nesta: hehe up_the_irons: mercutio: urxvt +1
phlux: nice screenshot ***: ziyourenxiang has joined #arpnetworks jbergstroem: up_the_irons: what kind of hw monitoring is on arp and what's on the client?
sorry - meant to say that this is regarding a dedicated server up_the_irons: ? jbergstroem: up_the_irons: well, if a disk dies for instance up_the_irons: ah jbergstroem: or a nic, or one of the two psu's up_the_irons: we have a nagios plugin for the disks
nic is not monitored (we encourage both nic's to be used in case one dies)
http://support.arpnetworks.com/kb/dedicated-servers/about-the-dual-1-gbps-gige-nics-on-arp-metal-dedicated-servers
that Source Code Pro font looks nice jbergstroem: so, all the client should care about is software? good to know
will most likely go to dedicated in june. What would a 128G ssd cost me/mo? up_the_irons: so the 128GB SSDs are the same price as 1TB SATA jbergstroem: ok, $20/mo then. sounds good up_the_irons: (haven't updated the website yet, but that will be the official pricing)
yeah jbergstroem: intel 7xx series? up_the_irons: depends on price, u have a link for one you like?
i was looking at these: http://www.newegg.com/Product/Product.aspx?Item=N82E16820227726
damn, missed the sale... they were $89 a few days ago jbergstroem: i'm going to use mine for cache, so one of those msata things woudl work just as well for me. not sure there's supermicro boards for "enterprise" with those features just yet
(referring to these: http://www.newegg.com/Product/Product.aspx?Item=N82E16820167040)
well, doesn't matter much tbh. if you have something that works, lets go with that. up_the_irons: ok cool
what is the msata thing? :)
oh,, that link...
where the heck does that thing plug in? some PCI slot?? ;) mercutio: they have a special slot for them normally i think up_the_irons: cool mercutio: $89 seems insanely cheap for a ssd
i wondered if US pricing was diff than NZ pricing by that much
but newegg doesn't seem to have anything like that pricing normally, maybe they were getting rid of old stock
actually last i knew msata pricing was attractive for really small sizes, 20gb, 30gb etc
hmm corsair force is cheap
i have no idea what they're like
oh it's refurbished nesta: $20/mo for a dedi ?
did I read that right mercutio: nesta: for a disk for a dedicated i think :) nesta: o lol -: nesta goes back to observing jbergstroem: up_the_irons: ivy bridege has a designted thing for cache ssd's mercutio: heh ocz has more reburshied than other people up_the_irons: jbergstroem: ah jbergstroem: up_the_irons: talk about expanding to server boards as well, haven't seen it yet mercutio: jber: can't hotswap i imagine
they need little msata slots on the front or something jbergstroem: up_the_irons: called SRT or something. basically helps you to create a transparent drive on semi-hw raid plus one cache ssd mercutio: jber: only on windows isn't it? jbergstroem: mercutio: no, i think its hardware based. i tried booting os x on one which worked but i didn't really need it so i went for a single ssd instead mercutio: jber: oh, the help i meant jbergstroem: can't say i trust it 100% mercutio: it may passtrhough drive normally too jbergstroem: mercutio: ah, yeah probably. there's a lot of software/drivers built around it mercutio: it's evolving jbergstroem: mercutio: actually, os x has "fusion drive" nowadays too. something similar. http://rochetechnology.com/quick-hackintosh-tip-create-a-fusion-drive/ mercutio: i'd rather see flash-based-write-cache controllers bulit into motherboards
with passthrough disks rather than hw raid jbergstroem: mercutio: yeah. for sure. plus a small battery mercutio: or capacitor
the idea about having flash is that you only need enough charge to write the memory contents to flash
and then the battery doesn't have to last forever up_the_irons: jbergstroem: ah cool ***: ziyourenxiang has quit IRC (Quit: ziyourenxiang) mercutio: hmm amazon seem cheaper than newegg for ssd's
i was thinking of trying to buy one from the US before if it would be cheaper...
still more than $89 though jbergstroem: daym newegg for not shipping to aus/nz :( mercutio: they do
err jbergstroem: through third party ? mercutio: well you can get delivery addresses in the US
that then send to you
they repackage things now
to keep prices down
cos some places use huge boxes etc :/
well nz has an easy to use service that isn't the cheapest
btu there are also international onces
it's still probably $10 to $20 for delivery even for something small like a ssd jbergstroem: url? mercutio: http://www.nzpost.co.nz/products-services/online-shopping/youshop?utm_source=home&utm_medium=midpage&utm_campaign=youshop
http://www.shipito.com/
i've never used any of thse'
http://www.kiwishipping.co.nz/ jbergstroem: ok thanks mercutio: are you in au? jbergstroem: yeah mercutio: there's prob something local there
i assume demand is similar there jbergstroem: last time i compared, it basically added up comparing to local companies. preferred giving them my monnies instead mercutio: someone on local forum said shipito.com was expensive
you can easily pay > $200 USD for heavy things like servers
on various shipping things
but small things like ram/ssds/etc is where it probably could make more diff
although servers seem to cost a lot more in nz and au than the US jbergstroem: everything is more expensive :( mercutio: yeah
software is too :/
even if downloading over the internet jbergstroem: btw, is it advised to run your own ntpd (i still do) even if you have a linux vm and run the kvm-clock tsc?
i guess it boils down to if the host runs ntpd or not? mercutio: i don't think running openntpd locally should be a problem
but i have no idea if it's necessary or not
you could compare running it versus not, but ram usage isn't that high jbergstroem: i compared at least 6 months ago, and localtime had drifted - so i installed openntpd (and nowadays run busybox-ntpd); but still, running ntpd if host already does is pointless.
(assuming you run kvm-clock) mercutio: what's kvm-clock? jbergstroem: its a driver for hte linux clock source
back in the days, people switched from the rc to a tsc from processors since it gave you a higher accuracy. kvm-clock is a way of getting hte host clock so the os doesn't have to keep track of this themselves
from the rtc, sorry mercutio: hmm i wonder what openbsd does
i still don't quite understand what hpet does
but it seems hpet is the normal timer these days for modern os's? jbergstroem: hpet is hardware timing, introduced in newer mobo's, replacing rtc
yep, its very reliable
but you can never avoid drift if you don't rely on ntp/clock protocols
pertty sure openbsd has support for both hpet and tsc
don't think it picks up kvm clock though. i just upgraded my 5.2 to 5.3 and still get unknown clock source mercutio: ahh
yeh old kvm version on most nodes nesta: hmm
up_the_irons: you around? ***: cam13_ has quit IRC (Quit: Page closed)
heavysixer has joined #arpnetworks
ChanServ sets mode: +o heavysixer
heavysixer has quit IRC (Quit: heavysixer) brycec: up_the_irons: To answer your question - mSATA stuff plugs into mini PCIe slots, but it's not strictly PCIe and the slot has to support mSATA. It's found inside most laptops nowadays, and I think I've seen it on some recent Intel desktop motherboards. Generally, mSATA is what laptops use for SSDs given the chance (Apple and Chromebooks to name a couple) since it's smaller and lighter and you could probably still fit an old-fashioned hard ...
... drive too.
And I can vouch for the expense of shipping servers to NZ - My company's stuff is usually about 15lbs at shipping and costs the customer $300-$400USD for shipping (FedEx), plus duties. International shipping just sucks.
up_the_irons: btw I have a handful of those OCZ Agility3 120GB SSDs and so far they've all been fantastic! Been running them for about 18mos now and still going strong, and fast. Using them from everything - cache and log drives in ZFS pools, raid1 on my desktop (good lord the speed!), in the missus' gaming machine, and in most of my laptops.
Can't vouch for any of there more recent stuff (I know they changed controllers in the Agility 4, trading IOPS for throughput), but I'm happy. ***: heavysixer has joined #arpnetworks
ChanServ sets mode: +o heavysixer
nesta has quit IRC (Ping timeout: 245 seconds)
heavysixer has quit IRC (Quit: heavysixer)
hive-mind has quit IRC (Ping timeout: 256 seconds)
hive-mind has joined #arpnetworks
sean_ has joined #arpnetworks sean_: if anyone uses openbsd… don't upgrade to 5.3 on arpnetwork vps' … you won't have a good time. CaZe: orly
What's the problem? aslr: I use OpenBSD 5.3 on ArpNetworks and it's just fine? CaZe: Did you disable mpbios? sean_: hmm… em0 just doesn't want to work.
watchdog timeouts everywhere
if i can try to intercept the boot loader i'm going to try mpbios. CaZe: I've had to disable mpbios since forever.
I don't know how you've been getting along without doing it. sean_: (using console over ssh)
kvm page said it wasn't required anymore
this is maddening. :P CaZe: Do you still have an old kernel that you can boot? sean_: CaZe: do you use the vnc console interface? doesn't seem very useful. CaZe: I use the console server.
I added a longer timeout to my boot script though. -: sean_ CaZe: how did you do that?
CaZe sean_: echo "set timesout 60" >> /etc/boot.conf CaZe: *timeout
But I think I was able to still make it in at the default timeout, if you time it right. sean_: it seems the console doesn't connect fast enough. CaZe: Maybe.
VNC should work though. sean_: it swaps to com0
(sry after) CaZe: set tty com0 sean_: if i power off from a console session the vnc session disconnects and it doesn't reconnect fast enough at power on. CaZe: Can't you send a reboot through VNC? sean_: just waiting now for config command to respond.
not sure. CaZe: Well, do you have an old kernel you can boot? sean_: u using 32 bit or 64bit kernel?
maaaaybe. CaZe: 64.
I'm using an old snpashot though. sean_: ah. just tried upgrade to release. CaZe: Well, try to get the timing right on the bootloader.
Or, just boot off the cd image.
(assuming you have an openbsd installer cd loaded)
Doesn't really matter which version installer. sean_: yeah not sure. how can do you dhtat without access to the boo loader? CaZe: You have to get in on VNC. sean_: k. CaZe: Just have your vnc client ready to login, with you login and password already typed in.
And when you boot your VM from the console server, wait like five seconds before clicking connect on VNC.
Maybe less.
Maybe not at all, I dunno.
Play around with it. sean_: mpbios seemed to do the trick… lying KVM bastards
blargh. didn't fix icmp issue from 5.2 CaZe: What ICMP issue? sean_: with pf enabled icmp drops, every 1 of 25 echo requests are returned.
(that's with an empty pf.conf)
disable pf.. and it works just fine.
one of these days i'm going to buy another vps to collect the info for a sendbug.
i've had this VPS since 4.7 so could be infrastructure related as well (ie. old KVM, old VM template etc.)
CaZe: thank or the boot.conf idea. definitely popped that in. -: sean_ CaZe: does your vps have the same pf behaviour with 5.3? sean_: (using amd64 kernel)
(non mp) CaZe: What is it again? It drops pings? sean_: ping 174.136.100.18
Set pf debug logging… log fills with: /bsd: pf: icmp type 8 in wrong direction (1): ICMP out wire:
this happens from all over the internet so i'm pretty sure it's not just my devices. :P CaZe: Well, my snapshot is from August.
100 packets transmitted, 5 packets received, 95.0% packet loss -: sean_ to me I assume? :) CaZe: Yes. -: sean_ it's just ICMP.. all other IP traffic is perfectly fine which makes sense. ***: scottschecter has quit IRC (Ping timeout: 245 seconds)
scottschecter has joined #arpnetworks
scottschecter has quit IRC (Ping timeout: 252 seconds) phlux: who was complaining that i3 is 700kb yesterday?
because it's not true
ah, aslr ***: heavysixer has joined #arpnetworks
ChanServ sets mode: +o heavysixer aslr: How is it not true? I du -sh'd the src directory, phlux. ***: scottschecter has joined #arpnetworks phlux: maintainer claims it's mainly documentation that you're looking at
says the source is not 700kb ***: heavysixer has quit IRC (Quit: heavysixer)
scottschecter has quit IRC (Ping timeout: 256 seconds)
scottschecter has joined #arpnetworks mercutio: i3? ion3? brycec: i3wm
.org mercutio: is it a fork of ion? brycec: Doesn't look like it http://en.wikipedia.org/wiki/I3_(window_manager) mercutio: they prob should have used a more differnt name then brycec: may be in tribute to it? *shrug*
There was a lot of excitement over I3 a few months back mercutio: hmm
i been using ion for over 10 years
so i suppose i'm not jumping at the chance to try other wm's
unless can see benefit
tried them all orig :/ brycec: benefit: Not writing config in LUA mercutio: i don't do shit all lua, my config is simple
i don't even write a config, it writes it for me
but in the past i've changed some key bindings around
to execute different stuff
and that may or may not have involved lua
it is good to see more people getting into tiling window managers though -: brycec sticks to using Awesome mercutio: i found awesome meant constantly trying to rotate through different layouts
i prefer to just set layout myself
but i like they're using the new X stuff brycec: Awesome isn't perfect :/ But I've made it work for me. Besides there's only a couple layouts I use consistently
Float, one of the tiling ones, and fullscreen mercutio: i am quite enjoying urxvt
only problem is i still haven't got the best colour scheme
it actually feels faster than gnome-terminal
and doesn't flicker staticsafe: flicker? mercutio: xterm flickers staticsafe: o mercutio: when you scroll
gnome-terminal flickers white when you make new terminal
urxvt does neither of those
roxterm also goes white when you make new terminal
(i use dark background)
URxvt*background: #000229
have that as a background currently, it's like very dark blue
i suppose now my main issue is that ssh connectinos to remote hosts can be too slow to connect
i'm half tempted to use multiplexing which can speed it up, but can also mean they all die at once
it's partially cpu speed partially latency partially os
openbsd connects quicker than linux by about 2x for close hosts staticsafe: O_o mercutio: 174 msce versus 279 msec, and the openbsd host is slower cpu
with faster connect
that's for ~10 msec away
it's 4.1 seconds to connect to uk host brycec: #kiwiproblems mercutio: heh staticsafe: yep mercutio: i dunno maybe something needs caching staticsafe: DNS is the only thing you can cache here mercutio: i remember a while back there was a https optimisation that chrome started doing that reduced one rtt
but broke some sites
dns is anycast should be fast
it seems now days anycast is the main way to speed up dns
but hardly anything seems to do anycast on reverse lookups
and lots of dodgy sites have slow dns
like if you do lookups on random ip's that connect to you uninvited staticsafe: that might be where its slowing down, openssh does reverse lookups on connecting IPs mercutio: yeah cache at remote end
but reverse dns isn't anycast
i wonder what ttl it has
86400 staticsafe: 2607:5300:60:e3a::1 - do a reverse on that, how long does that take you? mercutio: host 2607:5300:60:e3a::1 0.00s user 0.00s system 1% cpu 0.633 total
i'll try from somewehre else too
real0m1.795s
hmm
huge diff
both in nz
actually that may have been nameservers with 86400 ttl
i'm ahving problems finding the ttl using dig staticsafe: that particular PTR has 1800 TTL mercutio: ahh
try timing a host lookup on 202.49.67.22 ***: HighJinx has quit IRC () brycec: host 2607:5300:60:e3a::1 0.00s user 0.00s system 1% cpu 0.322 total staticsafe: ;; Query time: 633 msec - resolving via local recursor brycec: host 202.49.67.22 0.00s user 0.00s system 1% cpu 0.462 total mercutio: curious
bryce has faster dns :) brycec: :D mercutio: that's actually interesting
static got same query time for my reverse lookup, as i got for his reverse lookup brycec: (dnsmasq on my router, spread between Google's public DNS servers v4 and v6, as well has HE's DNS servers v4 and v6) staticsafe: ;; Query time: 0 msec - now its in my cache :) mercutio: bryce: using all-servers? brycec: lol staticsafe staticsafe: I run my own DNS recursors mercutio: ahh i used to do that staticsafe: because why not :) mercutio: using unbound? staticsafe: BIND because i do authoritative as well brycec: mercutio: yes, all-servers mercutio: eww :/
brycec: that's what i shifted to doing at home staticsafe: *shrug* I've taken a liking to BIND mercutio: i wonder why that other server i tried took 1.7 seconds
probably didn't have cache of some steps before hand staticsafe: yep
cold caches mercutio: that's one of the reasons i don't run my own dns resolver staticsafe: I find that pointing my home network towards my 2 resolvers builds up a nice cache :) mercutio: i wonder how many qps before it makes sense? 20? 100? 200 ?
heh
i benchmarked heaps of dns resolvers before
then found that the way i was benchmarking didn't really measure real world performance
it's a kind of complex issue staticsafe: http://stats.asininetech.com/asininetech.com/uriel.asininetech.com/bind9.html - this one is also my mail server, so lots of queries mercutio: like no-one in nz probably looks up domains in ethiopia
so everyone will have slow lookups to there staticsafe: yes mercutio: but that doesn't matter
so if you randomly pick domain names
you'll probably find some international focused dns stuff will be faster than local stuff
but if you pick real usage domains, closer will be better
like facebook has a high chance of being cached staticsafe: I originally started doing my own DNS because my ISP's one was so shit mercutio: do you run web stats?
i see lots of spikes
heh staticsafe: web stats? mercutio: like looking up heaps of reverses
using webalyser or such staticsafe: http://mx1.stats.staticsafe.ca/ mercutio: in a cron job staticsafe: nope mercutio: hmm
i wonder what the spikes are then staticsafe: more e-mail mercutio: ahh pflogsumm
wow you hardly have any rejections
my rejection rather is like 10x my received or something
s/rather/rate/
heh what'st htat SASL LOGIn thing
someone trying to brute force you? staticsafe: yea noticed
not unusual mercutio: oh actually my rejection rate went down a lot
still higher than yours staticsafe: as you can see, its my mailing list e-mail, so not a lot of spam mercutio: date received delivered deferred bounced rejected
--------------------------------------------------------------------
Apr 28 2013 957 675 109 7 9105
Apr 29 2013 1611 1116 199 20 5606
Apr 30 2013 3762 2557 175 1 1580 staticsafe: actually 0 spam from non-list sources mercutio: it's kind of ireregular it seems staticsafe: my reject count is unusual, its actually just greylisting mercutio: oh
i use zen.spamhaus.org staticsafe: which im thinking of disabling mercutio: i don't greylist anymore
it's too annoying when you're waiting for a mail staticsafe: yea i use postscreen with zen.spamhaus.org and some other black lists mercutio: oh so it just doesn't reach postfix staticsafe: yea
postscreen is <3 mercutio: but yeah, i dunno why apr 28 was so bad
and apr30 good
it won't do much harm, it's just one of those things i occassionally notice
i imagine peoelpe without zen.spamhaus.org get a lot more spam? staticsafe: yea
zen kills a lot of stuff mercutio: it's annoying how wasteful of resources mailing lists are
but as ssd's get cheaper etc i suppose people are likely to care less and less staticsafe: amavisd-new takes care of the rest mercutio: i'm using amavis too
and dkimproxy staticsafe: I use opendkim for DKIM checking and signing mercutio: and dcc, and razor, and pyzor etc.
i used to use dspam staticsafe: I was thinking of dspam but meh mercutio: i'm actually still getting some phishing coming through
i dunno dspam started going wrong
and amavis can't feed it anymore
it expires tokens
so if you stop feeding it stuff it goes weird
i think that was it staticsafe: yea possibly mercutio: it's obvious phishing stuff though
i dunno how to block it easily though
57444 N May 04 Kiwibank ( 254) Kiwibank internet banking customer support
51094 O Mar 11 ASB Bank ( 73) Hello ASB Customer
57338 O May 02 ASB Bank Limite ( 132) Irregular Activity On Your Account.
etc staticsafe: i actually surprisingly little spam on even my main accounts
get* mercutio: bank phishing seems popular
and fedex
and paypal
i'm not even using kiwibank or asb bank though
the real problem is that lots of bank email looks like spam too
with html and crap staticsafe: heh mercutio: sent from weird remote mail servers staticsafe: my bank sends me 1 e-mail per month mercutio: hmm so does mine
saying i should pay my credit card staticsafe: heh mercutio: it's even using domainkeys
and not coming from a dodgy looking server staticsafe: yea banks usually do
I know Paypal uses it for sure mercutio: lots don't use spf still
my one is now at least
but it's ~all
oh wow way more are since i last checked staticsafe: i do -all on most of my domains mercutio: hey the other two are using -all
why can't my bank!
wow only one bank i checked so far has no spf
the all the rest have -all except my bank staticsafe: hah mercutio: ok 2 don't have
anz and bnz
hangon maybe anz isn't a bank staticsafe: rbc.com. 300 IN TXT "v=spf1 mx ip4:142.245.29.128/28 ip4:142.245.61.128/28 -all" mercutio: oh it is it just sucks at google staticsafe: :) mercutio: that your bank? nice staticsafe: yea mercutio: carribbean? staticsafe: nope, royal bank of canada mercutio: yeh it asked me what country i am in staticsafe: they are international yea mercutio: do tehy use windows or linux? staticsafe: no idea mercutio: curk tells me that they don't tell me what web server they run
and all their pages say .html :/ staticsafe: the online banking stuff is a CGI app mercutio: ok
so probably unix
maybe solaris or aix or something
i'm always hesitant when i see aspx on a bank
maybe shouldn't worry so much staticsafe: heh mercutio: they may write their passwords down on paper and throw them in the trash for all i know
actually i haven't heard much in the way of bank security issues
ok i better go to supermarket before storm starts ***: HighJinx has joined #arpnetworks
heavysixer has joined #arpnetworks
ChanServ sets mode: +o heavysixer
ideas1 has joined #arpnetworks
heavysixer has quit IRC (Quit: heavysixer) ideas1: New to bsd... which bsd is recommended to be used a webserver openbsd or freebsd? easymac: Either one.
FreeBSD is probably easier for a newbie to get started though. ideas1: Damn a friend just bought me a absolute openbsd 2nd edition... easymac: Then just use that.
It's not *that* different. ideas1: But i got the impression openbsd was more for routing easymac: It does routing very well, but it does serving very well too
FreeBSD is meant more for serving, though, yes. ideas1: Im a little confused coming from linux. easymac: Linux is retarded. ideas1: hahahha ouch i have like 6 servers at work alll rhel easymac: I'm sorry that you pay for the ability to use free software.
lol ideas1: lol the hostility easymac: I gotta go eat dinner :) Good luck. FYI #FreeBSDHelp on EFNet is good.
I'm kidding around, but I do hate Linux. ideas1: ok cool thank you easymac: aha
ttyl ideas1: thank you ***: ideas1 has quit IRC (Remote host closed the connection) phlux: so I did some more customizing to i3's bar: http://www.phluxbox.com/img/air8ai.png
For the wireless network, it colors the essid based on the connection quality, and it does the same for battery percentage based on where it's at :) ***: zeshoem has quit IRC ()
ideas1 has joined #arpnetworks mercutio: thompson!
but that's kind of cool
your color scheme reeminds me of solarized
hmmm where it says mpd arist song name do you find it's often difficult with long artists / song names
or does it up more space to the left ***: awyeah has joined #arpnetworks awyeah: Well, I'm doing it. I'm going back to hosting my own e-mail. Lord help me. mercutio: hahaha
dkim, spf, domainkeys, amavis, dspam, spamassassin
so many complications :)
good luck awyeah: heh.
Well... I'm just getting dspam set up now, looks like it includes vlamav.
clamav.
I do need to get the SPF records in mercutio: i use clamav from amavisd-new
i don't find clamav hits much
but hitting anything is better than nothing awyeah: true phlux: mercutio: it uses up more space to the left
mercutio: it just depends on how long the artist/song is. If you don't want it to do that, though, you can use ${scroll 15 $mpd_artist - $mpd_title}
but I wasn't really a fan of how it scrolled ***: ideas1 has quit IRC (Remote host closed the connection) mercutio: oh cool ***: scottschecter has quit IRC (Quit: WeeChat 0.4.0)
dj_goku has joined #arpnetworks
scottschecter has joined #arpnetworks
HighJinx has quit IRC (Read error: Connection reset by peer)
HighJinx has joined #arpnetworks
_mnathani_ has joined #arpnetworks
sean_ has quit IRC (Quit: sean_)
HighJinx has quit IRC ()
HighJinx has joined #arpnetworks
ziyourenxiang has joined #arpnetworks
HighJinx has quit IRC (Ping timeout: 256 seconds)
ziyourenxiang has quit IRC (Quit: ziyourenxiang) awyeah: Yeah. dspam is sucky to set up.