Webhostbudd: you could be if enough people ordered =p
up_the_irons: do the dedi's have ipmi on the board? up_the_irons: Webhostbudd: certainly Webhostbudd: nice up_the_irons: we have a customer VPN set up now too (OpenVPN), to access IPMI cards Webhostbudd: so jealous
i doubt i could afford you guys though =(
but the vpn access is awesome, that's one thing i really dislike about my current dedi
they have it hosted on the public internet up_the_irons: mnathani: no, we're not really equiped to cancel accounts then turn around right away and recreate them, at a loss.
Webhostbudd: lol, really? haha, there's a hack waiting to happen Webhostbudd: yea, i've been hacking together some rudimentary security with iptables scripts on the nvram
it's really not ideal though
the company i'm with is sketchy at best, but they have uptime up_the_irons: Webhostbudd: what is the current dedi deal you are getting? maybe i can match it (doubt it if it is crazy low, but let's see...) Webhostbudd: e3-1230 v2 with 16GB ram and 2x1TB disks for $115 ***: HighJinx has joined #arpnetworks up_the_irons: Webhostbudd dang, good deal Webhostbudd: and a 100mb line which is unmetered, although unmetered isn't a dealbreaker for me
as long as the box runs, the place is alright. But god forbid you need support or want to do anything outside of your own box, it is pretty awful
luckily after they fixed the bad sticks of ram in the box and enabled ipmi i haven't had to worry much
since you guys use supermicro ipmi on a private lan, do you also have a read-only cifs share on it for iso's?
that would be awesome up_the_irons: Webhostbudd: yes, we do. not cifs, but on a plain ol' samba share. IPMI mounts it as virtual media. you can install anything you like. Webhostbudd: yea ***: irons|xchat has joined #arpnetworks Webhostbudd: see, with my current host it has pretty much been, grab the cheapest vps possible to host the samba share for the image
i guess that is what you get for the price :) up_the_irons: Webhostbudd: so they host the samba share on a cheap vps? LOL. our samba share is actually on the high perf mirrors.arpnetworks.com box, so it is made for file serving. Webhostbudd: no no
i host it =p
they don't even do anything
it's a freaking dance on my end just to get this stuff working
a little entertaining having to pivot around though up_the_irons: lol
Webhostbudd: you comfortable with OpenVPN? Webhostbudd: definitely up_the_irons: if so, you should have no problem getting set up on ours, accessing IPMI, virtual media, etc... Webhostbudd: openvpn is awesome
most of what i do with it is site-to-site anymore
but i do have it on my client machines for bacula backups
at any rate
the service you guys offer sounds pretty nice
out of curiosity is there a public dedicated server page on arpnetworks.com yet? up_the_irons: Webhostbudd: there isn't yet; my work with it has more been through email and ppl telling me what they want. i am learning about the whole dedi business as well, so when I get the new page up, it'll be more refined. already have learned that 2x drives could become 4x easily, and some want RAID. So that blows away my microcloud chassis, but at least the 1U's are easy to build :) Webhostbudd: ahhh up_the_irons: wtf is this lag about...
64.7
...and now it fixes itself Webhostbudd: weird up_the_irons: jpalmer: is the default CentOS 6.3 install a minimal one (+ SSH and the basics)? When I used the GUI installer, it didn't really ask me anything about package selection. When i logged in for the first time, 'yum list' (or w/e) had a lot of X11 packages, is that normal? mercutio: one issue with using cifs with those ipmi things is they tend to have terrible speeds if you're far away
so it is better to be able to host locally
i mean it was pretty crazy slow from texas to chicago Webhostbudd: mercutio: i was actually able to find cheap vps's hosted in the same datacenter
or very close
<1ms ping mercutio: web: would help :)
i don't even remember what chicago to texas pigns are like Webhostbudd: cifs is very talkative so latency kills it mercutio: i can do cifs over adsl for some stuff but not others
it can depend on the application
(that's with 10 msec ping) Webhostbudd: interesting mercutio: texas to chicago is about 20 msec
so yeah it's not very latency tolerant at all up_the_irons: dang, more lag... mercutio: i thought it was just the window sizes in the client though up_the_irons: good thing i have xchat open in another window mercutio: that was to isntall opensolaris
no-one has opensolaris as an install option on dedicateds :/ Webhostbudd: opensolaris is dead.....
now, if you said oi or smartos mercutio: this was a few yeras back Webhostbudd: oh
well, ovh has oi and smartos on their dedi's mercutio: 7:59pm up 673 day(s), 20 min(s), 1 user, load average: 0.01, 0.00, 0.00 Webhostbudd: then again they image nearly everything because they are such a large operation mercutio: it was about that long ago
oh it was longer ago than that acutally
there wsa an outage Webhostbudd: damn, is that actually an opensol box? mercutio: yeh Webhostbudd: impressive mercutio: how so? Webhostbudd: i dunno, i'm not usually one to have more than 180 days uptime mercutio: why do you reboot? Webhostbudd: operating system updates mercutio: SunOS zone6 5.11 snv_134 i86pc i386 i86xpv
there hasn't been any opensolaris updates since then Webhostbudd: exactly mercutio: heh
but yeah Webhostbudd: OI is pretty good from what i hear mercutio: i've never had any stability issues with it
well it's got zfs
it's running xen
you can snapshot virtual machines
and send them across the world Webhostbudd: yea, it's pretty awesome mercutio: and in essence more a virtual server around the world with very short downtime Webhostbudd: I'm excited to see where smartos goes mercutio: basically.. you snapshot, send the data, snapshot, send the updated data, shutdown, snapshot again send the updated down, bring up Webhostbudd: yep mercutio: that's assuming the first send is done without paying attention to how long it takes at all
ie in the backgrund Webhostbudd: mhmmm mercutio: so the first one takes forever depending on your net speed
the second one is pretty quick
the third one is really quick Webhostbudd: of course mercutio: yeh, smartos is intersting Webhostbudd: i like that they have kvm up and running on the illumos kernel mercutio: tbh, i'm really confused about what makes sense with virtualisation these days
i like that too
but
i'd rather not have to use vnc...
i much prefer xm console Webhostbudd: I'm sure spice could be easily ported mercutio: so that's one issue
i've done kvm on openindiana
with windows Webhostbudd: bad? mercutio: well
it takes a hile to figure out how to install virtio drivers in windows
while
i've done windows in esxi before too and it's less confusing
also there's like no management interface or anything in openindiana Webhostbudd: well, vmware straight up gives you installers mercutio: meaning you have to figure out things like to set the mouse to a tablet thingy Webhostbudd: yes, that is a big problem mercutio: (that's one of the things that irked me ) Webhostbudd: but if you had libvirt on openindiana i think it could be viable mercutio: hmm
the other thing is about how it allocates ports for vnc
is there some standard way? Webhostbudd: 5900+2
im pretty sure? mercutio: i think in the end I used ssh -C -X
i think it's on localhost by default? Webhostbudd: it should listen on all ports by default mercutio: how does it increment?
oh?
well i can't really remember
but i prefer hostname and xm console blah
also Webhostbudd: well, see, i'm used to spice which needs two ports mercutio: that debug screen with alt-1 Webhostbudd: so it increments by 2 mercutio: or wahtever it was was curious Webhostbudd: but vnc might now
not* mercutio: but like it's a pita to eject cdrom Webhostbudd: oh mercutio: in xen you can just do attach-disk Webhostbudd: im used to handling that stuff with libvirt mercutio: you can do mem-set and change the amount of memory etc
so i still prefer xen myself :)
from a "having to maintain it myself" pov
what i liek about kvm is it allows me to run openbsd
openbsd doesn't run that great under esxi or xen hvm Webhostbudd: yea, bsd's in general don't run well under xen or vmware
although freebsd 9 has the dom0 kernel for xen pv mercutio: netbsd has domu
i installed it a while back
at home
i have openindiana/xen at home Webhostbudd: k mercutio: that's the other prob with kvm
iot doesn't work on older cpus
like core2duos Webhostbudd: maybe not on openindiana
it should work fine on linux mercutio: yeh
mm
yeh i'm wondering if i should use linux
but mostly just cos i want to make that box quieter
and i figure that linux will be better at shutting down the disks... Webhostbudd: yes mercutio: i could run openindiana in kvm?
on linux? Webhostbudd: i would think so mercutio: or xen i suppsoe Webhostbudd: i've never tried OI on kvm
kvm runs almost anything though
i haven't had anything break in kvm mercutio: and then psas through the ethernet card Webhostbudd: try it mercutio: yeah
i have to upgrade it first :/ Webhostbudd: heck, if you want an easy kvm solution try proxmoxve mercutio: to sommething that'll do vt-d Webhostbudd: they do a pretty good job mercutio: well i mostly just want a file server
with some virtual hosts running on it
solaris makes a good file server Webhostbudd: yes it does mercutio: iscsi is stable Webhostbudd: linux doesn't unfortunately mercutio: nfs is stable
and cifs is stable
linux it's like iscsi.. uhh.. nfs.. uhh... cifs... oh cifs works on linux!!!! Webhostbudd: nfs has been fine in my experience
i never really deal with iscsi mercutio: nfs has been screwy in my experience
although right now i've been having issues with netbsd and nfs
i think it's something to do with not being able to do large mtu in xen
and having a native high mtu up_the_irons: mercutio: you like iscsi? i've been thinking about doing some experiments with it... mercutio: the whole multiple mtu's thing on the same network is kind of scary though
up_the_irons: uhh, i /kind/ of liek it.
basically - it completely depends on what you're using it for.
on windows i compared performacne of local disk versus remote disk and iscsi
and the speed was basically the same
gigabit link speed fast single sata disk.
mostly testing games etc :/
but Webhostbudd: yea, but you are completely saturating gigabit with single disk speed up_the_irons: i c mercutio: where iscsi breaks down is if you want to access the same data from multiple hosts
or if you want to match up id's to volumes
it starts getting confusing.
tbh
if you're looking at redundancy for remote storage external sas is simpler.
basically you can have two hsots each access the same san
with short cables. Webhostbudd: ick mercutio: and mount the volume on the second host
if the first host has issues
webhost - mm, kind of
webhost: you'd be amazed at how much random dat there is
one of my "ideas" that isn't likely to go anywhere, is i thought it'd be cool to have an iscsi server that keeps track of requests, and does ssd caching
or ssd/ram caching up_the_irons: mercutio: yeah but what do you export the external sas with? mercutio: but also has the ability to use a "spare" disk or such, to do big sequential dumps
up: umm SAN has built in "exporting"
i mean those external disk enclosures
i dunno about sas, but i know opensolaris can act as a fibre channel san
but
computers are generlaly less reliable
and that's just another point of failure
mind you disk enclosures will generally limit disk speeds versus a real computer
err burst speeds
up_the_irons: anyway, if you want to do expermients with it windows has built in iscsi client
and opensolaris is real easy to setup iscsi server on
linux is probably not too difficult up_the_irons: i might play around with opensolaris and iscsi then... Webhostbudd: i wonder how freebsd handles iscsi mercutio: gah windows changed my drive letter :/ Webhostbudd: i mean, im pretty sure if you are using zfs it is painless mercutio: i didn't have it mounted
what's a good test for speed? many files or lage files? Webhostbudd: both
large files will perform better over a network though
in generally really mercutio: is starcraft a good test? Webhostbudd: the iso for starcraft? mercutio: oh humm it's going a bit slow
nah the installed game
it's from ssd source
oh now it sped up
http://postimage.org/image/tjb0z6ifx/
fwiw it appaers window isn't flushing the cache
it was going 250mb/sec for a while
actually that's probably why it was going slow for a while
and yeah ssd
for source
so it could easily burst read speed up at the start
but it is a hard-disk as destination..
err seagate
3 tb
it's also large mtu
6k jdoe: up_the_irons: haha. What I mean is that it's listed on the main page, with no mention of "special" anywhere near it. up_the_irons: jdoe: it's on the top, in a big yellow box :) ***: Webhostbudd has quit IRC (Ping timeout: 250 seconds) jdoe: so it is. ***: iih3ro has quit IRC (Ping timeout: 268 seconds)
iih3ro has joined #arpnetworks
HighJinx has quit IRC (Ping timeout: 244 seconds)
HighJinx has joined #arpnetworks
fink has joined #arpnetworks
fink has quit IRC (Quit: fink)
Yamazaki-kun has quit IRC (Ping timeout: 272 seconds)
Yamazaki-kun has joined #arpnetworks
irons|xchat has quit IRC (Ping timeout: 246 seconds)
HighJinx has quit IRC (Ping timeout: 265 seconds)
HighJinx has joined #arpnetworks
HighJinx has quit IRC (Ping timeout: 246 seconds)
HighJinx has joined #arpnetworks jpalmer: up_the_irons: ahh, didn't realize you'd left the last job. cool! (assuming finances are working out OK)
up_the_irons: in centos6 installer, if you are using the GUI, there is a screen that asks you what installation type you want, and offers to let you add/modify the repos it installs. one of the options is something like "Base" or "minimum" or something along those lines
up_the_irons: if you do that, you'll probably want to make sure you yum install openssh-clients for the users. otherwise they don't get things like scp and such. ***: thib has joined #arpnetworks thib: Hi. Does arp networks do volume discounts on storage i.e. something cheaper then .5USD/1Gb if requesting >1TB of additional storage ? jpalmer: thib: not sure, but the best way to find out, email support@arpnetworks.com thib: yeah, actually drafting the mail, but when I saw the #arpnetworks on the contact page, thought this might be quicker :) jpalmer: hehe
up_the_irons: is around quite a bit, but you just missed him by about 20 mins or so thib: olrite. Well, I'll fire off the mail to though. Thanks! ***: beandog has joined #arpnetworks
fink has joined #arpnetworks
HighJinx has quit IRC (Ping timeout: 268 seconds)
HighJinx has joined #arpnetworks jlgaddis: up_the_irons: same username on github? just found powerdns-models ***: Webhostbudd has joined #arpnetworks -: andol notices that up_the_irons has a yubikey-cli-tools repo... andol: up_the_irons: Any plans to allow users/customers to auth, for portal or so, using their yubikey? ***: irons|xchat has joined #arpnetworks up_the_irons: jlgaddis: tnx for the cent info. and yeah, that is my github account. i did powerdns-models during that power week you were gone and I made the Reverse DNS manager
andol: indeed, the yubikey-cli-tools was a fun little util to write. there are no plans for yubikey auth. I was just playing around with MFA :) -: andol is quite fond of his Yubikey, even if it feels more useful for webmail and such which he might want to log into from $random_computer. up_the_irons: andol: yeah, Yubikey's are pretty cool. I use one for certain sensitive / destructive actions on our platform. twobitha1ker: I started using pam_google_authenticator the other day, that's pretty neat ***: CaZe has quit IRC (Read error: Connection reset by peer)
CaZe` has joined #arpnetworks
CaZe` is now known as CaZe up_the_irons: twobitha1ker: yeah that looks cool ***: dj_goku has quit IRC (Ping timeout: 272 seconds)
dj_goku has joined #arpnetworks
Webhostbudd has quit IRC (Quit: Leaving) up_the_irons: man, how do you disable user reg in moinmoin? jdoe: with great difficulty. up_the_irons: fuck iih3ro: haha jdoe: up_the_irons: which raises the question, if you don't want people editing it, why use a wiki? up_the_irons: jdoe: only trusted users can edit
meaning, i will manually create the users jdoe: ah.
http://moinmo.in/FeatureRequests/DisableUserCreation works, but it had some side effects iirc.
(it's been a while since I've used moin) up_the_irons: jdoe: ah tnx DaCa: andol: I use a yubikey to log into my openbsd vps @arp from random places, and a crypto-stick to log in from fixed places (which also works for the serial console) up_the_irons: it's back: http://wiki.arpnetworks.com/wiki/FrontPage
and you can't edit shit
unless you're a registered user jdoe: brb hax -: jpalmer found a pam module for authenticating off of google apps. it works with googles 2 factor auth. jpalmer: oh, twobitha1ker mentioned it above. nevermind :P (late to the party as always) ***: Webhostbudd has joined #arpnetworks -: DaCa rather prefers to avoid pam when possible DaCa: the same goes for google :p
but I must admit googles 2 factor auth is rather neat Webhostbudd: the google authenticator is a good concept
i mean, yubikeys would be much better if they supported a numerous amount of keys
the nice thing about yubikeys is how rugged they are
and being its own hardware platform does make it more secure jdoe: uh
does it?
tell that to people using rsa's fobs :P up_the_irons: lol Webhostbudd: that's a different story jdoe: go on.
haha. Webhostbudd: if they had the same software implementation*
yubico could be broken into, and so could google.....
it's bad for anybody jdoe: well it's not really.
the issue with RSA is that they kept the seed. Webhostbudd: yes, that is a major problem jdoe: ... so when that DB was compromised, you could clone arbitrary fobs.
the google authenticator *doesn't* have that problem.
(no idea about yubiwhatevers) Webhostbudd: neither does the yubikey
each yubikey uses a randomly generated aes key
and technically you can change it yourself with their utility DaCa: you can generate your own key on the yubikey and choose to not upload it to yubico Webhostbudd: mhmmmm
well, it's not so much a choose not to upload, but you can't upload
once it is changed you can no longer operate through them DaCa: you can Webhostbudd: since when?
i didn't think they would add new keys to their database andol: http://www.yubico.com/aes-key-upload Webhostbudd: is this new?
relatively new*
they definitely didn't have this two years ago andol: Been a availible for a while, but I also remember a time when it wasn't.
(Afraid my memory isn't more exact than that.) DaCa: jdoe: the problem with google auth is that it requires a smartphone
a smartphone is a computer you don't control kraigu: or it's just a trinket you'd rather not be bothered with ;) DaCa: if I would be a malware writer, the google auth app would be my first choice to attack jdoe: heh, it would have to be awfully targetted.
since on its own, it's just an rng.
there's no requirement (or reason) for it to have any identifying information about what it's for. DaCa: the private sha1 key (which is used for the OATH-TOTP auth, which is how google 2 factor auth works) is stored on your smartphone, that's the weak link ***: beandog has quit IRC (Quit: Leaving) andol: DaCa: Yeah, running the Google Auth app on your Smartphone is probably not as secure as $indepedant_device, but on the other hand in most cassed password+google_auth is a big improvement compared just password, and being available as a Smartphone app makes more people likely to use it. DaCa: andol: I agree completely, it is only my paranoia level which is a bit higher than the average user :) jpalmer: DaCa: you mean, your password isn't "sex" for everything, including bank info? kraigu: jpalmer: mine is "God" DaCa: :) kraigu: brb changing password -: jpalmer thinks.. now I just need to social engineer kraigu's IP's away from him, and I'll be famous like mitnick! DaCa: Goddess? jdoe: DaCa: ... right, but from haxing the phone alone, you have no idea what the key is for. DaCa: jdoe: chances are high it is for gmail if you are using that, and well, access to your email is absoletely your weakest link
think password resets kraigu: jpalmer: haha. um, well, I have a /29 with ARP, a single IP at home from my ISP, and a /16 at work
jpalmer: good luck with that :D jdoe: DaCa: think ssh, I'm not talking about email. (And even if I was, there's nothing to link the key to a specific gmail account either) DaCa: jdoe: ok, if you only use google auth for ssh, and don't ssh from your phone, and leave no traces about the ssh account on the phone, which I think is already a good amount of discipline.... jdoe: ... so like I said, "It would have to be awfully targeted" (oops, spelling...) DaCa: I am not convinced you have to be targetted, computing power is cheap, network is cheap, malware will combine multiple sources of info and try until it hits something
anyway, I am in Europe, hitting hay, good night everyone up_the_irons: This won't be ready for a few days, but I'm taking requests for beta VMs on a newer VM host model (newer KVM/QEMU, different VM BIOS (SeaBIOS), updated and lower power hardware [AMD instead of Intel], etc...) jpalmer: up_the_irons: how do we announce our interest? kraigu: jpalmer: COLD HARD CASH jpalmer: hehe it's like apple! pay for betas! up_the_irons: Requirements: 1) You need to already have an available IP for the beta VM, I won't provision additional blocks, 2) I need OpenBSD testers the most, 3) CentOS 6.x testers also needed kraigu: MS does it too up_the_irons: jpalmer: just tell me :) jpalmer: up_the_irons: I'll test CentOS 6 ;) kraigu: jdoe loves centos :D jpalmer: and, you can use the .115 IP from my /29 up_the_irons: these VMs are free, but as such, must not take too much of my resources to make (hence, no additional IPs)
jpalmer: which account?
disk will be blank, i want to see how installs from ISOs work out (tests a lot more of the stack)
kraigu: jpalmer: cold hard cash works too :) kraigu: up_the_irons: I find it often does :D Webhostbudd: lower power hardware =( up_the_irons: Webhostbudd: why sad? lower power, but not less powerful Webhostbudd: oh
alright jpalmer: up_the_irons: the jpalmer account. I'll test it as much as I can until you end the beta, then we can cancel/kill, it won't do anything that can't be destroyed. up_the_irons: this thing screams so far, and uses less power than my Intel setups
jpalmer: roger Webhostbudd: that's surpising, im guessing these intels aren't ivbs? up_the_irons: Webhostbudd: no, not at all, they are old school Xeon's (socket 771 E5430's) Webhostbudd: ahhh up_the_irons: Webhostbudd: i've found that setup to be so reliable (> 900 days uptime on several hosts) that I never switched away. But as that hardware is becoming more scarce, and in light of future proofing, lowering power footprint, etc... I need a newer setup Webhostbudd: i see how those could be super power hungry up_the_irons: gotta run, bbl Webhostbudd: are you using opterons or desktop class apus? jdoe: the lower-power 8-core opterons are pretty sexy.
I think the newer i-whatever stuff still shits on them in the low end (in terms of 'power' per watt), at the cost of fewer cores... which is presumably a selling point for vps hosting hardware. mercutio: the e5 6core 12 ht are meant to be "pretty fast"
but
they're not much faster at some things still
for intel i think the cool thing for vps hosting is that the new cpus do aes-ni
i wonder if new amds do that oo
too ***: arenlor has joined #arpnetworks mercutio: bloody windows
amd bulldozer support aes-ni ***: fink has quit IRC (Quit: fink)
meingtsil has joined #arpnetworks
meingtsla has quit IRC (Ping timeout: 245 seconds)
meingtsil is now known as meingtsla
dj_goku has quit IRC (Ping timeout: 240 seconds) jlgaddis: up_the_irons: so powerdns-models makes me wonder if you've built a web frontend to powerdns =) jpalmer: there are tons of web frontends to powerdns
I used to use 'pweradmin' a long while back.
'poweradmin' arenlor: Heh, trying to figure out how to use PHP to edit XML (ATOM/RSS specifically), and I'm going, damn it, writing a program in C may be quicker. That should never be your reaction in a high-level language. iih3ro: haha kraigu: C is likely safer too, even if you are careless with your pointers :P jlgaddis: jpalmer: *nod* most of them are fugly though arenlor: PHP is great if all you want to do is write XML. ***: gcw|mbpro has joined #arpnetworks Webhostbudd: arenlor: more like cold fusion arenlor: Webhostbudd: Eh? Webhostbudd: oh
nvm jpalmer: does coldfusion even exist anymore? Webhostbudd: i doubt it -: jpalmer remembers when it was allaire coldfusion, and then got bought by.. was it adobe? kraigu: jpalmer: sounds about right Webhostbudd: adibe
yea -: jpalmer had several CF 3.0 and 4.0 books kraigu: "had"? :(
think of all the doors that need holding open! arenlor: kraigu: It was a cold winter day :P kraigu: arenlor: haha arenlor: According to Wikipedia, last release was in May. jpalmer: wow. scary arenlor: Christ is that expensive. jpalmer: back in the day, allaire had a pretty decent IDE for developing web pages. homesite or something like that kraigu: ya
homesite it was jpalmer: shit! $4,200 for upgrade. $8,500 for the full version.
cripes. -: jpalmer remembers having a php plugin for homesite, or coldfusion studio. I can't remember now which i used. ***: dr_jkl has quit IRC (Ping timeout: 260 seconds)
dr_jkl has joined #arpnetworks
HighJinx has quit IRC (Quit: Computer has gone to sleep.)
fink has joined #arpnetworks
HighJinx has joined #arpnetworks
HighJinx has quit IRC (Quit: Computer has gone to sleep.)
gcw|mbpro has quit IRC (Read error: Connection reset by peer)
gcw|mbpro has joined #arpnetworks
HighJinx has joined #arpnetworks
fink has quit IRC (Quit: fink)
Webhostbudd has quit IRC (Quit: Leaving)