brycec: And suddenly you're back. What, were you off with your /other/ family again? Ugh. /s
up_the_irons: lol
yes
***: mnathani_ has quit IRC ()
mnathani_ has joined #arpnetworks
carvite has quit IRC (Ping timeout: 252 seconds)
carvite has joined #arpnetworks
sorressean: Has anyone had problems with IPMI? when I click on cd-rom image, it just says I don't have priviledges to perform this action, then my session times out and I have to log in again.
brycec: I don't remember having any issues with the virtual CD. sorressean: I trust that you logged back in and tried it again with the same result?
sorressean: eah.
yes*
Meh. this IPMI java interface is not accessible.
Is there a serial console?
brycec: Welcome to the nature of most IPMI web interfaces on the market :( But fortunately it's your standard IPMI interface so tools like ipmitool will work too
(And just to clarify - The vast majority of server BMC/IPMI web interfaces suck, terribly and horribly. Just know that it's not ARP's fault.)
staticsafe: indeed
sorressean: Yeah, I figured it was'bnt.
staticsafe: submitted the needed paperwork to ARIN, now we wait o/
sorressean: thanks, going to try ipmitool
brycec: Hooray staticsafe
I want an ASN of my own... just to have, not for any real purpose.
staticsafe: heh
unfortunately ARIN frowns upon that
brycec: Yeeeaaaah
That they do.
I just want to feel important.
RandalSchwartz: For many months after I was abruptly terminated from Intel, the ASN for intel corp was still in my name
might have even been years... I forget.
it was some amazingly low number. :)
brycec: lol
AS99?
RandalSchwartz: Yeah, that was it
brycec: RegDate: 1987-02-19
Seems like it's no longer used
RandalSchwartz: yeah - I don't even remember why we got it, or why my name ended up attached to it.
oh - it's because we had an internal net, and two connections to the world
twobithacker: doesn't appear to be in the routing table
brycec: Because it's not announcing anything
RandalSchwartz: Yeah, not sure how they're doing it now
twobithacker: huh, bgp.he.net says it was seen as recently as Oct 2014
RandalSchwartz: weird
brycec: I thought Intel had a /8 but I don't see it now so I'm guessing they gave that back too.
RandalSchwartz: for a while, they used 128.215 inside the company, but it didn't belong to them. :)
brycec: lol. I wonder who it does belong to...
RandalSchwartz: Oh wait... that was the right number
one part of the company was using a routable number, but just made it up
eventually became a problem when we got "the net"
brycec: You stay classy, Intel!
RandalSchwartz: so they had to do a great renumbering
eventually joining 128.215
***: acf___ has joined #arpnetworks
SpaceDum1 has joined #arpnetworks
anis has joined #arpnetworks
acf__ has quit IRC (*.net *.split)
CaZe has quit IRC (*.net *.split)
SpaceDump has quit IRC (*.net *.split)
anisfarhana has quit IRC (*.net *.split)
ix33 has quit IRC (*.net *.split)
ix33 has joined #arpnetworks
staticsafe: hm ARIN needs an invoice, I guess I'll have to wait for billing to run today
brycec: staticsafe: What's wrong with last month's invoice?
staticsafe: my last ARP invoice was in April 2014 :P
brycec: Oh I see, returning to the fold then
***: hive-mind has quit IRC (Ping timeout: 256 seconds)
hive-mind has joined #arpnetworks
mercutio: static: with 32bit asn's you'd think they wouldn't see the need for such things?
or are requeusting a short ASN?
brycec: I think they just realized that there's no point in being reckless, that's how we end up with /8's used by a single company.
-: brycec should upgrade zeit.arpnetworks.com to Jessie...
mercutio: i don't that was a bad thing in the first place.
i just don't think anybody expected the internet to last so long
without changes
brycec: Well sure nobody planned ahead/expected it.
But I still don't think Ford Motor Company needs 16.8 million public IP addresses.
mercutio: that could have been fixed 18 years ago or something though
brycec: Practically everything could have been fixed in the past... hindsight and whatnot
mercutio: yeah
brycec: I have less of an issue with /8s that are assigned to computer companies (Apple, HP, DEC) or whole governments and transit providers, but COME ON why does an car company need 17 million IP's?!? Or an oil company? Or financial services?
-: brycec rages
m0unds: gotta put those PLCs on the public internet brycec
brycec: (That being said, I still don't think the United States Dept. of Defense needs 201 million public IP's, especially when they run their own non-Internet networks)
lol m0unds
mercutio: yeah well we know ipv4 is a mess
brycec: (And MIT's /8 is just MIT holding out to be dicks. True story.)
mercutio: so now we're trying to screw up ipv6
the ip address side of ipv6 is fine..
but how the hell do you multihome?
brycec: heh
mercutio: do you need a /48? do you need a /32?
sorressean: Anyone done any installs with IPMI using ipmitool? trying to install BSD over SoL. it's just hanging, not sure if there was anything special I needed to do.
mkb: I usually spend an enormous amount of time and effort trying to make it work and eventually give up and try to get someone else to do it
mercutio: the sol is configured normally, but you need to make sure whatever you're using is outputting to serial
java works
sorressean: awshit.
mercutio: i think i did java
sorressean: okay, maybe I can do that from FreeBSD installer
brycec: mercutio++
sorressean: Yeah, the java one isn't accessible with a reader.
There is literally no way for me to do this.
brycec: Some installers start a serial terminal by default alongside VGA.
I think Debian does, for instance.
staticsafe: multihoming with /48 works just fine
mercutio: static: yeh i think it generally does atm
but if everyone wanted to do it, there might be a push to become more restrictive
sorressean: Hrm. wonder if I can get arp to deploy bsd for me, given my issues
mercutio: and it goes back to the way of doing things that happened in ipv4
sorressean: This is fun learning, but I need this working so I can start the switch
mercutio: with people using "provider" space to multihome
sorressean: you can't get java wokring?
oh right
brycec: sorressean: Which BSD? if it's OpenBSD, I'll do it for you.
sorressean: mercutio: applet is not accessible
brycec: it's FreeBSD
brycec: blech :P
sorressean: I'm not cool enough for OpenBSD. :p
I like my jails.
mercutio: jails aren't necessarily secure
sorressean: No, they're not.
But they make my life a lot easier sometimes.
brycec: It's nice to have logical machines :)
sorressean: (I can easily just wipe them out and rebuild if I need. So I have a development jail)
mercutio: cool
brycec: it's not a hatred of FreeBSD or anything, just that I have far less experience installing it (and there are more questions involved, etc)
(oh and it takes longer)
BryceBot: That's what she said!!
mercutio: yeah as long as you're not overvalueing security from them, they're probably pretty useful
brycec: Too often people think of VM's and containers and jails as magical security cures. Gotta correct those people before they do damage.
mercutio: brycec: i think vm's are introducing less security in general :)
it's a complex problem though
sorressean: Yeah, it's useful in a sense, but it's not really the base of my security
brycec: Good.
mercutio: like 4 vm's are more likely to have a hole than 1 server.
brycec: (all my jails communicate over lo - now THERE's some network security :D)
*lo0
(er, lo1 actually)
mercutio: lo1
sorressean: brycec: I do that too.
staticsafe: 100ge7-2.core1.lon2.he.net thats a lot of bits
sorressean: It's cool because you can limit what connects where and resource usage of groups of services
mercutio: it's only ge
* 100 :)
staticsafe: heh
mercutio: youu can get 100 gigabit ethernet cards for pc now i thnk
like connectx-4 does 100ge i thikn
mnathani_: @exch 56.49 usd to cad
BryceBot: 56.49 USD -> 68.20224117 CAD (as of Thu, 30 Apr 2015 13:01:02 -0700)
staticsafe: the GBP to CAD exchange rate is painful
@exch 72.50 gbp to cad
BryceBot: 72.50 GBP -> 111.26679936831 USD -> 134.33607868174 CAD (as of Thu, 30 Apr 2015 13:01:02 -0700)
staticsafe: yeah
mercutio: damnit have to request quote to get price for 100gbe card :/
brycec: heh
mercutio: i wonder what rouuting performance would be like on linux near 100gbe :/
http://arstechnica.com/security/2015/04/30/spam-blasting-malware-infects-thousands-of-linux-and-freebsd-servers/
this souunds like they've put some effort into doing a good job.
what openbsd has a bug
with mailformed executables.
brycec: It happens sometimes
BryceBot: That's what she said!!
brycec: And specifically, maliciously-formed ELFs
mercutio: yeah
hmm hammer2 may be getting ported to openbsd :)
gsoc project
brycec: <-- not holding his breath
mercutio: neither
that's why i said may
may overload whoever is doing it
oh openbsd 5.7 is out already
m0unds: gah, one of my fans sounds sick
sounds like an old garage door opener
mercutio: at least fans are cheap
mkb: but nobody has received it in the mail yet
mercutio: oh?
it's usually early :(
isn't it?
i don't like cd's
mkb: it used to be
the new shipper is in England, that won't help us in North America
mercutio: i don't even have a cdrom drive :/
the idea mostly is for support
and to make it easier to write it off as a business expense
rather than to actually use
i think most people who buy cd's still download it
i'm starting to even use usb sticks less now
mkb: eh.. it'll arrive by the time I have a chance to install it and I only need it on my thinkpad locally at least
mercutio: i can just do pxe boot over network
mkb: now I'll download it a million times to install on servers
why in the world do they do this?
https://blog.mozilla.org/security/2015/04/30/deprecating-non-secure-http/
mercutio: what
just title :)
what i want is in between http and https
i want validation of content, cacheable
and validation of where something's coming from-
having keys etc on packgaes etc gives a reasonable certainty
mkb: and doesn't require https
mercutio: i'd actually like extended attribute stuff to be done more on unix
like when you download a file it stores where it came from
but yeah i'm kind of irrate at the way that caching is going out hte window
if you have 20 cellphones in an office you can't have a local proxy it cache updates
s/it/to/
BryceBot: <mercutio> if you have 20 cellphones in an office you can't have a local proxy to cache updates
mkb: http was supposed to do that
mercutio: well not on android, as all the updates go via https.
mkb: the rfc describes all sorts of caches and proxies
mercutio: yeah i haev a local proxy
mkb: https screws it up
mercutio: it's even on ssd's :)
it's very noticable with things like updating packages on two hosts.
because it's like 100x the speed :)
mkb: I wish I had more than one openbsd machine at work
mercutio: why's that?
mkb: everything would work much better if only we'd scrap linux
mercutio: like what?
mkb: no more systemd
mercutio: systemd is fine
mkb: actually that's not a fair complaint because I don't think we're ever going to really upgrade past centos 6
mercutio: i find stability and predictability are better with openbsd
but upgrades can be a pita
mkb: exactly
mercutio: lots of people still use centos5
i hate centos
mkb: they go changing crap every six months on linux or else it's one of the old centos 6 machines
mercutio: what's with that fastmirror crap
it doesn't even work reliably
and it takes ages
mkb: we have a mirror but fastmirror can't figure that out
and there's like 5 mirrors on internet2 closer that it can't find either
mercutio: new zealand is actually good for mirrors in general
and most mirrors will do 60 to 80mb/sec+
there's no openbsd mirror in new zealand though.
yeah it's 5 mirrors on internet2 that's the issue
i can understand it not finding a local mirror...
if it's just your own mirror
but it seems to be bad even with public mirrors
mkb: I think we have a public mirror
It's a university
mercutio: oh
oh taht's even worse :)
mkb: should be 1Gbit/s
mercutio: the problem with universitys can sometimes be that file storage is non-local and slow
mkb: oh I never considered he might put the files on NFS
mercutio: so there may be plenty of network capacity and slow disk
mkb: I hope not
mercutio: it depends, is nfs everywhere there?
it used to be extremely common in sun days
it's not so common for newer setups, that are more linuxy ;/
mkb: we use it all over the place, but I don't know anything about how it's run
mercutio: but it's making a come back with vmware
sorressean: did you get sorted ok?
***: dj_goku has quit IRC (Remote host closed the connection)
mordac has joined #arpnetworks
mordac: hello, can i please request that the OpenBSD 5.7 install CD be added to the list of CD-ROMs available in the control panel? The amd64 URL is http://ftp5.usa.openbsd.org/pub/OpenBSD/5.7/amd64/install57.iso
the i386 url is http://ftp5.usa.openbsd.org/pub/OpenBSD/5.7/amd64/install57.iso
er...http://ftp5.usa.openbsd.org/pub/OpenBSD/5.7/i386/install57.iso
mercutio: it'll probably be added shortly mordac
it's less than 24 hours since release.
brycec: mkb, mercutio - if you hadn't heard there are manufacturing issues with the CD's so they're late.
(It's still best to send an email so up_the_irons has a todo item to cross off)
mordac: mercutio: I make the request because it was my request that got 5.6 up in November. I don't mind making the request and it seems to get the job done. :)
mercutio: ahh ok
brycec: heh
Oh mordac, typical OpenBSD nerd...
Well up_the_irons tells me my dedicated machine has been upgraded, and indeed it's back up and running... but for whatever reason I cannot SSH in. *sigh*
mercutio: ipmi?
brycec: looks like it. Damn firewall... worked fine before the shutdown, now I'm apparently locked out.
<3 "sol activate"
mercutio: yeah it's convenient. what'd you do to it?
brycec: Second hard drive and more RAM
-: brycec gets to look forward to an online RAID build in-production, w00t
brycec: wtf, Linux... "ip route add...." "RTNETLINK answers: No such process" and I have no routes
heh my network configs are apparently totally screwy. Thank goodness for IPMI sol!
mercutio: hmm
uubuuuntu trusty?
brycec: Debian Wheezy
mercutio: oops leaning on keys
ahhh
that shouldn't have anything weird about it's setup
brycec: Seems like it might be having some odd issues with bridging atop bonded interfaces
mercutio: sh
oh
brycec: purely script-wise. Technically it works fine.
For whatever reason when Debian's ifup adds the ipv4 to the bridge, it doesn't take. No errors or anything, and I can manually run the ip commands later and get it up.
well here goes nothing...
hooray! everything is just fine
removed the inet6 configuration and everything came up just fine