plett: Huh? I have higher latency to ARP than maxamillion did, and VNC is fine for me. I can't see that he's going to be happy anywere, especially since 82ms of his 116ms ping times were internal to his WiMAX provider. bob^^: same here, i'm always 170-180ms (UK) and VNC works fine DDevine: Woah you get that good from UK?
210 to Australia... It's improved actually. mercutio: 210 seems very high
it should be more like 170 for australia? bob^^: DDevine: yeah, 170-180 isn't too bad (about 15ms of that is my broadband connection) mercutio: http://traceroute.optusnet.com.au/?args=www.arpnetworks.com
dsl is about 10 msec latency on top of that i imagine
actually 3g could give you 210 too DDevine: mercutio: Could be my wifi. plett: DDevine: I'm also in the UK and get 140ms on IPv6 and 170ms on IPv4 to ARP, 15ms of each being my DSL
So bob^^'s latency seems about right from here bob^^: my latency from work (I work for an ISP) is only 150msec
(that's direct from the core of our network though)
and i get 154ms from home on v6 (via an HE tunnel) plett: bob^^: Same here. 150ms on v4 from a machine in THN, 130ms on v6. (I also work for an ISP :) bob^^: :D
145ms out of our network in THE on v6 :(
interesting, the vast majority of that 145ms occurs inside HE's network
are you a linx member plett? :) plett: bob^^: We are indeed. AS20712 Andrews & Arnold
Who are you? Do we peer with you? :) bob^^: i think we do, yes :)
AS25178, Keycom PLC plett: Yep, we have v4 and v6 sessions at LINX :) bob^^: we do indeed, small world :)
are you going to the next linx meeting? plett: About a month's time? Windsor? bob^^: yup that's the one plett: I think so, yes. I've registered myself, but we generally don't know who's going until closer to the time bob^^: i'm down to go too - fingers crossed there's enough of us left in the office :) plett: We're based in Bracknell, which is a 20 min train ride from Windsor bob^^: ahh not bad at all - we're in Stafford, though I live in Stratford on Avon
bit further for the guys i work with, not so far for me :)
if you end up going give me a shout - i'll come say hi plett: Will do :) bob^^: hang on - was it you guys who had 'the internet' at one linx meeting a while ago? plett: bob^^: Yeah, that would be us :) bob^^: :) plett: More specifically that would be our MD, Adrian bob^^: yeah, that's right - he did a talk on v6, was interesting
more specifically about v6 capable CPEs iirc plett: Yes, that's one of our common rants. Everything else in the chain from an end user to (say) facebook is IPv6 capable. It's just their DSL router that isn't. bob^^: yeah, it's quite frustrating
more frustrating how few ISPs can actually deliver v6 to the house
i'm with Be, no sign of v6 yet at all annoyingly plett: They are starting to be produced though. We have a £100+ "Billion 7800N" which works fine with IPv6, but at that price it's not one we can just give away to every new customer bob^^: i've heard zyxel have quite a bit of v6 capable stuff now including a few home routers plett: They like to say that they have. The difficulty we have getting hold of them says otherwise. mercutio: bob: zyxel are still around?
i thought they made weird modems bob^^: yeah, zyxel make all sorts of stuff mercutio: weird dialup modems that is
i never see anything zyxel around these days bob^^: plett: ahh, not tried actually getting one :) mercutio: nor us robotics bob^^: US Robotics got bought up by 3com
years ago mercutio: ahh bob^^: :)
that's a name i've not heard for a long time -: bob^^ digs out his courier mercutio: v.everything bob^^: :)
mercutio: i just bought a zyxel nas for home (their kit isn't brilliant but it's alright for home imho) mercutio: i've never seen a home nas that was any good bob^^: this one has two bays and does raid etc - only had it a couple of days but so far so good
not gonna set the world alight with it's feature set or performance, but good enough for me :) plett: bob^^: We have a "ZyXEL P-2612HNU-F1" here in the office for testing, which they sent us this week. It came with an european plug, as they haven't made a UK model yet, required a beta firmware flashing to it to make it even claim to do v6, and then doesn't work. bob^^: oh, that's promising then! mercutio: speaking of ipv6
whatever happened to the internet having larger muts
mtus
what with ipv6 having higher overhead and all
surely it's time for it to get bumped up a bit ***: LT has joined #arpnetworks plett: It's stupid though, as all the manufacturers of cheap routers use the same chipsets, and use the chipset manufacturer's canned "build me a firmware" GUI wizard thingy. And that wizard has supported v6 for about 3 years now, but nobody ever ticks the box to enable it bob^^: hah, i didn't know that mercutio: plett: real
maybe they don't do it in hardware toddf: larger address family != larger mtu mercutio: do cheap adsl modems do checksum offloading etc?
toddf: i know bob^^: our customers are all connected over ethernet so (apart from a few on DSL) thankfully we don't have to worry too much :) mercutio: but because it's using up more overhead
and that it's not in serious production use
surely it's about time for mtus to rise in size plett: Yeah. If you've ever wondered why the user interface on cheap routers all look very similar, it's because they _are_ all the same. The "manufacturer" just copies the reference hardware design, cutting as many corners as they can get away with, and then uploads their logo and brandname into the firmware wizard, and ships it :) mercutio: i dunno the few modems i've used the gui on have all been radically different
dlink, linksys, tp-link toddf: mercutio: I think you oversimplify the task at getting everybody to participate in the larger mtu crowd bob^^: mercutio: jumbo frames would be the only option, and not everything supports them
(assuming ethernet is the technology being used, obv) mercutio: toddf: well i'm not saying it's easy, but it's not easy to get ipv6 going either bob^^: (and in our case everything core is based on ethernet) plett: mercutio: Cheap DSL modems/routers do everything in software. These days they are a single IC with combined CPU, ethernet and DSL, but there's still no offloading etc toddf: mercutio: there are larger mtus, they're called jumbograms, and if all os's behaved sanely, you'd set max mtu of your hardware, and 'discover' (path mtu) the max mtu available per remote host, end of story
mercutio: IPv6 is pleanty easy, I've been doing it for 10+ years mercutio: toddf: well lots of dsl has mtu < 1500
mss clamping kind of helps
toddf: but it's not really serious yet plett: mercutio: PPPoE has a default of 1492, unless you have modern enough kit to support RFC4638 toddf: discovering max mtu is the key to anything greather than and less than standard mtu size mercutio: plett: even in pppoa 1492 is pretty common
ob
on
and then there's ipsec etc
mpls
people running mpls on 1500 byte networks
etc toddf: mercutio: you can say its not serious, but I use it daily for 90% of my traffic, so however you define serious is up to you mercutio: toddf: 90%?!
what do you do over ipv6? plett: mercutio: Really? My only experience with DSL is in .uk , but here all PPPoA is clean 1500 mercutio: plett: here pppoa is common toddf: mercutio: everything. dns64 / nat64 / even tunnel afs over v6 back to my fileservers, smtp, www, dns, imap, ping, ... etc etc mercutio: but the telecoms provider was routing over pppoe afterwards
you'd think they'd just raise the mtu on the ethernet segments
but like when i look at traffic on the net in general bob^^: that's not particularly straightforward mercutio: lots of people have mtus of 160 etc bob^^: you'd have to ensure that everyone you connected to ran the same jumboframe size (again, assuming ethernet)
and that all your kit supported it (not all kit supports jumbo by a long way) mercutio: bob: yeah a bit doesn't
maybe it's hopeless
but it seems weird to have 10 gigabit ethernet etc around, and 1500 byte mtus
and even 100 mbit ethernet could handle bigger mtus bob^^: increasing mtu would probably be many times more difficult than trying to implement v6 end-to-end :) mercutio: most gigabit stuff handles jumboframes bob^^: yup you can do jumbo on 100mbit on some kit (extreme networks kit has done jumbo for years) plett: mercutio: Here, the telco is most often BT. They do PPPoA on the tails from the EU to the exchange, and then trunk it over PPPoE in their backhaul network. They use a 1600 byte MTU for that, which easily fits the 1500 MTU + PPPoE header mercutio: plett: well yeh that's the sensible way :)
to my mind the biggest issue with adsl these days is the upload speed though
and annex-m isn't supported here bob^^: that's a problem with more than just adsl plett: mercutio: There are lots of other ways that DSL is deployed, and most of them are less sensible :) mercutio: you can congest it really easily bob^^: my line is annex m'd but i still only get 1.2mbit up mercutio: bob: real
bob: i get 1.2 mbit up without annex m bob^^: exactly
it's not as good as you'd think mercutio: what do you get without annex m? bob^^: i actually need to re-route some cables here, only recently moved in to this flat and the phone point is miles away from the modem (no power near the phone point)
just under 1mbit plett: mercutio: bob^^ said he is on Be at home. They don't use PPP at all. The ethernet coming out of the DSL modem goes straight onto your LAN, and the default gateway for your desktop machine is on the other end of the cable in the exchange. mercutio: bob: i have the same problem
so i'm using extension cable bob^^: indeed plett mercutio: it kills 1mbit off my down sync rate
plett: oh weird bob^^: Be has been pretty good for me so far - we use them sometimes (buying through Cerberus) for backup links in work mercutio: so it's like bridged plett?
like cable etc usually is bob^^: i did actually consider going with AA plett :) plett: bob^^: Good good :) bob^^: for the amount my line is used it was a little pricey though :(
(bandwidth hungry housemate0 mercutio: bob: you "needed" it though? bob^^: ? mercutio: oh it's used a lot you mean?
i thoughtyou meant it was hardly used bob^^: oh no, my broadband is pretty heavily used
i use a lot of upload (i back everything up to a colo box at work, etc) plett: mercutio: I don't know much about how cable is set up. I didn't think it bridged the EU's LAN out to the cable head-end, at least not here in .uk mercutio: plett: here they used to have one huge big arp domain bob^^: i used to have cable in my old flat mercutio: enough to overload most routers
well most of the shit routers that people tend to use
the ones that top out < 30 mbit
there's no cable reselling here
but ther eis for dsl
so cable is expensive
but better technology
ilke i think they upgraded to docsis 3 bob^^: cable here is priced similarly to dsl on average but we only have one cable provider and no resellers mercutio: i don't know why there's so many people keen on ftth
when docsis 3 is good
and has existing cable
cheaper etc bob^^: not much of the UK has cable mercutio: bob: why are you on dsl then?
ahh ok bob^^: there's cable in the town i live in
but not down my street mercutio: when i had a little look on the web at cable in UK it looked good
there was virginmedia? bob^^: that's always the problem with cable mercutio: and like 50 mbit
calbe bob^^: yeah, that's it
yup plett: mercutio: What makes you think cable is a better technology? bob^^: it's a good service actually - i used to have the 20mbit cable product, worked great mercutio: plett: then what? plett: I assumed you meant better than DSL mercutio: oh cable is more reliable than dsl
like
most people have old shitty wiring
line faults etc are common
dsl routers are usuaally shit bob^^: cable has those issues too tbh plett: Ahh. Okay mercutio: and break reasonably often
yeah it doesn't seem to be as often
and it can support higher bandwidth bob^^: twice i had to have engineers out to 'fix' the coax between my house and the street cab mercutio: bob: oh real?
i've had cable twice
err three times
four times?
shit bob^^: but in 6 years total of DSL, had an engineer out once and he had to replace the line... because.......... mercutio: i've moved around a lot bob^^: (And this is a great story) plett: bob^^: To be fair, no copper in a cable network is going to be much older than 1960. I've seen phone lines that must be 100+ years old :) mercutio: anyway, the only problems were with the isp doing transparent proxying
and with the aforemented arp domain issues bob^^: there was a fracture somewhere in my line - on hot days the cable expanded and for some reason the fracture 'fractured more' and i lost sync mercutio: whereas i've had dsl in multiple places too bob^^: so during the summer there were afternoons where i'd get no service :) mercutio: and had problems with drop outs line noise, problems when it rains etc etc bob^^: plett: very true - and cable won't have the MK-style alumninium lines either ;)
ripping off the bell wire here can be a big improvement mercutio: and docsis 3 can do 100mbit+ bob^^: ftth can do anything at all though mercutio: ftth is expensive though plett: bob^^: Ironically, it's the older phone lines that are more reliable for DSL - over the years as copper prices have increased, the wires have got thinner and thinner :) bob^^: fttc i agree though i don't really see the point - surely easier to concentrate on ftth mercutio: it costs a lot of money to run the fibre etc
so if ther'es already cable bob^^: yeah plett, very true! mercutio: it seems pointless to run fibre toddf: i could get 50mbit down 25mbit up with docsis 3 today. I just don't want to pay $384/mo for it. bob^^: some of our customers are on 50mbit down/50mbit up mercutio: here they're doing vdsl
which uhh bob^^: ...but they're delivered over straight ethernet so that's pretty easy and cheap to do :) mercutio: hasn't ahppened properly yet plett: mercutio: DOCSIS 3 can do 100Mb, until a second person in the same broadcast domain (typically several thousand houses) wants to use it at the same time. At that point you have to share your 100Mb :) bob^^: yeah, our FTTC is vdsl for the last mile mercutio: and there were plans for fibre i think, but people are concentrated on available bandwidth rather than performance/reliability/latency/international transit etc etc
plett: it does over 100Mb total though doesn't it?
cable here was 15mbit
it was always pretty good for those speeds nationally
international it was fucked
especially if used web
because it hit a transparent proxy with small window sizes
which tended to get evening peformance degredation etc etc
leading to the "bittorrent is fast but web is slow" dilemma.
which also happens on congested networks without shaping/qos
so peopla re like - can pull line rate with bittorrent - it must be the remote servers.
is transparent proxying used in the UK? plett: Depends on the ISP
In our case, we don't do any proxying, filtering or shaping. IP packets in == IP packets out mercutio: i reckon it actually makes sense for international stuff bob^^: it used to happen on cable here mercutio, but i think they've (mostly?) stopped now
plett: we're the same
much easier and fairer imho plett: Indeed mercutio: fairer? bob^^: you pay an ISP to transit packets from A to B
if they interfere with the packets in-flight that doesn't seem very fair mercutio: hmm
what do you think about explicit proxies? bob^^: i don't see the point these days
ihmo, there is no need for proxying today mercutio: because cdns are used more? bob^^: because transit/peering are so cheap and content is normally local through a CDN mercutio: heh
transit is expensive here LT: the things that really eat bandwidth aren't cachable anyway... eg youtube mercutio: i'm in new zealand bob^^: it's cheaper to just buy more connectivity than to build a proxy cluster
ahh, that would be an issue then :) mercutio: lt: google provide caches bob^^: actually that's true, they do indeed mercutio: bob: i think there can be higher performance, when it's done proeprly. bob^^: google will happily drop a cache node in to your network if you meet some criteria and don't mind giving them half a rack and some power mercutio: yaeh it's some amount of sustained traffic, depending on your country bob^^: i disagree, i'm really not a fan of proxying at all mercutio: lowest in south america i seem to recall
highest in US LT: well they brand it as a cache... but isn't it really just a cdn node? mercutio: LT: it's a cache
it forwards along to the closest peer bob^^: http://ggcadmin.google.com/ggc mercutio: unless it's already downloaded it before then sends it direct to user LT: blurry.... a cache that only works for google stuff, is kinda different to a traditional cache bob^^: it's a smart idea LT: I don't see it's much different from an akamai box mercutio: LT: it's pretty similar? bob^^: yeah, it's not really plett: It's more of a dynamic CDN mercutio: oh
it's the same as akamai
just for different content bob^^: however - if google+ catches on, it might be good for users and for ISPs mercutio: it really depends if you have peering to a google node directly or not
whether it's worthwhile bob^^: yeah mercutio: ilke don't google peer over linx for you guys? LT: yeah. it's sensible enough... but I got the impression you were talking about sticking all http through a proxy, which is a slightly different beast plett: We already peer with Google at LINX and LoNAP, so already have zero bandwidth costs for traffic to them bob^^: hehe
i can't remember if we peer with google or not
we peer with a GGC on MaNAP
(or whatever it's called today) mercutio: they have an open policy don't they? plett: bob^^: Edge-IX, I think bob^^: yes, we peer with google on linx now too
so yeah, our traffic to google is free too
that's the one, Edge-IX :) mercutio: that said
if you were starting to congest your peering link plett: And, for UK networks, Google server content from their Ireland datacentre, so it's relatively low latency too mercutio: you could get google cache bob^^: mercutio: you'd just get a private interconnect mercutio: bob: oh true
that's another way to go
it'd be nice if google was in nz :) bob^^: they must have a presence there? or in australia? mercutio: australia
nz<-> australia connectivity isn't amazingly cheap
it's the same monopolistic cable that runs to US
just different segment on it
hmm, it is interesting to see different peoples opinions
i've been working on an explicit proxy mesh system to accelerate web browsing
by routing to a proxy near the end destination
and keeping persistent connections open to the proxies
reduces latency etc etc plett: In the case of NZ, international traffic is always going to be expensive and high latency, just because of geography and the speed of light. The only way round that is to either serve content from local servers, or do caching mercutio: plett: yeah - but - i've found that NZ<->UK is extra shit
it goes via the US plett: mercutio: It mostly goes via USA?
Yeah mercutio: and so it's like 260 msec minimum
but
web sites won't send you more than like 4k of data in one round-trip-time
so it's like .. 4k.. 8k. . 16k..
etc etc
assuming no packet loss plett: The other route would be via Asia, and taking an over-land route to europe mercutio: but on top of that in my testing, it seems some uk sites are slow etc too
plett: asia routing is /messy/ plett: Indeed mercutio: plett: that's the way planes fly though
so sometime in the distant future it may work that way plett: I'm not surprised that the BGP hop count is lower for traffic via USA than via Asia mercutio: in my testing, i've found that guardian.co.uk is faster on average than bbc.co.uk
but then i've tried curl frm a uk host to bbc.co.uk
and i find weird 200 msec delays etc
seemingly randomly bob^^: strange mercutio: even with a 2msec ping or something
oh is that not normal? DDevine: plett: There is a lot of countries in APAC... lots of hops. plett: mercutio: I've not seen that here mercutio: plett: things don't go in a direct line
oh, i only have one uk host
so maybe it's that host
but latency doesn't seem to spike
time curl --compressed http://www.bbc.co.uk/> /dev/null
like what's that say for you? plett: real 0m0.083s
user 0m0.004s
sys 0m0.000s mercutio: oh that's fast
right now i got 1 second, 113 msec, 130 msec, 60 msec, 131 msec, 130 msec
from nz it's way worse though plett: That's from my desktop in the office, which is gig-e or higher all the way to the bbc mercutio: 1.981, 1.920
1981 msec that is
for what, 25k of data
then you have all the images etc etc plett: From my DSL at home:
real 0m0.179s
user 0m0.008s
sys 0m0.008s bob^^: 0.016u 0.008s 0:00.18 5.5%288+1668k 0+0io 1pf+0w
(from work) mercutio: from my proxy is 990 msec, 726 msec
i think bbc has low ttl
on dns bob^^: from home dsl:
real 0m0.315s
user 0m0.000s
sys 0m0.020s mercutio: hmm
315 msec is ok bob^^: (i'm using my connection atm to watch f1 free practise over iplayer too!) mercutio: 2 seconds isn't :)
wow your guys times look diff to me
curl --compressed http://www.bbc.co.uk/ > /dev/null 0.01s user 0.00s system 7% cpu 0.130 total
like mine just shows on one line
i suppose that's bash bob^^: my colo is freebsd and my desktop at home is ubuntu
probably just differences in 'time' plett: Differences in the time command, I would expect. My examples were both Ubuntu mercutio: hmm i get the same on linux and openbsd bob^^: this was freebsd: 0.016u 0.008s 0:00.18 5.5%288+1668k 0+0io 1pf+0w mercutio: linux being ubuntu
it must be the shell i think
i'm using zsh
yeh freebsd is hard to read bob^^: csh on freebsd, bash on ubuntu
not if you know what you're looking at hehe mercutio: yeh i rekcon it's the shell -: bob^^ loves freebsd mercutio: heh i usd freebsd 10 years ago
for a bit
then i ran into probelms with it and switched to openbsd bob^^: oh, time -p on freebsd should give a POSIX comliant output mercutio: as a desktop
etc etc
i went to freebsd cos i thought it was meant to make a better desktop or something bob^^: nah, no way mercutio: but i actually found openbsd worked better as a desktop even
i shifted cos freebsd corrupted data on me though bob^^: it's not designed for desktop at all - it's usable, but far from ideal if you want multimedia
yeah, it didn't
that'll have been hardware
:) mercutio: mm
it was like a k6-2 or somtehing
i think it's cos i was using ata66
and it had some timing problem or something
but seriously openbsd was a lot simpler than freebsd
like i was meant to update freebsd with cvsup
and openbsd was cvs bob^^: openbsd and freebsd are pretty similar from a config point of view mercutio: and updating openbsd proved much simpler bob^^: freebsd is cvs too - cvsup just makes it easier mercutio: and like i had to setup networking or something bob^^: (plus there's freebsd-update now!) mercutio: and like manpages on openbsd were MUCH better bob^^: yeah, freebsd won't hold your hand mercutio: i found freebsd way more complicated
openbed had /etc/rc.conf
etc
and you could read the files bob^^: so does freebsd :/ mercutio: and they made sense
then freebsd seemed to do similar things
but have like 3x as much stuff bob^^: :) mercutio: but yeah, i've been meaning to try freebsd again now plett: freebsd-update? Does that mean you can finally do binary updates? mercutio: that i'm more used to it bob^^: yeah plett mercutio: usd to these things bob^^: freebsd's had that for a while now mercutio: but freebsd wouldn't run in virtualbox bob^^: virtualbox had some issues with freebsd but i think they're sorted now mercutio: hmm i think i was trying 8.2?
it was quite recently
it may have been a beta
hmm
maybe i should dl again now
i have vmware on this machien aynway
i should try netbsd out again too bob^^: ah, i think it was virtualbox that was fixed mercutio: netbsd confused me a bit 10 years ago i remember bob^^: yeah, netbsd is not particularly obvious mercutio: but vmware will work out of the box?
i was suprrised that openbsd was obvious tbh bob^^: yeah - though there were issues with vmware and timing on freebsd mercutio: i like didn't want to try it at first because it was designed towards security bob^^: no idea if those are fixed, i never actually had them but i know people who did mercutio: and i wanted speed
but i actually foudn openbsd faster than freebsd
for simple things like loadign xterms
bringing up man pages etc
not exactly heavy usage bob^^: you could tweak freebsd if you had the patience
but in general that isn't needed mercutio: now if xterms come up slowly there must be some kind of hardware problems bob^^: or a scheduling issue if the box is doing other stuff too mercutio: oh or linux with it's screwed up hard-disk stuff now days bob^^: or that :)
linux always feels 'laggy' to me compared to freebsd mercutio: have you used linux recently? bob^^: yeah, i use ubuntu on all my desktops mercutio: i've used it on more than one machine bob^^: but i don't use it on servers mercutio: and you extract a huge tarball
or mocve lots of files or aynthing
on a desktop
and it'll drag like hell bob^^: this ubuntu box has an ssd so i don't really notice disk access now hehe mercutio: like i don't know how they let that happen?
ah this box has ssd too bob^^: <3 ssd mercutio: yeh ssd is ok
i dunno i also have 16 gig ram now
i just upgraded
it's crepey in a way bob^^: this desktop only has 2gb, i REALLY need more mercutio: i got so used to things going really slowly all the time
with linux? bob^^: yeah mercutio: i used linux ona laptop with 2gb fo ra while
recently bob^^: it's not bad, it just sometimes feels like it could use a bit more mercutio: it had dual boot windows 7
seriosuly windows 7 was better on 2gb ram than linux by far bob^^: i've got two spare slots and ram is cheap for another 2gb so i'll order it when i get paid mercutio: like it'd keep going into swap hell
ddr3? bob^^: i'm also keen to stop this box swapping given it's swap is on ssd
nah, ddr2 i think - this thing is a bit on the old side :) mercutio: ahh yip
that's why i upgraded bob^^: amd x2 5600+ mercutio: cos ddr3 ram is way cheaper bob^^: yeah mercutio: i tried just jumpign frmo 4 gig to 6 gig bob^^: i want to upgrade before ddr2 goes up too much more mercutio: and then i tried using visual studio
i dunno how anyone copes with visual studio
it's so resource hungry
why not just get new mbd/cpu?
you know you can get really cheap sandybridge cpus
like there's ones even cheaper than i3
dual core bob^^: just don't need the extra performance tbh
this thing will do me another couple of years at least mercutio: hmm
lower power use bob^^: most of my work i do on my laptop which has 4gb of ram anyway mercutio: oh yip bob^^: and it's all brand new (5 months old or sth) so it's alright for performance :)
i just want to buy an ssd for it nowt oo mercutio: yaeh
it gets like that doesn't it
you use non ssd computers
and you're like how do they cope
and then you realise you got an ssd 6 months ago
and had coped for years bob^^: hehe yeah mercutio: ahh shit
4 gig?
i don't know what freebsd file i want bob^^: yeah mercutio: oh 4gig iso
for freebsd i meant bob^^: sec
nah - get the mini iso mercutio: what's pc98? bob^^: it'll download anything else you want during install, saves wasting bandwidth mercutio: is that like win98?
ahh cool bob^^: nah, it was a pc standard from 1998
no one does it anymore mercutio: i386-bootonly?
except freebsd? bob^^: http://en.wikipedia.org/wiki/PC_System_Design_Guide
unless you're running on 64 bit hardware, yup mercutio: is 64 bit or 32 bit better for vmware?
it's i5-2500k bob^^: 32 bits for vmware i suspect
not honestly sure - i don't virtualise much tbh :/ mercutio: so should do either
i386 is probably smaller
leaner
wtf
can't find the dl link
oh there
http://torrents.freebsd.org:8080/stats.html?info_hash=e86c8124f8c942a3b3bff101b97d908bf26c5b73
i see freebsd is staying professional looking bob^^: freebsd is pretty professional, it's used by a lot of large corporations mercutio: real? bob^^: oh yeah mercutio: i thought freebsd had kind of died for some reason bob^^: yahoo use it for example
ahh everyone says that on slashdot, it's not true at all mercutio: heh i remember people used to say freebsd was using for lots of porn sites
as examples of "heavy traffic web sites"
nah this isn't about slashdot
it's more i just never hear about anyone using freebsd bob^^: http://news.netcraft.com/archives/2011/07/08/most-reliable-hosting-company-sites-in-june-2011.html mercutio: i don't hear of much openbsd or opensolaris eitther bob^^: check out the top 10 most reliable hosts mercutio: using both openbsd and opensolaris at work
(and linux)
wow
how did windows get on that list? bob^^: hehe no idea mercutio: i've actually never heard of any of those providers
cool it's installing bob^^: they're all pretty big mercutio: yeh looked at top 40 and had heard of more of them
maybe just my luck
got it installed it didn't even setup ssh hmm bob^^: you missed a step during install then
because one of the questions is 'do you want to enable ssh login' towards the end
:) mercutio: oh
the installer screwed up
because i went to some options page
then i tried to eit
then somehow it trieed to isntall on top itself so i did exit
found it though bob^^: easy to enable after though
add sshd_enable="YES" to /etc/rc.conf
then /etc/rc.d/sshd start
it'll generate keys and fire it up mercutio: yeh
but now it won't let me ssh in
do you need to create a non-root user? bob^^: are you trying as root?
ys
only linux is stupid enough to let you ssh as root by default ;)
you can always edit /etc/ssh/sshd_config to allow root login if you're feeling brave mercutio: i don't think that's stupid bob^^: or it's a local box or whatever
well what's one username that exists on all unix-like systems?
root
that's a pretty easy start for an attacker mercutio: i can't su either
gah
so i need to add to wheel? bob^^: if you prevent logins on root then they also have to find the usernaem, which complicates things a lot
yeah
you need to be in wheel to su
most people will install sudo as soon as they're installed
then you don't need to be in wheel mercutio: how do i install sudo?
is there pkg_add
?
# pkg_add sudo
pkg_add: can't stat package file 'sudo'
hmm
i suppose it needs to know where it is bob^^: pkg_add -r sudo
will fetch it remotely mercutio: ahh ocol
ok not too bad bob^^: or you can use ports (portsnap fetch extract && cd /usr/ports/security/sudo && make install clean) or something mercutio: yeh it said ports tree was over 400 megs bob^^: (you only need the portsnap fetch extract if you don't already have a ports tree :)
yeah, it's big, but VERY well worth having mercutio: i dunno
you can always download original source tarballs
i installed kernel source bob^^: sticking with ports is a smarter move mercutio: but that was all bob^^: meh, you won't really need kernel source mercutio: gah
it keeps going to ftp.freebsd.org bob^^: you can override that, sec
PACKAGEROOT iirc
ah, yeah: http://www.rainingpackets.com/pkg_add-specifying-a-mirror-server/ mercutio: no export command? bob^^: depends on your shell
setenv if you're still in csh
chsh -s <newshell> if you want to change mercutio: # pkg_add -r zsh
Fetching ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-8.2-release/Lates t/zsh.tbz... Done.
Fetching ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-8.2-release/All/libiconv-1.13.1_1.tbz... Done.
Updating /etc/shells
# zsh
zsh: Command not found. bob^^: rehash mercutio: what's with that? bob^^: wait are you still running sh? mercutio: oh shit
wow
no idea
i have zsh now
# zsh
zsh: Command not found.
# rehash
# zsh
[Fri 11/07/22 22:19 NZST][pts/0][i386/freebsd8.0/8.2-RELEASE][4.3.10]
<root@:~> bob^^: csh
csh needs a rehash to reload paths
now do
which zsh
and chsh -s /path/to/zsh
however
*however* mercutio: cool
got it changed bob^^: do not do that for root mercutio: chsh -s zsh rowrked bob^^: leave root on csh or sh mercutio: why not? bob^^: because you may note that zsh has probably gone into /usr/local/bin
and not /bin mercutio: yeh it has
so copy it over? bob^^: as a result, if you end up needing to rescue, you may not be able to mount /usr/local mercutio: i'd rather have a shell that "export" works in
yeh it's just a test system bob^^: no don't copy it over, just don't use root mercutio: but maybe can find static compile of zsh bob^^: create yourself a user that has sudo
:/
that's nasty mercutio: mm
i hate prefixed sudo over everything
i reckon sudo is less ecure bob^^: the chance of you needing a recovery shell are minimal, but on a production box it's a really smart idae mercutio: then just using root
that's a dirty linux hack -: bob^^ shrugs bob^^: i find sudo useful when i don't trust people
it can be locked down mercutio: hmm bob^^: giving someone root on the other hand cannot mercutio: i dunno i'd rather not give someone a shell i don't turst :) bob^^: well of course :) plett: sudo is less secure in that it's just the normal user's password which has to be leaked/stolen in order for an attacker to get root access, rather than both the user and the root password mercutio: i suppsoe there is that bob^^: but sometimes you have no choice
as long as sudo is locked down, it's handy mercutio: plett: yeh bob^^: and passwords? keys ;) mercutio: and also it encourages going frmo normal user to root
so if someone hacks into a normal user account they can get root
and when it's a box you don't use as a desktop or anything plett: But if you have to give someone root access, doing it via sudo allows you to lock it down greatly, and get a log of each time it's used bob^^: exactly mercutio: you may as well just ssh in as root
and not as root nesta: I agree that sudo is insecure but I have been reliably informed that it can be locked down pretty tight mercutio: depending on what you're running bob^^: sudo has its uses
i don't believe in using it all the time (like, say, ubuntu tries to insist on)
that's pointless mercutio: now i can set this packageroot i suppose nesta: I have witnessed peoples servers getting 'rooted' purely from sudo.. but then again those people were re-using passwords from public shell boxes on their own private server
go figure :) bob^^: ugh :)
it's amazing what goes on really nesta: indeed mercutio: option is invoked. An example setting would be "ftp://ftp3.FreeBSD.org". plett: Personally I use sudo all the time on my personal boxes. I am the only user on the box, and my password is a secure one mercutio: hmm
ok that's not so hard
now i need to find close mirror bob^^: plett: i'm the same tbh
it's just me being lazy and not wanting to type two passwords too plett: bob^^: You can set sudo up as NOPASSWD, so it just does it without prompting for your password, if you wish ;) bob^^: that's how i have it :)
dirty, but i'm quite happy with it on my personal stuff with just me using it mercutio: wtf
vim is installing ruby?
and x stuff
argh
tcl, ruby, hicolor-icon theme
python, perl bob^^: vim-lite
is what you want mercutio: oh bob^^: and this is why you want the ports tree mercutio: i tried to google bob^^: you can customise stuff before it installs then nesta: use ports. mercutio: SECURITY NOTE: The VIM software has had several remote vulnerabilities
discovered within VIM's modeline support. It allowed remote attackers to
execute arbitrary code as the user running VIM. All known problems
wow?!
y'know it seems pretty snappy
other than being a bit confusing
ok suppose should use ports tree nesta: mercutio: it is very easy, just use this -> http://pastebin.com/XBCqFdWe ... save it as /etc/csup-ports.conf
then run mercutio: i found a tarball nesta: csup /etc/csup-ports.conf
nah just do this mercutio: that's not cvsup is it?
i have bad memories of cvsup nesta: no, it is csup
yeh forget cvsup
you don'tneed it
csup is in base
do what I said and it will download the ports tree painlessly
:) mercutio: should i extra tarball first?
or not bother? nesta: forget the tarball bob^^: nesta: are you serious?!
portsnap
!!
portsnap fetch extract mercutio: ok downloading bob^^: job done
way quicker too -: nesta shrugs nesta: different strokes
:) bob^^: hehe true enough :) mercutio: i dunno i'm not really in a rush
i've got curl and vim
and ssh bob^^: since portsnap arrived i haven't gone back, i love it :) mercutio: what more could i need? nesta: this is why *nix rocks
many different paths bob^^: exactly
pick what you want and do it the way you like mercutio: actually i wanted tmux
have you guys tried tmux? bob^^: not personally but i've heard it's good
i still use screen plett: mercutio: What makes it better than screen? mercutio: plett: the code isn't dirty bob^^: it's in base isn't it? nesta: I still <3 screen mercutio: it doesn't seem to be in freebsd base
it's in openbsd base nesta: no bob^^ its not bob^^: ah, that's right, it's openbsd that ships with it nesta: mercutio: do you code? bob^^: there was talk of putting it in freebsd on a mailing list a while back mercutio: nesta a little plett: I've not looked at the source for either, but screen works well enough for me mercutio: i used to code
then i got slack
i was trying to do some modifcations to squid today
i hate squid's code
but like seriously, when code is disgusting it makes me not want to use the program jlgaddis: tmux++
used screen for years, but haven't used it once since i first installed tmux mercutio: actually some gnu code is pretty disgusting
jlg: ditto
i just used it in case my shells died normally with screen
but with tmux i find myselfa actually using multiple windows jlgaddis: once i got my .tmux.conf how i wanted it, it just rocks bob^^: i use it to run irssi
brb! mercutio: i liek it how it updates the line at the bottom with what's running in the shell jlgaddis: mercutio: yeah, makes it handy when you're waiting on something to finish
the visual notifications too mercutio: i dunno it just seems like it did what screen set out to do but properly and nicely and cleanly
oh yeah -: jlgaddis nods mercutio: like i always know hwen i have mail
cos it'll inverse the colours
years ago i used to be a text mode junky
and i had a computer without much resources jlgaddis: i still am =) mercutio: and i hated screen with a passion
but still used it because it was handy jlgaddis: i spend probably 90% of my time staring at terminals mercutio: but like you could seriously notice it slowing down and bloating up
back then i was like "why's curses so slow?"
i was like used to dos etc
where text was fast, then everything in text moed was slow
but some things way slowe than others
linux 2.1 sped up text mode a lot
jlg: oh i actualyl used to use text mode
not X
with terminals
then i shifted to ion
and X
but mostly so that i could use firefox occasionally
it wasn't firefox
netscape navigator
then mozilla
netscape navigator was really gay
motif is slow too jlgaddis: yep, on my linux box at home i just use an 80x50 console. when i need a gui (for chrome or something), i fire up awesome. mercutio: it looked better than tcl/tk jlgaddis: i'm a total cli nerd mercutio: jlg: ever heard of svgatextmode? jlgaddis: yeah mercutio: jlg: i rebound my keys
so i could have more virtual consoles
like 30 of them
and then i had single number pads keys to hop desktops
or alt-ctrl
modifieriers
to get 10 more on each
then like i hacked getty
to "autoload" programs
on various virtual desktops
virtual screens i should say
so like i booted my computer
and up would come 6 web browsing esesions
on like 78 9
4 5 6
where 4 5 6 were google
7 was like slashdot 8 was freshmeat, 9 was lwn or something
then 1 2 3
would start shells in download directory
then like alt-1 to 9 etc
would start in ~/src
etc etc etc
it works well
worked
in the end i had the getty so you pressed enter to start a shell
cos shells took up ram etc
and soemtiems i closed them
cos i had a puny machine
then i wrote my own irc client
cos epic/bitchx etc were memory hogs
and took up like 2 megs+
god
i started ranting there
2 megs memory now days is like nothing jlgaddis: holy hell man, give your enter key a break! =) nesta: hahah jlgaddis: i gotta go into scrollback to read what you said while i was gone for a minute :P mercutio: heh
i wonder what memory use is like these days
ben 21805 0.2 0.3 7896 2752 pts/9 S+ Jun19 102:30 epic4 mercutio irc.freenode.net
it didn't get much worse jlgaddis: wow, epic4
i haven't seen that name in a long time mercutio: linux bloated up from libc5 to glibc
hmm it's what i used before i wrote my own irc client, and what i went back to
it's ok, not wonderful, not terrible
i used irssi once a little bit, it actually seemed ok jlgaddis: yeah, i moved from ircii to epic to irssi mercutio: epic, mutt, and vim are probably the programs i've used the longest
i moved ircii, epic, fade, epic
my irc client was called fade
it was real simple jlgaddis: heh, irssi, mutt, and vim are probably the three i use the most mercutio: like 28k binary or something
used readline
and other than that just as basic as you can get pretty much
no dcc, etc etc
always logged to a file set on command line
set nick and server name like in epic
just on command line
but it managed to make my machien swap less
what made you move to irssi? jlgaddis: nfi
it's been a long time ago mercutio: i used it for a brief moment and it seemed to have more sensible keys i seem to recall
gah i'm going to try it now
brb ***: mercutio has quit IRC (Quit: oops) jlgaddis: initially, i think it support for perl scripting ***: mercutio has joined #arpnetworks mercutio: i had to type /server irc.freenode.net ?
ben 17165 0.1 0.5 11128 4512 pts/9 S+ 23:02 0:00 irssi mercutio irc.freenode.net
and it does use a bit more ram
not that it really matters jlgaddis: jlgaddis 1705 0.0 1.1 54532 9064 pts/2 S+ May27 19:17 irssi
i'm in about 15 channels across 4 servers, though, if that makes a difference bob^^: rob 2938 0.0 1.1 16040 11012 p1 S+ 26Aug10 342:45.11 irssi
three servers and 16 channels total for me jlgaddis: bob^^: heh, reboot often? :P bob^^: nope
:)
what about this one:
12:14PM up 1823 days, 38 mins, 2 users, load averages: 0.00, 0.00, 0.00 mercutio: oh you run one instance for multiple servers? bob^^: nope, that's just an old box we keep now for uptime records lol
oh you mean on irssi
yeah
i have three servers configured inside my irssi
anyway - got to go for lunch, back shortly plett: bob^^: 1942 days, as recorded when we shut it down: http://flickr.com/gp/plett/99B94r
I'm not sure whether to be more proud of the reliable power etc, or embarased that a box that old was still running jlgaddis: http://www.flickr.com/photos/jlgaddis/4340673033/in/photostream
we "found" that server one day mercutio: jlg: wow
can you call it a server when it runs windows? jlgaddis: nowhere near you guys and your 1800-1900 days, but i thought it was pretty damn impressive for a windows box
mercutio: according to our windows guys, yeah LT: bob^^: you use extreme stuff right? have you ever seen show odometers come out with crazy values for days in service? bob^^: LT: only when they've been up for crazy days ;)
but no, i don't think so - what switch?
plett: i know what you mean about being embarrased about boxes with uptimes like that :) LT: bob^^: as an example Slot-2 : X450a-24x 19713 Apr-28-2007 bob^^: hmm, no, that is odd though
i don't have any x450's though, only x350 and 48si these days :(
LT:
Switch : X350-24t 1141 Jun-05-2008
which seems okay
all the x350's i have access to from here look reasonable LT: most of ours are right, just the odd one here and there. even in a single stack all purchased together there are some correct and some not bob^^: that's odd
have you reported to extreme?
(oh - different xos or anything like that maybe?) LT: can't stack them unless they're all the same version... 12.3.4 something or other bob^^: ahh okay, like a blackdiamond with two msms then
makes sense LT: pretty much... the code seems to think it is a chassis half the time, stack members even get called slots in most places bob^^: hah, not surprising i suppose, they're probably trying to keep the config sane ***: Tadaka has joined #arpnetworks
jpalmer has quit IRC (Quit: leaving)
DDevine has quit IRC (Ping timeout: 264 seconds)
ariel has left "Leaving"
DDevine has joined #arpnetworks
_id has quit IRC (Read error: Connection reset by peer)
_id has joined #arpnetworks
nerdd_ has joined #arpnetworks
LT has quit IRC (Quit: Leaving)
nerdd has quit IRC (Ping timeout: 276 seconds)
DDevine has quit IRC (Ping timeout: 260 seconds)
HighJinx has quit IRC (Ping timeout: 260 seconds)
HighJinx has joined #arpnetworks up_the_irons: so much interesting scrollback i'm going to have to read later...
my extreme:
Service First Recorded
Field Replaceable Units Days Start Date
---------------------------------------------------------------
Switch : X350-48t 49 Jun-02-2011
XGM2-1 : ***: jpalmer has joined #arpnetworks jpalmer: up_the_irons: ping? ***: heavysixer has quit IRC (Remote host closed the connection)
jpalmer has quit IRC (Quit: leaving)
heavysixer has joined #arpnetworks
ChanServ sets mode: +o heavysixer
Tadaka has quit IRC (Quit: Computer has gone to sleep) phlux: What constitutes as a "long-time customer?" nesta: like, 10 billion years ***: jpalmer has joined #arpnetworks
RandalSchwartz has quit IRC (Ping timeout: 260 seconds)
phlux has quit IRC (Quit: ZNC - http://znc.in)
kennyz has quit IRC (Ping timeout: 260 seconds)
DDevine has joined #arpnetworks
HighJinx has quit IRC (Ping timeout: 260 seconds)
phlux has joined #arpnetworks
DDevine has quit IRC (Read error: Operation timed out)
phlux is now known as Guest39746 Guest39746: hmm
I can't mount my second drive (/usr/ports)
mount -tauto /dev/ad1s1 /usr/ports says "Operation not supported by device"
any ideas? ***: Guest39746 is now known as phlux phlux: ah..got it.
mount -r.
hmm or not
Ok..mount without any flags worked.
Bleh ***: amdprophet has joined #arpnetworks amdprophet: are there any issues with kvr11?
up_the_irons: not able to VNC into kvr11
up_the_irons: our vm seems to be down too jpalmer: amdprophet: log into the portal, and boot your vps.
hard shutdown, wait 1 min, boot. amdprophet: jpalmer: will try
jpalmer: that worked, thanks! jpalmer: np ***: kennyz has joined #arpnetworks
Olipro has quit IRC (Ping timeout: 255 seconds)
Olipro has joined #arpnetworks
Olipro has quit IRC (Read error: Connection reset by peer)
Olipro has joined #arpnetworks