mercutio: kellytk: no, it's new
i doubt any has been done
it's mostly interesting atm
they don't seem naieve.
but there could still be risk as with any program kellytk: It appears to be picking up substantial steam on GitHub mercutio: you know openssl must not have had any good security done too
for those long standing vulnerabilities
i'd hate to try and read the source :)
there's an old saying about peer code reviews kellytk: Have you worked with LibreSSL? mercutio: but pretty much when people are faced with lots of other peoples code they often kind of just push it through kellytk: https://github.com/h2o/h2o/commits/master mercutio: but when there's small amounts of code they analyse it to death :)
i haven't touched ssl with any of my own code kellytk: That's signal:noise showing itself as an important balance I think mercutio: openbsd of course has shifted to libressl kellytk: Naturally :-) mercutio: https://github.com/h2o/h2o/commit/2a6ea3763fe385575006fb2b0f7f76c55dd03126 BryceBot: Github Commit: "implement casper; cache-aware server push using cookie-based cache fingerprinting by Kazuho Oku" mercutio: so yeah that's kind of interesting
that's the kind of thing no-one else semes to be paying much attention to
at least that i've noticed
although that stuff matters more for higher latency connections
cdns can make it less significant kellytk: By cookie-based cache fingerprinting would that be, for example, a cookie field set containing a hash of the content upon last request? mercutio: yeah
even without that it sounds like the client can abort if it already has it
for some use cases, pushing is safer than others too
does 440mb/sec for 3 hard-disk raid10 sound surprisingly quick to anyone else? kellytk: Sustained? I'd say so. I'm historically a fan of RAID10, but I'm going to try a JBOD+ZFS next. Have you worked with ZFS mercutio? mercutio: well sustained for 3 seconds.
there's zfs on it too but no hdparm
zfs is raidz
/ is raid 10 mdadm
it tried doign a command :) brycec: How do you do a 3-disk RAID10? twobithacker: partition each disk into two, mirror the halves so no two are on the same disk, stripe across the mirrors? :/ ***: Seldom has joined #arpnetworks kellytk: The only way I'd run an odd number of disks in RAID 10 is with the odd disk being a hot spare brycec: But that only works starting at 5 kellytk: Yes, I'm not speaking to the three disk comment brycec: :) kellytk: IMHO RAID 10 starts at four brycec: Yeah I think that's the minimum for a RAID10 kellytk: brycec: Have you worked with ZFS in production? brycec: Yes
But I'm also stepping out to lunch. later kellytk: Thoughts?
Sure brycec: I'm 100% pro-ZFS kellytk: More later RandalSchwartz: I'm just amateur-ZFS -: twobithacker isn't a pro-ZFS but plays one on TV? kellytk: launchctl load ~/Library/LaunchAgents/varietyshow.job.plist RandalSchwartz: launchctl: not found kellytk: :-D m0unds: zfs is good stuff kellytk: Can hardware RAID contribute anything to a storage model already using ZFS? RandalSchwartz: slowness :)
not revealing that there is an underlying failure
as in, the raid will still return the right value even if some of the media has failed
yes, you can monitor that at a higher level, but it seems odd to do that. brycec: Oh goodness no! You should never combine hardware RAID with ZFS.
The key is that ZFS itself won't know about drive failure and won't be able to help you out at all.
eg: zfs resliver
Not to mention that ZFS is SO much more flexible.
FYI https://www.freebsd.org/security/advisories/FreeBSD-SA-15%3A22.openssh.asc RandalSchwartz: Geez. I gotta go from p21 to p24 already?
I just upgraded sunday!
is this remote exploit?
ahh, only known users mercutio: brycec: 3 disk mdadm raid 10 just works
it stripes different parts of the disks, you get 1.5 disks worth of rdata
err data
and good read speeds and ok write speds brycec: RandalSchwartz: I thought you'd enjoy "yet another security advisory" :P mercutio: there's also the iret exploit byrce m0unds: hahaha brycec: I'm not trying to be a comprehensive advisory source :P It just happened to cross my desk (so to speak) mercutio: ahh brycec: so I passed it along to the biggest group of FreeBSD users I interact with. mercutio: it seems security issues are increasing
i don't think they are though, just people finding them brycec: I still can't fathom 3-disk RAID10. That's just fundamentally impossible (assuming 1 disk = 1 volume)
heh mercutio: brycec: it uses whole dsiks as far as partition tables goes
or whole partitions
but it will stripe have of the partition with half from another drive
i did it with zfs once btw :/
by doing it manually with carving up brycec: s/have/half BryceBot: <mercutio> but it will stripe half of the partition with half from another drive m0unds: mercutio: i think it's more people looking for and finding them
which is a Good Thing brycec: Apparently what mercutio is describing is actually RAID 1E. https://en.wikipedia.org/wiki/Non-standard_RAID_levels#RAID_1E BryceBot: Non-standard RAID levels :: Although all RAID implementations differ from the specification to some extent, some companies and open-source projects have developed non-standard RAID implementations that differ substantially from the standard. Additionally, there are non-RAID drive architectures, providing configurations of multiple hard drives not referred to by RAID acronyms. Double parity Now part of RAID 6, double parity (sometimes know brycec: It's interesting. mercutio: yeah it's mdadm's non-standard raid1 0
err raid 10 brycec: For a brief time in 2013, RHEL allowed you to configure it, but they removed it because it's just so bizarre and it breaks peoples' heads. https://bugzilla.redhat.com/show_bug.cgi?id=888879 mercutio: well it works especially well for the 3 disk case.
i use far=2, but i think you can use other ways to do it too
because in 3 disk case, it takes single disk failure like raid5, while giving better read/write/random performance
actually it shoudl be slightly reduced write speed compared to raid5, as you have to double up your writes.
also, zfsonlinux is adding large block support, i was trying it out on my server
and it seemed to be slightly quicker with 256k record size than 128k
i don't think i really want to go higher though.
linux also lets you do fancy things like raid1 over 3 hard-disks brycec: Is that "fancy"? mercutio: i don't think everythign supports it m0unds: sounds like something i wouldn't want
hahaha mercutio: i really don't know where to go with hard-disks and raid
for bulk storage, you can do raidz2, 4 disks, 2 parity
but random performance will suck m0unds: figure what works for the workload and use that mercutio: or you can do two raidz1 3 disk pools striped, but double failures on one raidz can screw you
nothing is really ideal m0unds: if you need solid redundancy, target that, better perf, target that
you don't go for ideal, you go for what works for the workload
if you need something that works with every possibility, go ssd raid or something brycec: I have a couple of RAID1+0's that I intend to move to ZFS, just not sure the most ideal zdev for it yet... -: brycec might just mirror all 4 drives for ultimate redundancy, since capacity is turning out to be less important than when the raid10 was setup mercutio: m0unds: well now days people want performance, and reliability, and redundancy ..
zfs ssd caching can help long time running read performance, but not really write brycec: s/$ and supermodels, and happiness, and money, and world peace, and free energy, and.../
dammit mercutio: i hope that read caching can persist over reboots soon
i imagine that 2.5" disks are going to start getting more common
and maybe that'll mean people can have more hard-disks cheaper
and lower power.
2.5" is kind of a pita for mass storage atm, you have expensive sas disks, ssd's, and laptop hard-disks.
ssd's should displace expensive sas disks in most situations
y'never know, maybe 1tb 10k 2.5" sas disks will get cheap up_the_irons: there's a RAID 1E?? mercutio: there is a raid 1e, but it's non standard, and not completely the same as mdadm raid10
there's heaps of weird kinds of raid around actually
http://serverfault.com/questions/139022/explain-mds-raid10-f2
oh it's linking to wikipedia but that shows layout for mdadm raid 10 up_the_irons: wow mercutio: normally 10 on linux works better with two disks even
at least, if you want sequential performance
as raid 1 all only read from one mirror at a time
and from what i understand offset modes are meant to boost shared workloads ***: Seldom has quit IRC (Ping timeout: 256 seconds) up_the_irons: channel poll: who would buy a dedi (or vps) if we had presence in the EU? mike-burns: VPS, please. brycec: I would not, because I have no need of an EU presence. But please don't let me skew the results unfairly. up_the_irons: mike-burns: roger
brycec: roger that kellytk: up_the_irons: I would buy a VPS
Has anyone run into an issue with Parallels when attempting to install a FreeBSD guest from .iso where no boot devices are available? m0unds: up_the_irons: I wouldn't either, have no need for EU stuff myself
i did, however, just pour myself a nice bavarian beer up_the_irons: m0unds: nice, which one? m0unds: ayinger celebrator
came with..a tiny horse
http://www.beeradvocate.com/beer/profile/39/131/ this 'un BryceBot: Beer Advocate: "Ayinger Celebrator Doppelbock | Privatbrauerei Franz Inselkammer KG / Brauerei Aying" ***: mnathani_ has quit IRC (Ping timeout: 264 seconds) kellytk: Does anyone know why brown ales are so uncommon? m0unds: eh? lots of breweries do brown ales
i suppose it might depend on where you are in the world, but i've seen them at lots of breweries in the SW US gizmoguy: IPAs are way more popular than browns in my part of the world m0unds: yea, it's the dominant style in the western US nowadays
NM has its own class of western US IPA too :) gizmoguy: oops just re-read, I see you said uncommon not common :)
beers styles seem to go in fads
IPAs were the big thing, sours/bretted beers are now pretty popular here m0unds: yeah
new belgium's la terroir is a worldclass sour gizmoguy: do want m0unds: it's so good gizmoguy: too bad its so expensive to ship beers here :/ m0unds: yeah
so much good stuff in CA, CO and NM
one of the WA breweries does a fantastic black ipa/cascadian ipa, easily one of the best i've ever had
called octopus ink
do any of the breweries you've been to in NZ do black IPAs? i'm not sure how common they are outside the us gizmoguy: Yes!
we do a West Coast IPA challenge every year here, where each NZ brewery submits an IPA to compete
this year Epic did No Agenda - http://www.ratebeer.com/beer/epic-no-agenda/349452/
hrm they call it a brown ale. I assure you its very black...
Epic also does Apocalypse which is a true black IPA, pretty tasty too - http://www.ratebeer.com/beer/epic-apocalypse-ipa/267920/ mercutio: ipa are even in the supermarkets. gizmoguy: baylands Enforcer is awesome too - https://untappd.com/b/baylands-brewery-enforcer-black-ipa/387548
Black IPA / Cascadian Dark Ale BryceBot: That's what she said!! gizmoguy: BryceBot: oh hai m0unds: right on
one of our local breweries, bosque brewing, did a 4 beer ipa called "monsoon series" and the final one was a black ipa
ipa series gizmoguy: mmm
we have a group of local brewers who go by the name of the 4 horsemen of the hopocalypse
they do a ridiculous beer every year just cause they can m0unds: lol gizmoguy: this years was a triple IPA at 14% m0unds: jeeeeesus gizmoguy: sooo good though, they actually managed to balance all the bitterness so it was tasty
but yeah it kinda kicked your butt very quickly m0unds: was it super boozy? gizmoguy: I was pretty happen after 300mls
s/happen/happy BryceBot: <gizmoguy> I was pretty happy after 300mls m0unds: haha, i bet
that's wacky abv gizmoguy: biggest one they've done
last years was 11%
but wasn't as balanced mercutio: 14%?! m0unds: funny that they refined it w/higher abv
it's tough to nail that gizmoguy: I think they worked out how to get more malt in there somehow m0unds: alcohol content gets higher and it gets tougher to balance out the alcohol taste so it's not entering spirit territory gizmoguy: yeah true
was drinking some mikeller the other week though
black horizon.
I didn't know what happened to my taste buds after that one m0unds: man, i wish we still got mikeller here. the distributor who used to bring it here stopped carrying their whole line gizmoguy: wait no it wasn't that one m0unds: i loved green gold (i think that's what it was called) gizmoguy: ah it was just the mikerller black - http://www.ratebeer.com/beer/mikkeller-40657--black-tequila-speyside-edition/178448/
18.8% m0unds: whaaaaat
hahaha gizmoguy: tequila/speyside infused
and yes it was very much hot alcholo on the palate mercutio: i'd rather 7% :/ m0unds: wow, crazy gizmoguy: if you can get a hold of any of hte mikkeller blacks they are so tasty mercutio: so tasty that you want another? and another? m0unds: i haven't seen it in a long time, probably 4-5 yrs -: gizmoguy feeling lucky BryceBot: That's what she said!! m0unds: i'll make a reminder to look at liquor stores when i go up to CO in october, since they get tons of stuff we don't
we did a sort of beer vacation up in durango, co during july
lots of good breweries within walking distance of each other mercutio: so when drinking these high alcohol % beers how many do you normally have? gizmoguy: mercutio: you usually have tasters mercutio: do you just drink one or two then have normal beer? gizmoguy: ~130ml mercutio: oh
OH
i thought it'd be like 330ml, or 500ml. gizmoguy: make more sense? :) m0unds: hahahaha gizmoguy: the bottles are
but when we do it, we split a bottle between 6 or so mercutio: ok that's a bit different gizmoguy: since the bottles are usually $50 a bottle or so mercutio: ahh m0unds: i'll occasionally have a single 650ml bottle of a 10-12% (usually stone russian imperial stout or similar) and that's it
jeez
pricey gizmoguy: yeah unfortunately we pay a high price to get good beer here :( mercutio: @exch 50 nzd to usd m0unds: BOOOO BryceBot: 50 NZD -> 32.482149434778 USD (as of Tue, 25 Aug 2015 20:00:08 -0700) gizmoguy: there's a really good Wellington importer mercutio: we pay heaps of taxes on alcohol too m0unds: need to arrange airships or drones or something gizmoguy: but they're almost too good, they buy refrigerated shipping all the way from the USA to NZ
which costs a bit m0unds: wow, that's awesome gizmoguy: yeah the quality is amazing BryceBot: That's what she said!! gizmoguy: the price not so much
lol BryceBot mercutio: heh
and there i go buying cheap beer :) gizmoguy: http://beerwithoutborders.co.nz/ m0unds: the imports we get from EU end up being ~$15-20 for a 650ml bottle
local stuff at the brewery tends to be $3-6/pint
depending on how fancy it is mercutio: http://www.cultbeerstore.co.nz/collections/ipa/products/ballast-point-big-eye-ipa-1
that seems more affordable :/ m0unds: ballast point stuff is great
their sculpin ipa is amazingly good mercutio: and 7% is more reasonable m0unds: i'm a big fan of their sculpin and grapefruit sculpin gizmoguy: <3 sculpin mercutio: probably expensive shipping m0unds: https://goo.gl/photos/69mZkLsoT3jTeD1r9 BryceBot: https://goo.gl/photos/69mZkLsoT3jTeD1r9 -> https://photos.google.com/share/AF1QipOptrg_b2Ug7ruW-FqYOuVoHrirKWCA0OlCejGDoyWfDoYwABO5TFqYYWH7VSSzYw?key=dnFTSElXVnJEeGM1SFRXTk1PS25Sa1YzVmVHdlRR mercutio: $6 shipping i suppose not too bad m0unds: green flash is good too (looking at the US offerings on that site) mercutio: i wonder if there's some sampler pack m0unds: wow, some of these mikkeller sours sound amazing mercutio: and expensive? :)
i dunno spending $18 on a single bottle of beer seems insane to me ***: mnathani_ has joined #arpnetworks mercutio: however i look at it m0unds: i look at it like a bottle of good wine
i can't have a lot of wines because tons of them are fined w/egg whites and i'm allergic to eggs mercutio: heh i buy cheap wine too :) m0unds: the most expensive stuff i buy is like $9 for 650ml, and that usually gets put in the beer cooler to age
like the le terroir i mentioned, i typically buy two bottles each release, drink one and cellar the other til the next year's release mercutio: well that mikkeller sour stuff was $18 for 355 ml
$9 for 650ml doesn't seem so bad. m0unds: it helps that i'm not thousands of km from new belgium :) mercutio: could do
but uk is cheaper for shipping than us often
for some strange reason m0unds: huh mercutio: for normal postal mail stuff
beer problem comes from sea
and could be different m0unds: oh, i don't think the US permits alcohol via USPS mercutio: more competition maybe
oh right m0unds: and i think you have to ship direct from a distributor or wholesaler
so fedex or ups mercutio: i was more meaning distance doesn't necessarily dictate cost m0unds: i've bought bottles of whiskey online, shipping sucks inside the us too
right
seems like it might to a degree when you can get $50 bottles of beer mercutio: alchol shippining within nz is cheap
normal coureirs will deliver it m0unds: i think i paid like $20 for overnight fedex from ca -> nm mercutio: yeah that's a lot more distance then we have possible here :)
or is it m0unds: yeah
i think my state is only slightly smaller than nz -: m0unds consults wolframalpha mercutio: yeah
it's right on the other side of mexico
right? m0unds: NM is 85% the size of the land area of nz mercutio: oh hangon it's gone to nm, texas
what
you mean new mexico right m0unds: yes
nm is the 5th largest state in the us behind alaska, texas, california and montana mercutio: @conv 1436km to miles
hmm maybe that doesn't work m0unds: 892.3 mi mercutio: actually using a different city, it's the same distance as invercargill to auclkand
basically m0unds: .89 x distance the Proclaimers would walk, just to be the man that walks a thousand miles to fall down at your door
lol mercutio: i was using dunedin before
dunedin is more of a major city than invercargill m0unds: i think that's around the distance from where i live to LA
actually no
oh, that's direct
789 mi ***: Kysade has joined #arpnetworks Kysade: hey anyone here? kellytk: Hi Kysade: I have a subdomain question for a vps, i understand how to add a sub domain with host file and apache, i dont understand how to make it any port other then one port at a time
i have tried using * for the port in the vhost file but it didnt work, i am using one sub domain to host a website on port 80, a game on port 25565 and an irc channel on 6676 6680 and 8070 milki: Kysade: this is an apache webserver question. try #httpd Kysade: thank you milki: Kysade: https://wiki.apache.org/httpd/IRC
that page is confusing Kysade: noone is on their ill ask in like windows forums or something
thanks for helping tho milki milki: apache configuration is hard kellytk: Kysade: I can recommend nginx if you're interested in an alternative to Apache -: milki nods Kysade: ill look into it, thanks
configuration file doesnt even need a port set in nginx, i should convert that seems much easier kellytk: Is anyone automating their FreeBSD installs? milki: Kysade has seen the light! Kysade: that was so much easier, everything is working just fine ***: Kysade has quit IRC (Quit: Leaving)