#arpnetworks 2015-08-25,Tue

↑back Search ←Prev date Next date→ Show only urls(Click on time to select a line by its url)

WhoWhatWhen
kellytkmercutio: Are you aware of any independent security analyis of h2o? [01:28]
mercutiokellytk: no, it's new
i doubt any has been done
it's mostly interesting atm
they don't seem naieve.
but there could still be risk as with any program
[01:28]
kellytkIt appears to be picking up substantial steam on GitHub [01:30]
mercutioyou know openssl must not have had any good security done too
for those long standing vulnerabilities
i'd hate to try and read the source :)
there's an old saying about peer code reviews
[01:30]
kellytkHave you worked with LibreSSL? [01:31]
mercutiobut pretty much when people are faced with lots of other peoples code they often kind of just push it through [01:31]
kellytkhttps://github.com/h2o/h2o/commits/master [01:31]
mercutiobut when there's small amounts of code they analyse it to death :)
i haven't touched ssl with any of my own code
[01:31]
kellytkThat's signal:noise showing itself as an important balance I think [01:32]
mercutioopenbsd of course has shifted to libressl [01:32]
kellytkNaturally :-) [01:32]
mercutiohttps://github.com/h2o/h2o/commit/2a6ea3763fe385575006fb2b0f7f76c55dd03126 [01:35]
BryceBotGithub Commit: "implement casper; cache-aware server push using cookie-based cache fingerprinting by Kazuho Oku" [01:35]
mercutioso yeah that's kind of interesting
that's the kind of thing no-one else semes to be paying much attention to
at least that i've noticed
[01:35]
although that stuff matters more for higher latency connections
cdns can make it less significant
[01:43]
.... (idle for 18mn)
kellytkBy cookie-based cache fingerprinting would that be, for example, a cookie field set containing a hash of the content upon last request? [02:02]
mercutioyeah
even without that it sounds like the client can abort if it already has it
for some use cases, pushing is safer than others too
[02:03]
........ (idle for 36mn)
does 440mb/sec for 3 hard-disk raid10 sound surprisingly quick to anyone else? [02:39]
kellytkSustained? I'd say so. I'm historically a fan of RAID10, but I'm going to try a JBOD+ZFS next. Have you worked with ZFS mercutio? [02:41]
mercutiowell sustained for 3 seconds.
there's zfs on it too but no hdparm
zfs is raidz
/ is raid 10 mdadm
it tried doign a command :)
[02:44]
.................................................... (idle for 4h18mn)
brycecHow do you do a 3-disk RAID10? [07:03]
.... (idle for 17mn)
twobithackerpartition each disk into two, mirror the halves so no two are on the same disk, stripe across the mirrors? :/ [07:20]
............................................................................ (idle for 6h17mn)
***Seldom has joined #arpnetworks [13:37]
kellytkThe only way I'd run an odd number of disks in RAID 10 is with the odd disk being a hot spare [13:50]
brycecBut that only works starting at 5 [13:51]
kellytkYes, I'm not speaking to the three disk comment [13:51]
brycec:) [13:51]
kellytkIMHO RAID 10 starts at four [13:51]
brycecYeah I think that's the minimum for a RAID10 [13:51]
kellytkbrycec: Have you worked with ZFS in production? [13:52]
brycecYes
But I'm also stepping out to lunch. later
[13:52]
kellytkThoughts?
Sure
[13:52]
brycecI'm 100% pro-ZFS [13:52]
kellytkMore later [13:52]
RandalSchwartzI'm just amateur-ZFS [13:54]
twobithackertwobithacker isn't a pro-ZFS but plays one on TV? [13:55]
kellytklaunchctl load ~/Library/LaunchAgents/varietyshow.job.plist [13:56]
RandalSchwartzlaunchctl: not found [14:04]
kellytk:-D [14:08]
m0undszfs is good stuff [14:09]
kellytkCan hardware RAID contribute anything to a storage model already using ZFS? [14:12]
RandalSchwartzslowness :)
not revealing that there is an underlying failure
as in, the raid will still return the right value even if some of the media has failed
yes, you can monitor that at a higher level, but it seems odd to do that.
[14:14]
.... (idle for 19mn)
brycecOh goodness no! You should never combine hardware RAID with ZFS.
The key is that ZFS itself won't know about drive failure and won't be able to help you out at all.
eg: zfs resliver
Not to mention that ZFS is SO much more flexible.
[14:35]
............ (idle for 55mn)
FYI https://www.freebsd.org/security/advisories/FreeBSD-SA-15%3A22.openssh.asc [15:31]
RandalSchwartzGeez. I gotta go from p21 to p24 already?
I just upgraded sunday!
is this remote exploit?
ahh, only known users
[15:36]
.... (idle for 16mn)
mercutiobrycec: 3 disk mdadm raid 10 just works
it stripes different parts of the disks, you get 1.5 disks worth of rdata
err data
and good read speeds and ok write speds
[15:53]
brycecRandalSchwartz: I thought you'd enjoy "yet another security advisory" :P [15:54]
mercutiothere's also the iret exploit byrce [15:56]
m0undshahaha [15:56]
brycecI'm not trying to be a comprehensive advisory source :P It just happened to cross my desk (so to speak) [15:56]
mercutioahh [15:56]
brycecso I passed it along to the biggest group of FreeBSD users I interact with. [15:57]
mercutioit seems security issues are increasing
i don't think they are though, just people finding them
[15:57]
brycecI still can't fathom 3-disk RAID10. That's just fundamentally impossible (assuming 1 disk = 1 volume)
heh
[15:57]
mercutiobrycec: it uses whole dsiks as far as partition tables goes
or whole partitions
but it will stripe have of the partition with half from another drive
i did it with zfs once btw :/
by doing it manually with carving up
[15:58]
brycecs/have/half [15:59]
BryceBot<mercutio> but it will stripe half of the partition with half from another drive [15:59]
m0undsmercutio: i think it's more people looking for and finding them
which is a Good Thing
[16:00]
brycecApparently what mercutio is describing is actually RAID 1E. https://en.wikipedia.org/wiki/Non-standard_RAID_levels#RAID_1E [16:03]
BryceBotNon-standard RAID levels :: Although all RAID implementations differ from the specification to some extent, some companies and open-source projects have developed non-standard RAID implementations that differ substantially from the standard. Additionally, there are non-RAID drive architectures, providing configurations of multiple hard drives not referred to by RAID acronyms. Double parity Now part of RAID 6, double parity (sometimes know [16:03]
brycecIt's interesting. [16:03]
mercutioyeah it's mdadm's non-standard raid1 0
err raid 10
[16:07]
brycecFor a brief time in 2013, RHEL allowed you to configure it, but they removed it because it's just so bizarre and it breaks peoples' heads. https://bugzilla.redhat.com/show_bug.cgi?id=888879 [16:07]
mercutiowell it works especially well for the 3 disk case.
i use far=2, but i think you can use other ways to do it too
because in 3 disk case, it takes single disk failure like raid5, while giving better read/write/random performance
actually it shoudl be slightly reduced write speed compared to raid5, as you have to double up your writes.
also, zfsonlinux is adding large block support, i was trying it out on my server
and it seemed to be slightly quicker with 256k record size than 128k
i don't think i really want to go higher though.
linux also lets you do fancy things like raid1 over 3 hard-disks
[16:08]
brycecIs that "fancy"? [16:13]
mercutioi don't think everythign supports it [16:13]
m0undssounds like something i wouldn't want
hahaha
[16:14]
mercutioi really don't know where to go with hard-disks and raid
for bulk storage, you can do raidz2, 4 disks, 2 parity
but random performance will suck
[16:15]
m0undsfigure what works for the workload and use that [16:16]
mercutioor you can do two raidz1 3 disk pools striped, but double failures on one raidz can screw you
nothing is really ideal
[16:16]
m0undsif you need solid redundancy, target that, better perf, target that
you don't go for ideal, you go for what works for the workload
if you need something that works with every possibility, go ssd raid or something
[16:16]
brycecI have a couple of RAID1+0's that I intend to move to ZFS, just not sure the most ideal zdev for it yet...
brycec might just mirror all 4 drives for ultimate redundancy, since capacity is turning out to be less important than when the raid10 was setup
[16:17]
mercutiom0unds: well now days people want performance, and reliability, and redundancy ..
zfs ssd caching can help long time running read performance, but not really write
[16:21]
brycecs/$ and supermodels, and happiness, and money, and world peace, and free energy, and.../
dammit
[16:21]
mercutioi hope that read caching can persist over reboots soon
i imagine that 2.5" disks are going to start getting more common
and maybe that'll mean people can have more hard-disks cheaper
and lower power.
2.5" is kind of a pita for mass storage atm, you have expensive sas disks, ssd's, and laptop hard-disks.
ssd's should displace expensive sas disks in most situations
y'never know, maybe 1tb 10k 2.5" sas disks will get cheap
[16:22]
up_the_ironsthere's a RAID 1E?? [16:26]
mercutiothere is a raid 1e, but it's non standard, and not completely the same as mdadm raid10
there's heaps of weird kinds of raid around actually
http://serverfault.com/questions/139022/explain-mds-raid10-f2

oh it's linking to wikipedia but that shows layout for mdadm raid 10
[16:26]
up_the_ironswow [16:27]
mercutionormally 10 on linux works better with two disks even
at least, if you want sequential performance
as raid 1 all only read from one mirror at a time
and from what i understand offset modes are meant to boost shared workloads
[16:31]
.............. (idle for 1h8mn)
***Seldom has quit IRC (Ping timeout: 256 seconds) [17:41]
.......... (idle for 48mn)
up_the_ironschannel poll: who would buy a dedi (or vps) if we had presence in the EU? [18:29]
mike-burnsVPS, please. [18:29]
brycecI would not, because I have no need of an EU presence. But please don't let me skew the results unfairly. [18:30]
up_the_ironsmike-burns: roger
brycec: roger that
[18:30]
...... (idle for 25mn)
kellytkup_the_irons: I would buy a VPS
Has anyone run into an issue with Parallels when attempting to install a FreeBSD guest from .iso where no boot devices are available?
[18:55]
m0undsup_the_irons: I wouldn't either, have no need for EU stuff myself [19:09]
i did, however, just pour myself a nice bavarian beer [19:16]
up_the_ironsm0unds: nice, which one? [19:18]
m0undsayinger celebrator
came with..a tiny horse
http://www.beeradvocate.com/beer/profile/39/131/ this 'un
[19:27]
BryceBotBeer Advocate: "Ayinger Celebrator Doppelbock | Privatbrauerei Franz Inselkammer KG / Brauerei Aying" [19:27]
***mnathani_ has quit IRC (Ping timeout: 264 seconds) [19:40]
kellytkDoes anyone know why brown ales are so uncommon? [19:42]
m0undseh? lots of breweries do brown ales
i suppose it might depend on where you are in the world, but i've seen them at lots of breweries in the SW US
[19:43]
gizmoguyIPAs are way more popular than browns in my part of the world [19:45]
m0undsyea, it's the dominant style in the western US nowadays
NM has its own class of western US IPA too :)
[19:46]
gizmoguyoops just re-read, I see you said uncommon not common :)
beers styles seem to go in fads
IPAs were the big thing, sours/bretted beers are now pretty popular here
[19:46]
m0undsyeah
new belgium's la terroir is a worldclass sour
[19:47]
gizmoguydo want [19:47]
m0undsit's so good [19:47]
gizmoguytoo bad its so expensive to ship beers here :/ [19:47]
m0undsyeah
so much good stuff in CA, CO and NM
one of the WA breweries does a fantastic black ipa/cascadian ipa, easily one of the best i've ever had
called octopus ink
do any of the breweries you've been to in NZ do black IPAs? i'm not sure how common they are outside the us
[19:47]
gizmoguyYes!
we do a West Coast IPA challenge every year here, where each NZ brewery submits an IPA to compete
this year Epic did No Agenda - http://www.ratebeer.com/beer/epic-no-agenda/349452/
hrm they call it a brown ale. I assure you its very black...
Epic also does Apocalypse which is a true black IPA, pretty tasty too - http://www.ratebeer.com/beer/epic-apocalypse-ipa/267920/
[19:53]
mercutioipa are even in the supermarkets. [19:55]
gizmoguybaylands Enforcer is awesome too - https://untappd.com/b/baylands-brewery-enforcer-black-ipa/387548
Black IPA / Cascadian Dark Ale
[19:56]
BryceBotThat's what she said!! [19:56]
gizmoguyBryceBot: oh hai [19:56]
m0undsright on
one of our local breweries, bosque brewing, did a 4 beer ipa called "monsoon series" and the final one was a black ipa
ipa series
[19:57]
gizmoguymmm
we have a group of local brewers who go by the name of the 4 horsemen of the hopocalypse
they do a ridiculous beer every year just cause they can
[19:57]
m0undslol [19:58]
gizmoguythis years was a triple IPA at 14% [19:58]
m0undsjeeeeesus [19:58]
gizmoguysooo good though, they actually managed to balance all the bitterness so it was tasty
but yeah it kinda kicked your butt very quickly
[19:59]
m0undswas it super boozy? [19:59]
gizmoguyI was pretty happen after 300mls
s/happen/happy
[19:59]
BryceBot<gizmoguy> I was pretty happy after 300mls [19:59]
m0undshaha, i bet
that's wacky abv
[19:59]
gizmoguybiggest one they've done
last years was 11%
but wasn't as balanced
[20:00]
mercutio14%?! [20:00]
m0undsfunny that they refined it w/higher abv
it's tough to nail that
[20:00]
gizmoguyI think they worked out how to get more malt in there somehow [20:00]
m0undsalcohol content gets higher and it gets tougher to balance out the alcohol taste so it's not entering spirit territory [20:00]
gizmoguyyeah true
was drinking some mikeller the other week though
black horizon.
I didn't know what happened to my taste buds after that one
[20:00]
m0undsman, i wish we still got mikeller here. the distributor who used to bring it here stopped carrying their whole line [20:01]
gizmoguywait no it wasn't that one [20:01]
m0undsi loved green gold (i think that's what it was called) [20:01]
gizmoguyah it was just the mikerller black - http://www.ratebeer.com/beer/mikkeller-40657--black-tequila-speyside-edition/178448/
18.8%
[20:02]
m0undswhaaaaat
hahaha
[20:02]
gizmoguytequila/speyside infused
and yes it was very much hot alcholo on the palate
[20:02]
mercutioi'd rather 7% :/ [20:02]
m0undswow, crazy [20:03]
gizmoguyif you can get a hold of any of hte mikkeller blacks they are so tasty [20:03]
mercutioso tasty that you want another? and another? [20:03]
m0undsi haven't seen it in a long time, probably 4-5 yrs [20:03]
gizmoguygizmoguy feeling lucky [20:03]
BryceBotThat's what she said!! [20:03]
m0undsi'll make a reminder to look at liquor stores when i go up to CO in october, since they get tons of stuff we don't
we did a sort of beer vacation up in durango, co during july
lots of good breweries within walking distance of each other
[20:03]
mercutioso when drinking these high alcohol % beers how many do you normally have? [20:05]
gizmoguymercutio: you usually have tasters [20:06]
mercutiodo you just drink one or two then have normal beer? [20:06]
gizmoguy~130ml [20:06]
mercutiooh
OH
i thought it'd be like 330ml, or 500ml.
[20:06]
gizmoguymake more sense? :) [20:06]
m0undshahahaha [20:06]
gizmoguythe bottles are
but when we do it, we split a bottle between 6 or so
[20:06]
mercutiook that's a bit different [20:06]
gizmoguysince the bottles are usually $50 a bottle or so [20:06]
mercutioahh [20:06]
m0undsi'll occasionally have a single 650ml bottle of a 10-12% (usually stone russian imperial stout or similar) and that's it
jeez
pricey
[20:06]
gizmoguyyeah unfortunately we pay a high price to get good beer here :( [20:07]
mercutio@exch 50 nzd to usd [20:07]
m0undsBOOOO [20:07]
BryceBot50 NZD -> 32.482149434778 USD (as of Tue, 25 Aug 2015 20:00:08 -0700) [20:07]
gizmoguythere's a really good Wellington importer [20:07]
mercutiowe pay heaps of taxes on alcohol too [20:07]
m0undsneed to arrange airships or drones or something [20:07]
gizmoguybut they're almost too good, they buy refrigerated shipping all the way from the USA to NZ
which costs a bit
[20:07]
m0undswow, that's awesome [20:07]
gizmoguyyeah the quality is amazing [20:07]
BryceBotThat's what she said!! [20:07]
gizmoguythe price not so much
lol BryceBot
[20:07]
mercutioheh
and there i go buying cheap beer :)
[20:07]
gizmoguyhttp://beerwithoutborders.co.nz/ [20:08]
m0undsthe imports we get from EU end up being ~$15-20 for a 650ml bottle
local stuff at the brewery tends to be $3-6/pint
depending on how fancy it is
[20:08]
mercutiohttp://www.cultbeerstore.co.nz/collections/ipa/products/ballast-point-big-eye-ipa-1
that seems more affordable :/
[20:09]
m0undsballast point stuff is great
their sculpin ipa is amazingly good
[20:10]
mercutioand 7% is more reasonable [20:10]
m0undsi'm a big fan of their sculpin and grapefruit sculpin [20:10]
gizmoguy<3 sculpin [20:10]
mercutioprobably expensive shipping [20:11]
m0undshttps://goo.gl/photos/69mZkLsoT3jTeD1r9 [20:11]
BryceBothttps://goo.gl/photos/69mZkLsoT3jTeD1r9 -> https://photos.google.com/share/AF1QipOptrg_b2Ug7ruW-FqYOuVoHrirKWCA0OlCejGDoyWfDoYwABO5TFqYYWH7VSSzYw?key=dnFTSElXVnJEeGM1SFRXTk1PS25Sa1YzVmVHdlRR [20:11]
mercutio$6 shipping i suppose not too bad [20:11]
m0undsgreen flash is good too (looking at the US offerings on that site) [20:12]
mercutioi wonder if there's some sampler pack [20:12]
m0undswow, some of these mikkeller sours sound amazing [20:13]
mercutioand expensive? :)
i dunno spending $18 on a single bottle of beer seems insane to me
[20:14]
***mnathani_ has joined #arpnetworks [20:14]
mercutiohowever i look at it [20:14]
m0undsi look at it like a bottle of good wine
i can't have a lot of wines because tons of them are fined w/egg whites and i'm allergic to eggs
[20:15]
mercutioheh i buy cheap wine too :) [20:17]
m0undsthe most expensive stuff i buy is like $9 for 650ml, and that usually gets put in the beer cooler to age
like the le terroir i mentioned, i typically buy two bottles each release, drink one and cellar the other til the next year's release
[20:19]
mercutiowell that mikkeller sour stuff was $18 for 355 ml
$9 for 650ml doesn't seem so bad.
[20:19]
m0undsit helps that i'm not thousands of km from new belgium :) [20:20]
mercutiocould do
but uk is cheaper for shipping than us often
for some strange reason
[20:20]
m0undshuh [20:21]
mercutiofor normal postal mail stuff
beer problem comes from sea
and could be different
[20:21]
m0undsoh, i don't think the US permits alcohol via USPS [20:21]
mercutiomore competition maybe
oh right
[20:21]
m0undsand i think you have to ship direct from a distributor or wholesaler
so fedex or ups
[20:21]
mercutioi was more meaning distance doesn't necessarily dictate cost [20:21]
m0undsi've bought bottles of whiskey online, shipping sucks inside the us too
right
seems like it might to a degree when you can get $50 bottles of beer
[20:21]
mercutioalchol shippining within nz is cheap
normal coureirs will deliver it
[20:22]
m0undsi think i paid like $20 for overnight fedex from ca -> nm [20:22]
mercutioyeah that's a lot more distance then we have possible here :)
or is it
[20:23]
m0undsyeah
i think my state is only slightly smaller than nz
m0unds consults wolframalpha
[20:23]
mercutioyeah
it's right on the other side of mexico
right?
[20:23]
m0undsNM is 85% the size of the land area of nz [20:24]
mercutiooh hangon it's gone to nm, texas
what
you mean new mexico right
[20:24]
m0undsyes
nm is the 5th largest state in the us behind alaska, texas, california and montana
[20:24]
mercutio@conv 1436km to miles
hmm maybe that doesn't work
[20:24]
m0unds892.3 mi [20:25]
mercutioactually using a different city, it's the same distance as invercargill to auclkand
basically
[20:25]
m0unds.89 x distance the Proclaimers would walk, just to be the man that walks a thousand miles to fall down at your door
lol
[20:25]
mercutioi was using dunedin before
dunedin is more of a major city than invercargill
[20:25]
m0undsi think that's around the distance from where i live to LA
actually no
oh, that's direct
789 mi
[20:33]
.......................... (idle for 2h8mn)
***Kysade has joined #arpnetworks [22:41]
Kysadehey anyone here? [22:41]
kellytkHi [22:41]
KysadeI have a subdomain question for a vps, i understand how to add a sub domain with host file and apache, i dont understand how to make it any port other then one port at a time
i have tried using * for the port in the vhost file but it didnt work, i am using one sub domain to host a website on port 80, a game on port 25565 and an irc channel on 6676 6680 and 8070
[22:43]
milkiKysade: this is an apache webserver question. try #httpd [22:49]
Kysadethank you [22:50]
milkiKysade: https://wiki.apache.org/httpd/IRC
that page is confusing
[22:50]
Kysadenoone is on their ill ask in like windows forums or something
thanks for helping tho milki
[22:51]
milkiapache configuration is hard [22:59]
kellytkKysade: I can recommend nginx if you're interested in an alternative to Apache [23:01]
milkimilki nods [23:02]
Kysadeill look into it, thanks
configuration file doesnt even need a port set in nginx, i should convert that seems much easier
[23:02]
kellytkIs anyone automating their FreeBSD installs? [23:04]
milkiKysade has seen the light! [23:06]
Kysadethat was so much easier, everything is working just fine [23:15]
.... (idle for 18mn)
***Kysade has quit IRC (Quit: Leaving) [23:33]

↑back Search ←Prev date Next date→ Show only urls(Click on time to select a line by its url)