[00:16] *** nakano_ is now known as nakano
[00:32] *** nakano is now known as nakano_
[00:49] <mattx86> I've been in a similar situation with our upstream at work
[00:50] <mattx86> not fun, to say the least
[01:08] *** schmir has joined #arpnetworks
[01:36] *** nakano_ is now known as nakano
[02:24] *** schmir has quit IRC (Remote host closed the connection)
[02:26] *** schmir has joined #arpnetworks
[03:55] *** schmir has quit IRC (Ping timeout: 240 seconds)
[04:40] *** baklava has joined #arpnetworks
[05:43] *** schmir has joined #arpnetworks
[05:45] *** schmir has quit IRC (Remote host closed the connection)
[06:23] *** schmir has joined #arpnetworks
[06:24] <awyeah> mornin'
[06:29] <infrared> hi
[06:29] *** schmir has quit IRC (Ping timeout: 246 seconds)
[06:36] *** schmir has joined #arpnetworks
[07:00] *** schmir has quit IRC (Ping timeout: 265 seconds)
[09:52] <jdoe> mattx86: yeah, same situation.
[10:00] <phlux> heh, my arpnetworks vps is one of the most stable servers I've ever ran
[10:00] <phlux> [phlux@bryant ~]$ uptime
[10:00] <phlux>  9:58AM  up 188 days,  8:14, 1 user, load averages: 0.00, 0.02, 0.00
[10:01] <phlux> been up since the day I bought it
[10:22] <mhoran> So much for security patches. :)
[10:22] * mhoran now knows who to exploit.
[10:54] <RandalSchwartz> there aren't any remote holes in that period, are there?
[10:54] <RandalSchwartz> just some local escalations
[11:04] <RandalSchwartz> has anyone here installed freebsd using the DVD and sysinstall, as opposed to a ZFS install which I've done a lot of?
[11:04] <RandalSchwartz> I'm actually trying to install it into virtualbox
[11:04] <RandalSchwartz> but it seems to error, and I have no idea what I did wrong
[11:08] *** nesta_ has joined #arpnetworks
[11:09] *** nesta has quit IRC (Read error: Operation timed out)
[11:17] *** mtve has quit IRC (Ping timeout: 265 seconds)
[11:22] *** mtve has joined #arpnetworks
[11:24] <cedwards> RandalSchwartz: my experience with sysinstall is, if you ever need to "go back" or redo something, you're better off restarting.
[11:28] <RandalSchwartz> Ahh!  I was missing the step of "committing" on the final menu
[11:28] <RandalSchwartz> so of course it said "there are errors"
[11:28] <RandalSchwartz> it never wrote to the disk :)
[11:29] <RandalSchwartz> I like that it err'ed on the side of "doing nothing"
[11:29] <RandalSchwartz> but that still seemed a bit silly
[11:33] *** `nh has quit IRC (Quit: Changing server)
[11:33] *** `nh has joined #arpnetworks
[11:46] *** nesta has joined #arpnetworks
[11:46] *** nesta_ has quit IRC (Read error: Operation timed out)
[11:47] <RandalSchwartz> Hmm.  that still installed a non-bootable system. :(
[11:51] <awyeah> brb.
[11:51] *** awyeah has quit IRC (Quit: Reconnecting)
[11:52] *** awyeah has joined #arpnetworks
[11:52] <awyeah> Hooray, reverse DNS is up and running.
[11:53] <awyeah> RandalSchwartz - know what it was? Twisted4life was returning garbage.
[11:53] <awyeah> Switched my secondaries all over to he.net - and voila.
[11:54] <awyeah> and - up_the_irons - thanks for putting up with my crap ;)
[11:58] <RandalSchwartz> cool
[12:17] *** mtve has quit IRC (Ping timeout: 265 seconds)
[12:28] * awyeah is now an IPv6 guru, apparently.
[12:29] <awyeah> woot. Now I'm a sage.
[12:29] <awyeah> no more tests for today.
[12:31] <RandalSchwartz> I'm a sage, but I deliberately stopped at 1024 points.
[12:31] <RandalSchwartz> The only reason to continue is to show that you know how to write a script that submits it daily :)
[12:46] <cedwards> man I love puppet
[13:56] *** nakano is now known as nakano_
[14:05] <awyeah> Really?  The question "What is a registry?" is on the sage technical test?
[14:10] <awyeah> Also
[14:10] <awyeah> There are really less than 3,000 IPv6 nameservers in existence?
[14:11] <RandalSchwartz> where's that from?
[14:15] <awyeah> The HE stats widget
[14:16] <RandalSchwartz> how do you figure?
[14:17] <RandalSchwartz> that's glue.  I have many domains that have no need for glue
[14:17] <bob^^> me too, i'm very careful not to drop them
[14:17] <bob^^> ;)
[14:17] <RandalSchwartz> and yet are v6 enabled
[14:18] <RandalSchwartz> for example, geekcruises.com is served by insightcruises.com, and has no need for glue to get to it
[14:23] *** mtve has joined #arpnetworks
[14:57] *** nakano_ is now known as nakano
[16:26] *** dj_goku has joined #arpnetworks
[16:26] <dj_goku> anyone having issues connecting to port 22 on there VPS?
[16:27] <dj_goku> weird. works on my phone, not laptop. same connection to the web.
[16:30] <dj_goku> even weirder, opened a new terminal and it worked.
[16:44] <up_the_irons> dj_goku: you probably hit the ssh syn rate limit.  more than 10 per minute, and you're locked out until the rate goes down
[16:45] <up_the_irons> thwarts dictionary attacks
[17:01] <RandalSchwartz> the real WTF is "you still run ssh on 22"? :)
[17:01] <RandalSchwartz> I guess you like very full security logs
[17:02] <RandalSchwartz> I moved neil's ssh to 2222, and mine is on 443 so I can tunnel to it from behind a HTTP firewall
[17:51] <awyeah> up_the_irons - that rate limit - you do that on your end?
[17:51] <up_the_irons> awyeah: yeah
[17:52] <awyeah> Cool. That's why I only see so many at a time in my log.
[17:52] <RandalSchwartz> it's typically a function of either ssh directly
[17:52] <awyeah> Although I do have fail2ban set up with a lower rate limit
[17:52] <RandalSchwartz> oh wait, is ARP doing that too?
[17:52] <awyeah> 3 per hour ;)
[17:52] <awyeah> er
[17:52] <awyeah> 3 per 10 minutes, and you're pf block'd for an hour
[17:53] <RandalSchwartz> could lead to DOS
[17:53] <RandalSchwartz> I generally don't do that
[17:53] * cedwards should learn how to rate limit with pf.
[17:53] <awyeah> I have two exceptions :)
[17:53] <awyeah> Also, I have out-of-band access to the system thanks to ARP
[17:53] <awyeah> Which reminds me, I also need to get my ssh key over to them.
[17:55] <RandalSchwartz> having an argument on my twitter feed about what FLOSS means.
[17:55] <RandalSchwartz> as if doing the show "FLOSS Weekly" doesn't already make me an authority. :)
[17:55] <awyeah> up_the_irons - do you block a single IP on that DoS or do you block it for everyone?
[17:56] <awyeah> randal: That reminds me, I need to resubscribe to the podcast.
[17:56] <awyeah> You guys do interesting topics from time to time.
[17:56] <up_the_irons> awyeah: single IP, the source IP of the DoS
[17:56] <awyeah> got it
[17:57] <awyeah> So you actually give a hoot about security, that's nice.
[17:57] <up_the_irons> well, it's in my best interest, right? ;)
[17:57] <RandalSchwartz> unless spoofed :)
[17:57] <awyeah> True, although you'd be surprised at the horror stories I hear.
[17:58] <awyeah> For example, I could be using GoDaddy as my hosting provider.
[17:58] <RandalSchwartz> and you'd be evil
[17:58] <RandalSchwartz> twit.hover.com :)
[17:58] <RandalSchwartz> *the* way to register
[18:15] <awyeah> heh
[18:34] <dj_goku> RandalSchwartz: I like 443 too :D
[18:59] *** dj_goku_ has joined #arpnetworks
[18:59] *** dj_goku has quit IRC (Read error: Connection reset by peer)
[18:59] *** dj_goku_ is now known as dj_goku
[19:06] *** dj_goku has quit IRC (Quit: dj_goku)
[21:03] *** ziyourenxiang has joined #arpnetworks
[21:06] *** ziyourenxiang_ has joined #arpnetworks
[21:09] *** ziyourenxiang has quit IRC (Ping timeout: 248 seconds)
[21:09] *** ziyourenxiang_ is now known as ziyourenxiang
[22:13] *** ziyourenxiang has quit IRC (Quit: ziyourenxiang)
[22:31] *** heavysixer has quit IRC (Ping timeout: 245 seconds)
[22:32] *** heavysixer has joined #arpnetworks
[22:32] *** ChanServ sets mode: +o heavysixer
[23:09] *** yekoms has quit IRC (Read error: Connection reset by peer)
[23:10] *** smokey has joined #arpnetworks
[23:16] *** smokey_ has joined #arpnetworks
[23:18] *** smokey has quit IRC (Ping timeout: 240 seconds)