jdoe: my other order was from a comcast IPv6 block hmm.. i should put somewhere that emailing support@arpnetworks.com is just as good as the web interface... does vps offer vhmcs or similar? dzup: vhmcs? is that a control panel of some sort? yes for reseller hosting up_the_irons, . dzup: we don't include any control panels, but you can certainly install one yourself thanks np CaZe: just ordered a rancilio silvia also - whadduphoes! qbit: good machine. served our office faithfully for over 2 years, 6+ brews per day ix34: nice! it's worked pretty well for my mom as well bitchen i could kill Upstart right now... what's upstart? qbit: event-based init system initially designed for Ubuntu but now is in CentOS 6.x, Fedora (i think), etc... meant to replace SysV init system give me runit any day oh crazy wew! That's sweet. lol out of curiosity, anyone running openSUSE here? qbit: Nice. ix34: opensuse is very rare, IME like, i can't remember the last time someone requested that ISO to be loaded qbit: Are you roasting your own beans yet? ok thanks for the note CaZe: picking up the first batch of green this weekend so not quite :) up_the_irons: i want to order a new VPS ix34: i want to give you one not sure what i am gonna do for a roaster tho :P do i order via the portal? might just do a cast iron pan I'm using a brownie oven. ix34: order via regular order form on website, use same email as on current account if you want them linked. if so, then also specify an ip address in "additional comments" that you want assigned to it. you need to already have available IPs, or purchase a /29 ($5) up_the_irons: thanks ix34: np http://www.amazon.com/gp/aw/d/B0051QB35E You have to remove the thermostat though. And then I connect it to a dimmer switch to control the power. I think a quality cast iron pan costs more than that oven. up_the_irons: it is done. meh about running linux, but needed a dev image CaZe: nice i have some pans i can use tho .. so they cost less :D temp control will be harder tho ix34: tnx! qbit: Yeah, I don't know how a thermometer would work on an open pan. qbit: Maybe an IR thermometer. i always wanted to get one of those :D http://taskwarrior.org/projects/show/taskwarrior <---- <3 http://www.harborfreight.com/infrared-thermometer-93984.html That might be adequate. 482 is just high enough to read the end of the roast. http://www.harborfreight.com/non-contact-laser-thermometer-96451.html That one goes all the way up to 968. with laser targeting awwyeah The other one has laser too. oh it should go up to 11 nsd is the best. free PSA from me to you. Anyone know if it's linked to the build in OpenBSD's snapshots yet? think it's been in and default since 4.9 maybe in 4.9, default in 5.0 I know it's been in the tree for awhile, but it hadn't been linked to the build. I'm still waiting for unbound anyway. happy to see nginx made it onto the base in time for November 1st s/onto/into/ agreed, interested to play with that http://www.openbsd.org/52.html among other fun stuff. pthreads! CaZe, ix34 http://www.youtube.com/watch?v=e7pOfJTQ5Dg&feature=player_embedded qbit: that is awesome man.. the mroe i read about the silvia - the more i like it : http://gizmodo.com/5581416/tickling-miss-silvia-mark-frauenfelder-hacks-coffees-god+shot up_the_irons: You around? up_the_irons: You could offer a more favorable price on orders coming from an IPv6 address? :-) oooo up_the_irons: If you get a chance to, you may wish to add your own comment: https://plus.google.com/+KikiSanford/posts/VNgKzCjWR2K ix33: nsd is pretty rad, yeah andol: lol, not a bad idea ;) hey has arp every been hit with a mango botnet ddos attack? whoa hi forgotten o/ hey qbit :) forgotten: there's a ddos attack named "mango" ? ;) up_the_irons: i think the botnet is called mango and ddos is just ddos but yeah :) lol hehe not sure what attacks we've been hit with in the past. usually udp-based garbage. ima make a botnet called "mangular" lol up_the_irons: how did you guys fair against those attacks? the udp garbage. the Mango bots would do something similar, prolly just diff port ranges. qbit: mangulus ! \o o/ forgotten: meh, usually takes out a host. doesn't usually spread beyond that. i'm installing two upgrades / changes within the next month or so that should eliminate the host-wide collateral damage. forgotten: qbit : mangular, mangulus +1 +1 i have discovered something disturbing, about these botnets. specifically originating from malaysia just thought i'd give u guys a heads up :) Disturbing, indeed. not gonig to waste my time explaining if no one cares :). You already did, the part about originating from Malaysia? ya but they are targeting vps providers as bandwidth testers basically http://www.ubnt.com/edgemax#edge-router-lite if its only 100 bucks why dont u get one? 500x packets / dollar! They're not selling them yet. resellers? It was just announced today. but can it run openbsd? ^ careful how u answer this question Probably not out of the box. I don't think anyone knows yet what SoC it uses. MIght have to wait until someone gets ahold of one to know how much work it would take to port OpenBSD. that would be smexy :D forgotten: how do they target as bandwidth testers? we don't get many orders from there anyway... ;) to see which providers they can take down, and which they can't overcome their bandwidth. lol and thats good up_the_irons: how are you preventing host-wide collateral damage? Unless you have some sort of quick active-response, null-routing thing :P that would be very very amazing :D jdoe: two things: 1) finally get GigE on all host ports, 2) eliminate Linux connection tracking and pass through traffic as more of a "dumb" host. I have #2 working for the most part on a test host. most attacks don't saturate an entire GigE but they will saturate conntrack, no matter how high i set the values that improves things, no doubt, but saturation is saturation ahh at least, it seems that way... eesh. If you can't manage a gig in 2012, maybe you should hang up your ./spurs lol hah yeah "br0 ch3ck 0u7 my l33t 28.8 b0tn3t" LOL hahahaha RISC is good that is a good idea tho with connection tracking do u just build ur iptables rules without --state options for that? how many redis users in here? anyone use redistogo? Used redis quite a bit, no redistogo though. mhoran: self hosted? I hope this freebsd-security flamewar ends soon. up_the_irons: Yeah. forgotten: yeah, --state goes away (although you can keep them in there, but those rules simply don't do anything anymore) and you add a NOTRACK target within PREROUTING chain forgotten: mercutio gave me that tip, and for years people told me conntrack couldn't be disabled!! mhoran: cool up_the_irons: nice :D up_the_irons: do you use syncookies ? forgotten: so, also, b/c of no more --state, you need to build additional rules to all hosts you connect to. ala, back in the "stateless" firewall days. up_the_irons: yep yep i drew that much :D but that isn't too hard, the hosts should be as "dumb" as possible, with the VMs getting all the majority of network traffic forgotten: not sure about syncookies. w/e the default is i guess. up_the_irons: it's a /etc/sysctl.conf option mhoran: the random shit? I unsubbed over that. kraigu did too. yep. did it stop yet? forgotten: yeah i know, just never moved it from the defaults oh I guess not haha. jdoe: Yeah. (I didn't read backscroll) Ridiculous. holy bikeshed. :( Yeah. I don't want to unsub because that's where I get my security announcements from. it used to be where I got mine from :( it would help against syn attacks if it's enabled forgotten: syn attacks are not all that popular. just dumb udp or icmp ones forgotten: anything over tcp is problematic b/c of the transmission control. but you can fling udp as fast as your pipe will let you. kind of like bikeshedders on a security mailing list? I think we should paint /dev/random white. up_the_irons: i think syn attacks use raw packets. jdoe: racist! Orange is the best color for a bikeshed. on a lot of newer systems tcp/ip is pretty low in resource utilisation due to offloading mercutio: i think syn with raw IP packets can just be dropped, no? isn't SYN only useful with TCP? this is edging on my threshold of knowledge of IP / TCP / UDP packet structure... I'm not sure I understand the question. He's saying that it's not like they're connect()ing or anything, you open a raw socket, construct your own syn packets, and spam. up_the_irons: raw ip packets can have a TCP header.. raw packets just means that the OS sends through whatever you tell it to there's a userspace implementation of tcp/ip around somewhere you can't do things like that without raw packets. windows used to not support raw packets. then it did. mercutio: ah ok udp is more popular because raw sockets are a bitch on windows. jdoe: oh? i knew windows supported it, didn't know it was difficult to implement doesn't steve gibson still rave about it? OMG THOSE IDJITS-style <3 redis mercutio: windows neutered raw socket support, and it requires admin privs. jdoe: sweet qbit: you use redis too? jdoe: http://www.theregister.co.uk/2001/06/12/security_geek_developing_winxp_raw/ ;) hence why every lindsay_lohan_xxx.exe does udp flooding ;) mercutio: Windows was fixed, doesn't support raw anymore. Gibson is a nutcase. yeeeahh arenlor: i like :) jdoe: Apparentally it's emma_watson.exe now. i don't want linux to lose raw packets. jdoe: like windows users don't run as admin anyway I like to write in every week and tell gibson where he screwed up. Like how their sponsor uses Java, but they keep bashing it. http://msdn.microsoft.com/en-us/library/windows/desktop/ms740548%28v=vs.85%29.aspx#Limitations_on_Raw_Sockets heh i've seen people trying to use windwos as a non admin! mercutio: Cute, how are your parents? jdoe: oh pish tosh, quoting "documentation" my father uses linux my mother uses a mac mercutio: Damn, can we trade? haha up_the_irons: ip / tcp / udp packet structure... essentials is just that tcp is on top of ip, udp is on top of ip, ip says source/destination and routes to the destination udp and tcp contain ports etc but ip just has protocol and a checksum oh icmp is over ip too well, mostly everything is over ip ;) lots of sonet (sdh) rings use ATM, so that wouldn't be over IP, but that's layer-2 stuff anyway, i think... i think... people often run ip over sonet don't they? anyway sonet/atm are legacy, way more expensive than ethernet and lower bandwidth it's not that tcp/ip is amazing, but it's mass market and tcp has done pretty well to last so well i like it that finally people are starting to look into things like udp-lite removing checksums from sent data etc but what really is neded on the net is larger mtu's and that doesn't seem to be making any progress sonet/atm is legacy, yes, but that's WAN for ya. if you want a ring, you have to go sonet frame relay went to shdsl, sonet/atm went to dark fibre dark fibre is on some ways the ultimate way to go wikipedia had an outage a while back through two dark fibre pairs being cut at once but that's just a problem with having pairs near each other sure, dark fiber is the way to go if you can afford it fibre can be used for protected services though as long as they don't route the same way well if you can afford sonet you can afford dark fibre of course dark fibre gets more expensive the further distance you have on it up_the_irons: word :) ... oh god you don't even want to know what I just saw your ads on. lol jdoe: lol, wut??? :) fournier gangrene on /r/wtf apparently arpnetwork is the best hosting if your balls are rotting off. arpnetworks, even jdoe: LOL hahaha "when my balls are rotting off... i choose arpnetworks!" hahahahaha i do a search for ipv6 problems on lucid and i run across a blog post, i look at the config and am like "hey, those IPs look familiar", then I read the first sentence and it says, "I recently setup a VPS with Arp Networks" w00t i googled and found myself heh ipv6 and problems go together i think I've never had any problems with IPv6 on linux. using autodiscovery? mercutio: No, I do it all by hand. It's only on windows that I have ever had any issue. i was surprised that ipv6 works on my windows considering i don't have ipv6 but ping -6 works apparently there's a relay built into windows or it uses it by default at least mercutio: Yeah, Teredo hasn't ever worked for me. well the relay sends google much furhter away than ipv4 It's likely because you bounce through microsoft for Teredo. nah it's somewhere close it's like 20 msec first hop Mind, I can't even get HE's IPv6 working. but google is like 8x the ping i've done he tunnel before i've got a sixxs tunnel too but on windows i didn't do anything Works great in Linux, just never got it to work at all in Windows. oh? i used to have he.net tunnel with windows i just had ym adsl modem forward it along to windows err my adsl modem terminate the tunnel i had it going with a standalone router too It's alright, I'm dyslexic, I have to unscramble everything as is. but i was annoyed that talking between my two ipv6 endpoints gave huge pings so i setup a third tunnel between my two end points and forwarded the traffic in the end i figured he.net tunnel was just too far away It could be closest is fremont which is about 150 msec ping i think sixxs is about 20 msec ping but i found that browsing through ipv6 was slowr give it a few years and it'll get better. i like the idea of host to host communication but while end users dont' have ipv6 that won't dom uch good up_the_irons when digi is outta coresite can i have one of them as my own box to rent? hahaha lol when not doing native v6, I generally would do a tunnel between the v4 gateways of remote sites. especially when the upstream isp of all my sites was the same one (COX) HighJinx: i imagine they would take the equipment with them ;) iunno they just might forget ;) lol wouldn't surprise me so how are the dedi's working garry? things still rolling out smoothly?