***: LT has joined #arpnetworks
Ehtyar has quit IRC (Quit: IRC is just multiplayer notepad)
up_the_irons: jdoe: my other order was from a comcast IPv6 block
hmm.. i should put somewhere that emailing support@arpnetworks.com is just as good as the web interface...
dzup: does vps offer vhmcs or similar?
up_the_irons: dzup: vhmcs? is that a control panel of some sort?
dzup: yes for reseller hosting
up_the_irons, .
up_the_irons: dzup: we don't include any control panels, but you can certainly install one yourself
dzup: thanks
up_the_irons: np
-: up_the_irons drops a pin
LT waits for someone to stand on it
up_the_irons grabs some nachos
qbit: CaZe: just ordered a rancilio silvia
also - whadduphoes!
ix34: qbit: good machine. served our office faithfully for over 2 years, 6+ brews per day
qbit: ix34: nice! it's worked pretty well for my mom as well
up_the_irons: bitchen
***: eryc is now known as er|c
up_the_irons: i could kill Upstart right now...
qbit: what's upstart?
up_the_irons: qbit: event-based init system initially designed for Ubuntu but now is in CentOS 6.x, Fedora (i think), etc...
meant to replace SysV init system
give me runit any day
qbit: oh crazy
-: qbit huggs openbsd
up_the_irons huggs qbit
qbit: wew!
mike-burns: That's sweet.
up_the_irons: lol
***: heavysixer has joined #arpnetworks
ChanServ sets mode: +o heavysixer
sako has joined #arpnetworks
sako has quit IRC (Ping timeout: 246 seconds)
ix34: out of curiosity, anyone running openSUSE here?
***: heavysixer has quit IRC (Quit: heavysixer)
CaZe: qbit: Nice.
up_the_irons: ix34: opensuse is very rare, IME
like, i can't remember the last time someone requested that ISO to be loaded
CaZe: qbit: Are you roasting your own beans yet?
ix34: ok thanks for the note
qbit: CaZe: picking up the first batch of green this weekend
so not quite :)
ix34: up_the_irons: i want to order a new VPS
up_the_irons: ix34: i want to give you one
qbit: not sure what i am gonna do for a roaster tho :P
ix34: do i order via the portal?
qbit: might just do a cast iron pan
CaZe: I'm using a brownie oven.
up_the_irons: ix34: order via regular order form on website, use same email as on current account if you want them linked. if so, then also specify an ip address in "additional comments" that you want assigned to it. you need to already have available IPs, or purchase a /29 ($5)
ix34: up_the_irons: thanks
up_the_irons: ix34: np
CaZe: http://www.amazon.com/gp/aw/d/B0051QB35E
You have to remove the thermostat though.
And then I connect it to a dimmer switch to control the power.
I think a quality cast iron pan costs more than that oven.
***: gcw|mbpro has joined #arpnetworks
ix34: up_the_irons: it is done. meh about running linux, but needed a dev image
qbit: CaZe: nice
i have some pans i can use tho .. so they cost less :D
temp control will be harder tho
up_the_irons: ix34: tnx!
***: LT has quit IRC (Quit: Leaving)
CaZe: qbit: Yeah, I don't know how a thermometer would work on an open pan.
qbit:
Maybe an IR thermometer.
qbit: i always wanted to get one of those :D
http://taskwarrior.org/projects/show/taskwarrior <---- <3
CaZe: http://www.harborfreight.com/infrared-thermometer-93984.html
That might be adequate.
482 is just high enough to read the end of the roast.
http://www.harborfreight.com/non-contact-laser-thermometer-96451.html
That one goes all the way up to 968.
qbit: with laser targeting
awwyeah
CaZe: The other one has laser too.
qbit: oh
up_the_irons: it should go up to 11
</troll>
-: up_the_irons wanders off
qbit waves byebye to up_the_irons
ix34: nsd is the best.
free PSA from me to you.
***: HighJinx has quit IRC (Quit: Computer has gone to sleep.)
CaZe: Anyone know if it's linked to the build in OpenBSD's snapshots yet?
***: HighJinx has joined #arpnetworks
ix34: think it's been in and default since 4.9
maybe in 4.9, default in 5.0
CaZe: I know it's been in the tree for awhile, but it hadn't been linked to the build.
I'm still waiting for unbound anyway.
mikeputnam: happy to see nginx made it onto the base in time for November 1st
s/onto/into/
ix34: agreed, interested to play with that
mikeputnam: http://www.openbsd.org/52.html
among other fun stuff. pthreads!
***: mtve has quit IRC (Ping timeout: 244 seconds)
Webhostbudd has joined #arpnetworks
gcw|mbpro has quit IRC (Remote host closed the connection)
qbit: CaZe, ix34 http://www.youtube.com/watch?v=e7pOfJTQ5Dg&feature=player_embedded
***: `ariel has quit IRC (Quit: No Ping reply in 180 seconds.)
ariel has joined #arpnetworks
ariel is now known as Guest31077
ix34: qbit: that is awesome
***: heavysixer has joined #arpnetworks
ChanServ sets mode: +o heavysixer
dzup has quit IRC (Remote host closed the connection)
qbit: man.. the mroe i read about the silvia - the more i like it : http://gizmodo.com/5581416/tickling-miss-silvia-mark-frauenfelder-hacks-coffees-god+shot
***: arenlor has joined #arpnetworks
arenlor: up_the_irons: You around?
andol: up_the_irons: You could offer a more favorable price on orders coming from an IPv6 address? :-)
milki: oooo
***: ix34 has quit IRC (Remote host closed the connection)
ix33 has joined #arpnetworks
CaZe has quit IRC (Read error: Connection reset by peer)
CaZe` has joined #arpnetworks
CaZe` is now known as CaZe
arenlor: up_the_irons: If you get a chance to, you may wish to add your own comment: https://plus.google.com/+KikiSanford/posts/VNgKzCjWR2K
up_the_irons: ix33: nsd is pretty rad, yeah
andol: lol, not a bad idea ;)
-: up_the_irons checks out arenlor's link
***: jbum has joined #arpnetworks
jbum has quit IRC (Client Quit)
forgotten has joined #arpnetworks
forgotten: hey has arp every been hit with a mango botnet ddos attack?
qbit: whoa
hi forgotten o/
forgotten: hey qbit :)
up_the_irons: forgotten: there's a ddos attack named "mango" ? ;)
forgotten: up_the_irons: i think the botnet is called mango and ddos is just ddos
but yeah :)
up_the_irons: lol
forgotten: hehe
up_the_irons: not sure what attacks we've been hit with in the past. usually udp-based garbage.
qbit: ima make a botnet called "mangular"
up_the_irons: lol
forgotten: up_the_irons: how did you guys fair against those attacks? the udp garbage.
the Mango bots would do something similar, prolly just diff port ranges.
qbit: mangulus !
o
qbit: o/
up_the_irons: forgotten: meh, usually takes out a host. doesn't usually spread beyond that. i'm installing two upgrades / changes within the next month or so that should eliminate the host-wide collateral damage.
forgotten: qbit : mangular, mangulus +1 +1
forgotten: i have discovered something disturbing, about these botnets.
specifically originating from malaysia
just thought i'd give u guys a heads up :)
CaZe: Disturbing, indeed.
forgotten: not gonig to waste my time explaining if no one cares :).
CaZe: You already did, the part about originating from Malaysia?
forgotten: ya but they are targeting vps providers
as bandwidth testers
basically
CaZe: http://www.ubnt.com/edgemax#edge-router-lite
-: CaZe wants
forgotten: if its only 100 bucks why dont u get one?
qbit: 500x packets / dollar!
CaZe: They're not selling them yet.
forgotten: resellers?
CaZe: It was just announced today.
qbit: but can it run openbsd?
forgotten: ^
careful how u answer this question
CaZe: Probably not out of the box.
I don't think anyone knows yet what SoC it uses.
MIght have to wait until someone gets ahold of one to know how much work it would take to port OpenBSD.
forgotten: that would be smexy
:D
up_the_irons: forgotten: how do they target as bandwidth testers?
we don't get many orders from there anyway... ;)
forgotten: to see which providers they can take down, and which they can't overcome their bandwidth.
lol and thats good
jdoe: up_the_irons: how are you preventing host-wide collateral damage? Unless you have some sort of quick active-response, null-routing thing :P
forgotten: that would be very very amazing
:D
up_the_irons: jdoe: two things: 1) finally get GigE on all host ports, 2) eliminate Linux connection tracking and pass through traffic as more of a "dumb" host. I have #2 working for the most part on a test host.
most attacks don't saturate an entire GigE but they will saturate conntrack, no matter how high i set the values
jdoe: that improves things, no doubt, but saturation is saturation
ahh
up_the_irons: at least, it seems that way...
jdoe: eesh. If you can't manage a gig in 2012, maybe you should hang up your ./spurs
forgotten: lol
up_the_irons: hah yeah
jdoe: "br0 ch3ck 0u7 my l33t 28.8 b0tn3t"
up_the_irons: LOL
hahahaha
forgotten: RISC is good
that is a good idea tho with connection tracking
do u just build ur iptables rules without --state options for that?
up_the_irons: how many redis users in here?
anyone use redistogo?
mhoran: Used redis quite a bit, no redistogo though.
up_the_irons: mhoran: self hosted?
mhoran: I hope this freebsd-security flamewar ends soon.
up_the_irons: Yeah.
up_the_irons: forgotten: yeah, --state goes away (although you can keep them in there, but those rules simply don't do anything anymore) and you add a NOTRACK target within PREROUTING chain
forgotten: mercutio gave me that tip, and for years people told me conntrack couldn't be disabled!!
mhoran: cool
forgotten: up_the_irons: nice :D
up_the_irons: do you use syncookies ?
up_the_irons: forgotten: so, also, b/c of no more --state, you need to build additional rules to all hosts you connect to. ala, back in the "stateless" firewall days.
forgotten: up_the_irons: yep yep i drew that much :D
up_the_irons: but that isn't too hard, the hosts should be as "dumb" as possible, with the VMs getting all the majority of network traffic
forgotten: not sure about syncookies. w/e the default is i guess.
forgotten: up_the_irons: it's a /etc/sysctl.conf option
jdoe: mhoran: the random shit? I unsubbed over that.
kraigu did too.
kraigu: yep.
did it stop yet?
up_the_irons: forgotten: yeah i know, just never moved it from the defaults
kraigu: oh
I guess not
jdoe: haha.
mhoran: jdoe: Yeah.
kraigu: (I didn't read backscroll)
mhoran: Ridiculous.
kraigu: holy bikeshed. :(
mhoran: Yeah.
I don't want to unsub because that's where I get my security announcements from.
kraigu: it used to be where I got mine from :(
forgotten: it would help against syn attacks if it's enabled
up_the_irons: forgotten: syn attacks are not all that popular. just dumb udp or icmp ones
forgotten: anything over tcp is problematic b/c of the transmission control. but you can fling udp as fast as your pipe will let you.
kraigu: kind of like bikeshedders on a security mailing list?
jdoe: I think we should paint /dev/random white.
mercutio: up_the_irons: i think syn attacks use raw packets.
kraigu: jdoe: racist!
mhoran: Orange is the best color for a bikeshed.
mercutio: on a lot of newer systems tcp/ip is pretty low in resource utilisation due to offloading
up_the_irons: mercutio: i think syn with raw IP packets can just be dropped, no? isn't SYN only useful with TCP?
this is edging on my threshold of knowledge of IP / TCP / UDP packet structure...
jdoe: I'm not sure I understand the question. He's saying that it's not like they're connect()ing or anything, you open a raw socket, construct your own syn packets, and spam.
mercutio: up_the_irons: raw ip packets can have a TCP header..
raw packets just means that the OS sends through whatever you tell it to
there's a userspace implementation of tcp/ip around somewhere
you can't do things like that without raw packets. windows used to not support raw packets. then it did.
up_the_irons: mercutio: ah ok
jdoe: udp is more popular because raw sockets are a bitch on windows.
mercutio: jdoe: oh?
-: kraigu snickers
mercutio: i knew windows supported it, didn't know it was difficult to implement
kraigu: doesn't steve gibson still rave about it?
OMG THOSE IDJITS-style
qbit: <3 redis
jdoe: mercutio: windows neutered raw socket support, and it requires admin privs.
mercutio: jdoe: sweet
up_the_irons: qbit: you use redis too?
kraigu: jdoe: http://www.theregister.co.uk/2001/06/12/security_geek_developing_winxp_raw/ ;)
jdoe: hence why every lindsay_lohan_xxx.exe does udp flooding ;)
arenlor: mercutio: Windows was fixed, doesn't support raw anymore.
jdoe: Gibson is a nutcase.
kraigu: yeeeahh
mercutio: arenlor: i like :)
arenlor: jdoe: Apparentally it's emma_watson.exe now.
mercutio: i don't want linux to lose raw packets.
kraigu: jdoe: like windows users don't run as admin anyway
arenlor: I like to write in every week and tell gibson where he screwed up.
Like how their sponsor uses Java, but they keep bashing it.
jdoe: http://msdn.microsoft.com/en-us/library/windows/desktop/ms740548%28v=vs.85%29.aspx#Limitations_on_Raw_Sockets
mercutio: heh i've seen people trying to use windwos as a non admin!
arenlor: mercutio: Cute, how are your parents?
kraigu: jdoe: oh pish tosh, quoting "documentation"
mercutio: my father uses linux
my mother uses a mac
arenlor: mercutio: Damn, can we trade?
mercutio: haha
up_the_irons: ip / tcp / udp packet structure... essentials is just that tcp is on top of ip, udp is on top of ip,
ip says source/destination and routes to the destination
udp and tcp contain ports etc but ip just has protocol and a checksum
oh icmp is over ip too
up_the_irons: well, mostly everything is over ip ;)
lots of sonet (sdh) rings use ATM, so that wouldn't be over IP, but that's layer-2 stuff anyway, i think... i think...
mercutio: people often run ip over sonet don't they?
anyway sonet/atm are legacy, way more expensive than ethernet and lower bandwidth
it's not that tcp/ip is amazing, but it's mass market
and tcp has done pretty well to last so well
i like it that finally people are starting to look into things like udp-lite
removing checksums from sent data etc
but what really is neded on the net is larger mtu's
and that doesn't seem to be making any progress
up_the_irons: sonet/atm is legacy, yes, but that's WAN for ya. if you want a ring, you have to go sonet
mercutio: frame relay went to shdsl, sonet/atm went to dark fibre
dark fibre is on some ways the ultimate way to go
wikipedia had an outage a while back through two dark fibre pairs being cut at once
but that's just a problem with having pairs near each other
up_the_irons: sure, dark fiber is the way to go if you can afford it
mercutio: fibre can be used for protected services though as long as they don't route the same way
well if you can afford sonet you can afford dark fibre
***: Ehtyar has joined #arpnetworks
mercutio: of course dark fibre gets more expensive the further distance you have on it
forgotten: up_the_irons: word :)
***: dj_goku has joined #arpnetworks
dj_goku has quit IRC (Changing host)
dj_goku has joined #arpnetworks
dzup has joined #arpnetworks
jdoe: ... oh god you don't even want to know what I just saw your ads on.
qbit: lol
up_the_irons: jdoe: lol, wut??? :)
***: HighJinx has quit IRC (Quit: Computer has gone to sleep.)
jdoe: fournier gangrene on /r/wtf
apparently arpnetwork is the best hosting if your balls are rotting off.
arpnetworks, even
up_the_irons: jdoe: LOL
qbit: hahaha
"when my balls are rotting off... i choose arpnetworks!"
up_the_irons: hahahahaha
***: forgotten has quit IRC (Quit: leaving)
up_the_irons: i do a search for ipv6 problems on lucid and i run across a blog post, i look at the config and am like "hey, those IPs look familiar", then I read the first sentence and it says, "I recently setup a VPS with Arp Networks"
w00t
i googled and found myself
-: up_the_irons does a happy dance
mercutio: heh
ipv6 and problems go together i think
arenlor: I've never had any problems with IPv6 on linux.
mercutio: using autodiscovery?
arenlor: mercutio: No, I do it all by hand.
It's only on windows that I have ever had any issue.
mercutio: i was surprised that ipv6 works on my windows
considering i don't have ipv6
but ping -6 works
apparently there's a relay
built into windows
or it uses it by default at least
arenlor: mercutio: Yeah, Teredo hasn't ever worked for me.
mercutio: well the relay sends google much furhter away than ipv4
arenlor: It's likely because you bounce through microsoft for Teredo.
mercutio: nah it's somewhere close
it's like 20 msec first hop
arenlor: Mind, I can't even get HE's IPv6 working.
mercutio: but google is like 8x the ping
i've done he tunnel before
i've got a sixxs tunnel too
but on windows i didn't do anything
arenlor: Works great in Linux, just never got it to work at all in Windows.
mercutio: oh?
i used to have he.net tunnel with windows
i just had ym adsl modem forward it along to windows
err my adsl modem terminate the tunnel
i had it going with a standalone router too
arenlor: It's alright, I'm dyslexic, I have to unscramble everything as is.
mercutio: but i was annoyed that talking between my two ipv6 endpoints gave huge pings
so i setup a third tunnel between my two end points
and forwarded the traffic
in the end i figured he.net tunnel was just too far away
arenlor: It could be
mercutio: closest is fremont which is about 150 msec ping i think
sixxs is about 20 msec ping
but i found that browsing through ipv6 was slowr
give it a few years and it'll get better. i like the idea of host to host communication
but while end users dont' have ipv6 that won't dom uch good
***: HighJinx has joined #arpnetworks
HighJinx: up_the_irons when digi is outta coresite can i have one of them as my own box to rent? hahaha
Webhostbudd: lol
toddf: when not doing native v6, I generally would do a tunnel between the v4 gateways of remote sites. especially when the upstream isp of all my sites was the same one (COX)
up_the_irons: HighJinx: i imagine they would take the equipment with them ;)
HighJinx: iunno they just might forget ;)
up_the_irons: lol
wouldn't surprise me
Webhostbudd: so how are the dedi's working garry?
things still rolling out smoothly?
***: amdprophet has quit IRC (Remote host closed the connection)