up_the_irons: hm.. now that I have two ARP VPSes in one /29, doesn't that mean that the cacti graphs will report the combined usage (my VLAN)?  does that also mean that my bandwidth from the two VPSes are combined into one total, shared amongst the two?
mattx86: yes, combined usage.
up_the_irons: ah, ok
up_the_irons: hola
jpalmer: yo!  how was the honeymoon?
up_the_irons: I got your email.  (and saw the channel logs)  and all I can say is:  awesome news.
was great.  colorado was incredible.
jpalmer: wb :)
(at work, can't talk long)  just wanted to say I got the email,  and can't wait for the completed project ;)
mattx86: danke
being without email or phones for a week was..   interesting :P
(we had them,  we just made a pact to not USE them)
jpalmer: btw, today (most likely), i'm switching powerdns to be the master and ns1/ns2 slaves for the reverse zones.  so after I give you the cue, don't edit any of the zone files anymore (they will be slaved)
no problem.  and wow,  the project is that close?
jpalmer: yes, srsly huh?  i POWERED THROUGH some major coding in the last 7 days
jpalmer: i'll release the dns editor link in a limited beta today or tomorrow
pure insanity.    I've completed all the DNS tickets,  so..  I'll not update zonefiles anymore without checking here first.
(here or /msg is fine)
roger
yeah
jpalmer: glad to hear colorado was awesome; did you ski, snowboard, ... ?
ski yes,  (after a 1 day class)   ended up on the "level 3" slopes.   snowboarding looked fun, but I didn't try it.
jpalmer: nice
went snowmobiling, dogsledding,  hot springs,  tubing, sleigh ride, skiing,  and such
brb
wow, lots of stuff!
fun
i skiid and snowmobilied a few months ago
in colordo, winter park
nice.  i was in steamboat springs
sounds like you had a blast :)
we stayed busy. heh
cool
"level 3"?
up_the_irons: powerdns as a master with ... what sounds like non-pdns for the slaves, huh. Lemme guess, DB backend making automated updates easier? ;)
hm.. quick question guys, is it possible to 'dig' a host with a classless IPv4 PTR, or only the classless IPv4 zone itself?  i.e., dig 143/25.0.168.192 PTR @auth-ns-ip or dig 143.0.168.192 PTR @auth-ns-ip v.s. dig 128/25.0.168.192 @auth-ns-ip
jdoe: I think I'll do that myself next.  using nsd here, editing zonefiles by hand  :)
I had a similar setup to what he's proposing a while ago... pdns master [somewhere], feeding two authoritative slaves (db replication rather than AXFR)
worked pretty well, though the web interfaces available at the time were pretty bad.
oh right, two separate caching nameservers as well.
yeah, that's the only thing I'm dreading - the web interface
I need to get back into working on my php framework and use that to develop a web interface from scratch
yeah I was... far too lazy for that.
so what ended up happening is I'd update records from the db.
... which isn't really desirable.
yuck ;)
on that note, I'm trying to dig deep and find some motivation lately
I'm not sure how well it's working out..  I'd rather not think about it (too much atleast)  heh
ive never heard of level 3 difficulty before
must be a new system
im used to greens, blues, blacks, sometimes if their are cliffs or lots of rocks they call some double blacks
and if there are moguls on blue, they call em blue blacks
I wish there was some sort of standardization, but I'm not sure how there could be.
the steepest, nastiest double-black-diamond is going to be trivial if you have deep powder, and horrific if it's bare.
I dunno, maybe he's talking about something else...
a lot of lesson groups, they break you down into numbered groups... 1 being "what the fuck is a ski?" and ... 7 or something being "people who know what they're doing" ... level 3, at least around here, translates as "comfortable on green circles and some easier blue squares"
jdoe: yeah, the DB backend is pretty much a necessity to work with my rails-powered Portal.
oh yeah. If I'd either BEEN a more-keen developer or paid one, it would have been phenomenal.
haha. As it was, it was merely "okay"
up_the_irons: hm.. are you going to be implementing rdns delegation via the control panel?  also, are you using RFC 2317 for rdns delegation?
mattx86: you can do *non*-rfc 2317 delegation via the control panel, using either CNAME or NS records.  the control panel will allow you to create PTR, CNAME and NS records for single IPs, but since rfc-2317 delegation adds glue records for not just a single IP, there is not currently a way to edit that in the control panel
the only sticking point is the validation of the record.  if i find the time to code that up, then i can also support rfc-2317 style delegation as well
but i'm wondering how the demand for delegation will go down once you can edit your own PTRs via our control panel.  all but the very techy will probably just not bother with delegation anymore
true
I was reading this: http://homepage.ntlworld.com./jonathan.deboynepollard/FGA/avoid-rfc-2317-delegation.html
ugh
the biggest problem with rfc 2317 delegation is people who fail to understand rfc 2317 delegation...
and I read correctly, I can't use dig on such a zone
if I* read correctl
well, you read correctly but I'm pretty sure the writeup is wrong.
ie dig -x 174.136.97.242
works for me :P
hm.. let me try
that's the same as specifying e.g. dig 242.97.136.174.in-addr.arpa. PTR  correct?
yeah, according to djb, you can just delegate individual IPs with just NS records.  Sure, this works, but the complaint is (if the server you're delegating to is using BIND), you have to create a zone file for reach IP.  Of course, he says the solution to this is simply use better dns software ;)
hm.. I'm starting to think it'd be a heck of a lot easier to do a setup similar to yours
that's just about the conclusion I'd come to at one point - one zone for each IP -- ugh
mattx86: the argument is, while biased yes, is that if you just use tinydns, you no longer need a separate zone for each IP
it would *just work*
up_the_irons: what public-facing dns server are you going to use, if you don't mind my asking?  powerdns all the way?
mattx86: i recently had a customer do delegation with just a CNAME
162             IN      CNAME   162.109.136.174.ptr.somedomain.com.
now that customer controls ptr.somedomain.com, a single zone, so they can set up all their PTR's pretty much naturally, and I don't need anything but CNAME's on my end (no glue needed)
i found that method to be pretty darn trivial, and it made me think, "why doesn't everyone do this?" ;)
mattx86: BIND
up_the_irons: "use better software" is a reasonable response. I often wonder if the reason BIND is still around is inertia :P
yes, of course it is ;)
well... it's a reasonable response in this specific case, I guess.
I want to be super careful I don't blanket agree with DJB
haha
mattx86: I want to switch from BIND to nsd, one of these days
haha
up_the_irons: do it
up_the_irons: worth it
djb quite frankly..  scares me.
up_the_irons: that's what I'm tinkering with now tho, nsd
I have a love/hate relationship with his.. views.
i used to use djb for years
I dunno. I made compromises. I was convinced qmail was the greatest thing ever. Then I found postfix.
you're marginally worse off in terms of security, but it's far more flexible and easy to find packages for...
ix33: mattx86 : cool
i ran into that with djbdns and ipv6
jdoe: exactly.  I used qmail for YEARS  (ran a 100+ node mailcluster)  then one day,  I tried postfix.
you have to go grab a patch authored by who knows who to get that to work
just wasn't worth it any more
within 3 months of postfix,  I'd migrated the entire cluster,  AND reduced the cluster size by 20%
haha.
ix33: sounds about like me
I never had a performance issue, it was purely "this is quicker for me to use"
jpalmer: jdoe : same here.  ran qmail for like 10 years, then when i needed to re-do my mail system, i read the entire postfix manual cover to cover, and gained a LOT of respect for it.  so i switched
jdoe: wow, 100 nodes?  jesus, that's a lot of mail!!
not me.
whups, i mean jpalmer
up_the_irons: I'm headed to a dinner party.   let me know via /msg if you want me to test anything with the new NS's.   Oh,  did that powerDNS writeup help much?
and qmail is cool and designed well, but djb himself doesn't participate in developing extensions to it, so you're at the mercy of whoever is writing those
jpalmer: yes it did, thank you!
rejects 20 times as much spam as it accepts valid messages :(
up_the_irons: I worked for one of those large "outgoing only, all solicited" mailing list companies.   due to NDA,  I can't say who.
jpalmer: ah i c
ix33: I heard djb relaxed the licensing of qmail a while back, and allowed a real fork..   not sure what it's status is these days.  I stopped following qmail years ago.
by that time my stuff was already google apps ;)
up_the_irons: did you have to extend the DB much, for your needs?
ix33: LOL   you sound like me reincarnate.  qmail for years.  then postfix for years.  now,   I use google apps for all my personal stuff.  I just don't have the time to constantly be learning all the new spam tricks.
me except s/postfix/exim/
jpalmer: nope, not at all.  I made Rails models to work directly with the powerdns tables (only needs "domains" and "records" tables)
I never took the time to learn exim.
(it comes with debian, ok :( )
up_the_irons: one day,  I'll probably have to hack into your repo server,  and steal your codez!
spam tricks are solved by mailroute.info :)
up_the_irons: hm.. so the cname method.  that would allow me to specify both v4/v6 PTRs, at the expense of specifying the entire address instead of just the host bit in my PTR zone file?
ok, I have to get to the dinner party.  later all.
jpalmer: it would be nice to open source it, but it is kinda glued to my Portal code too; hard to separate and still be useful
mattx86: pretty much
up_the_irons: your service is awesome, btw
ix33: thanks!!!
up_the_irons: ok, cool.  I might do that then
ix33 +1 :)
up_the_irons: i hope you are making fistfuls of money
hi all
ix33: LOL
not fistfuls, but it is enough to keep growing
up_the_irons: did you resize a / filesys with it mounted as readonly under /mnt with bsd.rd?
well that may actually be better since you're growing, and you're also not quitting the business to go live on a sailboat or something
rgouveia: i never did it while mounted
up_the_irons: I was reading the channel log when you're talking with toddf. do you remember?
rgouveia: are you trying to do it now? I have notes on how to do it, i should just put it on the wiki
rgouveia: i do not remember, sorry
up_the_irons: well I just don't have growfs on bsd.rd and I don't want to try it with / mounted as ro ;-)
up_the_irons: I have the fdisk + disklabel done
rgouveia: LOL, this is what I have at the top of my notes:
  Grab growfs program from root partition
  ::
    mount /dev/wd0a /mnt
    cp /mnt/sbin/growfs .
    umount /mnt
slick
up_the_irons: ahh, it's static linked then, let's try it
yep
seems gud ... just a "Warning: 367072 sector(s) cannot be allocated."
I just packaged nsd for alpine linux earlier, and I guess I'll be packaging powerdns as well ;)
rgouveia: i get the same warning
up_the_irons: ok
http://wiki.arpnetworks.com/wiki/ResizeOpenBSDRootFilesystem
ok, I'm up again with bigger disk this time :-)
cool
up_the_irons: wd0 gave me some timeouts when growfs'ing
wd0a: device timeout reading fsbn...
odd
I have the full output if you want
back
wow. groff is gone from openbsd
o.o
i don't know why i'm so amazed at openbsd just completely re-writing stuff they don't like
also, there is no C++ left in src with the removal of groff
I happen to beleive that C++ was basically a rape of the C language
so that makes me happy
no argument here
i usually agree with OpenBSD devs
besides the time Theo said the extra core of a dual core processor would be dedicated to cryptography
haha
lol
i think he was trying a little too hard at the time to stick it to the man about cryptography exports
oh boy, rsync-ing the new snapshot
ix33: it's not a laughing matter. if you had a vpn system, a cpu dedicated to crypto not running inside biglock would be a huge win. it will happen, the road from here to there is littered with 'must be done first..' stuff
ix33: there are some details you fail to grasp. groff is gnu. mandoc is bsd. groff can take 10s+ to render some man pages, mandoc takes < .01s on everything. building is faster, rendering is faster, license is better, code is cleaner, and actively maintained. what's not to like?
ix33: openbsd will always take input from users who wish to code with a more free license than gpl, with quality code, smaller (which means more auditible) programs, and less upstream headaches.
ix33: I will suggest this so it doesn't take you a few years to catch on, but gcc4 in base is the last gcc that will ever be imported. gpl3 is not going into base period, so pcc or something else is the path forward beyond gcc4. what the direction will be is anyones guess but it won't be gpl3 gcc that's for sure.
ix33: goals.html if digested properly helps understand the openbsd process when making such decisions that you obviously didn't quite grasp in the past.
ix33: don't take this the wrong way, i'm just helping to make things clear and more understandable for you (and the masses) *grin*
21:46 <+adfdfgsdf> people like that still exist..
woops
wrong window
toddf: oh i get the motivations
toddf: i have all the respect in the world that openbsd stands and acts upon their principles
toddf: all i said was that it's amazing that they do it
toddf: and speaking as a software developer, not least because of the practical concerns
toddf: I thought they were looking at clang as the gcc replacement
ix33: consider me trigger happy to explain things at times. fair 'nuff.
toddf: understandable
toddf: i'm coming back to openbsd after a long time away
i just upgraded to -current, the stupid way!
http://blather.michaelwlucas.com/?p=543
caveat: i was at the previous -current
ix33: truth be known my first install of openbsd was mostly via cmdprompt since I was familiar with slackware before and at the time sd2/sd3 were not created on the install media and MAKEDEV was not on the install media either
this was .. over 12 years ago ..
ix33: so i relate, but you're also avoiding testing the excellent and simple to use upgrade procedure. bsd.rd + u for upgrade are your friend
toddf: agreed. bsd.rd is awesome
toddf: i am just tinkering with one of my excellent if not entirely disposeable arpnetworks VPS instances
stupid mpbios
;-)
i don't think i've ever remembered in time
toddf: ok i have a question for you
why is inetd configured the way it is by default in openbsd?
what do you mean 'the way it is'.
what would you change by default and why?
with small services turned on
i forget what they are, i always turn them off
daytime may be one
ident
those tend to be useful in general
though if you feel strongly enough send a diff to tech@ to change it and see reasoning for keeping them or see someone say 'ok it is time to disable x but not y' etc
well i honestly don't have a reason to suggest they be disabled
other than principle of they're not needed for me
i've never heard of a use-case for daytime & echo so i don't know what the technical reasons may be for keeping them on by default
thats an argument if you didn't realize it.
i tend to err on the side of i'm just not that well -informed ;)
personally with ntpd in base, daytime does indeed seem pointless by default.
and echo? does it serve a compelling function that ping can't?
i'll have to search marc's list and see how many times they've had this discussion ;)
good idea
reasoning and research make more compelling arguments
i never touched a 'nix before 1998, so in the back of my head i still imagine that there may be a magical reason for those
afterall, openbsd.org MUST have a good reason, right?
;)
looking and questioning is always good, tis one good thing with source
hmm you know i wonder what the changelog for inetd.conf looks like... that's easy enough
with the whole random discussion lots of things got looked at and changed that would have otherwise sat idling waiting for someone to look at
lol the last commit to /etc/inetd.conf was 2005
and that was to remove ftp-proxy
from 1996: "also, always enable identd -- many things expect it now"
Echo is/was used to hunt down terminal issues as well as provide a ping that makes it through to userland.
think that's changed in 15 years?  other than IRC servers?
note that that log probably enabled rpc services also
ICMP is kernel-only, so it can be meaningfully different (e.g., system is hung, pings, but userland isn't running).
pilgrimd: thank you
but no, i don't think it has a use these days.
"no rpc by default" Aug 2002
fascinating
hard to believe i once ran an openbsd with rpc on by default...
well apparently they've heard the syslog thing a time or two: http://marc.info/?l=openbsd-tech&m=111021393629608&w=2
being able to send out does not equal enabling receipt
yeah i read somewhere that's the reasoning
it may have even popped up again on @tech since i've been paying attention
or maybe that was somebody trolling misc
channel poll: which icon should I use beside the menu item "Reverse DNS", taken from this list: http://www.famfamfam.com/lab/icons/silk/previews/index_abc.png
i can't decide