[00:07] *** LT has quit IRC (Ping timeout: 260 seconds)
[00:19] *** LT has joined #arpnetworks
[00:23] *** Ehtyar has quit IRC (Quit: IRC is just multiplayer notepad)
[01:35] <up_the_irons> jdoe: my other order was from a comcast IPv6 block
[01:36] <up_the_irons> hmm.. i should put somewhere that emailing support@arpnetworks.com is just as good as the web interface...
[01:40] <dzup> does vps offer vhmcs  or similar?
[01:43] <up_the_irons> dzup: vhmcs?  is that a control panel of some sort?
[02:14] <dzup> yes for reseller hosting
[02:15] <dzup> up_the_irons, .
[02:16] <up_the_irons> dzup: we don't include any control panels, but you can certainly install one yourself
[02:27] <dzup> thanks
[02:41] <up_the_irons> np
[03:21] * up_the_irons drops a pin
[03:27] * LT waits for someone to stand on it
[04:07] * up_the_irons grabs some nachos
[06:17] <qbit> CaZe: just ordered a rancilio silvia
[06:17] <qbit> also - whadduphoes!
[06:18] <ix34> qbit: good machine.  served our office faithfully for over 2 years, 6+ brews per day
[06:18] <qbit> ix34: nice! it's worked pretty well for my mom as well
[06:24] <up_the_irons> bitchen
[06:36] *** eryc is now known as er|c
[06:42] <up_the_irons> i could kill Upstart right now...
[06:43] <qbit> what's upstart?
[06:44] <up_the_irons> qbit: event-based init system initially designed for Ubuntu but now is in CentOS 6.x, Fedora (i think), etc...
[06:44] <up_the_irons> meant to replace SysV init system
[06:45] <up_the_irons> give me runit any day
[06:45] <qbit> oh crazy
[06:45] * qbit huggs openbsd
[07:53] * up_the_irons huggs qbit
[07:53] <qbit> wew!
[07:54] <mike-burns> That's sweet.
[07:54] <up_the_irons> lol
[08:03] *** heavysixer has joined #arpnetworks
[08:03] *** ChanServ sets mode: +o heavysixer
[08:17] *** sako has joined #arpnetworks
[08:31] *** sako has quit IRC (Ping timeout: 246 seconds)
[09:01] <ix34> out of curiosity, anyone running openSUSE here?
[09:02] *** heavysixer has quit IRC (Quit: heavysixer)
[09:04] <CaZe> qbit: Nice.
[09:04] <up_the_irons> ix34: opensuse is very rare, IME
[09:05] <up_the_irons> like, i can't remember the last time someone requested that ISO to be loaded
[09:05] <CaZe> qbit: Are you roasting your own beans yet?
[09:05] <ix34> ok thanks for the note
[09:06] <qbit> CaZe: picking up the first batch of green this weekend
[09:06] <qbit> so not quite :)
[09:06] <ix34> up_the_irons: i want to order a new VPS
[09:06] <up_the_irons> ix34: i want to give  you one
[09:06] <qbit> not sure what i am gonna do for a roaster tho :P
[09:06] <ix34> do i order via the portal?
[09:06] <qbit> might just do a cast iron pan
[09:07] <CaZe> I'm using a brownie oven.
[09:07] <up_the_irons> ix34: order via regular order form on website, use same email as on current account if you want them linked.  if so, then also specify an ip address in "additional comments" that you want assigned to it.  you need to already have available IPs, or purchase a /29 ($5)
[09:08] <ix34> up_the_irons: thanks
[09:09] <up_the_irons> ix34: np
[09:09] <CaZe> http://www.amazon.com/gp/aw/d/B0051QB35E
[09:10] <CaZe> You have to remove the thermostat though.
[09:11] <CaZe> And then I connect it to a dimmer switch to control the power.
[09:13] <CaZe> I think a quality cast iron pan costs more than that oven.
[09:13] *** gcw|mbpro has joined #arpnetworks
[09:17] <ix34> up_the_irons: it is done.  meh about running linux, but needed a dev image
[09:17] <qbit> CaZe: nice
[09:18] <qbit> i have some pans i can use tho .. so they cost less :D
[09:18] <qbit> temp control will be harder tho
[09:18] <up_the_irons> ix34: tnx!
[09:27] *** LT has quit IRC (Quit: Leaving)
[09:27] <CaZe> qbit: Yeah, I don't know how a thermometer would work on an open pan.
[09:27] <CaZe> qbit:
[09:28] <CaZe> Maybe an IR thermometer.
[09:28] <qbit> i always wanted to get one of those :D
[09:29] <qbit> http://taskwarrior.org/projects/show/taskwarrior <---- <3
[09:29] <CaZe> http://www.harborfreight.com/infrared-thermometer-93984.html
[09:30] <CaZe> That might be adequate.
[09:31] <CaZe> 482 is just high enough to read the end of the roast.
[09:32] <CaZe> http://www.harborfreight.com/non-contact-laser-thermometer-96451.html
[09:33] <CaZe> That one goes all the way up to 968.
[09:33] <qbit> with laser targeting
[09:33] <qbit> awwyeah
[09:34] <CaZe> The other one has laser too.
[09:47] <qbit> oh
[09:50] <up_the_irons> it should go up to 11
[09:51] <up_the_irons> </troll>
[09:52] * up_the_irons wanders off
[09:56] * qbit waves byebye to up_the_irons 
[10:04] <ix34> nsd is the best.
[10:05] <ix34> free PSA from me to you.
[10:06] *** HighJinx has quit IRC (Quit: Computer has gone to sleep.)
[10:22] <CaZe> Anyone know if it's linked to the build in OpenBSD's snapshots yet?
[10:22] *** HighJinx has joined #arpnetworks
[10:22] <ix34> think it's been in and default since 4.9
[10:22] <ix34> maybe in 4.9, default in 5.0
[10:24] <CaZe> I know it's been in the tree for awhile, but it hadn't been linked to the build.
[10:25] <CaZe> I'm still waiting for unbound anyway.
[10:26] <mikeputnam> happy to see nginx made it onto the base in time for November 1st
[10:27] <mikeputnam> s/onto/into/
[10:27] <ix34> agreed, interested to play with that
[10:27] <mikeputnam> http://www.openbsd.org/52.html
[10:27] <mikeputnam> among other fun stuff.   pthreads!
[10:28] *** mtve has quit IRC (Ping timeout: 244 seconds)
[10:30] *** Webhostbudd has joined #arpnetworks
[10:32] *** gcw|mbpro has quit IRC (Remote host closed the connection)
[12:35] <qbit> CaZe, ix34 http://www.youtube.com/watch?v=e7pOfJTQ5Dg&feature=player_embedded
[12:36] *** `ariel has quit IRC (Quit: No Ping reply in 180 seconds.)
[12:37] *** ariel has joined #arpnetworks
[12:37] *** ariel is now known as Guest31077
[12:46] <ix34> qbit: that is awesome
[12:51] *** heavysixer has joined #arpnetworks
[12:51] *** ChanServ sets mode: +o heavysixer
[13:02] *** dzup has quit IRC (Remote host closed the connection)
[13:10] <qbit> man.. the mroe i read about the silvia - the more i like it : http://gizmodo.com/5581416/tickling-miss-silvia-mark-frauenfelder-hacks-coffees-god+shot
[13:16] *** arenlor has joined #arpnetworks
[13:18] <arenlor> up_the_irons: You around?
[13:23] <andol> up_the_irons: You could offer a more favorable price on orders coming from an IPv6 address? :-)
[13:26] <milki> oooo
[13:51] *** ix34 has quit IRC (Remote host closed the connection)
[13:54] *** ix33 has joined #arpnetworks
[14:45] *** CaZe has quit IRC (Read error: Connection reset by peer)
[14:45] *** CaZe` has joined #arpnetworks
[14:45] *** CaZe` is now known as CaZe
[15:31] <arenlor> up_the_irons: If you get a chance to, you may wish to add your own comment: https://plus.google.com/+KikiSanford/posts/VNgKzCjWR2K
[15:45] <up_the_irons> ix33: nsd is pretty rad, yeah
[15:45] <up_the_irons> andol: lol, not a bad idea ;)
[15:45] * up_the_irons checks out arenlor's link
[15:46] *** jbum has joined #arpnetworks
[15:46] *** jbum has quit IRC (Client Quit)
[15:50] *** forgotten has joined #arpnetworks
[15:50] <forgotten> hey has arp every been hit with a mango botnet ddos attack?
[15:52] <qbit> whoa
[15:52] <qbit> hi forgotten o/
[15:53] <forgotten> hey qbit :)
[15:56] <up_the_irons> forgotten: there's a ddos attack named "mango" ? ;)
[15:56] <forgotten> up_the_irons: i think the botnet is called mango and ddos is just ddos
[15:56] <forgotten> but yeah :)
[15:56] <up_the_irons> lol
[15:57] <forgotten> hehe
[15:57] <up_the_irons> not sure what attacks we've been hit with in the past.  usually udp-based garbage.
[15:57] <qbit> ima make a botnet called "mangular"
[15:57] <up_the_irons> lol
[15:58] <forgotten> up_the_irons: how did you guys fair against those attacks? the udp garbage.
[15:58] <forgotten> the Mango bots would do something similar, prolly just diff port ranges.
[15:58] <forgotten> qbit: mangulus !
[15:58] <forgotten> \o
[15:59] <qbit> o/
[15:59] <up_the_irons> forgotten: meh, usually takes out a host.  doesn't usually spread beyond that.  i'm installing two upgrades / changes within the next month or so that should eliminate the host-wide collateral damage.
[16:00] <up_the_irons> forgotten: qbit : mangular, mangulus +1 +1
[16:01] <forgotten> i have discovered something disturbing, about these botnets.
[16:02] <forgotten> specifically originating from malaysia
[16:03] <forgotten> just thought i'd give u guys a heads up :)
[16:03] <CaZe> Disturbing, indeed.
[16:04] <forgotten> not gonig to waste my time explaining if no one cares :).
[16:04] <CaZe> You already did, the part about originating from Malaysia?
[16:05] <forgotten> ya but they are targeting vps providers
[16:05] <forgotten> as bandwidth testers
[16:05] <forgotten> basically
[16:05] <CaZe> http://www.ubnt.com/edgemax#edge-router-lite
[16:05] * CaZe wants
[16:06] <forgotten> if its only 100 bucks why dont u get one?
[16:06] <qbit> 500x packets / dollar!
[16:07] <CaZe> They're not selling them yet.
[16:07] <forgotten> resellers?
[16:07] <CaZe> It was just announced today.
[16:07] <qbit> but can it run openbsd?
[16:08] <forgotten> ^
[16:08] <forgotten> careful how u answer this question
[16:08] <CaZe> Probably not out of the box.
[16:08] <CaZe> I don't think anyone knows yet what SoC it uses.
[16:08] <CaZe> MIght have to wait until someone gets ahold of one to know how much work it would take to port OpenBSD.
[16:09] <forgotten> that would be smexy
[16:09] <forgotten> :D
[16:17] <up_the_irons> forgotten: how do they target as bandwidth testers?
[16:18] <up_the_irons> we don't get many orders from there anyway... ;)
[16:18] <forgotten> to see which providers they can take down, and which they can't overcome their bandwidth.
[16:18] <forgotten> lol and thats good
[16:19] <jdoe> up_the_irons: how are you preventing host-wide collateral damage? Unless you have some sort of quick active-response, null-routing thing :P
[16:19] <forgotten> that would be very very amazing
[16:19] <forgotten> :D
[16:21] <up_the_irons> jdoe: two things: 1) finally get GigE on all host ports, 2) eliminate Linux connection tracking and pass through traffic as more of a "dumb" host.  I have #2 working for the most part on a test host.
[16:22] <up_the_irons> most attacks don't saturate an entire GigE but they will saturate conntrack, no matter how high i set the values
[16:22] <jdoe> that improves things, no doubt, but saturation is saturation
[16:22] <jdoe> ahh
[16:22] <up_the_irons> at least, it seems that way...
[16:23] <jdoe> eesh. If you can't manage a gig in 2012, maybe you should hang up your ./spurs
[16:23] <forgotten> lol
[16:23] <up_the_irons> hah yeah
[16:23] <jdoe> "br0 ch3ck 0u7 my l33t 28.8 b0tn3t"
[16:23] <up_the_irons> LOL
[16:24] <up_the_irons> hahahaha
[16:24] <forgotten> RISC is good
[16:24] <forgotten> that is a good idea tho with connection tracking
[16:25] <forgotten> do u just build ur iptables rules without --state options for that?
[16:27] <up_the_irons> how many redis users in here?
[16:27] <up_the_irons> anyone use redistogo?
[16:27] <mhoran> Used redis quite a bit, no redistogo though.
[16:27] <up_the_irons> mhoran: self hosted?
[16:27] <mhoran> I hope this freebsd-security flamewar ends soon.
[16:27] <mhoran> up_the_irons: Yeah.
[16:28] <up_the_irons> forgotten: yeah, --state goes away (although you can keep them in there, but those rules simply don't do anything anymore) and you add a NOTRACK target within PREROUTING chain
[16:28] <up_the_irons> forgotten: mercutio gave me that tip, and for years people told me conntrack couldn't be disabled!!
[16:28] <up_the_irons> mhoran: cool
[16:29] <forgotten> up_the_irons: nice :D
[16:30] <forgotten> up_the_irons: do you use syncookies ?
[16:30] <up_the_irons> forgotten: so, also, b/c of no more --state, you need to build additional rules to all hosts you connect to.  ala, back in the "stateless" firewall days.
[16:31] <forgotten> up_the_irons: yep yep i drew that much :D
[16:31] <up_the_irons> but that isn't too hard, the hosts should be as "dumb" as possible, with the VMs getting all the majority of network traffic
[16:31] <up_the_irons> forgotten: not sure about syncookies.  w/e the default is i guess.
[16:33] <forgotten> up_the_irons: it's a /etc/sysctl.conf option
[16:33] <jdoe> mhoran: the random shit? I unsubbed over that.
[16:33] <jdoe> kraigu did too.
[16:33] <kraigu> yep.
[16:33] <kraigu> did it stop yet?
[16:33] <up_the_irons> forgotten: yeah i know, just never moved it from the defaults
[16:33] <kraigu> oh
[16:33] <kraigu> I guess not
[16:33] <jdoe> haha.
[16:33] <mhoran> jdoe: Yeah.
[16:33] <kraigu> (I didn't read backscroll)
[16:33] <mhoran> Ridiculous.
[16:34] <kraigu> holy bikeshed. :(
[16:34] <mhoran> Yeah.
[16:34] <mhoran> I don't want to unsub because that's where I get my security announcements from.
[16:34] <kraigu> it used to be where I got mine from :(
[16:35] <forgotten> it would help against syn attacks if it's enabled
[16:38] <up_the_irons> forgotten: syn attacks are not all that popular.  just dumb  udp or icmp ones
[16:39] <up_the_irons> forgotten: anything over tcp is problematic b/c of the transmission control.  but you can fling udp as fast as your pipe will let you.
[16:39] <kraigu> kind of like bikeshedders on a security mailing list?
[16:40] <jdoe> I think we should paint /dev/random white.
[16:40] <mercutio> up_the_irons: i think syn attacks use raw packets.
[16:40] <kraigu> jdoe: racist!
[16:40] <mhoran> Orange is the best color for a bikeshed.
[16:40] <mercutio> on a lot of newer systems tcp/ip is pretty low in resource utilisation due to offloading
[16:41] <up_the_irons> mercutio: i think syn with raw IP packets can just be dropped, no?  isn't SYN only useful with TCP?
[16:42] <up_the_irons> this is edging on my threshold of knowledge of IP / TCP / UDP packet structure...
[16:42] <jdoe> I'm not sure I understand the question. He's saying that it's not like they're connect()ing or anything, you open a raw socket, construct your own syn packets, and spam.
[16:42] <mercutio> up_the_irons: raw ip packets can have a TCP header..
[16:42] <mercutio> raw packets just means that the OS sends through whatever you tell it to
[16:42] <mercutio> there's a userspace implementation of tcp/ip around somewhere
[16:42] <mercutio> you can't do things like that without raw packets.  windows used to not support raw packets.  then it did.
[16:42] <up_the_irons> mercutio: ah ok
[16:42] <jdoe> udp is more popular because raw sockets are a bitch on windows.
[16:43] <mercutio> jdoe: oh?
[16:43] * kraigu snickers
[16:43] <mercutio> i knew windows supported it, didn't know it was difficult to implement
[16:43] <kraigu> doesn't steve gibson still rave about it?
[16:43] <kraigu> OMG THOSE IDJITS-style
[16:43] <qbit> <3 redis
[16:43] <jdoe> mercutio: windows neutered raw socket support, and it requires admin privs.
[16:44] <mercutio> jdoe: sweet
[16:44] <up_the_irons> qbit: you use redis too?
[16:44] <kraigu> jdoe: http://www.theregister.co.uk/2001/06/12/security_geek_developing_winxp_raw/ ;)
[16:44] <jdoe> hence why every lindsay_lohan_xxx.exe does udp flooding ;)
[16:44] <arenlor> mercutio: Windows was fixed, doesn't support raw anymore.
[16:44] <jdoe> Gibson is a nutcase.
[16:45] <kraigu> yeeeahh
[16:45] <mercutio> arenlor: i like :)
[16:45] <arenlor> jdoe: Apparentally it's emma_watson.exe now.
[16:45] <mercutio> i don't want linux to lose raw packets.
[16:45] <kraigu> jdoe: like windows users don't run as admin anyway
[16:46] <arenlor> I like to write in every week and tell gibson where he screwed up.
[16:46] <arenlor> Like how their sponsor uses Java, but they keep bashing it.
[16:46] <jdoe> http://msdn.microsoft.com/en-us/library/windows/desktop/ms740548%28v=vs.85%29.aspx#Limitations_on_Raw_Sockets
[16:46] <mercutio> heh i've seen people trying to use windwos as a non admin!
[16:47] <arenlor> mercutio: Cute, how are your parents?
[16:47] <kraigu> jdoe: oh pish tosh, quoting "documentation"
[16:47] <mercutio> my father uses linux
[16:47] <mercutio> my mother uses a mac
[16:47] <arenlor> mercutio: Damn, can we trade?
[16:48] <mercutio> haha
[16:51] <mercutio> up_the_irons: ip / tcp / udp packet structure... essentials is just that tcp is on top of ip, udp is on top of ip,
[16:51] <mercutio> ip says source/destination and routes to the destination
[16:51] <mercutio> udp and tcp contain ports etc but ip just has protocol and a checksum
[16:53] <mercutio> oh icmp is over ip too
[16:56] <up_the_irons> well, mostly everything is over ip ;)
[16:57] <up_the_irons> lots of sonet (sdh) rings use ATM, so that wouldn't be over IP, but that's layer-2 stuff anyway, i think...   i think...
[16:58] <mercutio> people often run ip over sonet don't they?
[16:59] <mercutio> anyway sonet/atm are legacy, way more expensive than ethernet and lower bandwidth
[16:59] <mercutio> it's not that tcp/ip is amazing, but it's mass market
[16:59] <mercutio> and tcp has done pretty well to last so well
[17:00] <mercutio> i like it that finally people are starting to look into things like udp-lite
[17:00] <mercutio> removing checksums from sent data etc
[17:01] <mercutio> but what really is neded on the net is larger mtu's
[17:01] <mercutio> and that doesn't seem to be making any progress
[17:01] <up_the_irons> sonet/atm is legacy, yes, but that's WAN for ya.  if you want a ring, you have to go sonet
[17:01] <mercutio> frame relay went to shdsl, sonet/atm went to dark fibre
[17:02] <mercutio> dark fibre is on some ways the ultimate way to go
[17:02] <mercutio> wikipedia had an outage a while back through two dark fibre pairs being cut at once
[17:03] <mercutio> but that's just a problem with having pairs near each other
[17:04] <up_the_irons> sure, dark fiber is the way to go if you can afford it
[17:04] <mercutio> fibre can be used for protected services though as long as they don't route the same way
[17:04] <mercutio> well if you can afford sonet you can afford dark fibre
[17:06] *** Ehtyar has joined #arpnetworks
[17:07] <mercutio> of course dark fibre gets more expensive the further distance you have on it
[17:23] <forgotten> up_the_irons: word :)
[17:32] *** dj_goku has joined #arpnetworks
[17:32] *** dj_goku has quit IRC (Changing host)
[17:32] *** dj_goku has joined #arpnetworks
[18:04] *** dzup has joined #arpnetworks
[18:44] <jdoe> ... oh god you don't even want to know what I just saw your ads on.
[18:45] <qbit> lol
[18:50] <up_the_irons> jdoe: lol, wut??? :)
[18:51] *** HighJinx has quit IRC (Quit: Computer has gone to sleep.)
[18:55] <jdoe> fournier gangrene on /r/wtf
[18:55] <jdoe> apparently arpnetwork is the best hosting if your balls are rotting off.
[18:56] <jdoe> arpnetworks, even
[19:00] <up_the_irons> jdoe: LOL
[19:01] <qbit> hahaha
[19:01] <qbit> "when my balls are rotting off... i choose arpnetworks!"
[19:17] <up_the_irons> hahahahaha
[19:19] *** forgotten has quit IRC (Quit: leaving)
[19:44] <up_the_irons> i do a search for ipv6 problems on lucid and i run across a blog post, i look at the config and am like "hey, those IPs look familiar", then I read the first sentence and it says, "I recently setup a VPS with Arp Networks"
[19:44] <up_the_irons> w00t
[19:44] <up_the_irons> i googled and found myself
[19:44] * up_the_irons does a happy dance
[19:45] <mercutio> heh
[19:45] <mercutio> ipv6 and problems go together i think
[19:49] <arenlor> I've never had any problems with IPv6 on linux.
[19:50] <mercutio> using autodiscovery?
[19:50] <arenlor> mercutio: No, I do it all by hand.
[19:50] <arenlor> It's only on windows that I have ever had any issue.
[19:51] <mercutio> i was surprised that ipv6 works on my windows
[19:51] <mercutio> considering i don't have ipv6
[19:51] <mercutio> but ping -6 works
[19:51] <mercutio> apparently there's a relay
[19:51] <mercutio> built into windows
[19:51] <mercutio> or it uses it by default at least
[19:51] <arenlor> mercutio: Yeah, Teredo hasn't ever worked for me.
[19:52] <mercutio> well the relay sends google much furhter away than ipv4
[19:52] <arenlor> It's likely because you bounce through microsoft for Teredo.
[19:52] <mercutio> nah it's somewhere close
[19:53] <mercutio> it's like 20 msec first hop
[19:53] <arenlor> Mind, I can't even get HE's IPv6 working.
[19:53] <mercutio> but google is like 8x the ping
[19:53] <mercutio> i've done he tunnel before
[19:53] <mercutio> i've got a sixxs tunnel too
[19:53] <mercutio> but on windows i didn't do anything
[19:53] <arenlor> Works great in Linux, just never got it to work at all in Windows.
[19:53] <mercutio> oh?
[19:53] <mercutio> i used to have he.net tunnel with windows
[19:54] <mercutio> i just had ym adsl modem forward it along to windows
[19:54] <mercutio> err my adsl modem terminate the tunnel
[19:54] <mercutio> i had it going with a standalone router too
[19:54] <arenlor> It's alright, I'm dyslexic, I have to unscramble everything as is.
[19:54] <mercutio> but i was annoyed that talking between my two ipv6 endpoints gave huge pings
[19:54] <mercutio> so i setup a third tunnel between my two end points
[19:55] <mercutio> and forwarded the traffic
[19:55] <mercutio> in the end i figured he.net tunnel was just too far away
[19:55] <arenlor> It could be
[20:00] <mercutio> closest is fremont which is about 150 msec ping i think
[20:00] <mercutio> sixxs is about 20 msec ping
[20:01] <mercutio> but i found that browsing through ipv6 was slowr
[20:01] <mercutio> give it a few years and it'll get better.  i like the idea of host to host communication
[20:01] <mercutio> but while end users dont' have ipv6 that won't dom uch good
[21:39] *** HighJinx has joined #arpnetworks
[22:01] <HighJinx> up_the_irons when digi is outta coresite can i have one of them as my own box to rent? hahaha
[22:24] <Webhostbudd> lol
[22:40] <toddf> when not doing native v6, I generally would do a tunnel between the v4 gateways of remote sites. especially when the upstream isp of all my sites was the same one (COX)
[23:11] <up_the_irons> HighJinx: i imagine they would take the equipment with them ;)
[23:11] <HighJinx> iunno they just might forget ;)
[23:12] <up_the_irons> lol
[23:12] <up_the_irons> wouldn't surprise me
[23:27] <Webhostbudd> so how are the dedi's working garry?
[23:28] <Webhostbudd> things still rolling out smoothly?
[23:28] *** amdprophet has quit IRC (Remote host closed the connection)