brycec: I'd say that's a tricky question... It's definitely reasonably secure and built on a strong base with a solid reputation, and it works very well.
And related is scp
I'd also say it's become the defacto standard, with good reason. robonerd: sftp it is
the default stock stuff in fbsd 10 solid? brycec: Just don't confuse sftp with ftps :p
Probably robonerd: i'm about to set up my first fbsd vps @ arp :) brycec: that's great robonerd: ty, ty :)
to make some side money to buy more vps's, i was thinking about setting up a basic but nice monitoring service to offer to other arp customers. think there'd be any value in that? brycec: There might be. Who's to say?
I'm not interested, but I have my own monitoring setup already robonerd: sweet :)
i want to put an install disc in cdrom. fbsd 10 isn't offered yet, so 9.2. i386 or amd?
why would both be offered to me when obviously both wouldn't work? brycec: Why wouldn't both work?
s/both/either/ BryceBot: <brycec> Why wouldn't either work? robonerd: why would an amd build run on an intel cpu?
and how do i know which my vm runs on? -: brycec facedesks robonerd: uhm, ok? brycec: robonerd: amd64 isn't for AMD CPUs... It's for 64bit CPUs. AMD won the race and got to name (so to speak) what the 64bit architecture is called. robonerd: please don't feel obliged to help me.
no kidding? brycec: Not kidding. robonerd: fascinating brycec: I facedesked because it's a very common assumption among the ill-informed. robonerd: ahh :) brycec: Same goes for Intel/x86/i386 robonerd: what about it? brycec: x86 is x86. x86_64 is x86_64 robonerd: oh ppl assum eintel only? brycec: right robonerd: ok
so i changed the cdrom. what's next step in reinstalling os of a vps?
i went with amd64, is that stable btw?
any caveats with 64 bit fbsd? brycec: Generally speaking , connect to the VNC console, reboot, press the key to boot from cdrom, and go.
If you don't plan to have/use 4GB of RAM (or more) then you're better off with 32bit. 64bit binaries are larger and end up being a waste of disk space. robonerd: ah no, i have 786 on this little guy hehe
32bit it is!
ok i'll look for an osx vnc client brycec: "Connect To Server" (Command K) in Finder, vnc://IPaddress robonerd: you must be kidding brycec: I'm not
Why do you keep assuming I'm kidding...? robonerd: vnc://kvr30.arpnetworks.com isn't working brycec: ...did you add the display/port? robonerd: huh? brycec: "VNC Server:... Port: XXXX" robonerd: adding :port didn't work
what syntax does this stupid text box expect? brycec: Correct syntax, I assume. robonerd: vnc://kvr30.arpnetworks.com:6142
didn't work brycec: try :242 then robonerd: that worked
why am i given an incorrect port please? brycec: I don't feel obligated. I'm just filling my time while configuring the new router. 02:07:07 < robonerd> please don't feel obliged to help me. robonerd: well, ty :) brycec: You're not. The OSX client expects a "display" (base port 5900) and ARP gives you the port number. robonerd: what?
ah no even 242 failed brycec: In short, it's a matter of terminology. robonerd: just not right away brycec: Is your VPS running? robonerd: no
ah brycec: You can't connect to something that's not running ;) robonerd: i can see it!!!
is this secure? brycec: Not especially... Don't send anything sensitive over the connection if you're paranoid, change your password once you can SSH in, etc. The login is reasonably secure though. robonerd: uhm, my name is used in my 'cust.' hostname of arp. how can i change that? i'm not comfortable with that brycec: The hostname? Just set it to whatever you'd like when you reinstall. robonerd: but won't the dns entry stay in arps record? brycec: Are you sure it's even setup as a DNS entry? robonerd: i can ping it. brycec: I'm not aware of ARP assigning DNS names to customers, so I can't help you there. robonerd: np brycec: I can tell you where to edit the reverse DNS... but that just maps IP to a name. robonerd: so if i do an install over vnc, couldn't someone intercept the root pw i pick? brycec: Yes. So use something temporary. And change it.
It's not likely someone will be sniffing your traffic though. But it's technically possible. robonerd: so what's the secure solution here?
for secure installation from scratch up brycec: Probably VNC over SSH. But that's not exactly easy. (Though there is a walkthrough when you login to console.)
(console.arpnetworks.com that is)
wow 0230 already
time for me to go home
have fun robonerd robonerd: thank you bryce :) -: robonerd waves ***: xiphias has quit IRC (Ping timeout: 240 seconds)
xiphias has joined #arpnetworks
laotzi has joined #arpnetworks
ziyourenxiang has joined #arpnetworks
ziyourenxiang has quit IRC (Quit: ziyourenxiang)
laotzi has quit IRC (Remote host closed the connection) m0unds: robonerd: there's already an osx vnc client, it's called screen sharing
/System/Library/CoreServices/Screen Sharing.app
oh, mentioned already - nevermind. scrollback was wonky ***: heavysixer has joined #arpnetworks
ChanServ sets mode: +o heavysixer
heavysixer has quit IRC (Quit: heavysixer)
heavysixer has joined #arpnetworks
ChanServ sets mode: +o heavysixer
laotzi has joined #arpnetworks
heavysixer has quit IRC (Quit: heavysixer)
heavysixer has joined #arpnetworks
ChanServ sets mode: +o heavysixer
heavysixer has quit IRC (Quit: heavysixer)
xiphias has quit IRC (Ping timeout: 240 seconds)
xiphias has joined #arpnetworks
xiphias has quit IRC (Ping timeout: 240 seconds)
xiphias has joined #arpnetworks robonerd: m0unds thanks hehe m0unds: haha, it's the thought that counts, right? robonerd: yep! m0unds: does work really well too, i made a shortcut to it on my dock
looks like centurylink fixed their ntt nonsense
maybe robonerd: doubt it
damn i hate os x so much. and apple in general m0unds: they did, pulling 30MB/sec
yesterday i was lucky to hit 95KB/sec
haha
now i can actually finish this remote backup robonerd: 50.56.34.188 keeps trying to log in to root on my vps
wow
huge diff there lol m0unds: change your ssh port to something else
yeah robonerd: well i might just implement port knocking m0unds: some people will say it's dumb to change ssh because if you just use a strong pw or keys or whatever, but i'm a big fan of not seeing shit in my logs robonerd: wtf m0unds: and the fewer failed login attempts clogging my logs, the better robonerd: it's someone from within rackspace
cloud-ips.com? m0unds: yea, probably their cloud platform
yep
haha
it's like aws but crappy robonerd: ?
so ppl spin up instances to crack with? m0unds: either a compromised box or someone did that ^
if you wanted to, you could excerpt the failed login attempts (a ton of them) and email them to rackspace abuse
i've kinda given up on doing that except in cases where there's a good level of belligerence, haha robonerd: i'll probably just write a script to automatically do that
as soon as some threshold of failed login attemps is sent, send an email off to abuse dept of IP allocation perhaps? m0unds: yea, if you want robonerd: they're going to spam me with crack attempts? i'll spam right back with abuse reports to their noc ***: RandalSchwartz has joined #arpnetworks
RandalSchwartz has quit IRC (Changing host)
RandalSchwartz has joined #arpnetworks m0unds: wee, backup completed robonerd: woohoo
screen sharing.app steals my command tab :/
not useful for a damn fbsd box
stupid apple :/ RandalSchwartz: it *has* to send that to the remote robonerd: why? it could just give me an option to not send any command + keys m0unds: i usually just use expose to switch apps away from screen sharing
i thnk cmd opt x releases the keyboard, but i could be wrong robonerd: the arp portal doesn't perform shut down, but it does perform power off and boot
any idea why? m0unds: acpi support in your guest? robonerd: wow, nice
command opt x does release it m0unds: word robonerd: thank you! why isn't that listed anywhere or a click pref?
what a terrible OS this is -: m0unds shrugs robonerd: m0unds not sure re acpi support in guest. check by rebooting into bios settings? m0unds: what guest os is it? robonerd: freebsd 9.1
can't remember my root pw, but i don't care because i want to install 9.2 anyway m0unds: i just requested the vps w/9.1 then mounted the cdrom via the portal and then installed 9.2 from scratch] robonerd: yea, that's what i'm doing now
when we do power off and such, does that actually cut power to some hardware? or just 'virtually' cut power to a guest vps m0unds: just virutally shuts it down
shutdown uses acpi i think to command a shutdown similar to pressing the power button on a modern machine
it's a graceful shutdown when it works
power off is, as you said, like virtually pulling the plug or switching the psu off robonerd: so i just booted to 9.2 in cdrom device 4. it boots to 'nakatomi socrates'
single or multi user to install? m0unds: just press enter ***: heavysixer has joined #arpnetworks
ChanServ sets mode: +o heavysixer
xiphias has quit IRC (Ping timeout: 240 seconds)
xiphias has joined #arpnetworks
xiphias has quit IRC (Ping timeout: 240 seconds)
xiphias has joined #arpnetworks
heavysixer has quit IRC (Quit: heavysixer)
xiphias has quit IRC (Ping timeout: 240 seconds)
xiphias has joined #arpnetworks robonerd: in network configuration - resolver configuration, what should i use for "search", and dns 1 and 2? brycec: fail2ban already has such a script 10:50:46 < robonerd> i'll probably just write a script to automatically do that robonerd: that sounds awesome ***: ese has quit IRC (Ping timeout: 246 seconds) robonerd: oh no, bsdinstall is asking if machine's cmos clock is set to utc?
i don't know how to get into the bios of my vps, or if it even has one, to change that
but i do want a utc based system, i always do :) brycec: No there is no BIOS per se, and yes, choose UTC m0unds: haha, it also says "if you're not sure, select no" robonerd: ah yes, no
then next screen, TZ selector where i pick utc!
do i want ntpd to be running? m0unds: yes robonerd: login group [foo]: <- i want this user to be in wheel, so do i type just wheel there, or will that replace the foo part?
user's name is foo, btw m0unds: it'll ask you if you want it added to other groups
type wheel in that dialog
leave the user in foo robonerd: k but...
how would i remove it from it?
it's in [], so to me it says that's the default, but if i enter something else, it'll not go into there m0unds: first dialog will say it's gonna default to its own user group
then it'll ask you "Do you want this user added to any other groups" type wheel, press enter ***: heavysixer has joined #arpnetworks
ChanServ sets mode: +o heavysixer
xiphias has quit IRC (Ping timeout: 240 seconds)
xiphias has joined #arpnetworks
heavysixer has quit IRC (Quit: heavysixer)
heavysixer has joined #arpnetworks
ChanServ sets mode: +o heavysixer robonerd: i booted with acpi option enabled and i can't use the web interface to 'shutdown'
i'm watching via vnc and no console message ever comes up m0unds: idk robonerd: dangit
i can't remember my root pw and i really don't like to hard cut power to OSs m0unds: http://www.lastpass.com
fwiw
you do have to remember the pw to the account on lastpass to be able to access your other pws, but it's a good way to securely save lots of pws ***: heavysixer has quit IRC (Quit: heavysixer) RandalSchwartz: indeed
I use 1Password too
belt *and* suspenders robonerd: RandalSchwartz any idea why the shutdown button doesn't 'do' anything in the portal? RandalSchwartz: does your OS respect ACPI? robonerd: yea
fbsd 9.2
it auto boots with acpi enabled RandalSchwartz: then it should, unless something's broken
I've had to hard stop my FBSD 8.x from time to time robonerd: it must be the shutdown button that's broken RandalSchwartz: No - it has worked
it sends the signal robonerd: it's not working for me RandalSchwartz: but the OS has to respond robonerd: i'm vnc'd in, i see no console message
i boot freebsd with acpi on RandalSchwartz: again - the OS has to response
maybe that part is broken
could be you're in the bottom half of a device interrupt robonerd: how can we get this resolved? RandalSchwartz: in that case, the ACPI interrupt isn't going to get dealt with anytime soon robonerd: i'm held up now doing a damn fsck or w/e that i don't know how to do vs getting work done RandalSchwartz: "this" "resolved"?
hard stop
reboot robonerd: the web panel isn't working
it should be fixed RandalSchwartz: NO
it's the damn os robonerd: doubt it. RandalSchwartz: if safe stop doesn't work, do a hard stop
it's not ARP's fault, by any means robonerd: how do you even know that? RandalSchwartz: the ACPI protocol is trivial
and has worked *most* of the time for me
but there are times when FBSD gets mad
and won't listen to ACPI
do you understand bottom-half of device routines? robonerd: no RandalSchwartz: when you're in the middle of handling a device interrupt
NOTHING else works
so you might be there
practically, we hope we spend very little time there
but sometimes, things go wrong
named from when the "top half" of the device handling code was all kernel side at normal priority, and "bottom half" of the code was all "interrupt level priority", aka "non-interruptable"
if FBSD is in bottom half, ACPI won't work
not ARP's fault brycec: Wow, so many relevant Google results! RandalSchwartz: heh brycec: And yes, ARP's button works just fucking fine. Why would you assume a commercially paid-for, for-profit service would have something as simple as a non-working button? RandalSchwartz: I'm pretty sure that "send an ACPI signal to a child VM" is hard to screw up
given that it works for me *most* of the time brycec: Also given that ARP didn't even write the underlying code, it's just a call to the qemu ipc RandalSchwartz: indeed
sometimes, you just gotta hard-stop
and use a filesystem that survives that robonerd: k pardon me for offending your gods brycec: An fsck would've been done hours ago at this rate anyways. robonerd: one million apologies, or we -: RandalSchwartz boots from ZFS, and has no problems with hard-stop RandalSchwartz: I have no gods -: brycec worships only himself robonerd: uhu RandalSchwartz: you mean uhura? from new star trek? Yeah, I could worship Zoe. :) robonerd: i nailed her
it was at a comicon RandalSchwartz: I *totally* believe that. Not. -: brycec wanders off in search of breakfast. at 1400. RandalSchwartz: Hard to believe a person who can't hard-stop their VPS for fear of a long fsck could possibly get into that girl. -: RandalSchwartz grins RandalSchwartz: on the other hand, a famous tech book author and podcaster... :) robonerd: it'll never happen
she needs the freshness m0unds: ... BryceBot: m0unds: S m0unds: ... BryceBot: m0unds: S m0unds: haha
i feel like i'm missing something hazardous: .... BryceBot: hazardous: H hazardous: ahhhhhhhhh m0unds: . BryceBot: m0unds: E m0unds: .. BryceBot: m0unds: I hazardous: ..
..... BryceBot: hazardous: I
hazardous: 5 hazardous: deterministic? m0unds: i'm so confused
hahaha hazardous: i really want to just do every single dot
up until it stops responding
and then figure it out
but that owuld piss off a number of people brycec: ... --- ... BryceBot: brycec: SOS m0unds: oh
morse code? brycec: yep
I plan to tweak it, make it not trigger on a single "letter"
someday
@cw Hello, World! BryceBot: brycec: .... . .-.. .-.. --- --..-- .-- --- .-. .-.. -.. -.-.-- m0unds: -.- .. ... ... / -- -.-- / --. .-. .. - ... brycec: ?
isn't a dit or a da hazardous: what is morse code brycec: / isn't a dit or a da m0unds: breka
break
haha brycec: good god hazardous whare are you, 9 years old??? m0unds: -.- .. ... ... -- -.-- --. .-. .. - ... BryceBot: m0unds: KISS MY GRITS brycec: lol m0unds: i feel like it's a meme robonerd: -- BryceBot: robonerd: M m0unds: WHAT IS <X>? robonerd: .-- BryceBot: robonerd: W brycec: haha m0unds
"What is AOL?" m0unds: .-- .... .- - .. ... .- -- . -- . ..--.. BryceBot: m0unds: WHAT IS A MEME? hazardous: brycec: to be fair my first ever internet connection was broadband brycec: What is ICQ? What is a pager? What is etc hazardous: and i never got the chance tou se the legendary aol m0unds: i should grep my logs and see how many times i've seen that hazardous: dammit bryce brycec: AOL had a broadband plan m0unds: "my first internet connection was broadband" hazardous: i had a smartphone as a kid!
it ran like
windows mobile 5 or 6
and was terrible robonerd: aol still does isp? m0unds: it was great robonerd: does it have the online service? hazardous: i think they still have the client
and you BYO internet nowadays robonerd: ah m0unds: i used a winmo device for years for work hazardous: but i'm slightly unsure why they're still around robonerd: i wonder if kids are still hacking it hazardous: m0unds: when i was in like year 5 or something i had this weird windows mobile thing
the touchscreen was terrible, it came with a stylus RandalSchwartz: You can't kill something that's already deaD! brycec: 0xdead m0unds: http://irclogger.arpnetworks.com/irclogger_log_search/arpnetworks?search=hazardous%3Bbroadband&action=search&error=0 robonerd: portsnap is kewl
how does this logger work? brycec: nicely done m0unds robonerd: i want to run the same thing in #coindev hazardous: how well does freebsd run on <64mb ram vm's m0unds: http://irclogger.arpnetworks.com/irclogger_log_search/arpnetworks?search=hazardous%3Binternet&action=search&error=0 brycec: robonerd: then setup your own http://colas.nahaboo.net/Software/IrcLogger m0unds: haha robonerd: k m0unds: i forgot i stopped logging my client because i rarely ever refer to my own logs robonerd: ty brycec: (or whatever other IRC channel loger you like) m0unds: and 99% of the time it's not worth it, except in an instance like this..for lulz hazardous: i never really logged
not sure why m0unds: what is logging? robonerd: well, our chan gets some serious convo hazardous: real funny mounds brycec: m0unds: o/ hazardous: what should i get for lunch, im a bit undecided brycec: "What is a newspaper?" robonerd: w/e is in your lunchbox m0unds: what is lunch? hazardous: baby dont hurt me
dont hurt me
no more m0unds: that song's too old for you dude brycec: ^ m0unds: came out in like 1994
shit, 1993 brycec: s/too old for/older than/ BryceBot: <m0unds> that song's older than you dude m0unds: it's alright, i was still in elementary school in 1993 brycec: likewise m0unds: i was NINE -: brycec was not nine hazardous: o_O m0unds: ahahahah
omg
searched harzardous;what's
and what is
[17:46] <hazardous> what's winnuke? this is the best one robonerd: haha RandalSchwartz: in 1993, I was 22
no... 32
damn - I'm old :) m0unds: slightly younger than my dad, haha RandalSchwartz: "Luke... I am your father..." robonerd: RandalSchwartz have any nice daughters? ant: in 1993, is was 3 :) RandalSchwartz: as far as I know, I have no offspring
at least, no letters from lawyers yet m0unds: haha RandalSchwartz: almost had, twice hazardous: almost!?
what IS winnuke though RandalSchwartz: you kids ant: i don't know either. and i'm old enough to get alcohol without being asked for my ID... RandalSchwartz: I got asked for my ID the other day. It never ends. m0unds: http://irclogger.arpnetworks.com/irclogger_log/arpnetworks?date=2013-06-22,Sat&sel=288#l284 ant: RandalSchwartz: maybe you just look so young ;) m0unds: haha RandalSchwartz: it was a bar open only two weeks
so they carded "everyone" m0unds: ah. don't wanna put the liquor license in jeopardy ant: i once did that when i had duty on a entrance at a big party at our university..some people got really pissed robonerd: 'doody' ***: grepidemic has quit IRC (Ping timeout: 246 seconds)
grepidemic has joined #arpnetworks RandalSchwartz: ... http://www.jonathancoulton.com/2005/09/30/thing-a-week-3-ws-duty/ m0unds: can't help but think of "call of doody" RandalSchwartz: heh m0unds: also spaulding's "DOODY" in caddyshack ***: laotzi has quit IRC (Ping timeout: 245 seconds)
laotzi has joined #arpnetworks
Hien has quit IRC (Remote host closed the connection)
Hien has joined #arpnetworks
[NSA] has quit IRC (Remote host closed the connection)
[NSA] has joined #arpnetworks
r0ni has joined #arpnetworks
m0unds has quit IRC (Quit: Lost terminal)
m0unds has joined #arpnetworks
r0ni has quit IRC (Quit: Textual IRC Client: www.textualapp.com) brycec: up_the_irons: I'm curious, where does ARP stand on tor and running an exit node? Is anyone running a tor node? (I have no plans to do so, just wondering what ARP does about theses things.) ***: [NSA] has quit IRC (Read error: Connection reset by peer)
[NSA] has joined #arpnetworks