Webhostbudd: supermicro, yeah you could be if enough people ordered =p up_the_irons: do the dedi's have ipmi on the board? Webhostbudd: certainly nice we have a customer VPN set up now too (OpenVPN), to access IPMI cards so jealous i doubt i could afford you guys though =( but the vpn access is awesome, that's one thing i really dislike about my current dedi they have it hosted on the public internet mnathani: no, we're not really equiped to cancel accounts then turn around right away and recreate them, at a loss. Webhostbudd: lol, really? haha, there's a hack waiting to happen yea, i've been hacking together some rudimentary security with iptables scripts on the nvram it's really not ideal though the company i'm with is sketchy at best, but they have uptime Webhostbudd: what is the current dedi deal you are getting? maybe i can match it (doubt it if it is crazy low, but let's see...) e3-1230 v2 with 16GB ram and 2x1TB disks for $115 Webhostbudd dang, good deal and a 100mb line which is unmetered, although unmetered isn't a dealbreaker for me as long as the box runs, the place is alright. But god forbid you need support or want to do anything outside of your own box, it is pretty awful luckily after they fixed the bad sticks of ram in the box and enabled ipmi i haven't had to worry much since you guys use supermicro ipmi on a private lan, do you also have a read-only cifs share on it for iso's? that would be awesome Webhostbudd: yes, we do. not cifs, but on a plain ol' samba share. IPMI mounts it as virtual media. you can install anything you like. yea see, with my current host it has pretty much been, grab the cheapest vps possible to host the samba share for the image i guess that is what you get for the price :) Webhostbudd: so they host the samba share on a cheap vps? LOL. our samba share is actually on the high perf mirrors.arpnetworks.com box, so it is made for file serving. no no i host it =p they don't even do anything it's a freaking dance on my end just to get this stuff working a little entertaining having to pivot around though lol Webhostbudd: you comfortable with OpenVPN? definitely if so, you should have no problem getting set up on ours, accessing IPMI, virtual media, etc... openvpn is awesome most of what i do with it is site-to-site anymore but i do have it on my client machines for bacula backups at any rate the service you guys offer sounds pretty nice out of curiosity is there a public dedicated server page on arpnetworks.com yet? Webhostbudd: there isn't yet; my work with it has more been through email and ppl telling me what they want. i am learning about the whole dedi business as well, so when I get the new page up, it'll be more refined. already have learned that 2x drives could become 4x easily, and some want RAID. So that blows away my microcloud chassis, but at least the 1U's are easy to build :) ahhh wtf is this lag about... 64.7 ...and now it fixes itself weird jpalmer: is the default CentOS 6.3 install a minimal one (+ SSH and the basics)? When I used the GUI installer, it didn't really ask me anything about package selection. When i logged in for the first time, 'yum list' (or w/e) had a lot of X11 packages, is that normal? one issue with using cifs with those ipmi things is they tend to have terrible speeds if you're far away so it is better to be able to host locally i mean it was pretty crazy slow from texas to chicago mercutio: i was actually able to find cheap vps's hosted in the same datacenter or very close <1ms ping web: would help :) i don't even remember what chicago to texas pigns are like cifs is very talkative so latency kills it i can do cifs over adsl for some stuff but not others it can depend on the application (that's with 10 msec ping) interesting texas to chicago is about 20 msec so yeah it's not very latency tolerant at all dang, more lag... i thought it was just the window sizes in the client though good thing i have xchat open in another window that was to isntall opensolaris no-one has opensolaris as an install option on dedicateds :/ opensolaris is dead..... now, if you said oi or smartos this was a few yeras back oh well, ovh has oi and smartos on their dedi's 7:59pm up 673 day(s), 20 min(s), 1 user, load average: 0.01, 0.00, 0.00 then again they image nearly everything because they are such a large operation it was about that long ago oh it was longer ago than that acutally there wsa an outage damn, is that actually an opensol box? yeh impressive how so? i dunno, i'm not usually one to have more than 180 days uptime why do you reboot? operating system updates SunOS zone6 5.11 snv_134 i86pc i386 i86xpv there hasn't been any opensolaris updates since then exactly heh but yeah OI is pretty good from what i hear i've never had any stability issues with it well it's got zfs it's running xen you can snapshot virtual machines and send them across the world yea, it's pretty awesome and in essence more a virtual server around the world with very short downtime I'm excited to see where smartos goes basically.. you snapshot, send the data, snapshot, send the updated data, shutdown, snapshot again send the updated down, bring up yep that's assuming the first send is done without paying attention to how long it takes at all ie in the backgrund mhmmm so the first one takes forever depending on your net speed the second one is pretty quick the third one is really quick of course yeh, smartos is intersting i like that they have kvm up and running on the illumos kernel tbh, i'm really confused about what makes sense with virtualisation these days i like that too but i'd rather not have to use vnc... i much prefer xm console I'm sure spice could be easily ported so that's one issue i've done kvm on openindiana with windows bad? well it takes a hile to figure out how to install virtio drivers in windows while i've done windows in esxi before too and it's less confusing also there's like no management interface or anything in openindiana well, vmware straight up gives you installers meaning you have to figure out things like to set the mouse to a tablet thingy yes, that is a big problem (that's one of the things that irked me ) but if you had libvirt on openindiana i think it could be viable hmm the other thing is about how it allocates ports for vnc is there some standard way? 5900+2 im pretty sure? i think in the end I used ssh -C -X i think it's on localhost by default? it should listen on all ports by default how does it increment? oh? well i can't really remember but i prefer hostname and xm console blah also well, see, i'm used to spice which needs two ports that debug screen with alt-1 so it increments by 2 or wahtever it was was curious but vnc might now not* but like it's a pita to eject cdrom oh in xen you can just do attach-disk im used to handling that stuff with libvirt you can do mem-set and change the amount of memory etc so i still prefer xen myself :) from a "having to maintain it myself" pov what i liek about kvm is it allows me to run openbsd openbsd doesn't run that great under esxi or xen hvm yea, bsd's in general don't run well under xen or vmware although freebsd 9 has the dom0 kernel for xen pv netbsd has domu i installed it a while back at home i have openindiana/xen at home k that's the other prob with kvm iot doesn't work on older cpus like core2duos maybe not on openindiana it should work fine on linux yeh mm yeh i'm wondering if i should use linux but mostly just cos i want to make that box quieter and i figure that linux will be better at shutting down the disks... yes i could run openindiana in kvm? on linux? i would think so or xen i suppsoe i've never tried OI on kvm kvm runs almost anything though i haven't had anything break in kvm and then psas through the ethernet card try it yeah i have to upgrade it first :/ heck, if you want an easy kvm solution try proxmoxve to sommething that'll do vt-d they do a pretty good job well i mostly just want a file server with some virtual hosts running on it solaris makes a good file server yes it does iscsi is stable linux doesn't unfortunately nfs is stable and cifs is stable linux it's like iscsi.. uhh.. nfs.. uhh... cifs... oh cifs works on linux!!!! nfs has been fine in my experience i never really deal with iscsi nfs has been screwy in my experience although right now i've been having issues with netbsd and nfs i think it's something to do with not being able to do large mtu in xen and having a native high mtu mercutio: you like iscsi? i've been thinking about doing some experiments with it... the whole multiple mtu's thing on the same network is kind of scary though up_the_irons: uhh, i /kind/ of liek it. basically - it completely depends on what you're using it for. on windows i compared performacne of local disk versus remote disk and iscsi and the speed was basically the same gigabit link speed fast single sata disk. mostly testing games etc :/ but yea, but you are completely saturating gigabit with single disk speed i c where iscsi breaks down is if you want to access the same data from multiple hosts or if you want to match up id's to volumes it starts getting confusing. tbh if you're looking at redundancy for remote storage external sas is simpler. basically you can have two hsots each access the same san with short cables. ick and mount the volume on the second host if the first host has issues webhost - mm, kind of webhost: you'd be amazed at how much random dat there is one of my "ideas" that isn't likely to go anywhere, is i thought it'd be cool to have an iscsi server that keeps track of requests, and does ssd caching or ssd/ram caching mercutio: yeah but what do you export the external sas with? but also has the ability to use a "spare" disk or such, to do big sequential dumps up: umm SAN has built in "exporting" i mean those external disk enclosures i dunno about sas, but i know opensolaris can act as a fibre channel san but computers are generlaly less reliable and that's just another point of failure mind you disk enclosures will generally limit disk speeds versus a real computer err burst speeds up_the_irons: anyway, if you want to do expermients with it windows has built in iscsi client and opensolaris is real easy to setup iscsi server on linux is probably not too difficult i might play around with opensolaris and iscsi then... i wonder how freebsd handles iscsi gah windows changed my drive letter :/ i mean, im pretty sure if you are using zfs it is painless i didn't have it mounted what's a good test for speed? many files or lage files? both large files will perform better over a network though in generally really is starcraft a good test? the iso for starcraft? oh humm it's going a bit slow nah the installed game it's from ssd source oh now it sped up http://postimage.org/image/tjb0z6ifx/ fwiw it appaers window isn't flushing the cache it was going 250mb/sec for a while actually that's probably why it was going slow for a while and yeah ssd for source so it could easily burst read speed up at the start but it is a hard-disk as destination.. err seagate 3 tb it's also large mtu 6k up_the_irons: haha. What I mean is that it's listed on the main page, with no mention of "special" anywhere near it. jdoe: it's on the top, in a big yellow box :) so it is. up_the_irons: ahh, didn't realize you'd left the last job. cool! (assuming finances are working out OK) up_the_irons: in centos6 installer, if you are using the GUI, there is a screen that asks you what installation type you want, and offers to let you add/modify the repos it installs. one of the options is something like "Base" or "minimum" or something along those lines up_the_irons: if you do that, you'll probably want to make sure you yum install openssh-clients for the users. otherwise they don't get things like scp and such. Hi. Does arp networks do volume discounts on storage i.e. something cheaper then .5USD/1Gb if requesting >1TB of additional storage ? thib: not sure, but the best way to find out, email support@arpnetworks.com yeah, actually drafting the mail, but when I saw the #arpnetworks on the contact page, thought this might be quicker :) hehe up_the_irons: is around quite a bit, but you just missed him by about 20 mins or so olrite. Well, I'll fire off the mail to though. Thanks! up_the_irons: same username on github? just found powerdns-models up_the_irons: Any plans to allow users/customers to auth, for portal or so, using their yubikey? jlgaddis: tnx for the cent info. and yeah, that is my github account. i did powerdns-models during that power week you were gone and I made the Reverse DNS manager andol: indeed, the yubikey-cli-tools was a fun little util to write. there are no plans for yubikey auth. I was just playing around with MFA :) andol: yeah, Yubikey's are pretty cool. I use one for certain sensitive / destructive actions on our platform. I started using pam_google_authenticator the other day, that's pretty neat twobitha1ker: yeah that looks cool man, how do you disable user reg in moinmoin? with great difficulty. fuck haha up_the_irons: which raises the question, if you don't want people editing it, why use a wiki? jdoe: only trusted users can edit meaning, i will manually create the users ah. http://moinmo.in/FeatureRequests/DisableUserCreation works, but it had some side effects iirc. (it's been a while since I've used moin) jdoe: ah tnx andol: I use a yubikey to log into my openbsd vps @arp from random places, and a crypto-stick to log in from fixed places (which also works for the serial console) it's back: http://wiki.arpnetworks.com/wiki/FrontPage and you can't edit shit unless you're a registered user brb hax oh, twobitha1ker mentioned it above. nevermind :P (late to the party as always) the same goes for google :p but I must admit googles 2 factor auth is rather neat the google authenticator is a good concept i mean, yubikeys would be much better if they supported a numerous amount of keys the nice thing about yubikeys is how rugged they are and being its own hardware platform does make it more secure uh does it? tell that to people using rsa's fobs :P lol that's a different story go on. haha. if they had the same software implementation* yubico could be broken into, and so could google..... it's bad for anybody well it's not really. the issue with RSA is that they kept the seed. yes, that is a major problem ... so when that DB was compromised, you could clone arbitrary fobs. the google authenticator *doesn't* have that problem. (no idea about yubiwhatevers) neither does the yubikey each yubikey uses a randomly generated aes key and technically you can change it yourself with their utility you can generate your own key on the yubikey and choose to not upload it to yubico mhmmmm well, it's not so much a choose not to upload, but you can't upload once it is changed you can no longer operate through them you can since when? i didn't think they would add new keys to their database http://www.yubico.com/aes-key-upload is this new? relatively new* they definitely didn't have this two years ago Been a availible for a while, but I also remember a time when it wasn't. (Afraid my memory isn't more exact than that.) jdoe: the problem with google auth is that it requires a smartphone a smartphone is a computer you don't control or it's just a trinket you'd rather not be bothered with ;) if I would be a malware writer, the google auth app would be my first choice to attack heh, it would have to be awfully targetted. since on its own, it's just an rng. there's no requirement (or reason) for it to have any identifying information about what it's for. the private sha1 key (which is used for the OATH-TOTP auth, which is how google 2 factor auth works) is stored on your smartphone, that's the weak link DaCa: Yeah, running the Google Auth app on your Smartphone is probably not as secure as $indepedant_device, but on the other hand in most cassed password+google_auth is a big improvement compared just password, and being available as a Smartphone app makes more people likely to use it. andol: I agree completely, it is only my paranoia level which is a bit higher than the average user :) DaCa: you mean, your password isn't "sex" for everything, including bank info? jpalmer: mine is "God" :) brb changing password Goddess? DaCa: ... right, but from haxing the phone alone, you have no idea what the key is for. jdoe: chances are high it is for gmail if you are using that, and well, access to your email is absoletely your weakest link think password resets jpalmer: haha. um, well, I have a /29 with ARP, a single IP at home from my ISP, and a /16 at work jpalmer: good luck with that :D DaCa: think ssh, I'm not talking about email. (And even if I was, there's nothing to link the key to a specific gmail account either) jdoe: ok, if you only use google auth for ssh, and don't ssh from your phone, and leave no traces about the ssh account on the phone, which I think is already a good amount of discipline.... ... so like I said, "It would have to be awfully targeted" (oops, spelling...) I am not convinced you have to be targetted, computing power is cheap, network is cheap, malware will combine multiple sources of info and try until it hits something anyway, I am in Europe, hitting hay, good night everyone This won't be ready for a few days, but I'm taking requests for beta VMs on a newer VM host model (newer KVM/QEMU, different VM BIOS (SeaBIOS), updated and lower power hardware [AMD instead of Intel], etc...) up_the_irons: how do we announce our interest? jpalmer: COLD HARD CASH hehe it's like apple! pay for betas! Requirements: 1) You need to already have an available IP for the beta VM, I won't provision additional blocks, 2) I need OpenBSD testers the most, 3) CentOS 6.x testers also needed MS does it too jpalmer: just tell me :) up_the_irons: I'll test CentOS 6 ;) jdoe loves centos :D and, you can use the .115 IP from my /29 these VMs are free, but as such, must not take too much of my resources to make (hence, no additional IPs) jpalmer: which account? disk will be blank, i want to see how installs from ISOs work out (tests a lot more of the stack) kraigu: jpalmer: cold hard cash works too :) up_the_irons: I find it often does :D lower power hardware =( Webhostbudd: why sad? lower power, but not less powerful oh alright up_the_irons: the jpalmer account. I'll test it as much as I can until you end the beta, then we can cancel/kill, it won't do anything that can't be destroyed. this thing screams so far, and uses less power than my Intel setups jpalmer: roger that's surpising, im guessing these intels aren't ivbs? Webhostbudd: no, not at all, they are old school Xeon's (socket 771 E5430's) ahhh Webhostbudd: i've found that setup to be so reliable (> 900 days uptime on several hosts) that I never switched away. But as that hardware is becoming more scarce, and in light of future proofing, lowering power footprint, etc... I need a newer setup i see how those could be super power hungry gotta run, bbl are you using opterons or desktop class apus? the lower-power 8-core opterons are pretty sexy. I think the newer i-whatever stuff still shits on them in the low end (in terms of 'power' per watt), at the cost of fewer cores... which is presumably a selling point for vps hosting hardware. the e5 6core 12 ht are meant to be "pretty fast" but they're not much faster at some things still for intel i think the cool thing for vps hosting is that the new cpus do aes-ni i wonder if new amds do that oo too bloody windows amd bulldozer support aes-ni up_the_irons: so powerdns-models makes me wonder if you've built a web frontend to powerdns =) there are tons of web frontends to powerdns I used to use 'pweradmin' a long while back. 'poweradmin' Heh, trying to figure out how to use PHP to edit XML (ATOM/RSS specifically), and I'm going, damn it, writing a program in C may be quicker. That should never be your reaction in a high-level language. haha C is likely safer too, even if you are careless with your pointers :P jpalmer: *nod* most of them are fugly though PHP is great if all you want to do is write XML. arenlor: more like cold fusion Webhostbudd: Eh? oh nvm does coldfusion even exist anymore? i doubt it jpalmer: sounds about right adibe yea "had"? :( think of all the doors that need holding open! kraigu: It was a cold winter day :P arenlor: haha According to Wikipedia, last release was in May. wow. scary Christ is that expensive. back in the day, allaire had a pretty decent IDE for developing web pages. homesite or something like that ya homesite it was shit! $4,200 for upgrade. $8,500 for the full version. cripes.