ubnt announced a pair of new little edgerouter devices - $49 and $79 respectively
link?
tiny little guys
https://www.ubnt.com/edgemax/edgerouter-x/?utm_source=Ubiquiti+Newsletter+Subscribers&utm_campaign=118f9d5b9e-EdgeRouter_X_X_SFP_03_01_15&utm_medium=email&utm_term=0_1c1b02cb37-118f9d5b9e-238482017&mc_cid=118f9d5b9e&mc_eid=d136c500ee
Dayuum
MIPS cpus, 130kpps w/64byte pkts
yeah, cool little things
i still wanna try out an ERL, might do one of these instead since i don't think i'd replace my gateway with it and it's 50% of the price of the ERL
as soon as you turn on anything, that pps sinks like a cinder block
for its intended market it's fine
if you were looking for something that has full feature support at line rate, you're looking at ASIC powered stuff...doesn't really compare to a $50 or even a $99 box at all
my wife forgot to tell me she was selling a bunch of textbooks back to amazon. i recycled most of my boxes yesterday. DOH
amazon has a buyback program?
yeah, no idea when they started it
whoa
cool
prepaid shipping as usual
if they won't accept the books you registered to sell back, they'll just ship them back to you
If the book you want to sell is found not to be in good condition, or is the wrong ISBN, your account will not be credited and the item will be returned to the addresses you select when creating your trade-in.
hmm
yeah...
that might be a free way to ship books to places...
:P
lol
yeah, these things are heavy (medical textbooks)
this is amazing
That's what she said!!
ive pretty much given up on trying to sell my textbooks since they are so old
yeah, my wife tried selling her undergrad stuff right out of college and couldn't find a bookstore that wanted them
but it seems like amazon wanted about 80% of the graduate stuff. i just hope they don't send them back, lol
Nice
I should look into that...
That's what she said!!
At least get a couple of bucks
BryceBot: no
Oh, okay... I'm sorry. 'I should look into that...'
oh super
8.8.8.8 broke here
You in Turkey?
California
Different kind of oppression, I guess.
:P
acf@vermilion:~$ nslookup google.com 8.8.8.8
;; connection timed out; no servers could be reached
mtr pls
http://paste.unixcube.org/k/a3c85f
strange. I didn't see packet loss in the mtr earlier
lol mike-burns
but DNS still wasn't resolving
like right now
0% packet loss, DNS not resolving
http://paste.unixcube.org/k/7a9c17
8.8.4.4 is also affected
probably hitting a down anycast node
it responds to ICMP though
it's also intermittent
It's responding to me now
but a few minutes ago I also timed out
yea, it's ok for me now too
nvm, down again :P
still wfm
It works here, beautiful.
i wouuldn't use 8.8.8.8 and 8.8.4.4 as my two dns servers
you could use one of them, and one of something else.
4.2.2.1
personally i like the idea of 3 dns servers.
You glutton.
but normal resolvers have long timeouts.
192.168.1.1 and 1.2 ?
it'd be nice if freebsd would shift to openntpd
Sure but NIH.
there seems to be another ntp vulnerability on the freebsd security list.
it didn't sound that bad, but hard to know
freebsd didn't make ntpd did they?
Well phk@ announced a re-write.
oh?
so it's going to compete with openntpd?
http://phk.freebsd.dk/time/ https://github.com/bsdphk/Ntimed
Yeah.
ahh it seems it may be targeting to be more full featured than openntpd
In the mean time, openntpd is in FBSD ports.
Excuse me guys.
Is it normal I don't understand what both of you talking about?
It happens to me a lot, so yes.
Ok carry on.
Is there anything in particular you want to know more about?
I just thought my sickness level increasing..thats all.
Doctor confirmed that i have a disease few weeks ago.
*has confirmed
ntp is network time protocol
I know that at least.
it keeps servers clock's synchronised over the internet.  some people have "good clocks" and run servers, which are then connected to by people who have good connectivity
and then users connect to those hosts with good connectivity.
I had experienced with master clock before.
the legacy ntp daemon has been around forever, and is a lot of old code.
kind of like sendmail, bind etc.
openntpd is a kind of minimal implementation with security in mind, with security being preferred over feature-set.  afaik it doesn't have hardware support for good clocks to feed etc.
Why bother using ntp if we know it had problem before?
well openntpd is a little newer.
Whats wrong with single clock on your machines?
and ntp can be tweaked to be less ... open
normal clocks on computers lose time a lot
So people use ntp just because it keep clock sync over the net?
it varies a lot.
ntp is good if you want to have second-level accuracy.
so if you have two servers and look at logs on each, you can correlate times.
and NTP is useless, if you have stand alone server, with no internet connection?
if you don't use anything your clock may be 10 minutes+ out of sync eaisly.
with things like dsl modems etc that have ntp support they don't even have a hardware clock.
I see.
so the time will be wrong by months/years/etc.
I don't have any problem with the accuracy of the clock before.
ntp can work with a gps clock
I mean without NTP
http://www.ntp.org/ntpfaq/NTP-s-refclk.htm
windows uses ntp
i've had problems with clocks before.
Not if you untick the options for Internet Server in windows.
You guys are amazing
You can tell a story about clock and NTP like 24 hours non stop.
we weren't talkin gabout ntp for 24 hours
You have your fact, I have my own fact, debate, arguing, go silent,quit, come back, and another issue.
Wonderful.
Another story/issue etc etc
that's kind of what IT is like, yes, anis.
But IT is killing me.
how so?
It maybe can kill you too.
So don't tell people in future nobody telling you that IT can kill you.
life kills you
it's all part of the cycle.
Correct. But my case, IT is killing me.
If not because of IT, i probably can be better.
5.35 AM
Sleep time.
Bye bye mercutio and mike-burns
Ciao.
It was nice talking to both of you today.
in news today, gmail let their secure certificate expire.
What? The cert I have loaded is good from 25 March through 22 June, 2015.
for smtp to smtp i think
someone was complaining on outages@ a few days ago
and then someone else said it was fine for them
(I have another tab open to gmail with 19 Mar - 16 June, 2015. Interesting)
i imagine it wasn't expired for that long.
(looks like Google rotates certs every three months)
i can't see the emailp, maybe itw asn't outages@
oh it was nanog
(Looks like smtp.gmail.com serves just a single certificate, valid 18 Feb to 31 December 2015)
(not the same as the reported issue above, I know, just observing different certificate practices)
it was smtp.gmail.com on nanog
these certificates have weird times on it
orly? huh
err dates
like why 18 feb to 31 dec
i wonder if they're backdating them a bit for people with off clocks
I feel like it's more likely they had that cert all along and it may just not have gotten pushed
having lots of ssl errors in general is often due to wrong fclock.
for 9.5 months?
why would that be "for 9.5 months"?
it's still a little strange.
@date Feb 18 2015
18 feb to 31 dec
6 weeks, 6 days, 13 hours, 46 minutes, 25 seconds ago. [Interpreted date: Wed, 18 Feb 2015 00:00:00 -0800]
oh that's more than 9.5 months
Right. I'm suggesting that they forgot to install the certificate for 6 weeks
that's 10.5 months.
But the duration is odd
oh i mean duration rather than when it was there
Yeah, i was responding to your remark about backdating.
oh right
damn my level3 test site shifted to ntt :(
performance decreased a few days ago.
so it probably shifted then.
was that what caused their outage a couple days ago w/smtp?
m0unds: yeah would have been
although i think it was 3 days ago
i don't use smtp, i just got alerts from google about an outage some number of days ago
s/don't/didn't
<m0unds> i didn't use smtp, i just got alerts from google about an outage some number of days ago
smtp as in port 587 / 465 for sending mail ?
yes, i don't use a mail client
neither do I
desktop mail client, rather
all web
for me
but in this case, their smtp server was returning an invalid cert - i was able to send mail via gmail interface w/out delays or errors, so i guess it only impacted people sending via smtp.gmail.com or whatever
http://venturebeat.com/2015/04/04/gmails-ssl-certificate-for-smtp-appears-to-have-expired/
yeah
what the fork
I am trying to follow http://evilrouters.net/2009/08/21/getting-bgp-routes-into-dynamips-with-video/
with current routing table
but I keep getting: Segmentation fault (core dumped)
command is : zcat bview.20150407.1600.gz.1 | bgpdump -m - > myroutes-april.1
sounds like bad code :)
i dunno why dynamips is
oh are you just trying to get a full route table?
yea
full table
works with code from 2009
bview.20090820.2359.gz
I have that file, but wanted more recent routes
maybe you should just get a bgp session?
https://github.com/YuZhang/bgpdump-zy/blob/master/ChangeLog
apparently there were segfaults with empty as paths.
sometimes these things aren't kept current in distributions
A+ to up_the_irons :)
Not exactly blown away by SuperMicro's GUI, but meh, as long as it gets the job done.
brycec: use ipmi :)
Error: Unable to establish IPMI v2 / RMCP+ session
uhh it should work
are you using the vpn?
Yep
(as evidenced by the fact I'm on the web gui :p)
true :)
try -L USER -I lanplus
ipmitool -I lanplus -H IP -U myuser lan print
was what I tried
hmm
(with IP and myuser replaced)
I'm also getting "You don't have permission" popups on certain sections of the web gui, which seems odd.
eg: Maintenance -> System Event Log
Set Session Privilege Level to ADMINISTRATOR failed: Unknown (0x80)
Now I get that ^ from ipmitool
oh gah
yeah that's happening to me now too
but -L USER fixes it
heh (I swear I didn't break YOUR Metal box :p)
haha
the gah was mostly about having a copy of my old key
but yeah it works for me
i just need the -L USER
so try ipmitool -L USER -I lanplus -H IP -U myuser lan print
Can confirm, -L USER gets me no error
Also, "lan print" is blank :/
same here
try sensor
(as is "lan print 1")
s/lan print/sensor/
<brycec> (as is "sensor 1")
well not that hah
sol works :D
yeah
sweet
Which is really the most critical one :p
it's better than using web
well that and power/reboot
sensor lists several sensors with no values.
hmm it works fine for me
"sensor get ..." seems to work, slowly.
At least gives me info about the sensor
sensor is slow here too
it does a rtt for every line i think
"sensor reading FAN" has no reply though
(but sensor get FAN" dumped info about it.)
yeah i wouldn't worry about sensor normally
i just find it an easy thing to check ipmi is working
Ditto. Though I would like to be able configure alerts to notify me on failure...
youu can do that inside the machine
(that's one of those "You don't have permissions" popups in the web gui)
That's what she said!!
BryceBot: no
Oh, okay... I'm sorry. 'youu can do that inside the machine'
brycec: did you go for ssd's?
Pretty sure it's just the standard 1TB
ahh ok
that's what the portal says
just 1?
(I inherited the system)
Looks like the base specs
ahh ok
damn i'm paranoid about not having raid :)
Yep based on price, it's the "Starter" level
mercutio: Tip for the future, -L OPERATOR
how's that different from -L USER ?
USER doesn't have permission to "power reset" ;)
oh
(It's a notch above USER on the scale)
i can't say i tried power reset :)
And corresponds with what's listed under "user list"
well sensor still worked with it, thanks.
:P   18:02:55              ⤷ | well that and power/reboot
yeah i've tried it with ipmi in general, just not on arp
That's what she said!!
init=/bin/bash
OpenBSD ;)
boot -s
hehe
i assume everyone uses linux these days for some reason
brycec: are you enjoying the gigabit connectivity on your METAL box?
Not yet
since I have no login on the box :p
heh
http://www.openbsd.org/faq/faq8.html#LostPW
will there be virtualization on that box?
openbsd doesn't do virtualisation.
lol mercutio thanks, I'm familiar ;)
oh ok
*will* there be? Maybe, I might reinstall with FreeBSD or Linux for Qemu/kvm
ctrl-alt-del not working by default is a bit irritating.
oh right.
sonofagoddamnmotherfucking... I wish Java would stop trying to use Firefox's proxy settings. *sigh*
(Sorry, that was out of line. Just frustrates me.)
it does seem strange
i thought things didn't generally use firefox's proxy settings.
Linux desktop running Awesome, so there's no DE for Java to scrape the proxy settings from, so it falls back to using Firefox's for some reason.
I should rephrase that - there's no DE capable of providing proxy settings for Java.
reading http_proxy is the standard
that's what chrome, wget, etc use for proxy
I only use Firefox when I have to bounce over a SOCKS/SSH proxy/tunnel because FF's proxy settings are quick and easy to twiddle. (Chrome is a command-line switch only, or environment, either way requires restarting Chrome)
But, meh
yeah i've done similar.
it's kind of annoying that you can't change proxy easily in chrome
i used to use some extension to do it for me
although in my case it's usually to disable proxy
https://chrome.google.com/webstore/detail/proxy-switchysharp/dpplabbmogkhghncfbfdeeokoefdjegm
that's what i used, iirc
this looks handy
pretty painless, you can set up profiles for different proxies
i used an ssh proxy to evade web filtering at work because it was obnoxious and getting anything whitelisted was awful
Thanks for the link
heh
so i set one up for direct, one for one box, one for another and could just switch it by clicking on the icon and selecting a profile
pretty handy
That is handy.
Personally, I'm going to stick to using a separate browser. Minimizes my disruption.
m0unds: can that proxy switcher work on a per-tab basis?
Oh man, going through some old authlogs and seeing attempts for "xbmc" and "xbian" really has me worried that people are connecting their RPi's directly to their Internet connection :/
m0unds: if you didn't notice, "SwitchyOmega is the 2.x version of switchysharp and should be used instead."
(Not sure if you still use the extension since you changed jobs)
(That's from the github)
mnathani_: looks like Omega can switch by host/url
https://chrome.google.com/webstore/detail/proxy-switchyomega/padekgcemlokbadohgkifijomclgjgif third slideshow image
"You can tell SwitchyOmega to switch between proxies automatically through the mighty Switch Profile." (from the quickstart guide)
I think I have lost count of the number of new things learnt from this channel
lol
w00t, can confirm it does automatic switching
So it's potentially better than per-tab
you mean I can watch netflix now without using Firefox
awesome!
Yes
But I'm sure any proxy-changing extension would have allowed that :p
http://www.open-xchange.com/dovecot
has anyone heard of this?
Heard of Dovecot itself? yes of course.
nah open-xchange
apparently powerdns and dovecot are now part of some "open-xchange" company thingy?
I think I heard of it awhile back trying to build an Exchange-compatible alternative, but I might just be confusing very-similar names
their website is too template like for my liking
heh
i was always impressed by dovecot
it seems on a similar level to postfix to me
dovecot is an mta, or imap provider?
it's a imap provider that has a mda
mda
(what mercutio said)
(pop too I think)
yeh pop too.  you don't have to use their mda too.
so you can use postfix/procmail/dovecot as the mda bit
like any of them.
procmail is the easiest known example of a mda
postfix/dovecot do other things as well,
  basically dovecot adds indexes on top of normal mail, and if you let it deliver mail for you it'll update the indexes automatically
otherwise it'll update indexes when you check your mail.
but it's also got some filtering capabilities with less arcance syntax than procmail.
personally i still use procmail
hmm dovecot has 1000 euro security bounty too
brb reboot
brycec: didn't notice, but hadn't used it since sept. thx for heads up though because i did still have it on chrome, just disabled
https://twitter.com/davidu/status/585632424626905088
TWITTER: Re: The Google DNS attack, we see backscatter in our telescope for requests for shifen[.]com. This graph should be 0. http://t.co/Pcm4dTuN8p (Wed Apr 08 02:37:05 +0000 2015)
I added it (Omega) and disabled it, just to have it in case I ever need it :p
works for me, haha
Aw my Metal's gbps connection seems to max out at 100mbps, v4 :/
that seems strange
to where?
Link is GbE, but pulling http://www.azurespeed.com/Azure/Download cruised at 11.98MB/s
try curl http://la.meh.net.nz:24/10m > /dev/null
i reckon it should go 800 megabit
Ooh, CDN is faster, 18MB/s
http://cachefly.cachefly.net/speedtest/
Next to impossible to gauge GbE speed with a 10M file, but it clocked at 44MB/s
brycec: it's not impossible :)
there's testfile.zip
for 200mb
15MB from cachefly
44mb/sec is nice.
200MB file at 26MB/s
oh you're using openbsd
I guess my initial test was just crap
openbsd's network static isn't great for fast speeds.
Meh, it's good enough. And now that I've proven I can exceed 100mbps, I'm happy
Thanks mercutio and m0unds
if you don't have tcp timestamps enabled on the server, it won't increase it's receive window above 16k
sho 'nuff
and it caps window size at 1mb by default in the source iirc
it also increase the window size a bit slow for cubic
fortunately for sending it works pretty good
Looks like OpenBSD is topping out at 75MB/s to mirrors.arp
mirrors can do more than that
aka 600mbps
try downloading the same file again
88.11MB/s
yeah that's more like it
(good thinking)
704mbps
nice
i've had 100 million bytes/sec from it before
(i think it was divide by 1000 rather than divide by 1024)
aka 100 mebibytes/s
isn't megabyte/1024 ?
hm, shoot you've got me second-guessing myself now :p
actually it is /1000
megabyte = 1000, mebibyte = 1024
hangon that's weird
mebi = binary = 2^X power
but a kilobyte is 1024 bytes/.
should be 1000 technically
@wa 1 kilobyte to kibibytes
convert 1 kB  (kilobyte) to kibibytes;0.9766 KiB  (kibibytes);1000 bytes;8 kb  (kilobits);8000 bits;7.813 Kib  (kibibits);0.007629 Mib  (mebibits);information;[information];Words of data on an 8-bit system:,  ->1000 words,  ->500 longwords;Words of data on a 16-bit system:,  ->500 words,  ->250 longwords;Words of data on a 32-bit system:,  ->250 words,  ->125 longwords;Words of data on a 64-bit system:,  ->125 words,  ->62 longwords
1000 ^^
but 16 megabytes of ram is 16777216 bytes
@wa 16 megabytes to bytes
Sorry, I couldn't reach the backend API.
@wa 16 megabytes to bytes
BryceBot: TRY HARDER
Sorry, I couldn't reach the backend API.
you broek it?
I dunno, not my backend API :p
The lazy can just https://www.wolframalpha.com/input/?i=16+megabytes+to+bytes
Answer: it's 1.6*10^7
so, 16000000000000
(I lost count of 0's)
Hmmm what to install on this box... Vmware? Proxmox? XenServer? FreeBSD? So many choices...
has it got more than 8gb of ram?
No
what's it going to be used for?
It has no purpose
But the boss doesn't want to give it up just in case we need it
(silly!)
haha
(we have a spare VPS for that reason too)
linux/kvm then
aka Proxmox
it means if you do want to use it
you can just copy an image over etc
I personally <3 Proxmox, but I'm open-minded
haven't used it
meh I can do the same with Vmware or FreeBSD (to greater or lesser extends)
i use xen
*extents
vmware on 8gb ram?
I'm sure it would install >.>
well youu need a raid controller if you want to do raid with it
But I'm fairly inexperienced when it comes to vmware
or you need to do the virtual machine that acts as storage
yeah it'd install
I'm sure I can't sell the boss on this either, but perhaps I could free up the VPS and move them all over
yeah shift to 1 vps + metal maybe
What reason is there to keep any vps at that point? just reducing spof?
yeah
well the metal doesn't even have raid :)
depends how much you're storing, but restore time in the case of hard-disk failure could be quite long
Good points
so for anymthing critical you may want to have a copy locally
or be able to use arp's backup stfuf
and pull it back
Indeed
what about if youu got rid of 2 vps's, made the 3rd vps bigger, and got another hard-disk?
it's probably about the same cost
Perhaps, though we're pretty good on VPS sizing now (no need to upgrade)
I am looking at upgrades for metal (ssd, add'l drives, etc)
maybe you can ugprade to 16gb at the same time?
ahh ok
i thought you may want to be able to run all 3 vps's worth of stuff on one vps.
Would be nice to have 4*256GB SSD, but I can't justify doubling (actually, more than) the monthly cost
i don't thiink you can do more than 2 hard-drives
unless you get one of the 1u servers
https://www.arpnetworks.com/dedicated says "Max 4"
yeah
but i don't think you can upgrade if you're on a blade past 2.
that's for new orders..
(One VPS is completely unused right now, so I only have to worry about 2 VPS, and they could easily be consolidated)
Hm, good to know, something to keep in mind and ask Garry later
i have 3 disks on arp metal
but it was provisioned that way from the start.
it's a bit weird.
I'm still not a fan of ARP's drive pricing. In a few months, I've paid enough to have bought the hdd in the first place :/
i imagine that this may change soon
hard-disks use lots of power too
well about 7 watts
constantly
damn where's a quiuck calculator for that
looks like power costs around 22c kwh there
which seems cheap
SSD too, although it's a bit less egregious :p takes about 6mos to pay off one of those.
well cehaper than i thoughjt it'd be
it's actually the same everywhere you know :)
you make your money on the upgrades
you could go dedicated.
ok it looks like $1/month
so yeah power isn't that bad
but i forgot to margin in power supply loss
also hard-disks can fail, and that means someone replacing the hard-disk.
I've heard that SSD and hard disk are now similar in MTBF
hard-disk failure rates aren't really going down
the higher density seems to be puushing failure rates up a little even
and they seem to fail quicker when they fail now :(
like if you get a single sector not able to be read you should replace a drive asap
whereas it used to be that it'd work for a few months probably
I've seen the same - about equal. SSD can last a bit longer too.
a lot of that's to do with ecc though
as you only get to see errors when it goes above a certain point.
i've seen more "bugs" with ssd's.
but i've had more failures with hard-disks
like ssd's that'll just stop reading, or go really slow or such
Ditto.
one thing i've noticed is more and more of a shift to 2.5" hard-disks.
and 300gb sas drives vs 256gb ssd's, at 2.5" makes ssd's seem ilke quite a nice idea.
and laptop drives aren't really that great.
you can do about twice as many 2.5" drives as 3.5" drives in the same footprint.
and even 2.5" sas drives seem tiny
they weigh a lot more than ssd's though
http://www.anandtech.com/show/9145/samsung-sm951-pcie-ssd-now-available
the 128mb ssd is quite affordable.  especially when you consider it does 2000mb/sec read speed.