handle it by itself? dxtr: it probably can, I just never tried I use procmail to sort mine I use dovecot as my LDA so everything is just delivered to it i wanted to use procmail, but then i saw the syntax .. * LOCAL ?? ^merlyn\+stonehenge\+\/.* .. { .. TO="$MATCH" so that lets me grab TO = everything after that dot then I can sort on that ... * TO ?? ^majordomo$ etc etc procmail rocks RandalSchwartz: yeah, I get that if you know explicitly where something is going that you may know better than perl does, but isn't that an argument for a framework to use taint checking? By definition it has no idea where the input is going, except maybe for a couple cases like using the url path to figure out what handler to call. again - broad brushes sometimes paint too much so... no not "better safe than sorry"? ;) jdoe -- see my warnings example crappy code doesn't make me feel less warned it simply says that warnings are too broad for me ditto taint mode it interferes sometimes when I know better therefore, I can't use it at least warnings has "no warnings qw(foo)" if you can remember the foo but taint has no such thing except an overbroad regex match RandalSchwartz: "Sebastien Riedel", if the name means anything to you. yeah. *the* mojo dev he may not have been irritated, just German. that's why I said "more than one?" SRI yeah, I just assumed his nick would have some relation to his cpan username so far, mojo seems to have one dev, and a few dozen interested users who are willing to put up with SRI :) I liked the looks of it in theory. and you know the old saying I'm less impressed with his assertion that everything magically untaints itself. the difference between theory and practice in theory, is less than the difference between theory and practice in practice. :) somewhere I saw someone recurse that one more level but I can't find it now the difference between the difference between theory and practice in theory and theory and practice in practice ... is less than... something like that I dunno. I like having -T as a safety net. Worst case it annoys me, I'd rather it do that than miss something that could cause problems. yeah - so you're in the middle. happy for you! it's not perfect, but it at least forces me to think first. I'm over here ==> beginner [ . . . . / ] expert so it merely annoys me haha. Wherever I am, I prefer to think of it as acknowledgement of fallibility than a comment on skill. ... although yeah, I'd be pretty happy to call myself intermediate. I fail, but I have other means to check that do tell I would, and I'd miss more of happy hour. g'nite all! later! haha RandalSchwartz is getting wasted Is it just me or is it disturbing that my teacher have mail contact with my girlfriend? hey Randal how are you tonight? Yay! Apparently I don't have to go to school today \o yay! sup dxtr Not much And it feels weird For a couple of years know I've always known I've had school stuff to do Now I'm done with everything and don't have to go to school today So I don't know wtf to do .p hehehe I have nothing important to suppress enjoy it man! damnit i forgot my passwd on #arp :sigh: *reads logs* brb Hehe Since I got my VPS in March or something I've used about 30GB bandwidth :D NICe unmetered i assumem Well, I've got 100GB each month so