***: phrac has quit IRC (Read error: Operation timed out)
phrac has joined #arpnetworks
ivan-kanis has joined #arpnetworks
phrac has quit IRC (Ping timeout: 250 seconds)
phrac has joined #arpnetworks
LT has joined #arpnetworks
coobra has quit IRC (Remote host closed the connection)
coobra has joined #arpnetworks
coobra has quit IRC (Changing host)
coobra has joined #arpnetworks
coobra has quit IRC (Quit: leaving) mattx86: up_the_irons: hm.. now that I have two ARP VPSes in one /29, doesn't that mean that the cacti graphs will report the combined usage (my VLAN)? does that also mean that my bandwidth from the two VPSes are combined into one total, shared amongst the two? ***: coobra has joined #arpnetworks
coobra has quit IRC (Changing host)
coobra has joined #arpnetworks
coobra has quit IRC (Client Quit)
coobra has joined #arpnetworks
coobra has quit IRC (Client Quit)
coobra has joined #arpnetworks
coobra has quit IRC (Changing host)
coobra has joined #arpnetworks
ix33 has quit IRC (Ping timeout: 260 seconds)
ix33 has joined #arpnetworks
coobra has quit IRC (Quit: Lost terminal)
bharatak has joined #arpnetworks
BeBoo_ has joined #arpnetworks
ix33 has quit IRC (Ping timeout: 248 seconds)
ix33 has joined #arpnetworks
au has quit IRC (Ping timeout: 240 seconds)
au has joined #arpnetworks
au has quit IRC (Changing host)
au has joined #arpnetworks
heavysixer has quit IRC (Quit: heavysixer)
heavysixer has joined #arpnetworks
ChanServ sets mode: +o heavysixer
coobra has joined #arpnetworks
robotarmy has joined #arpnetworks
HighJinx has quit IRC (Quit: Leaving)
homosaur has joined #arpnetworks
robotarmy has quit IRC (Remote host closed the connection)
robotarmy has joined #arpnetworks
cubelogic has joined #arpnetworks
LT has quit IRC (Quit: Leaving)
HighJinx has joined #arpnetworks
homosaur has quit IRC (Quit: pocketful of goat cheese, ready to party)
ivan-kanis has quit IRC (Remote host closed the connection)
bob__ has joined #arpnetworks
bob^^ has quit IRC (Ping timeout: 252 seconds)
jdoe has quit IRC (Ping timeout: 252 seconds)
jdoe has joined #arpnetworks
ivan-kanis has joined #arpnetworks
Yamazaki-kun has quit IRC (Remote host closed the connection)
Yamazaki-kun has joined #arpnetworks
ivan-kanis has quit IRC (Remote host closed the connection) up_the_irons: mattx86: yes, combined usage. mattx86: up_the_irons: ah, ok jpalmer: up_the_irons: hola up_the_irons: jpalmer: yo! how was the honeymoon? jpalmer: up_the_irons: I got your email. (and saw the channel logs) and all I can say is: awesome news.
was great. colorado was incredible. mattx86: jpalmer: wb :) jpalmer: (at work, can't talk long) just wanted to say I got the email, and can't wait for the completed project ;)
mattx86: danke
being without email or phones for a week was.. interesting :P
(we had them, we just made a pact to not USE them) up_the_irons: jpalmer: btw, today (most likely), i'm switching powerdns to be the master and ns1/ns2 slaves for the reverse zones. so after I give you the cue, don't edit any of the zone files anymore (they will be slaved) jpalmer: no problem. and wow, the project is that close? up_the_irons: jpalmer: yes, srsly huh? i POWERED THROUGH some major coding in the last 7 days
jpalmer: i'll release the dns editor link in a limited beta today or tomorrow jpalmer: pure insanity. I've completed all the DNS tickets, so.. I'll not update zonefiles anymore without checking here first.
(here or /msg is fine) up_the_irons: roger
yeah
jpalmer: glad to hear colorado was awesome; did you ski, snowboard, ... ? jpalmer: ski yes, (after a 1 day class) ended up on the "level 3" slopes. snowboarding looked fun, but I didn't try it. up_the_irons: jpalmer: nice jpalmer: went snowmobiling, dogsledding, hot springs, tubing, sleigh ride, skiing, and such
brb up_the_irons: wow, lots of stuff! ***: BeBoo_ has quit IRC (Quit: BeBoo_) vcs_: fun
i skiid and snowmobilied a few months ago
in colordo, winter park jpalmer: nice. i was in steamboat springs mattx86: sounds like you had a blast :) jpalmer: we stayed busy. heh mattx86: cool jdoe: "level 3"?
up_the_irons: powerdns as a master with ... what sounds like non-pdns for the slaves, huh. Lemme guess, DB backend making automated updates easier? ;) mattx86: hm.. quick question guys, is it possible to 'dig' a host with a classless IPv4 PTR, or only the classless IPv4 zone itself? i.e., dig 143/25.0.168.192 PTR @auth-ns-ip or dig 143.0.168.192 PTR @auth-ns-ip v.s. dig 128/25.0.168.192 @auth-ns-ip
jdoe: I think I'll do that myself next. using nsd here, editing zonefiles by hand :) jdoe: I had a similar setup to what he's proposing a while ago... pdns master [somewhere], feeding two authoritative slaves (db replication rather than AXFR)
worked pretty well, though the web interfaces available at the time were pretty bad.
oh right, two separate caching nameservers as well. mattx86: yeah, that's the only thing I'm dreading - the web interface
I need to get back into working on my php framework and use that to develop a web interface from scratch jdoe: yeah I was... far too lazy for that.
so what ended up happening is I'd update records from the db.
... which isn't really desirable. mattx86: yuck ;)
on that note, I'm trying to dig deep and find some motivation lately
I'm not sure how well it's working out.. I'd rather not think about it (too much atleast) heh vcs_: ive never heard of level 3 difficulty before
must be a new system
im used to greens, blues, blacks, sometimes if their are cliffs or lots of rocks they call some double blacks
and if there are moguls on blue, they call em blue blacks jdoe: I wish there was some sort of standardization, but I'm not sure how there could be.
the steepest, nastiest double-black-diamond is going to be trivial if you have deep powder, and horrific if it's bare.
I dunno, maybe he's talking about something else...
a lot of lesson groups, they break you down into numbered groups... 1 being "what the fuck is a ski?" and ... 7 or something being "people who know what they're doing" ... level 3, at least around here, translates as "comfortable on green circles and some easier blue squares" up_the_irons: jdoe: yeah, the DB backend is pretty much a necessity to work with my rails-powered Portal. jdoe: oh yeah. If I'd either BEEN a more-keen developer or paid one, it would have been phenomenal.
haha. As it was, it was merely "okay" ***: schmir has joined #arpnetworks mattx86: up_the_irons: hm.. are you going to be implementing rdns delegation via the control panel? also, are you using RFC 2317 for rdns delegation? up_the_irons: mattx86: you can do *non*-rfc 2317 delegation via the control panel, using either CNAME or NS records. the control panel will allow you to create PTR, CNAME and NS records for single IPs, but since rfc-2317 delegation adds glue records for not just a single IP, there is not currently a way to edit that in the control panel
the only sticking point is the validation of the record. if i find the time to code that up, then i can also support rfc-2317 style delegation as well
but i'm wondering how the demand for delegation will go down once you can edit your own PTRs via our control panel. all but the very techy will probably just not bother with delegation anymore mattx86: true
I was reading this: http://homepage.ntlworld.com./jonathan.deboynepollard/FGA/avoid-rfc-2317-delegation.html jdoe: ugh
the biggest problem with rfc 2317 delegation is people who fail to understand rfc 2317 delegation... mattx86: and I read correctly, I can't use dig on such a zone
if I* read correctl jdoe: well, you read correctly but I'm pretty sure the writeup is wrong.
ie dig -x 174.136.97.242
works for me :P mattx86: hm.. let me try
that's the same as specifying e.g. dig 242.97.136.174.in-addr.arpa. PTR correct? up_the_irons: yeah, according to djb, you can just delegate individual IPs with just NS records. Sure, this works, but the complaint is (if the server you're delegating to is using BIND), you have to create a zone file for reach IP. Of course, he says the solution to this is simply use better dns software ;) mattx86: hm.. I'm starting to think it'd be a heck of a lot easier to do a setup similar to yours
that's just about the conclusion I'd come to at one point - one zone for each IP -- ugh up_the_irons: mattx86: the argument is, while biased yes, is that if you just use tinydns, you no longer need a separate zone for each IP
it would *just work* mattx86: up_the_irons: what public-facing dns server are you going to use, if you don't mind my asking? powerdns all the way? up_the_irons: mattx86: i recently had a customer do delegation with just a CNAME
162 IN CNAME 162.109.136.174.ptr.somedomain.com. ***: schmir has quit IRC (Remote host closed the connection) up_the_irons: now that customer controls ptr.somedomain.com, a single zone, so they can set up all their PTR's pretty much naturally, and I don't need anything but CNAME's on my end (no glue needed)
i found that method to be pretty darn trivial, and it made me think, "why doesn't everyone do this?" ;) ***: fink has joined #arpnetworks up_the_irons: mattx86: BIND jdoe: up_the_irons: "use better software" is a reasonable response. I often wonder if the reason BIND is still around is inertia :P up_the_irons: yes, of course it is ;) jdoe: well... it's a reasonable response in this specific case, I guess.
I want to be super careful I don't blanket agree with DJB
haha up_the_irons: mattx86: I want to switch from BIND to nsd, one of these days
haha ix33: up_the_irons: do it
up_the_irons: worth it jpalmer: djb quite frankly.. scares me. mattx86: up_the_irons: that's what I'm tinkering with now tho, nsd jpalmer: I have a love/hate relationship with his.. views. ix33: i used to use djb for years jdoe: I dunno. I made compromises. I was convinced qmail was the greatest thing ever. Then I found postfix.
you're marginally worse off in terms of security, but it's far more flexible and easy to find packages for... up_the_irons: ix33: mattx86 : cool ix33: i ran into that with djbdns and ipv6 jpalmer: jdoe: exactly. I used qmail for YEARS (ran a 100+ node mailcluster) then one day, I tried postfix. ix33: you have to go grab a patch authored by who knows who to get that to work
just wasn't worth it any more jpalmer: within 3 months of postfix, I'd migrated the entire cluster, AND reduced the cluster size by 20% jdoe: haha. mattx86: ix33: sounds about like me jdoe: I never had a performance issue, it was purely "this is quicker for me to use" up_the_irons: jpalmer: jdoe : same here. ran qmail for like 10 years, then when i needed to re-do my mail system, i read the entire postfix manual cover to cover, and gained a LOT of respect for it. so i switched
jdoe: wow, 100 nodes? jesus, that's a lot of mail!! jdoe: not me. up_the_irons: whups, i mean jpalmer jpalmer: up_the_irons: I'm headed to a dinner party. let me know via /msg if you want me to test anything with the new NS's. Oh, did that powerDNS writeup help much? -: jdoe ran a 3 node mail cluster, and that's still a ton of mail. ix33: and qmail is cool and designed well, but djb himself doesn't participate in developing extensions to it, so you're at the mercy of whoever is writing those up_the_irons: jpalmer: yes it did, thank you! jdoe: rejects 20 times as much spam as it accepts valid messages :( jpalmer: up_the_irons: I worked for one of those large "outgoing only, all solicited" mailing list companies. due to NDA, I can't say who. up_the_irons: jpalmer: ah i c jpalmer: ix33: I heard djb relaxed the licensing of qmail a while back, and allowed a real fork.. not sure what it's status is these days. I stopped following qmail years ago. ix33: by that time my stuff was already google apps ;) jpalmer: up_the_irons: did you have to extend the DB much, for your needs?
ix33: LOL you sound like me reincarnate. qmail for years. then postfix for years. now, I use google apps for all my personal stuff. I just don't have the time to constantly be learning all the new spam tricks. ix33: me except s/postfix/exim/ up_the_irons: jpalmer: nope, not at all. I made Rails models to work directly with the powerdns tables (only needs "domains" and "records" tables) jpalmer: I never took the time to learn exim. ix33: (it comes with debian, ok :( ) jpalmer: up_the_irons: one day, I'll probably have to hack into your repo server, and steal your codez! up_the_irons: spam tricks are solved by mailroute.info :) mattx86: up_the_irons: hm.. so the cname method. that would allow me to specify both v4/v6 PTRs, at the expense of specifying the entire address instead of just the host bit in my PTR zone file? jpalmer: ok, I have to get to the dinner party. later all. up_the_irons: jpalmer: it would be nice to open source it, but it is kinda glued to my Portal code too; hard to separate and still be useful
mattx86: pretty much ix33: up_the_irons: your service is awesome, btw up_the_irons: ix33: thanks!!! mattx86: up_the_irons: ok, cool. I might do that then
ix33 +1 :) ***: rgouveia has joined #arpnetworks ix33: up_the_irons: i hope you are making fistfuls of money rgouveia: hi all up_the_irons: ix33: LOL
not fistfuls, but it is enough to keep growing rgouveia: up_the_irons: did you resize a / filesys with it mounted as readonly under /mnt with bsd.rd? ix33: well that may actually be better since you're growing, and you're also not quitting the business to go live on a sailboat or something up_the_irons: rgouveia: i never did it while mounted rgouveia: up_the_irons: I was reading the channel log when you're talking with toddf. do you remember? up_the_irons: rgouveia: are you trying to do it now? I have notes on how to do it, i should just put it on the wiki
rgouveia: i do not remember, sorry rgouveia: up_the_irons: well I just don't have growfs on bsd.rd and I don't want to try it with / mounted as ro ;-)
up_the_irons: I have the fdisk + disklabel done up_the_irons: rgouveia: LOL, this is what I have at the top of my notes:
Grab growfs program from root partition
::
mount /dev/wd0a /mnt
cp /mnt/sbin/growfs .
umount /mnt ix33: slick rgouveia: up_the_irons: ahh, it's static linked then, let's try it up_the_irons: yep rgouveia: seems gud ... just a "Warning: 367072 sector(s) cannot be allocated." mattx86: I just packaged nsd for alpine linux earlier, and I guess I'll be packaging powerdns as well ;) up_the_irons: rgouveia: i get the same warning rgouveia: up_the_irons: ok -: rgouveia crosses fingers up_the_irons: http://wiki.arpnetworks.com/wiki/ResizeOpenBSDRootFilesystem rgouveia: ok, I'm up again with bigger disk this time :-) up_the_irons: cool rgouveia: up_the_irons: wd0 gave me some timeouts when growfs'ing
wd0a: device timeout reading fsbn... up_the_irons: odd rgouveia: I have the full output if you want ***: rgouveia has quit IRC (Quit: leaving)
rgouveia has joined #arpnetworks
robotarm_ has joined #arpnetworks
robotarmy has quit IRC (Ping timeout: 252 seconds)
schmir has joined #arpnetworks
schmir has quit IRC (Remote host closed the connection) jpalmer: back ***: bharatak has quit IRC (Quit: leaving)
bharatak has joined #arpnetworks
robotarm_ has quit IRC (Remote host closed the connection)
fink has quit IRC (Quit: fink)
robotarmy has joined #arpnetworks
bharatak has quit IRC (Remote host closed the connection)
robotarmy has quit IRC (Remote host closed the connection)
robotarmy has joined #arpnetworks
bharatak has joined #arpnetworks
HighJinx has quit IRC (Ping timeout: 240 seconds)
bharatak has quit IRC (Remote host closed the connection)
bharatak has joined #arpnetworks
cubelogic has quit IRC (Ping timeout: 248 seconds) ix33: wow. groff is gone from openbsd vcs_: o.o ix33: i don't know why i'm so amazed at openbsd just completely re-writing stuff they don't like
also, there is no C++ left in src with the removal of groff vcs_: I happen to beleive that C++ was basically a rape of the C language
so that makes me happy ix33: no argument here vcs_: i usually agree with OpenBSD devs
besides the time Theo said the extra core of a dual core processor would be dedicated to cryptography
haha ix33: lol vcs_: i think he was trying a little too hard at the time to stick it to the man about cryptography exports ***: bharatak has quit IRC (Remote host closed the connection) ix33: oh boy, rsync-ing the new snapshot toddf: ix33: it's not a laughing matter. if you had a vpn system, a cpu dedicated to crypto not running inside biglock would be a huge win. it will happen, the road from here to there is littered with 'must be done first..' stuff
ix33: there are some details you fail to grasp. groff is gnu. mandoc is bsd. groff can take 10s+ to render some man pages, mandoc takes < .01s on everything. building is faster, rendering is faster, license is better, code is cleaner, and actively maintained. what's not to like?
ix33: openbsd will always take input from users who wish to code with a more free license than gpl, with quality code, smaller (which means more auditible) programs, and less upstream headaches.
ix33: I will suggest this so it doesn't take you a few years to catch on, but gcc4 in base is the last gcc that will ever be imported. gpl3 is not going into base period, so pcc or something else is the path forward beyond gcc4. what the direction will be is anyones guess but it won't be gpl3 gcc that's for sure.
ix33: goals.html if digested properly helps understand the openbsd process when making such decisions that you obviously didn't quite grasp in the past.
ix33: don't take this the wrong way, i'm just helping to make things clear and more understandable for you (and the masses) *grin* vcs_: 21:46 <+adfdfgsdf> people like that still exist..
woops
wrong window -: G must download openbsd ix33: toddf: oh i get the motivations
toddf: i have all the respect in the world that openbsd stands and acts upon their principles
toddf: all i said was that it's amazing that they do it
toddf: and speaking as a software developer, not least because of the practical concerns jdoe: toddf: I thought they were looking at clang as the gcc replacement toddf: ix33: consider me trigger happy to explain things at times. fair 'nuff. ix33: toddf: understandable
toddf: i'm coming back to openbsd after a long time away
i just upgraded to -current, the stupid way!
http://blather.michaelwlucas.com/?p=543
caveat: i was at the previous -current toddf: ix33: truth be known my first install of openbsd was mostly via cmdprompt since I was familiar with slackware before and at the time sd2/sd3 were not created on the install media and MAKEDEV was not on the install media either
this was .. over 12 years ago ..
ix33: so i relate, but you're also avoiding testing the excellent and simple to use upgrade procedure. bsd.rd + u for upgrade are your friend ***: jlgaddis has quit IRC (Changing host)
jlgaddis has joined #arpnetworks ix33: toddf: agreed. bsd.rd is awesome
toddf: i am just tinkering with one of my excellent if not entirely disposeable arpnetworks VPS instances ***: HighJinx has joined #arpnetworks ix33: stupid mpbios toddf: ;-) ix33: i don't think i've ever remembered in time
toddf: ok i have a question for you
why is inetd configured the way it is by default in openbsd? toddf: what do you mean 'the way it is'.
what would you change by default and why? ix33: with small services turned on
i forget what they are, i always turn them off
daytime may be one
ident toddf: those tend to be useful in general
though if you feel strongly enough send a diff to tech@ to change it and see reasoning for keeping them or see someone say 'ok it is time to disable x but not y' etc ix33: well i honestly don't have a reason to suggest they be disabled
other than principle of they're not needed for me
i've never heard of a use-case for daytime & echo so i don't know what the technical reasons may be for keeping them on by default toddf: thats an argument if you didn't realize it. ix33: i tend to err on the side of i'm just not that well -informed ;) toddf: personally with ntpd in base, daytime does indeed seem pointless by default. ix33: and echo? does it serve a compelling function that ping can't?
i'll have to search marc's list and see how many times they've had this discussion ;) toddf: good idea
reasoning and research make more compelling arguments ix33: i never touched a 'nix before 1998, so in the back of my head i still imagine that there may be a magical reason for those
afterall, openbsd.org MUST have a good reason, right?
;) toddf: looking and questioning is always good, tis one good thing with source ix33: hmm you know i wonder what the changelog for inetd.conf looks like... that's easy enough toddf: with the whole random discussion lots of things got looked at and changed that would have otherwise sat idling waiting for someone to look at ix33: lol the last commit to /etc/inetd.conf was 2005
and that was to remove ftp-proxy
from 1996: "also, always enable identd -- many things expect it now" pilgrimd: Echo is/was used to hunt down terminal issues as well as provide a ping that makes it through to userland. ix33: think that's changed in 15 years? other than IRC servers? toddf: note that that log probably enabled rpc services also pilgrimd: ICMP is kernel-only, so it can be meaningfully different (e.g., system is hung, pings, but userland isn't running). ix33: pilgrimd: thank you pilgrimd: but no, i don't think it has a use these days. ***: Zuul_ has joined #arpnetworks ix33: "no rpc by default" Aug 2002
fascinating
hard to believe i once ran an openbsd with rpc on by default... ***: Zuul has quit IRC (Ping timeout: 250 seconds) ix33: well apparently they've heard the syslog thing a time or two: http://marc.info/?l=openbsd-tech&m=111021393629608&w=2 toddf: being able to send out does not equal enabling receipt ix33: yeah i read somewhere that's the reasoning
it may have even popped up again on @tech since i've been paying attention
or maybe that was somebody trolling misc ***: robotarmy has quit IRC (Remote host closed the connection)
lostlogic has joined #arpnetworks
lostlogic has left
cubelogic has joined #arpnetworks
jlgaddis has quit IRC (Changing host)
jlgaddis has joined #arpnetworks
Zuul_ is now known as Zuul
au` has joined #arpnetworks
au has quit IRC (Ping timeout: 246 seconds) up_the_irons: channel poll: which icon should I use beside the menu item "Reverse DNS", taken from this list: http://www.famfamfam.com/lab/icons/silk/previews/index_abc.png
i can't decide ***: au` has quit IRC (Ping timeout: 246 seconds)