***: hive-mind has quit IRC (Ping timeout: 265 seconds) grody: my first invoice is 129x
march 2012
crap, i been using ARP for that long?
must be doing something right ;) mercutio: heh RandalSchwartz: drwxr-xr-x 2 root wheel 2 Nov 21 2009 /media
that's my first day
I'm hoping that the downtime notice of jun 9 at 1am means tuesday morning and not wednesday morning. :) mercutio: yeah it does mean tuesday morning
was it not obvious? RandalSchwartz: well, some people would call that monday
especially if they are staying up for it mercutio: yeah it's one of those weird things
socially monday night 1 am
technically tuesday night 1 am RandalSchwartz: right mercutio: but usually when you have a preadvised outage it's a technical time not a social time.
what do you think would make it more clear? RandalSchwartz: I'm happy the notice didn't say PST. I would have revolted at that. :) mercutio: heh RandalSchwartz: no, it's fine. I'm just waking up and being slightly grizzled during that.
or confounded until the cobwebs clear.
"there's no f-ing PST until November peoples!" mercutio: i know the feeling. BryceBot: That's what she said!! mercutio: yeah there's no PT is there? RandalSchwartz: there's PT, and PDT, but no PST. mercutio: i sometimes find myself checking if i'm in daylight saving or standard time.
what?
of course there's a PST? RandalSchwartz: No
it doesn't exist anywhere
not until november mercutio: it still exists even if it's not currently used. RandalSchwartz: no place in the normal UTC-8 stays that way. they all move to UTC-7
how would it "exist" if you can't use it *anywhere*? mercutio: Yeah, but PST as a thing still exists. RandalSchwartz: the concept, sure. mercutio: it's dormant
it's like a bear hibernating RandalSchwartz: just like the concept "world peace" mercutio: It doesn't mean the bear doesn't exist. RandalSchwartz: that's different
a bear is a real thing
time isn't mercutio: so is a timezone. RandalSchwartz: not real mercutio: a time zone is a standard whether or not followed RandalSchwartz: anyway, finishing my wake-up sequence mercutio: even if daylight saving is abolished then PDT will still mean something
just be followed anymore.
you must be EST :)
EWDT
EDT
haha
before you correct me.
i suppopse you could be a 6 am riser.. RandalSchwartz: I have an early flight from PDX this morning
so I'm on schedule to get to the airport early mercutio: ahh RandalSchwartz: and.. unlike the TSA PreCheck that I've gotten reliably for the past few years, I've now been de-selected, so from time to time, I'm like everyone else. That sucks.
so I have to get there even earlier. :( mercutio: did you read about how the checking for weapons thing is failing miserably? RandalSchwartz: yeah - I hope that doesn't mean even more kabuki theatre mercutio: so there's a high level of convenience and low amount of increased security for the inconvenience.
s/convenience/inconvenience/ BryceBot: <mercutio> so there's a high level of inconvenience and low amount of increased security for the ininconvenience. RandalSchwartz: zactly mercutio: haha
i had no /g RandalSchwartz: in one response, I read "they should just target people based on profile, and randomly select another 10%, and let the rest just go to the gate after simply scanning the boading pass"
I agree mercutio: i heard that police stop black people in the US way more often than white people. RandalSchwartz: of course... more black people are involved in crime. :) :) mercutio: profile targetting often is kind of racist. RandalSchwartz: yeah - that's why we can't do that in the US at the airport. only from squad cars. mercutio: poor people commit more "obvious" crimes. RandalSchwartz: but El Al airlines can do it just fine. they profile everyone that boards. mercutio: rich people commit more hidden crimes.
off shore tax havens is kind of worse than petty theft. RandalSchwartz: I know. some white rich guy effectively has the equity that was in my house mercutio: monopolies, duopilies, price setting etc. RandalSchwartz: stole $100k from me. but will I ever see him prosecuted? no.
so I walked on the loan, and have a spare bedroom of a friend, instead of a 5-bedroom house. mercutio: the thing is, if you say that this stuff is bad.. it's too big a problem and too hard to track and follow for people to want to get involved with RandalSchwartz: my credit takes a hit. my net worth takes a hit. mercutio: so instead it's down to petty theft etc. RandalSchwartz: zactly mercutio: damn. RandalSchwartz: ok... shower time. mercutio: there's a problem here with people wrongly taking bills to debt collectors
for money that people didn't even owe.
screws up their credit rating, makes it hard for them to find somewhre to live etc.
someone won a court case over it recently.
i've heard so many billing problems with telecommunications stuff..
over a long period of time, and many different companies.
sometimes i wonder if it's on purpose because medium sized companies may not look over it properly
small the bill should be shorter and more obvious.. RandalSchwartz: I think there are many problems and often the wrong people solving them. :)
now to finish packing and get outta here. brycec: mercutio: Thank you! I've argued with Randal in the past that PST is still defined even when it's not active. It's nice to know I'm not alone. m0unds: pdt = part of the year, pst = other part of the year? brycec: Yes, same as you have with mst/mdt m0unds: that's what i always assume when i see it
right
i don't think i've ever seen it abbreviated pt
just pst/pdt brycec: pt = part time, in my book :p m0unds: yeah grody: p/t f/t is used here often m0unds: staticsafe: have you played w/fasttrack routeros?
fasttrack in* routeros, rather staticsafe: m0unds: not yet, not sure how to either
*) added ~fasttrack-connection~ firewall action in filter/mangle tables for marking connections as fasttrack;
oh m0unds: yeah, it doesn't work on all platforms but in true mikrotik fashion they don't say which ones don't support it
so i added the rule and deconfigured everything else (it says you can't use anything but hw queues and firewall rules w/conntrack) and it wouldn't work right
it showed the fasttrack rule was being hit by traffic, but nothing was categorized as such
what i gleaned from the documentation was that you need a rule to flag stuff as fasttrack and a separate rule to just accept the remainder of traffic that can't be flagged as such staticsafe: hmm ***: m0unds__ has joined #arpnetworks
m0unds_ has quit IRC (Ping timeout: 264 seconds) m0unds: yeah, it's just broken on ppc hardware i guess
reset to factory, used the default rules they include on init (which includes a new fasttrack rule) and it still wasn't counting traffic
the bytes passed through the fasttrack rule incremented, but the counter for fasttrack itself in /ip settings didn't ***: m0unds_ has joined #arpnetworks
m0unds__ has quit IRC (Ping timeout: 265 seconds) m0unds: oh well staticsafe: m0unds: can you paste me the default fasttrack rule? m0unds: sure, one sec
well, not the default but i can give you a link to the example they posted (i already reverted my config)
http://pastebin.com/kxiKjYzd
PDF is just some background on it ***: hive-mind has joined #arpnetworks grody: mmm mikrotik - my rb750 is collecting dust mercutio: the whole hardware nat thing on low end routers sucks
you need closed source drivers for switches that can do some hw nat off load (which i think can do normal forwarding too, but can rewrite ip's without you receiving the traffic afaik)
otherise you can't do anythig close to gigabit.
i was kind of hoping they'd just use faster cpu's staticsafe: NAT sucks mercutio: yeh it does.
maybe ipv6 will take off
you never know :)
they need faster cpus for samba on home routers too
i think it's mostly about memory bandwidth being low m0unds: luckily for consumers, most consumer router mfgrs use closed source drivers grody: NAT is evil m0unds: it's terrible grody: fortunately i have minimal use of NAT @home mercutio: m0unds: that's not lucky for consumers. m0unds: explain
because for most people, you buy a box, you plug it in and it works mercutio: it is buggy
then it doesn't work :/
in some situations you have to disable the hardware nat or things break. m0unds: the only person i know who regularly has issues with a shitty natbox is my buddy who uses a POS asus router mercutio: if it was open source it'd probably break less. m0unds: and in most cases, you don't even have a box to check to disable nat
and most people wouldn't /know/ to do that BryceBot: That's what she said!! m0unds: hw nat, rather mercutio: the broadcom implementation is better than the atheros implementation i think. m0unds: you can turn off nat altogether, but the vast majority of home users aren't going to derp around with changing settings mercutio: one of them is better than the other at least. m0unds: they'll just say "well shit, it broke" and buy another POS mercutio: changing hw nat changes more than just nat :/ m0unds: these are the same people who rent a modem from their ISP, which has a wlan device on it and then buy a router at best buy and run /both/ mercutio: it's called hw nat but it does some other stuff too with regards to hw forwarding. m0unds: and never know mercutio: i suspect it's used for bridging too. m0unds: i've never seen a checkbox to turn off hw nat except on tp-link stuff
and their stuff isn't popular in the us mercutio: because the ethernet card doesn't normally return payload and headers as separate chains.
ahh ok i have a tp-link router with a tickbox :)
i didn't know that tp-link weren't popular there.
they're apparently the most popular router brand around the world :/ m0unds: i bought one for my in-laws because it was cheap and it replaced some POS linksis from 10 years ago that couldn't do more than 20mbit mercutio: because they're really big in china.
they're all much of a muchness. you have atheros or broadcom.
tp-link vary quite a lot by model.. m0unds: i bought them a c7
it was like $80 mercutio: that's what i'm using.
i have two of them :)
mine was like $80 then it was on special for like $60
so i got another. m0unds: they're happy with it, it lets them use their provisioned speed (75mbit) mercutio: the first is running default firmware, the second is using openwrt. m0unds: hasn't crashed or anything since december mercutio: yeh it'll do 200 megabit of nat easily without hw.
mine never crashes.
it also runs surprisingly cool m0unds: yea, noticed that too mercutio: i don't know if you've touched it when it's been running
but you don't burn yourself touching the top. m0unds: the linksys they had was brown on the bottom from heat mercutio: yeh wireless routers running hot is really common, that's why i thought it was good to mention :) grody: hmm that has me curious now how much NAT traffic my pfSense can handle staticsafe: RouterOS is very stable for me at home m0unds: yea, these builds of 6.x are a lot, lot, lot better than 5.x and early 6.x mercutio: routeros seems to be most unstable when doing "weird" things or upgrades.
and weird can be something as simple as running queues :/ m0unds: i think they like to add features to fulfill a "checkbox" on a product sheet, and never develop them, improve them or fix them
like mpls
they "support" mpls grody: i used to have my rb750 bonding two DSL and an eDOCSIS (total of about 34mbps) - handled well until you maxed all the lines m0unds: but it's atrocious mercutio: m0unds: i think the whole thing is atrocious myself :)
but it fills a niche. grody: it's a pity openwrt has no support for the hw nat on this router mercutio: and they put a lot more development into stuff than people like tp-link do grody: be curious to test mercutio: i don't know why i careso much about 200 megabit+ nat performance
it's not like my internet can do 200 megabit. m0unds: they have a really adversarial relationship w/customers mercutio: but using hw nat makes bridging go faster on archer c7, and openwrt is slower than normal firmware for bridging wireless ac to ethernet..
with no nat.
m0unds: you think? m0unds: just thinking of stuff like one of their suppliers using the completely wrong capacitors on the power stage for an entire run of rb450gs mercutio: i think they just have a lot of people with high expectations for a cheap low end product. m0unds: and they refused to do anything to help mercutio: m0unds: wow. m0unds: just referred everyone to their reseller mercutio: that sounds normal. m0unds: well, it was a way for them to get out of handling it mercutio: as much as i hate to say it, they probably don't want to deal with returns directly.
it's bigger companies that care more about maintaining an image and make more money that want to take on things like that. m0unds: according to the agreements w/most of the resellers, they couldn't even return these devices because there was nothing "Wrong" with them aside from using bad capacitors in them mercutio: but often it's only if they decide it's a big enough problem. m0unds: so it was essentially, contact your reseller, they might replace it for you, then it goes in a landfill somewhere
but that's if they were willing to do it mercutio: wow.
that sucks. m0unds: yeah, pretty terrible - granted, not an expensive device, but for their screw up they should probably have eaten at least part of it
or set up a repair deal or something
because WISPs and stuff with tons of those devices in service were left in a shitty situation BryceBot: That's what she said!! mercutio: yeah
and wisp's and stuff that use those devices would be tempted to shift to something else
and use less of the more expensive boxes. m0unds: yep mercutio: ubiquity suck too though
they suck slightly differently m0unds: eh, i think they at least sort of stand behind their stuff mercutio: like uap-ac routers?
they're shit :) m0unds: hahaha staticsafe: they are? mercutio: s/routers/access points/ BryceBot: <mercutio> like uap-ac access points? m0unds: i have a couple of their AC aps mercutio: they run hot
crash m0unds: it's what i use to cover my house mercutio: and my one makes this annoying whirring noise when transferring data m0unds: the one upstairs had crashing issues, i warranty replaced it
haven't had issues with the replacement mercutio: the archer c7 gives faster wireless perofrmance with better range.
and doesn't make an annoying whirring noise when transferring data. m0unds: but i can't POE power it and mount it on my ceiling mercutio: because it's too hot? m0unds: no, an archer c7
hahaha mercutio: oh right
i'm apprehensive about ceiling mounting uap-ac
have you touched it? m0unds: yeah, it's warm but not obnoxiously so staticsafe: i use an AirPort Extreme, works just fine for me mercutio: really?
could you leave your finger there? m0unds: i'd have to get a ladder and hold my hand on it to find out
but it didn't seem warmer than anything else i've had ceiling mounted when i pulled the quirky one to replace it mercutio: interesting
the only thing i've found close was this modem that was known for having overhaeting issues in summer
and people using fans on it.
modems use a lot less poewr than they used to
that modem only had 4mb or 8mb of ram too
and so would overload with nat
and it'd get short enugh on ram that the web interface was slow
for some reason i've found tp-link stuff has really fast web interfaces
but a lot of these interfaces are kind of hacked together
and there's been quite a few web exploits, and things like exploits you can do from going to a page that links to http://192.168.1.1... staticsafe: i wonder if the archer c7 is an upgrade over the AirPort Extreme mercutio: probably.
They're both triple stream though
I'd wait for the newer stuff.
the tp-link stuff newer than c7 is broadcom adn less friendly with openwrt and shifted back to internal antennas though
i'd only really consider upgrading from one ac router to another ac router if you had range problems or needed two or such
the mean reason i upgraded was so i could run openwrt and to get rid of the whine while transferring data mnathani_: staticsafe: does the Airport Extreme require a Mac for configuration or is there a windows utility / web interface as well?
how do I get the 'top' included with arch to sort by cpu usage? m0unds: there's a windows airport utility, iirc mercutio: mna: p
err P
sorry, i do it without thinking :)
for some reason mtr is using a lot of cpu again mnathani_: mercutio: thanks
I have this tricky software situation, where I need to run something as root, its a python program GNS3. I am using archlinux, when I do chmod +s /usr/bin/python, the program lauches wierd with several sections missing. I can launch kde as root, and then GNS3 works, however google chrome does not work in that situation. ***: Seji has quit IRC (*.net *.split)
qbit has quit IRC (*.net *.split)
mkb has quit IRC (*.net *.split)
sng has quit IRC (*.net *.split)
qbit has joined #arpnetworks
mkb has joined #arpnetworks
sng has joined #arpnetworks
sng has quit IRC (Changing host)
sng has joined #arpnetworks
qbit is now known as Guest10976
Seji has joined #arpnetworks mnathani_: plus I keep reading that its a really bad idea to run X=Server as root mercutio: i wouldn't worry too much about that BryceBot: That's what she said!! mercutio: just don't mix desktop/server workloads for externally facing
if your local user account gets hacked you're screwed whatever you do
the number of processes running as other users on a desktop should be low anyway mnathani_: I dont worry about running stuff as root - I am careful not to do something stupid, however I like using google chrome which refuses to run as root mercutio: ohh i thought you meant the X server running as root
and using the normal system as a user
why are you logging in as root? mnathani_: x server included mercutio: arch runs X server as root, openbsd doesn't.. mnathani_: gns3 refuses to work as sudo via normal user mercutio: why not?
si it X?
maybe it's not getting the X key passed through mnathani_: it opens a windows but the icons and navigation are missing mercutio: google it? mnathani_: I tried
lots of older posts
not much recent stuff - specifically arch related
might be easier searching for a way to run chrome within root loging as normal user ***: dj_goku_ has quit IRC (Remote host closed the connection) brycec: mercutio: Arch runs X as $user brycec 1082 3.4 0.6 355780 102572 tty1 S<l Jun06 47:44 /usr/lib/xorg-server/Xorg -nolisten tcp :0 vt1 -auth /tmp/serverauth.8UUyW3ovGU
(That's off a fresh install as of yesterday)
And no, Xorg is not setuid either mercutio: brycec: i don't find that,hmm..
am i doing something wrong somehow? :)
root 954 0.2 1.3 672168 217164 tty1 Ssl+ May15 95:20 /usr/lib/xorg-server/Xorg :0 -seat seat0 -auth /run/lightdm/root/:0 -nolisten tcp vt1 -novtswitch brycec: Ohh you're starting a login manager from systemd? mercutio: yeh brycec: I login and startx mercutio: i see.
yeah it's way easier with lightdm :)
as i can use the keyboard and mouse
with synergy..
so my synergy starts with lightdm.. brycec: Try changing the service file for systemd to start it as a non-root user then. mercutio: ahh maybe i will. as you see i don't restart X that often.
i thought linux was still behind on that though, at least the defaults are behind.. brycec: I can't speak to other distros, and Arch is very much a "assemble it yourself" thing with no room for defaults (as this weekend's fresh install has reminded me)
But Linux has been capable for a number of years. All about permissions. mercutio: i kind of want something in betwen ubuntu and arch
arch still isn't that great for servers.
it's not really that bad for servers though.
it's just bad enough to create a few complications.. -: brycec prepares to run an SSD secure erase on a live system :D brycec: It's way more fun than it should be to erase an OS out from under itself.
It's sortof like catastrophic drive failure, only it's intentional :p mercutio: so systemd has it's own ntp client now brycec: *its
:p mercutio: brycec: a lot of systems lock ssd secure erase out
adn you have to hotswap the drive to do it... BryceBot: That's what she said!! brycec: mercutio: or suspend+resume
which is the trick that worked for me mercutio: ahh
same diff in the end i suppose brycec: which is good because I can't get at the physical drives currently. mercutio: it's bloody annoying brycec: I approve of it though. Sure it doesn't prevent all forms of data loss, but at least it's something to prevent some rogue virus from wiping your drive or locking you out of it. mercutio: yeah i suppsoe
if there was an easy to fix it it wouldn't be so bad. brycec: But then it wouldn't be physically secure :p mercutio: i never thought of suspend
i don't even know how to suspend in linux m0unds: entomb it in concrete and bury it in your yard brycec: pm-suspend m0unds: that's what i do to secure my drives mercutio: is it just single press on power button? brycec: https://wiki.archlinux.org/index.php/SSD_memory_cell_clearing
mercutio: pm-suspend works for me mercutio: cool. brycec: m0unds: Yes well I wasn't looking for "security" so much as "full wipe for new OS install" m0unds: it's more convenient to just wipe than to bury a disk in your yard
it's hard to figure out which hole belonged to which disk mercutio: secure erase is still good for performance
it's kind of annoying brycec: Exactly why I secure erased instead of just formatting :p Full reset on performance. m0unds: it's really annoying to unearth a disk entombed in concrete only to find out it's a backup from 2001
takes hours to chisel it out ***: andol has left mercutio: i had secure erase a samsung evo to get peformance back (with the new firmware) milki: m0unds: you dont label the holes?