an active channel is a happy channel
hehe
mercutio: urxvt +1
phlux: nice screenshot
up_the_irons: what kind of hw monitoring is on arp and what's on the client?
sorry - meant to say that this is regarding a dedicated server
?
up_the_irons: well, if a disk dies for instance
ah
or a nic, or one of the two psu's
we have a nagios plugin for the disks
nic is not monitored (we encourage both nic's to be used in case one dies)
http://support.arpnetworks.com/kb/dedicated-servers/about-the-dual-1-gbps-gige-nics-on-arp-metal-dedicated-servers
that Source Code Pro font looks nice
so, all the client should care about is software? good to know
will most likely go to dedicated in june. What would a 128G ssd cost me/mo?
so the 128GB SSDs are the same price as 1TB SATA
ok, $20/mo then. sounds good
(haven't updated the website yet, but that will be the official pricing)
yeah
intel 7xx series?
depends on price, u have a link for one you like?
i was looking at these: http://www.newegg.com/Product/Product.aspx?Item=N82E16820227726
damn, missed the sale... they were $89 a few days ago
i'm going to use mine for cache, so one of those msata things woudl work just as well for me. not sure there's supermicro boards for "enterprise" with those features just yet
(referring to these: http://www.newegg.com/Product/Product.aspx?Item=N82E16820167040)
well, doesn't matter much tbh. if you have something that works, lets go with that.
ok cool
what is the msata thing? :)
oh,, that link...
where the heck does that thing plug in? some PCI slot?? ;)
they have a special slot for them normally i think
cool
$89 seems insanely cheap for a ssd
i wondered if US pricing was diff than NZ pricing by that much
but newegg doesn't seem to have anything like that pricing normally, maybe they were getting rid of old stock
actually last i knew msata pricing was attractive for really small sizes, 20gb, 30gb etc
hmm corsair force is cheap
i have no idea what they're like
oh it's refurbished
$20/mo for a dedi ?
did I read that right
nesta: for a disk for a dedicated i think :)
o lol
up_the_irons: ivy bridege has a designted thing for cache ssd's
heh ocz has more reburshied than other people
jbergstroem: ah
up_the_irons: talk about expanding to server boards as well, haven't seen it yet
jber: can't hotswap i imagine
they need little msata slots on the front or something
up_the_irons: called SRT or something. basically helps you to create a transparent drive on semi-hw raid plus one cache ssd
jber: only on windows isn't it?
mercutio: no, i think its hardware based. i tried booting os x on one which worked but i didn't really need it so i went for a single ssd instead
jber: oh, the help i meant
can't say i trust it 100%
it may passtrhough drive normally too
mercutio: ah, yeah probably. there's a lot of software/drivers built around it
it's evolving
mercutio: actually, os x has "fusion drive" nowadays too. something similar. http://rochetechnology.com/quick-hackintosh-tip-create-a-fusion-drive/
i'd rather see flash-based-write-cache controllers bulit into motherboards
with passthrough disks rather than hw raid
mercutio: yeah. for sure. plus a small battery
or capacitor
the idea about having flash is that you only need enough charge to write the memory contents to flash
and then the battery doesn't have to last forever
jbergstroem: ah cool
hmm amazon seem cheaper than newegg for ssd's
i was thinking of trying to buy one from the US before if it would be cheaper...
still more than $89 though
daym newegg for not shipping to aus/nz :(
they do
err
through third party ?
well you can get delivery addresses in the US
that then send to you
they repackage things now
to keep prices down
cos some places use huge boxes etc :/
well nz has an easy to use service that isn't the cheapest
btu there are also international onces
it's still probably $10 to $20 for delivery even for something small like a ssd
url?
http://www.nzpost.co.nz/products-services/online-shopping/youshop?utm_source=home&utm_medium=midpage&utm_campaign=youshop
http://www.shipito.com/
i've never used any of thse'
http://www.kiwishipping.co.nz/
ok thanks
are you in au?
yeah
there's prob something local there
i assume demand is similar there
last time i compared, it basically added up comparing to local companies. preferred giving them my monnies instead
someone on local forum said shipito.com was expensive
you can easily pay > $200 USD for heavy things like servers
on various shipping things
but small things like ram/ssds/etc is where it probably could make more diff
although servers seem to cost a lot more in nz and au than the US
everything is more expensive :(
yeah
software is too :/
even if downloading over the internet
btw, is it advised to run your own ntpd (i still do) even if you have a linux vm and run the kvm-clock tsc?
i guess it boils down to if the host runs ntpd or not?
i don't think running openntpd locally should be a problem
but i have no idea if it's necessary or not
you could compare running it versus not, but ram usage isn't that high
i compared at least 6 months ago, and localtime had drifted - so i installed openntpd (and nowadays run busybox-ntpd); but still, running ntpd if host already does is pointless.
(assuming you run kvm-clock)
what's kvm-clock?
its a driver for hte linux clock source
back in the days, people switched from the rc to a tsc from processors since it gave you a higher accuracy. kvm-clock is a way of getting hte host clock so the os doesn't have to keep track of this themselves
from the rtc, sorry
hmm i wonder what openbsd does
i still don't quite understand what hpet does
but it seems hpet is the normal timer these days for modern os's?
hpet is hardware timing, introduced in newer mobo's, replacing rtc
yep, its very reliable
but you can never avoid drift if you don't rely on ntp/clock protocols
pertty sure openbsd has support for both hpet and tsc
don't think it picks up kvm clock though. i just upgraded my 5.2 to 5.3 and still get unknown clock source
ahh
yeh old kvm version on most nodes
hmm
up_the_irons: you around?
up_the_irons: To answer your question - mSATA stuff plugs into mini PCIe slots, but it's not strictly PCIe and the slot has to support mSATA. It's found inside most laptops nowadays, and I think I've seen it on some recent Intel desktop motherboards. Generally, mSATA is what laptops use for SSDs given the chance (Apple and Chromebooks to name a couple) since it's smaller and lighter and you could probably still fit an old-fashioned hard ...
... drive too.
And I can vouch for the expense of shipping servers to NZ - My company's stuff is usually about 15lbs at shipping and costs the customer $300-$400USD for shipping (FedEx), plus duties. International shipping just sucks.
up_the_irons: btw I have a handful of those OCZ Agility3 120GB SSDs and so far they've all been fantastic! Been running them for about 18mos now and still going strong, and fast. Using them from everything - cache and log drives in ZFS pools, raid1 on my desktop (good lord the speed!), in the missus' gaming machine, and in most of my laptops.
Can't vouch for any of there more recent stuff (I know they changed controllers in the Agility 4, trading IOPS for throughput), but I'm happy.
if anyone uses openbsdâ€¦ don't upgrade to 5.3 on arpnetwork vps' â€¦ you won't have a good time.
orly
What's the problem?
I use OpenBSD 5.3 on ArpNetworks and it's just fine?
Did you disable mpbios?
hmmâ€¦ em0 just doesn't want to work.
watchdog timeouts everywhere
if i can try to intercept the boot loader i'm going to try mpbios.
I've had to disable mpbios since forever.
I don't know how you've been getting along without doing it.
(using console over ssh)
kvm page said it wasn't required anymore
this is maddening. :P
Do you still have an old kernel that you can boot?
CaZe: do you use the vnc console interface? doesn't seem very useful.
I use the console server.
I added a longer timeout to my boot script though.
*timeout
But I think I was able to still make it in at the default timeout, if you time it right.
it seems the console doesn't connect fast enough.
Maybe.
VNC should work though.
it swaps to com0
(sry after)
set tty com0
if i power off from a console session the vnc session disconnects and it doesn't reconnect fast enough at power on.
Can't you send a reboot through VNC?
just waiting now for config command to respond.
not sure.
Well, do you have an old kernel you can boot?
u using 32 bit or 64bit kernel?
maaaaybe.
64.
I'm using an old snpashot though.
ah. just tried upgrade to release.
Well, try to get the timing right on the bootloader.
Or, just boot off the cd image.
(assuming you have an openbsd installer cd loaded)
Doesn't really matter which version installer.
yeah not sure. how can do you dhtat without access to the boo loader?
You have to get in on VNC.
k.
Just have your vnc client ready to login, with you login and password already typed in.
And when you boot your VM from the console server, wait like five seconds before clicking connect on VNC.
Maybe less.
Maybe not at all, I dunno.
Play around with it.
mpbios seemed to do the trickâ€¦ lying KVM bastards
blargh. didn't fix icmp issue from 5.2
What ICMP issue?
with pf enabled icmp drops, every 1 of 25 echo requests are returned.
(that's with an empty pf.conf)
disable pf.. and it works just fine.
one of these days i'm going to buy another vps to collect the info for a sendbug.
i've had this VPS since 4.7 so could be infrastructure related as well (ie. old KVM, old VM template etc.)
CaZe: thank or the boot.conf idea. definitely popped that in.
(using amd64 kernel)
(non mp)
What is it again? It drops pings?
ping 174.136.100.18
Set pf debug loggingâ€¦ log fills with: /bsd: pf: icmp type 8 in wrong direction (1): ICMP out wire:
this happens from all over the internet so i'm pretty sure it's not just my devices. :P
Well, my snapshot is from August.
100 packets transmitted, 5 packets received, 95.0% packet loss
Yes.
who was complaining that i3 is 700kb yesterday?
because it's not true
ah, aslr
How is it not true? I du -sh'd the src directory, phlux.
maintainer claims it's mainly documentation that you're looking at
says the source is not 700kb
i3? ion3?
i3wm
.org
is it a fork of ion?
Doesn't look like it http://en.wikipedia.org/wiki/I3_(window_manager)
they prob should have used a more differnt name then
may be in tribute to it? *shrug*
There was a lot of excitement over I3 a few months back
hmm
i been using ion for over 10 years
so i suppose i'm not jumping at the chance to try other wm's
unless can see benefit
tried them all orig :/
benefit: Not writing config in LUA
i don't do shit all lua, my config is simple
i don't even write a config, it writes it for me
but in the past i've changed some key bindings around
to execute different stuff
and that may or may not have involved lua
it is good to see more people getting into tiling window managers though
i found awesome meant constantly trying to rotate through different layouts
i prefer to just set layout myself
but i like they're using the new X stuff
Awesome isn't perfect :/ But I've made it work for me. Besides there's only a couple layouts I use consistently
Float, one of the tiling ones, and fullscreen
i am quite enjoying urxvt
only problem is i still haven't got the best colour scheme
it actually feels faster than gnome-terminal
and doesn't flicker
flicker?
xterm flickers
o
when you scroll
gnome-terminal flickers white when you make new terminal
urxvt does neither of those
roxterm also goes white when you make new terminal
(i use dark background)
URxvt*background: #000229
have that as a background currently, it's like very dark blue
i suppose now my main issue is that ssh connectinos to remote hosts can be too slow to connect
i'm half tempted to use multiplexing which can speed it up, but can also mean they all die at once
it's partially cpu speed partially latency partially os
openbsd connects quicker than linux by about 2x for close hosts
O_o
174 msce versus 279 msec, and the openbsd host is slower cpu
with faster connect
that's for ~10 msec away
it's 4.1 seconds to connect to uk host
#kiwiproblems
heh
yep
i dunno maybe something needs caching
DNS is the only thing you can cache here
i remember a while back there was a https optimisation that chrome started doing that reduced one rtt
but broke some sites
dns is anycast should be fast
it seems now days anycast is the main way to speed up dns
but hardly anything seems to do anycast on reverse lookups
and lots of dodgy sites have slow dns
like if you do lookups on random ip's that connect to you uninvited
that might be where its slowing down, openssh does reverse lookups on connecting IPs
yeah cache at remote end
but reverse dns isn't anycast
i wonder what ttl it has
86400
2607:5300:60:e3a::1 - do a reverse on that, how long does that take you?
host 2607:5300:60:e3a::1 0.00s user 0.00s system 1% cpu 0.633 total
i'll try from somewehre else too
real0m1.795s
hmm
huge diff
both in nz
actually that may have been nameservers with 86400 ttl
i'm ahving problems finding the ttl using dig
that particular PTR has 1800 TTL
ahh
try timing a host lookup on 202.49.67.22
host 2607:5300:60:e3a::1 0.00s user 0.00s system 1% cpu 0.322 total
;; Query time: 633 msec - resolving via local recursor
host 202.49.67.22 0.00s user 0.00s system 1% cpu 0.462 total
curious
bryce has faster dns :)
:D
that's actually interesting
static got same query time for my reverse lookup, as i got for his reverse lookup
(dnsmasq on my router, spread between Google's public DNS servers v4 and v6, as well has HE's DNS servers v4 and v6)
;; Query time: 0 msec - now its in my cache :)
bryce: using all-servers?
lol staticsafe
I run my own DNS recursors
ahh i used to do that
because why not :)
using unbound?
BIND because i do authoritative as well
mercutio: yes, all-servers
eww :/
brycec: that's what i shifted to doing at home
*shrug* I've taken a liking to BIND
i wonder why that other server i tried took 1.7 seconds
probably didn't have cache of some steps before hand
yep
cold caches
that's one of the reasons i don't run my own dns resolver
I find that pointing my home network towards my 2 resolvers builds up a nice cache :)
i wonder how many qps before it makes sense? 20? 100? 200 ?
heh
i benchmarked heaps of dns resolvers before
then found that the way i was benchmarking didn't really measure real world performance
it's a kind of complex issue
http://stats.asininetech.com/asininetech.com/uriel.asininetech.com/bind9.html - this one is also my mail server, so lots of queries
like no-one in nz probably looks up domains in ethiopia
so everyone will have slow lookups to there
yes
but that doesn't matter
so if you randomly pick domain names
you'll probably find some international focused dns stuff will be faster than local stuff
but if you pick real usage domains, closer will be better
like facebook has a high chance of being cached
I originally started doing my own DNS because my ISP's one was so shit
do you run web stats?
i see lots of spikes
heh
web stats?
like looking up heaps of reverses
using webalyser or such
http://mx1.stats.staticsafe.ca/
in a cron job
nope
hmm
i wonder what the spikes are then
more e-mail
ahh pflogsumm
wow you hardly have any rejections
my rejection rather is like 10x my received or something
s/rather/rate/
heh what'st htat SASL LOGIn thing
someone trying to brute force you?
yea noticed
not unusual
oh actually my rejection rate went down a lot
still higher than yours
as you can see, its my mailing list e-mail, so not a lot of spam
date received delivered deferred bounced rejected
--------------------------------------------------------------------
Apr 28 2013 957 675 109 7 9105
Apr 29 2013 1611 1116 199 20 5606
Apr 30 2013 3762 2557 175 1 1580
actually 0 spam from non-list sources
it's kind of ireregular it seems
my reject count is unusual, its actually just greylisting
oh
i use zen.spamhaus.org
which im thinking of disabling
i don't greylist anymore
it's too annoying when you're waiting for a mail
yea i use postscreen with zen.spamhaus.org and some other black lists
oh so it just doesn't reach postfix
yea
postscreen is <3
but yeah, i dunno why apr 28 was so bad
and apr30 good
it won't do much harm, it's just one of those things i occassionally notice
i imagine peoelpe without zen.spamhaus.org get a lot more spam?
yea
zen kills a lot of stuff
it's annoying how wasteful of resources mailing lists are
but as ssd's get cheaper etc i suppose people are likely to care less and less
amavisd-new takes care of the rest
i'm using amavis too
and dkimproxy
I use opendkim for DKIM checking and signing
and dcc, and razor, and pyzor etc.
i used to use dspam
I was thinking of dspam but meh
i'm actually still getting some phishing coming through
i dunno dspam started going wrong
and amavis can't feed it anymore
it expires tokens
so if you stop feeding it stuff it goes weird
i think that was it
yea possibly
it's obvious phishing stuff though
i dunno how to block it easily though
57444 N May 04 Kiwibank ( 254) Kiwibank internet banking customer support
51094 O Mar 11 ASB Bank ( 73) Hello ASB Customer
57338 O May 02 ASB Bank Limite ( 132) Irregular Activity On Your Account.
etc
i actually surprisingly little spam on even my main accounts
get*
bank phishing seems popular
and fedex
and paypal
i'm not even using kiwibank or asb bank though
the real problem is that lots of bank email looks like spam too
with html and crap
heh
sent from weird remote mail servers
my bank sends me 1 e-mail per month
hmm so does mine
saying i should pay my credit card
heh
it's even using domainkeys
and not coming from a dodgy looking server
yea banks usually do
I know Paypal uses it for sure
lots don't use spf still
my one is now at least
but it's ~all
oh wow way more are since i last checked
i do -all on most of my domains
hey the other two are using -all
why can't my bank!
wow only one bank i checked so far has no spf
the all the rest have -all except my bank
hah
ok 2 don't have
anz and bnz
hangon maybe anz isn't a bank
rbc.com. 300 IN TXT "v=spf1 mx ip4:142.245.29.128/28 ip4:142.245.61.128/28 -all"
oh it is it just sucks at google
:)
that your bank? nice
yea
carribbean?
nope, royal bank of canada
yeh it asked me what country i am in
they are international yea
do tehy use windows or linux?
no idea
curk tells me that they don't tell me what web server they run
and all their pages say .html :/
the online banking stuff is a CGI app
ok
so probably unix
maybe solaris or aix or something
i'm always hesitant when i see aspx on a bank
maybe shouldn't worry so much
heh
they may write their passwords down on paper and throw them in the trash for all i know
actually i haven't heard much in the way of bank security issues
ok i better go to supermarket before storm starts
New to bsd... which bsd is recommended to be used a webserver openbsd or freebsd?
Either one.
FreeBSD is probably easier for a newbie to get started though.
Damn a friend just bought me a absolute openbsd 2nd edition...
Then just use that.
It's not *that* different.
But i got the impression openbsd was more for routing
It does routing very well, but it does serving very well too
FreeBSD is meant more for serving, though, yes.
Im a little confused coming from linux.
Linux is retarded.
hahahha ouch i have like 6 servers at work alll rhel
I'm sorry that you pay for the ability to use free software.
lol
lol the hostility
I gotta go eat dinner :) Good luck. FYI #FreeBSDHelp on EFNet is good.
I'm kidding around, but I do hate Linux.
ok cool thank you
aha
ttyl
thank you
so I did some more customizing to i3's bar: http://www.phluxbox.com/img/air8ai.png
For the wireless network, it colors the essid based on the connection quality, and it does the same for battery percentage based on where it's at :)
thompson!
but that's kind of cool
your color scheme reeminds me of solarized
hmmm where it says mpd arist song name do you find it's often difficult with long artists / song names
or does it up more space to the left
Well, I'm doing it. I'm going back to hosting my own e-mail. Lord help me.
hahaha
dkim, spf, domainkeys, amavis, dspam, spamassassin
so many complications :)
good luck
heh.
Well... I'm just getting dspam set up now, looks like it includes vlamav.
clamav.
I do need to get the SPF records in
i use clamav from amavisd-new
i don't find clamav hits much
but hitting anything is better than nothing
true
mercutio: it uses up more space to the left
mercutio: it just depends on how long the artist/song is. If you don't want it to do that, though, you can use ${scroll 15 $mpd_artist - $mpd_title}
but I wasn't really a fan of how it scrolled
oh cool
Yeah. dspam is sucky to set up.