[00:00] Webhostbudd: supermicro, yeah [00:00] you could be if enough people ordered =p [00:00] up_the_irons: do the dedi's have ipmi on the board? [00:01] Webhostbudd: certainly [00:01] nice [00:01] we have a customer VPN set up now too (OpenVPN), to access IPMI cards [00:01] so jealous [00:02] i doubt i could afford you guys though =( [00:02] but the vpn access is awesome, that's one thing i really dislike about my current dedi [00:02] they have it hosted on the public internet [00:03] mnathani: no, we're not really equiped to cancel accounts then turn around right away and recreate them, at a loss. [00:03] Webhostbudd: lol, really? haha, there's a hack waiting to happen [00:04] yea, i've been hacking together some rudimentary security with iptables scripts on the nvram [00:04] it's really not ideal though [00:04] the company i'm with is sketchy at best, but they have uptime [00:05] Webhostbudd: what is the current dedi deal you are getting? maybe i can match it (doubt it if it is crazy low, but let's see...) [00:05] e3-1230 v2 with 16GB ram and 2x1TB disks for $115 [00:05] *** HighJinx has joined #arpnetworks [00:05] Webhostbudd dang, good deal [00:05] and a 100mb line which is unmetered, although unmetered isn't a dealbreaker for me [00:06] as long as the box runs, the place is alright. But god forbid you need support or want to do anything outside of your own box, it is pretty awful [00:07] luckily after they fixed the bad sticks of ram in the box and enabled ipmi i haven't had to worry much [00:07] since you guys use supermicro ipmi on a private lan, do you also have a read-only cifs share on it for iso's? [00:07] that would be awesome [00:08] Webhostbudd: yes, we do. not cifs, but on a plain ol' samba share. IPMI mounts it as virtual media. you can install anything you like. [00:09] yea [00:09] *** irons|xchat has joined #arpnetworks [00:10] see, with my current host it has pretty much been, grab the cheapest vps possible to host the samba share for the image [00:10] i guess that is what you get for the price :) [00:12] Webhostbudd: so they host the samba share on a cheap vps? LOL. our samba share is actually on the high perf mirrors.arpnetworks.com box, so it is made for file serving. [00:12] no no [00:12] i host it =p [00:12] they don't even do anything [00:12] it's a freaking dance on my end just to get this stuff working [00:13] a little entertaining having to pivot around though [00:15] lol [00:15] Webhostbudd: you comfortable with OpenVPN? [00:15] definitely [00:16] if so, you should have no problem getting set up on ours, accessing IPMI, virtual media, etc... [00:16] openvpn is awesome [00:16] most of what i do with it is site-to-site anymore [00:17] but i do have it on my client machines for bacula backups [00:17] at any rate [00:17] the service you guys offer sounds pretty nice [00:17] out of curiosity is there a public dedicated server page on arpnetworks.com yet? [00:19] Webhostbudd: there isn't yet; my work with it has more been through email and ppl telling me what they want. i am learning about the whole dedi business as well, so when I get the new page up, it'll be more refined. already have learned that 2x drives could become 4x easily, and some want RAID. So that blows away my microcloud chassis, but at least the 1U's are easy to build :) [00:20] ahhh [00:28] wtf is this lag about... [00:28] 64.7 [00:30] ...and now it fixes itself [00:31] weird [00:36] jpalmer: is the default CentOS 6.3 install a minimal one (+ SSH and the basics)? When I used the GUI installer, it didn't really ask me anything about package selection. When i logged in for the first time, 'yum list' (or w/e) had a lot of X11 packages, is that normal? [00:41] one issue with using cifs with those ipmi things is they tend to have terrible speeds if you're far away [00:41] so it is better to be able to host locally [00:42] i mean it was pretty crazy slow from texas to chicago [00:42] mercutio: i was actually able to find cheap vps's hosted in the same datacenter [00:42] or very close [00:42] <1ms ping [00:42] web: would help :) [00:42] i don't even remember what chicago to texas pigns are like [00:42] cifs is very talkative so latency kills it [00:42] i can do cifs over adsl for some stuff but not others [00:42] it can depend on the application [00:42] (that's with 10 msec ping) [00:42] interesting [00:43] texas to chicago is about 20 msec [00:43] so yeah it's not very latency tolerant at all [00:43] dang, more lag... [00:43] i thought it was just the window sizes in the client though [00:43] good thing i have xchat open in another window [00:43] that was to isntall opensolaris [00:44] no-one has opensolaris as an install option on dedicateds :/ [00:44] opensolaris is dead..... [00:44] now, if you said oi or smartos [00:44] this was a few yeras back [00:44] oh [00:44] well, ovh has oi and smartos on their dedi's [00:44] 7:59pm up 673 day(s), 20 min(s), 1 user, load average: 0.01, 0.00, 0.00 [00:44] then again they image nearly everything because they are such a large operation [00:44] it was about that long ago [00:45] oh it was longer ago than that acutally [00:45] there wsa an outage [00:45] damn, is that actually an opensol box? [00:45] yeh [00:45] impressive [00:45] how so? [00:45] i dunno, i'm not usually one to have more than 180 days uptime [00:45] why do you reboot? [00:46] operating system updates [00:46] SunOS zone6 5.11 snv_134 i86pc i386 i86xpv [00:46] there hasn't been any opensolaris updates since then [00:46] exactly [00:46] heh [00:46] but yeah [00:46] OI is pretty good from what i hear [00:46] i've never had any stability issues with it [00:46] well it's got zfs [00:46] it's running xen [00:47] you can snapshot virtual machines [00:47] and send them across the world [00:47] yea, it's pretty awesome [00:47] and in essence more a virtual server around the world with very short downtime [00:47] I'm excited to see where smartos goes [00:47] basically.. you snapshot, send the data, snapshot, send the updated data, shutdown, snapshot again send the updated down, bring up [00:48] yep [00:48] that's assuming the first send is done without paying attention to how long it takes at all [00:48] ie in the backgrund [00:48] mhmmm [00:48] so the first one takes forever depending on your net speed [00:48] the second one is pretty quick [00:48] the third one is really quick [00:48] of course [00:48] yeh, smartos is intersting [00:49] i like that they have kvm up and running on the illumos kernel [00:49] tbh, i'm really confused about what makes sense with virtualisation these days [00:49] i like that too [00:49] but [00:49] i'd rather not have to use vnc... [00:49] i much prefer xm console [00:49] I'm sure spice could be easily ported [00:49] so that's one issue [00:49] i've done kvm on openindiana [00:50] with windows [00:50] bad? [00:50] well [00:50] it takes a hile to figure out how to install virtio drivers in windows [00:50] while [00:50] i've done windows in esxi before too and it's less confusing [00:50] also there's like no management interface or anything in openindiana [00:50] well, vmware straight up gives you installers [00:50] meaning you have to figure out things like to set the mouse to a tablet thingy [00:50] yes, that is a big problem [00:51] (that's one of the things that irked me ) [00:51] but if you had libvirt on openindiana i think it could be viable [00:51] hmm [00:51] the other thing is about how it allocates ports for vnc [00:51] is there some standard way? [00:52] 5900+2 [00:52] im pretty sure? [00:52] i think in the end I used ssh -C -X [00:52] i think it's on localhost by default? [00:52] it should listen on all ports by default [00:52] how does it increment? [00:52] oh? [00:52] well i can't really remember [00:52] but i prefer hostname and xm console blah [00:52] also [00:52] well, see, i'm used to spice which needs two ports [00:53] that debug screen with alt-1 [00:53] so it increments by 2 [00:53] or wahtever it was was curious [00:53] but vnc might now [00:53] not* [00:53] but like it's a pita to eject cdrom [00:53] oh [00:53] in xen you can just do attach-disk [00:53] im used to handling that stuff with libvirt [00:53] you can do mem-set and change the amount of memory etc [00:53] so i still prefer xen myself :) [00:53] from a "having to maintain it myself" pov [00:54] what i liek about kvm is it allows me to run openbsd [00:54] openbsd doesn't run that great under esxi or xen hvm [00:54] yea, bsd's in general don't run well under xen or vmware [00:54] although freebsd 9 has the dom0 kernel for xen pv [00:55] netbsd has domu [00:55] i installed it a while back [00:55] at home [00:55] i have openindiana/xen at home [00:55] k [00:55] that's the other prob with kvm [00:55] iot doesn't work on older cpus [00:55] like core2duos [00:55] maybe not on openindiana [00:55] it should work fine on linux [00:56] yeh [00:56] mm [00:56] yeh i'm wondering if i should use linux [00:56] but mostly just cos i want to make that box quieter [00:56] and i figure that linux will be better at shutting down the disks... [00:56] yes [00:56] i could run openindiana in kvm? [00:56] on linux? [00:56] i would think so [00:56] or xen i suppsoe [00:56] i've never tried OI on kvm [00:56] kvm runs almost anything though [00:57] i haven't had anything break in kvm [00:57] and then psas through the ethernet card [00:57] try it [00:57] yeah [00:57] i have to upgrade it first :/ [00:57] heck, if you want an easy kvm solution try proxmoxve [00:57] to sommething that'll do vt-d [00:57] they do a pretty good job [00:57] well i mostly just want a file server [00:57] with some virtual hosts running on it [00:57] solaris makes a good file server [00:57] yes it does [00:58] iscsi is stable [00:58] linux doesn't unfortunately [00:58] nfs is stable [00:58] and cifs is stable [00:58] linux it's like iscsi.. uhh.. nfs.. uhh... cifs... oh cifs works on linux!!!! [00:58] nfs has been fine in my experience [00:58] i never really deal with iscsi [00:58] nfs has been screwy in my experience [00:59] although right now i've been having issues with netbsd and nfs [00:59] i think it's something to do with not being able to do large mtu in xen [00:59] and having a native high mtu [01:00] mercutio: you like iscsi? i've been thinking about doing some experiments with it... [01:00] the whole multiple mtu's thing on the same network is kind of scary though [01:00] up_the_irons: uhh, i /kind/ of liek it. [01:00] basically - it completely depends on what you're using it for. [01:00] on windows i compared performacne of local disk versus remote disk and iscsi [01:00] and the speed was basically the same [01:00] gigabit link speed fast single sata disk. [01:01] mostly testing games etc :/ [01:01] but [01:01] yea, but you are completely saturating gigabit with single disk speed [01:01] i c [01:01] where iscsi breaks down is if you want to access the same data from multiple hosts [01:01] or if you want to match up id's to volumes [01:01] it starts getting confusing. [01:01] tbh [01:01] if you're looking at redundancy for remote storage external sas is simpler. [01:02] basically you can have two hsots each access the same san [01:02] with short cables. [01:02] ick [01:02] and mount the volume on the second host [01:02] if the first host has issues [01:02] webhost - mm, kind of [01:02] webhost: you'd be amazed at how much random dat there is [01:03] one of my "ideas" that isn't likely to go anywhere, is i thought it'd be cool to have an iscsi server that keeps track of requests, and does ssd caching [01:03] or ssd/ram caching [01:03] mercutio: yeah but what do you export the external sas with? [01:03] but also has the ability to use a "spare" disk or such, to do big sequential dumps [01:04] up: umm SAN has built in "exporting" [01:04] i mean those external disk enclosures [01:05] i dunno about sas, but i know opensolaris can act as a fibre channel san [01:05] but [01:05] computers are generlaly less reliable [01:05] and that's just another point of failure [01:05] mind you disk enclosures will generally limit disk speeds versus a real computer [01:05] err burst speeds [01:06] up_the_irons: anyway, if you want to do expermients with it windows has built in iscsi client [01:06] and opensolaris is real easy to setup iscsi server on [01:06] linux is probably not too difficult [01:07] i might play around with opensolaris and iscsi then... [01:07] i wonder how freebsd handles iscsi [01:07] gah windows changed my drive letter :/ [01:08] i mean, im pretty sure if you are using zfs it is painless [01:08] i didn't have it mounted [01:08] what's a good test for speed? many files or lage files? [01:08] both [01:08] large files will perform better over a network though [01:09] in generally really [01:09] is starcraft a good test? [01:09] the iso for starcraft? [01:10] oh humm it's going a bit slow [01:10] nah the installed game [01:10] it's from ssd source [01:10] oh now it sped up [01:11] http://postimage.org/image/tjb0z6ifx/ [01:11] fwiw it appaers window isn't flushing the cache [01:11] it was going 250mb/sec for a while [01:12] actually that's probably why it was going slow for a while [01:12] and yeah ssd [01:12] for source [01:12] so it could easily burst read speed up at the start [01:13] but it is a hard-disk as destination.. [01:13] err seagate [01:13] 3 tb [01:14] it's also large mtu [01:14] 6k [01:45] up_the_irons: haha. What I mean is that it's listed on the main page, with no mention of "special" anywhere near it. [01:46] jdoe: it's on the top, in a big yellow box :) [01:48] *** Webhostbudd has quit IRC (Ping timeout: 250 seconds) [01:54] so it is. [02:38] *** iih3ro has quit IRC (Ping timeout: 268 seconds) [02:41] *** iih3ro has joined #arpnetworks [03:47] *** HighJinx has quit IRC (Ping timeout: 244 seconds) [03:49] *** HighJinx has joined #arpnetworks [05:35] *** fink has joined #arpnetworks [05:47] *** fink has quit IRC (Quit: fink) [06:03] *** Yamazaki-kun has quit IRC (Ping timeout: 272 seconds) [06:04] *** Yamazaki-kun has joined #arpnetworks [06:08] *** irons|xchat has quit IRC (Ping timeout: 246 seconds) [07:31] *** HighJinx has quit IRC (Ping timeout: 265 seconds) [07:36] *** HighJinx has joined #arpnetworks [07:47] *** HighJinx has quit IRC (Ping timeout: 246 seconds) [07:49] *** HighJinx has joined #arpnetworks [07:58] up_the_irons: ahh, didn't realize you'd left the last job. cool! (assuming finances are working out OK) [07:59] up_the_irons: in centos6 installer, if you are using the GUI, there is a screen that asks you what installation type you want, and offers to let you add/modify the repos it installs. one of the options is something like "Base" or "minimum" or something along those lines [08:00] up_the_irons: if you do that, you'll probably want to make sure you yum install openssh-clients for the users. otherwise they don't get things like scp and such. [08:26] *** thib has joined #arpnetworks [08:28] Hi. Does arp networks do volume discounts on storage i.e. something cheaper then .5USD/1Gb if requesting >1TB of additional storage ? [08:29] thib: not sure, but the best way to find out, email support@arpnetworks.com [08:30] yeah, actually drafting the mail, but when I saw the #arpnetworks on the contact page, thought this might be quicker :) [08:30] hehe [08:31] up_the_irons: is around quite a bit, but you just missed him by about 20 mins or so [08:32] olrite. Well, I'll fire off the mail to though. Thanks! [08:55] *** beandog has joined #arpnetworks [09:52] *** fink has joined #arpnetworks [10:07] *** HighJinx has quit IRC (Ping timeout: 268 seconds) [10:30] *** HighJinx has joined #arpnetworks [10:54] up_the_irons: same username on github? just found powerdns-models [10:54] *** Webhostbudd has joined #arpnetworks [13:07] * andol notices that up_the_irons has a yubikey-cli-tools repo... [13:07] up_the_irons: Any plans to allow users/customers to auth, for portal or so, using their yubikey? [13:12] *** irons|xchat has joined #arpnetworks [13:18] jlgaddis: tnx for the cent info. and yeah, that is my github account. i did powerdns-models during that power week you were gone and I made the Reverse DNS manager [13:20] andol: indeed, the yubikey-cli-tools was a fun little util to write. there are no plans for yubikey auth. I was just playing around with MFA :) [13:48] * andol is quite fond of his Yubikey, even if it feels more useful for webmail and such which he might want to log into from $random_computer. [14:18] andol: yeah, Yubikey's are pretty cool. I use one for certain sensitive / destructive actions on our platform. [14:19] I started using pam_google_authenticator the other day, that's pretty neat [14:29] *** CaZe has quit IRC (Read error: Connection reset by peer) [14:29] *** CaZe` has joined #arpnetworks [14:29] *** CaZe` is now known as CaZe [14:30] twobitha1ker: yeah that looks cool [15:00] *** dj_goku has quit IRC (Ping timeout: 272 seconds) [15:02] *** dj_goku has joined #arpnetworks [15:11] *** Webhostbudd has quit IRC (Quit: Leaving) [15:13] man, how do you disable user reg in moinmoin? [15:13] with great difficulty. [15:13] fuck [15:13] haha [15:14] up_the_irons: which raises the question, if you don't want people editing it, why use a wiki? [15:14] jdoe: only trusted users can edit [15:14] meaning, i will manually create the users [15:14] ah. [15:14] http://moinmo.in/FeatureRequests/DisableUserCreation works, but it had some side effects iirc. [15:14] (it's been a while since I've used moin) [15:16] jdoe: ah tnx [15:33] andol: I use a yubikey to log into my openbsd vps @arp from random places, and a crypto-stick to log in from fixed places (which also works for the serial console) [15:45] it's back: http://wiki.arpnetworks.com/wiki/FrontPage [15:45] and you can't edit shit [15:45] unless you're a registered user [15:48] brb hax [15:53] * jpalmer found a pam module for authenticating off of google apps. it works with googles 2 factor auth. [15:53] oh, twobitha1ker mentioned it above. nevermind :P (late to the party as always) [15:54] *** Webhostbudd has joined #arpnetworks [15:55] * DaCa rather prefers to avoid pam when possible [15:55] the same goes for google :p [15:57] but I must admit googles 2 factor auth is rather neat [15:59] the google authenticator is a good concept [15:59] i mean, yubikeys would be much better if they supported a numerous amount of keys [16:00] the nice thing about yubikeys is how rugged they are [16:00] and being its own hardware platform does make it more secure [16:01] uh [16:01] does it? [16:01] tell that to people using rsa's fobs :P [16:01] lol [16:01] that's a different story [16:01] go on. [16:01] haha. [16:01] if they had the same software implementation* [16:02] yubico could be broken into, and so could google..... [16:02] it's bad for anybody [16:02] well it's not really. [16:02] the issue with RSA is that they kept the seed. [16:02] yes, that is a major problem [16:02] ... so when that DB was compromised, you could clone arbitrary fobs. [16:02] the google authenticator *doesn't* have that problem. [16:02] (no idea about yubiwhatevers) [16:02] neither does the yubikey [16:03] each yubikey uses a randomly generated aes key [16:03] and technically you can change it yourself with their utility [16:03] you can generate your own key on the yubikey and choose to not upload it to yubico [16:03] mhmmmm [16:03] well, it's not so much a choose not to upload, but you can't upload [16:04] once it is changed you can no longer operate through them [16:04] you can [16:04] since when? [16:04] i didn't think they would add new keys to their database [16:04] http://www.yubico.com/aes-key-upload [16:04] is this new? [16:05] relatively new* [16:05] they definitely didn't have this two years ago [16:05] Been a availible for a while, but I also remember a time when it wasn't. [16:05] (Afraid my memory isn't more exact than that.) [16:09] jdoe: the problem with google auth is that it requires a smartphone [16:09] a smartphone is a computer you don't control [16:10] or it's just a trinket you'd rather not be bothered with ;) [16:10] if I would be a malware writer, the google auth app would be my first choice to attack [16:12] heh, it would have to be awfully targetted. [16:12] since on its own, it's just an rng. [16:13] there's no requirement (or reason) for it to have any identifying information about what it's for. [16:15] the private sha1 key (which is used for the OATH-TOTP auth, which is how google 2 factor auth works) is stored on your smartphone, that's the weak link [16:17] *** beandog has quit IRC (Quit: Leaving) [16:18] DaCa: Yeah, running the Google Auth app on your Smartphone is probably not as secure as $indepedant_device, but on the other hand in most cassed password+google_auth is a big improvement compared just password, and being available as a Smartphone app makes more people likely to use it. [16:21] andol: I agree completely, it is only my paranoia level which is a bit higher than the average user :) [16:22] DaCa: you mean, your password isn't "sex" for everything, including bank info? [16:23] jpalmer: mine is "God" [16:23] :) [16:23] brb changing password [16:24] * jpalmer thinks.. now I just need to social engineer kraigu's IP's away from him, and I'll be famous like mitnick! [16:24] Goddess? [16:25] DaCa: ... right, but from haxing the phone alone, you have no idea what the key is for. [16:27] jdoe: chances are high it is for gmail if you are using that, and well, access to your email is absoletely your weakest link [16:27] think password resets [16:28] jpalmer: haha. um, well, I have a /29 with ARP, a single IP at home from my ISP, and a /16 at work [16:28] jpalmer: good luck with that :D [16:30] DaCa: think ssh, I'm not talking about email. (And even if I was, there's nothing to link the key to a specific gmail account either) [16:33] jdoe: ok, if you only use google auth for ssh, and don't ssh from your phone, and leave no traces about the ssh account on the phone, which I think is already a good amount of discipline.... [16:36] ... so like I said, "It would have to be awfully targeted" (oops, spelling...) [16:38] I am not convinced you have to be targetted, computing power is cheap, network is cheap, malware will combine multiple sources of info and try until it hits something [16:41] anyway, I am in Europe, hitting hay, good night everyone [16:42] This won't be ready for a few days, but I'm taking requests for beta VMs on a newer VM host model (newer KVM/QEMU, different VM BIOS (SeaBIOS), updated and lower power hardware [AMD instead of Intel], etc...) [16:43] up_the_irons: how do we announce our interest? [16:43] jpalmer: COLD HARD CASH [16:43] hehe it's like apple! pay for betas! [16:43] Requirements: 1) You need to already have an available IP for the beta VM, I won't provision additional blocks, 2) I need OpenBSD testers the most, 3) CentOS 6.x testers also needed [16:43] MS does it too [16:44] jpalmer: just tell me :) [16:44] up_the_irons: I'll test CentOS 6 ;) [16:44] jdoe loves centos :D [16:44] and, you can use the .115 IP from my /29 [16:45] these VMs are free, but as such, must not take too much of my resources to make (hence, no additional IPs) [16:45] jpalmer: which account? [16:47] disk will be blank, i want to see how installs from ISOs work out (tests a lot more of the stack) [16:48] kraigu: jpalmer: cold hard cash works too :) [16:48] up_the_irons: I find it often does :D [16:48] lower power hardware =( [16:48] Webhostbudd: why sad? lower power, but not less powerful [16:48] oh [16:48] alright [16:48] up_the_irons: the jpalmer account. I'll test it as much as I can until you end the beta, then we can cancel/kill, it won't do anything that can't be destroyed. [16:49] this thing screams so far, and uses less power than my Intel setups [16:49] jpalmer: roger [16:49] that's surpising, im guessing these intels aren't ivbs? [16:51] Webhostbudd: no, not at all, they are old school Xeon's (socket 771 E5430's) [16:52] ahhh [16:52] Webhostbudd: i've found that setup to be so reliable (> 900 days uptime on several hosts) that I never switched away. But as that hardware is becoming more scarce, and in light of future proofing, lowering power footprint, etc... I need a newer setup [16:52] i see how those could be super power hungry [16:52] gotta run, bbl [16:52] are you using opterons or desktop class apus? [17:04]