[00:07] *** dwarren has quit IRC (Read error: Connection reset by peer) [00:07] *** dwarren has joined #arpnetworks [00:29] anyone else experience a 5 minute network issue? [00:34] i have graphs [00:34] i can check [00:34] fine from here [00:34] perhaps it was just my vps [00:35] maybe [00:35] what kvr? [00:35] did you trace the kvr? [00:36] 30 [00:45] yeah hard to know, if it happens again try pinging kvr30 at the same tiem [00:45] will do [00:49] KiSpeaking of weird connectivity issues, I'm getting 503's from ecx.images-amazon.com. Makes shopping hard. [01:39] hmm i never see 503s [01:40] is that internal server error? [01:40] or was that 500 [01:40] oh http://ecx.images-amazon.com gives 503 [01:41] it just don't tell me that it's a 503 [05:08] *** jbergstroem has quit IRC (Ping timeout: 246 seconds) [05:14] *** jbergstroem has joined #arpnetworks [11:08] 503 usually is a proxy response, saying no backend servers are available to fulfill a request [11:08] and, I'm like 10 hours late. nevermind. [11:17] lol, so late :P [11:53] I know. as usual. [11:53] from now on, before I type in here, I'm going to check the time. if it's 5+ hours, resist the urge to type. lol [12:00] you could just type anyway and spark conversation about how late you are [12:00] could make a game out of it, commenting on stuff from last week [12:00] confuse everyone [12:09] haha [13:34] *** neish has joined #arpnetworks [16:22] late responses seem fine by me [16:30] I'm setting up an SSL cert for a new site. I know this changes sometimes--is 2048 the best way to go right now? e.g: openssl genrsa -out ~/domain.com.ssl/domain.com.key 2048 [16:32] sorressean: Did you use a third party CA? I'm in the market so I'd be curious to know who you went with if so [16:33] kellytk: I'm going through namecheap, they have comodo SSL which is like $10. [16:33] I know there's way more expensive, but I don't need it. [16:33] i've used both gandi and startssl, both of those are alright too [16:34] That's a good deal. Yes I've been pointed to StartSSL. I found gandi didn't have a great reputation [16:34] how so? [16:34] I don't recall particulars [16:34] only caveat i can think of w/startssl is if you use the free cert product, you have to pay them to revoke [16:35] namecheap is cheap enough not to worry imo [16:35] you still need to to do chain certificates. [16:35] ah. was just curious because i've never heard anyone say anything bad about them (i've used them for 10+ years myself) [16:35] That's good to know [16:35] That's what she said!! [16:35] but all the cheap ones are like that [16:36] sorressean: most of the stuff that needs to be none now days is on the server [16:36] you need to disable sslv3, tls1.0, use longer dh key [16:36] and some other stuff [16:36] now days hsts has become more popular too [16:36] That's what she said!! [16:36] which forces ssl [16:36] yeah, I just didn't know if 2048 was good enough. [16:36] https://spritesmods.com/?art=hddhack&page=7 [16:36] or if there was anything else to keep in mind when generating. [16:37] generating i don't think so now [16:37] 2048 is fine [16:37] someone got linux running on a hard-disk firmware [16:37] awesome. thanks. [16:38] also that's nuts. [16:43] That's impressive [16:43] That's what she said!! [16:44] the killer ethernet cards are meant to run linux for qos [16:45] in general i think i like the idea of smart devices wehre part of it is the restricted normal firmware and part of it is closer access that OS can upload [17:27] that hdd hack is awesome [17:53] http://imgur.com/WVGGmqo curious pattern [17:53] thats just pinging the gateway too [17:54] that looks like buffer bloat [17:57] http://imgur.com/OMqVwRz [17:57] yup [18:27] grody: Which hour of the day is packetloss beginning? [18:27] I should also ask the timezone [20:02] *** mnathani_ has joined #arpnetworks [20:02] what do folks think about the google restructuring / alphabet conglomerate? https://investor.google.com/releases/2015/0810.html [20:22] It's a good effort to avoid a anti-trust lawsuit (or, is it a response to an existing suit?). [20:27] yea, that's what i was thinking too mike-burns [20:32] I recall they had issues in Europe [23:10] It does seem that European countries are a bit more stringent. [23:10] I'm growing to quite like news.ycombinator.com [23:13] * brycec much, much prefers lobste.rs [23:19] oh? [23:19] never heard of it [23:19] lol [23:19] just going there now [23:19] cool [23:20] It was created because HN has come to suck, to put it bluntly [23:20] i never really read it much until someone was telling me about somethign that was on it [23:20] (hsawa) [23:20] which i still think is kind of nifty [23:21] erk maybe that's not quite it [23:21] lobste.rs even has a lovely BBS interface :) [23:21] rwasa [23:22] https://news.ycombinator.com/item?id=9948749 [23:22] i'm not a big fan of assembler web server, but the idea behind improving performance is still interesting. [23:22] https://lobste.rs/s/chovpc :P [23:22] even if it's usually php etc that slow web sites down [23:22] they did assembler ssh implementation too [23:23] with their own ssl code [23:23] it's tls where it really bet nginx [23:23] That's what she said!! [23:24] and alternative ssl implementations are important i think [23:24] the reason why rwasa is slower than nginx should be fixable [23:25] for some reason on localhost i find lighttpd performs better than nginx for me [23:25] but localhost is kind of a special case [23:26] *** jbum has joined #arpnetworks [23:26] oh, sendfile support was the reason nginx was faster. [23:27] there's also another cool web server that can do reordering and preloading [23:28] https://h2o.examp1e.net/ [23:32] *** jbum has left