Back to Home / #linode / 2015 / 06 / Prev Day | Next Day
#linode IRC Logs for 2015-06-06

---Logopened Sat Jun 06 00:00:17 2015
00:05<@mmustac>yes, the entire disk image
00:06<zifnab>out of curiousity: its more or less an rsync, right?
00:06<zifnab>ie, its not saving the disk image but the data the disk image returns
00:06<zifnab>(so if i had a funny partition, it might not work as intended?)
00:06<@mmustac>it is file based (of the entire image); can't really get into process detail, sorry
00:07<zifnab>thats fine
00:07-!-Solvius [~Jase@82.145.49.2] has joined #linode
00:07<@mmustac>yes, any partition table will make it not be mountable
00:07-!-shingshang [~shingshan@115-64-27-246.static.tpgi.com.au] has joined #linode
00:07<zifnab>so, 'dont write a custom filetable that rot13s everything'
00:08<@mmustac>not if you want to use ours, sorry! we are actually looking to expand it over time, but basically its meant for the regular ext3/4 partitionless disk images the manager creates
00:14-!-Cromulent [~Cromulent@cpc1-reig5-2-0-cust251.6-3.cable.virginm.net] has quit [Quit: KVIrc 4.2.0 Equilibrium http://www.kvirc.net/]
00:15-!-AAA_ [~oftc-webi@101.185.63.103] has joined #linode
00:15<AAA_>My $_GET queries aren't working at all. I have no errors in my error log, either
00:15<AAA_>How am I supposed to fix this? The syntax is perfectly fine. I'm simply doing <?php print_r($_GET); ?>
00:16<AAA_>and the URL is www.site.com?something=somevalue
00:16<akerl>What does the access log show
00:17<AAA_>i will check now
00:17<AAA_>this thousands of times '192.168.255.21 - - [06/Jun/2015:13:46:50 +0930] "GET / HTTP/1.1" 404 177 "-" "-"'
00:18<akerl>AAA_: That's a 404
00:18<AAA_>the page is displaying content
00:18<akerl>Is it a 404
00:18<AAA_>nope
00:18<AAA_>I can echo things
00:18<akerl>Then you're looking at the wrong log
00:19<AAA_>that's the access log for nginx
00:19<AAA_>what am I meant to be looking for?
00:19<akerl>Well, you're looking for the log line for your access attempts
00:22<AAA_>yes?
00:22<AAA_>that is it
00:22<akerl>That's a 404
00:23<AAA_>It's not showing a 404 error on the page though
00:23<akerl>Which is how I know you've not found the lines for the requests you're making
00:24-!-Webflashing [~Webflashi@186.18.134.209] has joined #linode
00:24<AAA_>this is at the bottom of the file
00:24-!-Webflashing [~Webflashi@186.18.134.209] has quit []
00:24<akerl>k?
00:24<AAA_>these logs are specified in my nginx config
00:24<AAA_>they have to be the right logs
00:25<akerl>Clearly not
00:25<tswartz>AAA_, tail -f the file. make a request, watch what happens
00:27<AAA_>I have multiple instances, I just checked all of them and they're empty
00:27<AAA_>except the one I was talking about earlier
00:27<kyhwana_>AAA_: uh, where are you making that request from? 192.168.255.21 is a RFC1918 address
00:28<AAA_>RFC1918?
00:28<akerl>private.
00:28<akerl>Not routable over the internet
00:28<AAA_>oh
00:28<AAA_>must be my server
00:28<akerl>This is a Linode, right?
00:28<AAA_>yes
00:28<akerl>So it's a NodeBalancer.
00:28<akerl>Which you've just not bothered to mention
00:29<AAA_>I don't even know what that is
00:29<kyhwana_>akerl: o.o
00:29<AAA_>lol
00:29<akerl>AAA_: One of the following is happening: you're looking in the wrong log file. You're making requests to the wrong service. Your site is returning 404 errors. You're just failing to read the log file.
00:30<AAA_>where can I find the file that it's logging to, my nginx config says it's that file I was talking about earlier
00:30<akerl>Interestingly enough, if you'd just tell us the actual URL without redacting, we can eliminate 50% of those, but you're realllllllly determined to play sekrit agent
00:31<AAA_>I just need to know where the file is, lol
00:31<akerl>So read your nginx config
00:31<AAA_>I did
00:31<akerl>I don't know how you expect us to be able to help you
00:31<AAA_>it says the file I was talking about earlier
00:32<akerl>The combination of things you've described so far is not a valid combination: either you're looking in the wrong place or you're not reading, and we can't fix either on your behalf
00:32-!-acald3ron [~acald3ron@177.239.97.5] has quit [Ping timeout: 480 seconds]
00:33<AAA_>I just checked it again
00:33<AAA_>the logs are definitely correct
00:34<akerl>Then you can definitely show me the log line for the requests you're making?
00:34<AAA_>I did
00:34<akerl>:|
00:34<AAA_>it's the same thing spammed over and over again
00:34<AAA_>thousands of times
00:34<akerl>The log line you pasted above is coming from a NodeBalancer and is a 404 error
00:35-!-luca [~lucaf@luca.sponsor.oftc.net] has joined #linode
00:35<AAA_>I don't have a nodebalancer
00:35<akerl>Well then that log line isn't the requests you're making.
00:35<akerl>So keep looking
00:36-!-Solvius [~Jase@8Q4AABBFZ.tor-irc.dnsbl.oftc.net] has quit []
00:37<AAA_>I've checked on all the config files and scanned my whole server, I have no idea what else to do
00:37<akerl>Pastebin your unredacted nginx config?
00:37<tswartz>are you sure you are reading the right config?
00:38<tswartz>nginx -t
00:38-!-KnightsWhoSayNi [~haz@90.203.62.159] has quit [Ping timeout: 480 seconds]
00:38<AAA_>I checked both nginx.config and the one for my site
00:40-!-mkoskar [~mkoskar@0001f272.user.oftc.net] has quit [Ping timeout: 480 seconds]
00:40<tswartz>so are you going to pastebin them?
00:41<AAA_>I'm googling it
00:41<virtualsid>heh
00:42<virtualsid>Clearly you guys aren't helpful enough. :P
00:42<akerl>googling "how to pastebin"?
00:42<tswartz>lol
00:42<luca>everybody starts somewhere
00:42<virtualsid>luca: Sure - but without information, it's pretty hard to fix a problem.
00:42<luca>certainly
00:42<akerl>luca: Perhaps, but this particular body knew how to pastebin things within the past 48 hours :)
00:43<MaliutaLap>if you don't have the patience to read lots of technical docs then don't try to sysadmin
00:44<virtualsid>s/sys/be a successful sys/ perhaps
00:44<zifnab>desktop keeps overheating :/
00:45<MaliutaLap>zifnab: it's not steaming up because of all the pr0n? ;)
00:48<zifnab>MaliutaLap: nope, bad airflow where its sitting
00:48<zifnab>won't fit on top of the desk easily
00:48<zifnab>there's a counter in the way
00:48<zifnab>think i just need to reverse airflow in it maybe
00:50-!-ella [~ella@pa49-180-137-206.pa.nsw.optusnet.com.au] has joined #linode
00:50<ella>I have an intersting problem that has been increasing the last few days. SYN flood attacks in Dallas ... anyone have any comments, information or suggestions?
00:50<akerl>Pray more?
00:51<ella>Yeah that doesn't help much akerl :) God doesn't have good unix experience :)
00:51<zifnab>something about syn cookies
00:51<akerl>What are you asking for?
00:51<zifnab>i don't know if its real
00:51<zifnab>http://security.stackexchange.com/questions/34298/stopping-ddos-tcp-syn-and-udp-flood-attacks
00:51*zifnab doesn't know if this works
00:52<ella>Well I'm seeing, in my logs, after I eventually get logged in, thousands of connections to sendmail, which of course is kicking the kernel to shut things down - everytyhing but sendmail ironically.
00:52-!-mkoskar [~mkoskar@0001f272.user.oftc.net] has joined #linode
00:52<akerl>ella: SYN floods wouldn't be making it to sendmail
00:52<virtualsid>'shut things down'?
00:52<ella>Great answer zifnab: "the first line of defence is encouraging your ISP to adopt BCP38 to avoid IP spoofing. "
00:53<ella>HEY LINODE!!!!!
00:53<zifnab>...
00:53<zifnab>read the second comment
00:53<akerl>:|
00:53<ella>comment or answer?
00:53<akerl>ella: the *source* of the traffic needs to be the one blocking spoofing
00:53<ella>I'm pretty sure i have SYN cookies running :)
00:54<ella>From ,y logs: Jun 6 01:46:16 ah kernel: TCP: request_sock_TCP: Possible SYN flooding on port 25. Sending cookies. Check SNMP counters.
00:54<akerl>ella: If processes are being terminated, you really ought to look into why, because a SYN flood wouldn't do that
00:54<virtualsid>Indeed.
00:55<ella>root@ah:/proc/sys/net/ipv4# cat tcp_syncookies
00:55<ella>1
00:55<ella>root@ah:/proc/sys/net/ipv4# cat tcp_max_syn_backlog
00:55<ella>128
00:55<ella>root@ah:/proc/sys/net/ipv4# cat tcp_synack_retries
00:55<ella>5
00:55<ella>Yup, all turned on ...
00:55<ella>might being retries down to 3
00:56<virtualsid>ella: handy to use bpaste.net for longer pastes.
00:56-!-SudiptaS [~oftc-webi@122.162.102.238] has joined #linode
00:56<SudiptaS>Hi All
00:57<ella>Hmm, wonder if I can use Fail2Ban to just shut down port 25 if the TCP port traffic peaks? BUt the logs don't seem to show anything specific
00:57<akerl>ffs
00:57<akerl>Is selective reading becoming an epidemic?
00:58<ella>Must be, am I mising something?
00:58<akerl><akerl> ella: If processes are being terminated, you really ought to look into why, because a SYN
00:58<akerl>flood wouldn't do that
00:58<akerl><akerl> ella: SYN floods wouldn't be making it to sendmail
00:59<ella>Kernel is shutting down processes as the SYN flood appears to be filling memory spawning moer sendmail listeners ... I could restrict sendmail considerably I guess. I'm only looking at the logs presently
00:59<akerl>Really?
00:59<gparent>is this a bot or something
00:59<virtualsid>So that's not a 'syn flood'.
00:59<ella>Let me bpaste fro yoyu ....
01:00<akerl><akerl> ella: SYN floods wouldn't be making it to sendmail
01:00-!-SudiptaS [~oftc-webi@122.162.102.238] has quit []
01:01<ella>Tell me this isn't sendmail .... https://bpaste.net/show/569e36b83e06
01:01<ella>I didn't paste the 40 pages of sendmail processes
01:02<akerl>"Possible"
01:02<ella>It goes through till PID 17449
01:02<ella>Then kernel reports outr of memory
01:02<akerl>This isn't a syn flood, this is just your send mail doing a shit ton of something and OOMing
01:02<akerl>Check your logs and see what sendmail is doing
01:02<ella>My sendmail isn't doing anything
01:02<retro|blah>Bullshit
01:02<akerl>Clearly that is false
01:03<ella>From around 01:44 hours (about 1644 Dallas time) there is an incrtease in:
01:03<ella>Jun 6 01:44:22 ah sm-mta[16820]: t55FiE7a016820: [103.245.66.227] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
01:03<ella>Jun 6 01:44:23 ah sm-mta[16818]: t55FiJnS016818: [14.160.26.143] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
01:03<akerl>ella: It's theoretically possible that something else on your system is eating all the RAM, but that doesn't match with your earlier statement that sendmail is the last man standing
01:03<akerl>But something is eating RAM, and it's not a syn flood
01:04<ella>The PID of each connection matches a PID in the Kernel log, so it is incoming, also my Linode traffic shows income traffick, not outgoing
01:04<akerl>ok?
01:04<akerl>So figure out what sendmail is doing
01:04<ella>It's recievving thousands and thousands of connections
01:04<zifnab>ok quick rundown of tcp
01:05<ella>https://bpaste.net/show/f32188fd449f
01:05<ella>Before you give me a quick rundown on tcp, I wrote the first windows 2.1 ip stack ... and I've been online since 1981
01:05<akerl>hahahahahahahahaha
01:05<ella>I have just never seen this before
01:05*akerl goes to get the troll bell
01:05<zifnab>http://www.shuatiblog.com/assets/images/3way-Tcp-handshake.png
01:05<zifnab>the first parts of that
01:06<zifnab>specifically the syn, syn ack, never hit the application
01:06<zifnab>thats done kernel side
01:06<ella>https://bpaste.net/show/c8ffc49ea462
01:06<dcraig>is this one of those "how many triangles are in this picture?" things?
01:06<ella>I can only paste what the KERNEL log tells me
01:06<rnowak>pineapple
01:06<arlen>troll
01:07<zifnab>check /var/log/maillog
01:07<ella>And that last bpaste is just a sample of the hundreds of thousands of log entries made by sendmail at the time services start being shut down
01:07<akerl>I wonder how much it would cost on mechanical turk to pay folks to come on IRC and troll
01:07<ella>zifnab https://bpaste.net/show/c8ffc49ea462 and https://bpaste.net/show/f32188fd449f
01:07<dcraig>it's about $3
01:07<akerl>How much is that in doge?
01:07<dcraig>much
01:07<gparent>woof
01:08-!-kaare__ [~kaare@94.191.185.140.mobile.3.dk] has joined #linode
01:08<akerl>In other news: I'm beginning to feel about boxen the same way I feel about oh-my-zsh, I think
01:08<ella>Ok so the inbound traffic runs for pretty much exacty 15 minutes in todays logs, yesterdays logs and the day before, always at the same time of day and within a minite of duration
01:08<akerl>It's just a *little* too much hand-waving-magic over top of an otherwise good thing
01:08<nate>ella: that's not a "SYN Flood", that's someone invoking EHLO against your mail server and then letting the connection hang
01:09<ella>AGAIN: Jun 6 01:46:16 ah kernel: TCP: request_sock_TCP: Possible SYN flooding on port 25. Sending cookies. Check SNMP counters.
01:09<ella>Is in my logs ... That is where I started
01:09<nate>ella: "Possible"
01:09<akerl>ella: You're welcome to scroll up for thoughts
01:09<dcraig>sending cookies!
01:09<ella>That is tghe first entry in the logs that says "Siomething is not going the way you expect"
01:09<zifnab>fuck i want some cookies
01:09<arlen>what kind of cookies
01:09<nate>Ella: There's a reason that line quite literally states "Possible"
01:10<zifnab>arlen: anything but drug laced cookies, unless they're somehow laced with alcohol
01:10<dcraig>oatmeal raisin
01:10<arlen>mmm
01:10<nate>ella: Fact is your mail server is mentioning a lack of MAIL/VRFY/etc which it only expects once an EHLO/HELO is exchanged, I'd say you're certainly getting hit by something abusive, but it's not a SYN Flood, and I -think- fail2ban technically can be set up to autoblock that kind of thing
01:11<dcraig>how is this impacting your operations?
01:11<nate>ella: Alternatively you can also kick on some kind of packet inspection, it may even be submitting junk data or perhaps something they -expect- to work for spam relaying
01:12<ella>Ok so lets move on from SYN ... we have at attack .. fail2ban SHOULD be kicking this ... it's set up to reject after a fwe attempts. Question: Is the same IP address appearing multiple times, or are all the IP's unique (EF ME GOD!)
01:12<Eugene>I've had great luck at avoiding SMTP attacks by setting smtpd_tls_security_level=encrypt
01:12<akerl>I've had amazing luck avoiding SMTP issues by running my SMTP on 127.0.0.1
01:12<ella>Eugene I tihink I set TLS security last year ... otherwise my phone won't talk to my server!
01:12<ella>But I'll check in a sec.
01:13<Eugene>=encrypt means that incoming connects have to use STARTTLS. Spambots tend to not bother
01:13<ella>If Fail2Ban isn't seeing enough of the same IP, it won't firewall the inpbound. So, possible option, instead of chekcing IP, check for say 15 "did not issue" messages and block all inbound SMTP for 15 minutes :)
01:14<rnowak>nothing like a bit of self-imposed DoS
01:14<ella>Eugene I know, I have to use TLS to connect from my phone ... sendmail rejects non encryupted sessions and relay sessions that are not secured and connected with keys
01:14<akerl>If only there was a word for that, where an attacker can maliciously prevent legitimate users from accessing a service
01:15<dcraig>akerl, it's called "mowaking it"
01:15<zifnab>oh, you mean denial of service?
01:15<nate><Eugene> I've had great luck at avoiding SMTP attacks by setting smtpd_tls_security_level=encrypt <-- this technically would probably stop them simply due to the fact it means encrypted -only- SMTP
01:15-!-Circlefusion [~circlefus@cpe-74-136-58-82.kya.res.rr.com] has quit [Quit: Leaving]
01:15<nate>anything on port 25 should be explicitly ignored
01:15<nate>(at least I think it means TLS-only, might have to double check...)
01:15<ella>I know it's a DOS attack, haven't had one since 1995 when my server was one of the first to endure spam relay crisis ... I miss those days of everyone relaying for everyone but 60,000 spam messages in an hour was not a positive use of expensive bandwidth
01:16<akerl>ella: Reading is hard, isn't it?
01:16<nate>ella: I don't think anyone is disagreeing on it necessarily being a DoS of some sort, just that it's not a SYN flood :P
01:16<Eugene>nate - it means STARTTLS is required on 25
01:16<akerl>I'm pointing out that if you set up what you described, you are creating your own DoS attack
01:16<nate>Eugene: Ah, I thought that was a different flag
01:16<Eugene>nate - it's useful for when you want to receive legitimate emails(eg, StartSSL confirmation emails), but nothing else.
01:16<akerl>You are building a system that is designed to allow an attacker who can generate 15 connections to lock out your system
01:17<nate>akerl: She technically said there were thousands of lines I think
01:17<nate>implying more than 15 connections at once :P
01:17<zifnab>still, i'm sure i can generate a few thousand connections
01:17<zifnab>i have gig
01:18<dcraig>what's the gig?
01:18<zifnab>bow before me, non-gig peasants
01:18<zifnab>dcraig: ...
01:18<ella>A few thousands connections
01:18<ella>repeatedly every minute
01:18<zifnab>dcraig: i'd link a speedtest, but i believe Eugene's server is eating my bandwidth again
01:18<dcraig>playing at the convalescent home?
01:18<dcraig>ohhh... a gigABIT!
01:18<Eugene>I don't think so
01:19<zifnab>Eugene: come make elwha a router this weekend
01:19<Eugene>Ugh.
01:19<nate>ella: You can always try what Eugene suggested, switching that config option so 25 will respond on STARTTLS only for SMTP
01:19<zifnab>lol
01:19<ella>Ok seems services are shutting down as sendmail swallows memory. That's bad. Only services that continue to run are those triggered by cronttab, although OpenVPN stays running which puzzles me
01:19<zifnab>or not
01:19<Eugene>I don't wanna
01:19<nate>might make it ignore those connections
01:19<Eugene>Next weekend
01:19<zifnab>k
01:19<zifnab>maybe
01:19<dcraig>ella, it's going to explode
01:19<ella>I cant see anything in squid logs saying its' shutting down
01:19<Eugene>hannerz is babysitting over the weekend
01:19<zifnab>ah
01:19<Eugene>I can come over with the HDs, build a RAID, and make it int oa router
01:20<zifnab>maybe
01:20<zifnab>i hate making plans before tomorrow
01:20<zifnab>as i never do them
01:20<dcraig>are you two related?
01:20<zifnab>no
01:21<zifnab>dcraig: i hope not
01:21<Eugene>We just have a poor personal-public conversation filter
01:21<dcraig>I have 1/8 gig
01:21<zifnab>well i do
01:21<ella>dcraig I was looking at services logs to see when they are crashing out to determine thesholds.
01:22<dcraig>what's your pain threshold?
01:22<akerl>for the DoS tool?
01:22<ella>dcraig my prsonal pain threshold is very low these days :)
01:23<dcraig>have a tylenol
01:23<MaliutaLap>I have oxycodone
01:24<dcraig>omg is this #silkroad?
01:24<ella>was starting to winder
01:25<ella>Sendmail: MaxQueueChildren=100 and QueueRunners=2 ... lets see how that slows things down!
01:25<MaliutaLap>dcraig: except I don't share - I kinda need that stuff
01:26<MaliutaLap>dcraig: although I can give you some prednisone
01:26<virtualsid>I can't believe it's taken this long to get to tuning sendmail.
01:26<ella>I'd prefer to not tune my sendmail!
01:26<dcraig>autotune it
01:26<virtualsid>but you'd be okay creating a DoS?
01:26<MaliutaLap>I used to love tuning sendmail
01:26<ella>I like "hands free admin" ... it's pretty rare I have to log onto my server. Upgraded it last year in Sept and this is the first issue.
01:26<MaliutaLap>postfix is easier on that
01:27<zifnab>the only drugs i can get quickly are...well most of them
01:27<ella>MaliutaLap I use to love tuning sendmail ... it got boring as greater priorities in life came about
01:27<zifnab>guy at work gets things for people somehow, i dont get it :/
01:27<dcraig>email is OVER
01:27<virtualsid>I wonder if AAA_ ever found out what server was being hit.
01:27<MaliutaLap>ella: my priorities are digging enough to understand how and why things work - and then bend them to my will
01:28*zifnab bends MaliutaLap to his will
01:28<ella>I rarely use email these days, I tell people to phone or meet with me.
01:28<MaliutaLap>ella: after leukaemia I don't give a crap about other stuff
01:28<virtualsid>via email?
01:28<ella>MaliutaLap you sound like me for most of my life :) Though the last week I've been in legal proceedings, so brain yet to switch :)
01:28<MaliutaLap>zifnab: people will tell you that's no easy task
01:28<akerl>ella: Um, how did you apply patches for the various system and protocol vulns since September?
01:28<zifnab>MaliutaLap: finish your drink
01:28<ella>MaliutaLap Wow, I get ya
01:28<virtualsid>akerl: heh, I decided not to ask. :)
01:29<kyhwana_>akerl: hopefully unattended-upgrades? ;)
01:29<dcraig>patches are for the weak
01:29<virtualsid>kyhwana_: wishful thinking
01:29<akerl>kyhwana_: unattended-upgrades generated new dh-params?
01:29<zifnab>oh i should do that
01:29<zifnab>how do i do that
01:29<ella>akerl I actually upgtaded from my 2007 Linode last year ... This is the first time I've not grazed every line of code in every application running on my server since 1984
01:29<MaliutaLap>dcraig: better done on the weekend, less impact on service interuption
01:29<akerl>ella: Yea, that wasn't the question
01:29<ella>But the code seems fine, it's the ingress conenctions that is the issue
01:29<kyhwana_>akerl: ohh nope, but if they're 1024bit, you're probably still safe against everyone but the NSA ;)
01:30<kyhwana_>zifnab: the weakdh.org page has a "sysadmins" page
01:30<virtualsid>So you're saying you grazed all the lines of code in your 2007 linode?
01:30<akerl>virtualsid: and that grazing lines of code fixes security vulns that are released in the future of the grazing
01:30*dcraig grazing
01:31<virtualsid>akerl: Of course. All these statements are completely true.
01:31<akerl>I grazed my kernel to get it patched for kernel vulns
01:31<akerl>way easier than a reboot
01:31<virtualsid>The only time I've 'grazed all the lines of code on my computer' was when I was at college doing z80 assembler.
01:32<dcraig>oh are we talking about something different than what cows do?
01:32<virtualsid>luckily, it was about 10 lines.
01:32<akerl>dcraig: I don't think so
01:32<dcraig>ok good thanks
01:32<virtualsid>dcraig: oh, I thought maybe it meant drawing blood.
01:32<virtualsid>which that was.
01:33<zifnab>kyhwana_: thanks, apparently i'm safe
01:34<MaliutaLap>virtualsid: I had my blood drawn yesterday
01:34<ella>OK, brutalized sendmail.cf :) Based on the 15 minute attack cycle ... this should prevent loading. DOn't seem to have any logs of CPU load though ...
01:34<AAA_>virtualsid: ?
01:34<MaliutaLap>ella: you haven't migrated from sendmail to postfix?
01:35<virtualsid>Last think you did, you were googling how to pastebin, AAA_ - did you get anywhere?
01:35<virtualsid>s/think/thing/
01:35<ella>MaliutaLap I looked at it in August last year but decided not to
01:35<akerl>ella: the important question is, "have you grazed the new config"
01:35<zifnab>virtualsid: are you unstable this evening
01:35<AAA_>virtualsid: nope, nothing. nothing is working at all
01:35<akerl>AAA_: So have you pastebin'd the config?
01:35<virtualsid>zifnab: I am having reading comprehension issues.
01:35<ella>Mainly because of my familiarity to sendmail and my lack of time for a learning curve, whilst house hunting, a new girlfriend, two screenplays, a co-writing project, and two stage plays ...
01:35<zifnab>virtualsid: mostly the 'sid'
01:35*zifnab made a debian joke
01:35*zifnab feels terrible
01:36<virtualsid>oh. bah. I didn't get it.
01:36<zifnab>as you shouldn't have
01:36<virtualsid>Well I use Debian...
01:36<virtualsid>I think I tried running a 'Sid' machine - once.
01:36<MaliutaLap>zifnab: the ~2000 debian jokes were better. Hamm made a better joke
01:36<virtualsid>For about 2 days.
01:36<zifnab>lol
01:37<zifnab>i want woody back
01:37<zifnab>i missed so many boner jokes
01:37<dcraig>make a screenplay about it
01:37<MaliutaLap>Jessie is the name of a Roberta FLack song
01:38<virtualsid>man, no one made fun of me talking about doing z80 assembler.
01:38*virtualsid is sad.
01:38<ella>my wife and I are working on a techie screenplay, but it's kinda hard to ensure that the appeal and depth isn't lost of wananbe geeks, dumb people and non techies
01:38<ella>I miss the z80
01:38<dcraig>does ur wife know about the gf?
01:38<virtualsid>dcraig: Hah! I was thinking the same bloody thing.
01:39<zifnab>...i had to explain what a gif was the ohter day to someone
01:39<zifnab>he was confused, he didn't realize it was an image
01:40<dcraig>I'll be there in a gif!
01:40<zifnab>someone wanted to share a gif with him
01:40<zifnab>"I have a wife"
01:40<ella>dcraig my wife was my girlfriend :)
01:40<ella>We got married in March
01:40<zifnab>...i had to ask what he though
01:40<zifnab>"girl i f******'
01:40<virtualsid>So that doesn't sound like a new girlfriend.
01:40<virtualsid>zifnab: LOL
01:40<ella>She was new, I was only divorced a year prior :)
01:40-!-akerl [~akerl@id-ed25519.pub] has left #linode [valete]
01:40<virtualsid>She's a newer wife.
01:41<ella>she's also half the age of my ex :)
01:41*ella purrrrs
01:41<dcraig>yikes
01:41<zifnab>well
01:41<zifnab>one of them was probably creepy
01:41<ella>My ex was older than me
01:41<zifnab>i...can't actually think how that wouldn't be creepy
01:41<virtualsid>ella: but did she graze all the code on her computers, just like you do?
01:42<ella>virtualsid my wife wants to learn to hack .. shes' playing with wireshark today getting a bit of a buzz out of trying to work out what everything means
01:43<virtualsid>/o\
01:43-!-WedTM [~Eric@nx-01.tor-exit.network] has joined #linode
01:43<zifnab>i'm still trying to figure out the half age thing
01:43<virtualsid>zifnab: well, ella was online in 1981.
01:43<zifnab>the first one would have had to be 40+
01:43<MaliutaLap>Jerry Lee Lewis thing
01:44<virtualsid>zifnab: not necessarily, legal age in some countries for marriage is 16.
01:44<virtualsid>and lower in others, I imagine.
01:45<zifnab>virtualsid: i'm going to make the assumption that no one under 18 was on the internet in 1981. that makes him 52 at a minimum. the 'valid' dating range (in my mind) for that is 33 (minimum)
01:45<MaliutaLap>virtualsid: Jerry Lee Lewis married his 13 y/o first cousin
01:45<ella>zibri year my ex is well over 40 ... still can't work out why I was with her for so long
01:45<zifnab>zibri?
01:45<zifnab>...
01:45<ella>zifnab him who? I'm a she!
01:45<ella>ANd I'm not 52!
01:46<pharaun>lol
01:46<dcraig>love knows no boundaries
01:47<ella>dcraig yeah ... I've made a few brick wall boundaries since divorce
01:48<AAA_>anyone had any experience with Comodo before?
01:50<dcraig>no
01:50<virtualsid>Not a soul.
01:50<zifnab>i've always wanted a comodo dragon
01:50<zifnab>i think the apartment would reject it
01:50<virtualsid>The apartment probably wouldn't care.
01:50<dcraig>gotta pay dragon rent
01:51<virtualsid>the dragon might reject the apartment, however.
01:51<Ryon>the dragon might reject you
01:51<MaliutaLap>Mother of Dragons
01:52<MaliutaLap>just hope George RR doesn't kill you off
01:52<virtualsid>You can hope all you want. He will.
01:53<MaliutaLap>pretty sure that's how the books will end - with everyone dead
01:53<AAA_>lol
01:53<AAA_>has anyone actually used Comodo certs
01:53<AAA_>I've seen plenty of really good reviews, and plenty of terrible ones
01:53<arlen>i have
01:53<AAA_>what were they like?
01:54<arlen>what do you mean
01:54<dcraig>certificate-like?
01:54<ella>ping
01:54<ella>Oh I'm still here
01:54<arlen>its a cert, it was certy
01:54<AAA_>apparently their customers service etc. has been terrible
01:55<arlen>i've never had to contact customer service
01:55<AAA_>hmm
01:55<AAA_>take a look at this
01:55<AAA_>https://www.sslshopper.com/comodo-certificate-authority-reviews.html#reviews_top
01:56<MaliutaLap>I have a couple in place
01:56<MaliutaLap>you may need to rebuild the CA chain from the one they give you
01:56<AAA_>CA chain?
01:57<MaliutaLap>Root cert+intermediates
01:57<AAA_>I'm new to this, I don't know what that is, can you please explain
01:58<nate>AAA_: All vendors tend to have mixed reviews, I've been using comodo for a while now without issue
01:58<nate>they were one of the earlier ones to properly move everything to SHA2 and 4096-bit roots
01:59<zifnab>virtualsid: but giant lizard
01:59<nate>if you're going to get an SSL cert however don't go to any of the major vendors directly, deal with sites like ssls.com or comodosslstore.com, far better prices
01:59<AAA_>yeah
01:59<AAA_>comodo is having a sale
01:59<AAA_>so it's cheap
01:59<nate>unless it's < $10, it's not cheap
01:59<nate>:P
01:59<nate>For a basic single-domain DV (with www.* as a SAN included), both of those sites there are generally no more than $10 for comodo certs
02:00<zifnab>oh
02:00<zifnab>they eat birds whole
02:00<zifnab>it'd do so well in seattle
02:00<zifnab>it could eat pigeons
02:00<AAA_>and also, you know when new SSL technologies come out? does that mean you need to buy a new cert?
02:01<zifnab>'negative'
02:01<zifnab>in quotes
02:01<zifnab>don't use sha-1
02:01<nate>AAA_: That's kind of a hard question to answer, in most cases SSL/TLS at the httpd level is completely irrelevant to the certificate other than providing it
02:02<nate>otherwise the most recent big change is what zifnab just noted, everyone moving off SHA-1 certificates prompted some people to renew into SHA-2 ones
02:04<AAA_>how do you check what SHA the cert has?
02:05<nate>most generic way; https://shaaaaaaaaaaaaa.com/
02:05<nate>Most detailed-way; https://www.ssllabs.com/ssltest/analyze.html (Will give you a general overview of your complete https:// configuration/strength
02:05<AAA_>thats a lot of a's, lol
02:05<ella>Right lets see if fail2ban will work for future attacks :)
02:08<ella>OK all done, thanks to those who helped. I guess I see how things go the next 24 hours or so
02:08<AAA_>so does comodo automatically come with SHA-2?
02:08<AAA_>apparently you need to generate it with some providers
02:08-!-ella [~ella@pa49-180-137-206.pa.nsw.optusnet.com.au] has quit []
02:09<nate>AAA_: if you get one on either of the sites I linked it should definitely be SHA-2 by default
02:09<kyhwana_>a/me headtilts
02:10<nate>very few default still to SHA-1 still
02:10<AAA_>ok
02:10<kyhwana_>AAA_: If you want free certs, try startssl (tho they may have some restrictions?) or wosign, (who don't)
02:10<nate>So any vendor really should be SHA-2, worst case you can always use the -sha2 flag anyways "just for"
02:10<nate>wosign support is kind of limited no? startssl is broadly covered but require limited amount of identification I think
02:11<nate>I know it was said in here before they at least don't require passports anymore,but I think you still may need some form of ID
02:12<kyhwana_>nate: what support do you need other than "plz sign this csr, kthx"
02:12<kyhwana_>nate: not for DVs?
02:12<dwfreed>you only need ID for class 2 certs
02:12-!-WedTM [~Eric@3DDAAARL6.tor-irc.dnsbl.oftc.net] has quit []
02:12-!-aleksag [~AG_Scott@104.238.174.29] has joined #linode
02:12-!-aleksag was kicked from #linode by ChanServ [Please use another method to access #linode]
02:12-!-aleksag is "Pettis" on (unknown)
02:13<nate>ah thought they still made you give something up for the basic DV's
02:13<dwfreed>nope
02:13<kyhwana_>no? you havn't for ages
02:13<nate>kyhwana_: And by support I was talking software support
02:13<dcraig>nate gave it up
02:13<nate>as in implementations
02:14<kyhwana_>nate: ? that's not the role of the CAs.. you give them a CSR, they sign it, done
02:14<dwfreed>kyhwana_: he means whether the CA is in the default trust store
02:14<nate>kyhwana_: That's nice and all but that's still not what I'm talking about, I'm talking about him getting a certificate and finding out it only works with safari or some shit, again software support as in "How many softwares support the CA root"
02:14<nate>:P
02:15<nate>I thought wosign didn't have a very broad CA trust/root
02:15<kyhwana_>oh right
02:15<kyhwana_>they're cross signed by startssl and works in IE/FF/chrome, so *shrug*
02:15<nate>ah
02:18<zifnab>nate: for the personal validation, you still need to send photo ID
02:19<zifnab>i had to send photo ID, a phone bill, a utility bill, and a passport (as my old ID was very worn out)
02:19<zifnab>montana licenses had this nasty covering on them that'd wear out, they'd lose their holo layer in spots
02:20<AAA_>do you want 'Website Vulnerability Scanning' or 'PCI Scanning' from comodo? it's free with a cert, but does it have a catch?
02:31<dcraig>I love catches
02:31<Peng>AAA_: You definitely don't need it. It may be useful. I don't know if there are negative catches.
02:31<MaliutaLap>Every year they put classic catches on during the cricket
02:34<arlen>the cricket can catch?
02:34<nate>AAA_: It doesn't really add anything, and if you agree to it I believe after a year or a month or something it'll try to get you to sign up for it (it's an otherwise paid feature)
02:34<MaliutaLap>arlen: catches are how the majority of wickets are taken in cricket
02:35<dcraig>there's no beating a sticky wicket
02:35<arlen>weird cricket
02:35<arlen>ours just make noise
02:35<arlen>lazy
02:36<luca>gandi.net for the win
02:36<luca>given the support they provide to open source projects
02:37<luca>USD 16/yr for a DV cert
02:37<luca>also, let's encrypt
02:37<arlen>free one year cert from gandi with a domain purchase
02:37<kyhwana_>luca: soooon
02:37<luca>that, also
02:38<arlen>and you don't have to get the free cert right away
02:38<MaliutaLap>I use wildcard certs mostly
02:38<luca>and revocation / reissuance is no cost
02:41<Peng>Yeah, you can't beat a free cert from your registrar. But after the first year it's worth shopping around.
02:41<Peng>Unless your registrar is Namecheap, since they're a cheap Comodo resller anyay :>
02:45<nate>still not that cheap though usually
02:45*nate has to register company SSL certs through godaddy
02:45<nate>I feel dirty every single time
02:45<nate>$70 each
02:45<nate>:(
02:46<kyhwana_>nate: yeah :|
02:46<kyhwana_>thoe we might switch to the cheap positivessl ones, at least till letsencrypt comes out (and where we can use it)
02:46<MaliutaLap>nate: dirty, dirty boy
02:47<nate>and then there's the domains
02:47<nate>which you not only have to cover the ICANN fee, but pay an extra $8 a year for "privacy"
02:47<nate>:|
02:49<Peng>Do they know Go Daddy will revoke the privacy if they even sniff danger?
02:50<nate>Revoke it how? Technically speaking I don't think they're allowed to "Revoke" privacy without warning first, but they will (like any registrar I admit) disclose it under warrant situations, though technically knowing godaddy they'll probably disclose it even without a warrant
02:51<MaliutaLap>nate: there is privacy on the 'net?
02:51<MaliutaLap>nate: when did this happen?
02:51<AAA_>https://comodosslstore.com/ is cheap
02:52<nate>MaliutaLap: Some TLD's allow you "Anonymous" registrations, ie; parking your domain registry data under a proxy individual/company
02:52<nate>the only two requiring to know the actual registration behind is ICANN (for complaint/validation purposes) and of course the registrar themselves
02:53<Peng>nate: I believe Go Daddy has been known to disable whois privacy with a strongly worded email. Or if your domain expires.
02:54<nate>peng: Probably because if the domain expires due to lack of payment then obviously you didn't renew the privacy either, in a way it -kinda- makes sense, but it's still dirty
02:54<nate>all the more reason to stick with registrars that don't charge for privacy separately :P
02:54<Peng>indeed
02:54<Peng>of course, you also have to disable whois privacy to transfer the domain away from Go Daddy, right?
02:55<Peng>:D
02:55<AAA_>what does whois privacy protect you from?
02:56<MaliutaLap>There is no privacy ... the NSA owns us all! Well, them or Google
02:56<Peng>in practice, nothing
02:56<nate>Peng: I'm not actually sure on that
02:56<Peng>:P
02:56<nate>AAA_: From generic snoopers/spammers
02:56<Peng>AAA_: Well, what do you think would happen if your name, address and phone numbere were all over the Internet?
02:57<nate>Though if someone REALLY wants to know your info they'll just social engineer you
02:57<Peng>AAA_: It protects you from junk mail, sometimes death.
02:57<nate>MaliutaLap: Tbh pretty sure google has tremendously more detailed records than any government does
02:57<AAA_>alright before I buy this SSL cert, is everyone sure comodosslstore is good?
02:59<nate>AAA_: It's where I get everything at anymore, haven't had any issues with them
02:59<nate>Usually $8-10 at most for a single-domain DV cert there, better end price
02:59<AAA_>ok
02:59<AAA_>thanks
02:59<AAA_>I
03:00<AAA_>I'm just being paranoid, lol
03:06<AAA_>nate: what's their customer service like?
03:07<nate>AAA_: Admittedly not sure, I've never had any issues I had to contact them over before, lol
03:07<nate>DV certs are largely an automated process
03:08<AAA_>what about OV?
03:08<zifnab>well, hopefully its not like startssl
03:09<zifnab>where they're offline from 5pm to midnight every day
03:09<AAA_>lol
03:09<Peng>and weekends
03:10<zifnab>on the bright side
03:10<zifnab>i get unlimited ssl certs while they're online
03:10<zifnab>for however much i paid
03:11<zifnab>i do like their 'only pay us for what we actually do' methodology though
03:12<Peng>like revoke!
03:13<nate>AAA_: Never had to get an OV from them yet so not entirely sure, but I'd assume they're fairly cool
03:13<zifnab>Peng: although that could be automated
03:13<nate>worth keeping in mind whether or not you -need- an OV, personally I find them kinda with limited uses
03:15<AAA_>does warranty even matter?
03:15<nate>Not really :P
03:15<Peng>zifnab: It's automated, but computers cost money, and in particular CRLs cost bandwidth
03:16<AAA_>has anyone actually ever used warranty
03:16<nate>AAA_: Not that I can think of, it's not really a warranty against your site, it's a warranty against security issues at the CA resulting in direct losses on your site
03:16<nate>which is otherwise a pretty exceptionally slim chance
03:17<AAA_>yeah ok
03:17-!-shingshang [~shingshan@115-64-27-246.static.tpgi.com.au] has quit [Ping timeout: 480 seconds]
03:17<AAA_>anyone ever used namecheap?
03:19<AAA_>It's just so hard to choose, there's shit reviews for every vendor
03:19<Peng>I use Namecheap
03:20<Peng>so do some other folks here
03:20<dwfreed>I use Gandi; bit more expensive, but I don't have to deal with BS, and they support DNSSEC for all the TLDs I have now
03:20<Peng>by the way, Namecheap's sister brand https://www.ssls.com/ (mentioned above, too) can have cheaper certificates than Namecheap directly.
03:21<Peng>s/ directly//
03:23<zifnab>+1 to dwfreed and gandi
03:23<zifnab>when their slogan is 'no bullshit' they seem to be ok
03:23<zifnab>dwfreed: afaik cloudlfare still doesn't do dnssec
03:23<dwfreed>lol
03:25<zifnab>its in beta!
03:25<zifnab>i should be sleeping
03:38-!-NomadJim [~NomadJim@dpc6744167237.direcpc.com] has quit [Read error: Connection reset by peer]
03:38-!-NomadJim [~NomadJim@dpc6744167237.direcpc.com] has joined #linode
04:03<AAA_>okay
04:03<AAA_>so SSLS.com seems to be the best option atm
04:17<nate>Either or, for the most part ssls.com and the other one should have pretty similar prices
05:01-!-descender [~heh@218.186.45.98] has quit [Ping timeout: 480 seconds]
05:08<+linbot>New news from forum: Linux Networking • howto export dns for cloudflare <https://forum.linode.com/viewtopic.php?t=11888&p=67240#p67240>
05:08-!-cats [~cats@178.62.186.31] has quit [Quit: Tạm biệt]
05:08-!-cats [~cats@178.62.186.31] has joined #linode
05:09-!-cats [~cats@178.62.186.31] has quit []
05:10-!-cats [~cats@178.62.186.31] has joined #linode
05:14-!-anew [~anew@57.Red-83-34-47.dynamicIP.rima-tde.net] has joined #linode
05:27-!-Circlefusion [~circlefus@cpe-74-136-58-82.kya.res.rr.com] has joined #linode
05:39-!-descender [~heh@218.186.45.98] has joined #linode
05:50-!-AAA_ [~oftc-webi@101.185.63.103] has quit [Quit: Page closed]
05:55-!-Cromulent [~Cromulent@cpc1-reig5-2-0-cust251.6-3.cable.virginm.net] has joined #linode
06:03-!-Cromulent [~Cromulent@cpc1-reig5-2-0-cust251.6-3.cable.virginm.net] has quit [Quit: KVIrc 4.2.0 Equilibrium http://www.kvirc.net/]
06:13-!-marktheshark [~oftc-webi@ppp091138136141.dsl.hol.gr] has joined #linode
06:13<marktheshark>hello all, quick question
06:14<marktheshark>my Drupal installation on a linode node was hacked
06:14-!-wicope [~wicope@0001fd8a.user.oftc.net] has joined #linode
06:14<marktheshark> unfortunately hadn't turned on backupd, is there anything that can be done?
06:14<shinji257>Not really.
06:14<shinji257>Do you know how they got in?
06:15<marktheshark>Does linode keep any snapshots internally?
06:15<marktheshark>probably exploited old Drupal version
06:15<marktheshark>deleted all images and defaced it
06:16<shinji257>I don't believe that Linode keeps any snapshots on their end and even then if they did it would be for if they had an issue on their end.
06:17<marktheshark>I think so as well... :-(
06:18<shinji257>While we can't turn back time I think we got a lesson from this?
06:23<marktheshark>yep, turn on linode backups, always update to latest security updates...
06:23<marktheshark>thanks anyway
06:25<shinji257>in the meantime you reminded me to update my wordpress install XD
06:25<shinji257>and your welcome
06:27<shinji257>btw for the backups don't solely rely on the linode solution. Make sure you have a plan B on that just in case.
06:46-!-RumpledElf [~textual@ppp121-45-178-174.lns20.syd7.internode.on.net] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
06:56<nate>marktheshark: Are you -sure- the exploit was through drupal? Did you have anything -else- on the system? Don't always jump to thinking whatever was messed with was the access point, it could simply have been a secondary result
06:57<nate>especially if you have local versions of files at least to restore
06:57-!-Pieman [~AG_Scott@37.187.129.166] has joined #linode
06:59<marktheshark>I have a rails app on the server as well
06:59<marktheshark>unfortunately they dropped all users in the db as well
07:27-!-Pieman [~AG_Scott@5NZAADC30.tor-irc.dnsbl.oftc.net] has quit []
07:40-!-Dedalo [~Dedalo@77-72-35-178-static.bbbell.com] has joined #linode
07:41-!-superdug [~Zyn@nx-01.tor-exit.network] has joined #linode
07:43-!-Yoda [Yoda@1.ipv4.golf.yourbnc.co.uk] has quit [Quit: YourBNC - (https://yourbnc.co.uk)]
07:44-!-Yoda [Yoda@the.real.yoda.pw] has joined #linode
07:50-!-zwt [~oftc-webi@vpn.aquanetworks.co.uk] has joined #linode
07:51<zwt>hola
07:55-!-NomadJim [~NomadJim@dpc6744167237.direcpc.com] has quit [Ping timeout: 480 seconds]
07:59-!-fstd_ [~fstd@xdsl-87-78-11-1.netcologne.de] has joined #linode
08:04-!-zwt [~oftc-webi@vpn.aquanetworks.co.uk] has quit [Quit: Page closed]
08:07-!-fstd [~fstd@xdsl-81-173-188-210.netcologne.de] has quit [Ping timeout: 480 seconds]
08:07-!-fstd_ is now known as fstd
08:11-!-superdug [~Zyn@7R2AABIWV.tor-irc.dnsbl.oftc.net] has quit []
08:18-!-bal [~oftc-webi@117.197.164.5] has joined #linode
08:21-!-bal [~oftc-webi@117.197.164.5] has quit [Remote host closed the connection]
08:21-!-bal [~oftc-webi@117.197.164.5] has joined #linode
08:21<bal>hi
08:21*bal slaps jottinger around a bit with a large fishbot
08:22-!-marktheshark [~oftc-webi@ppp091138136141.dsl.hol.gr] has quit [Quit: Page closed]
08:23-!-bal [~oftc-webi@117.197.164.5] has quit []
09:19-!-ChauffeR1 [~SinZ|offl@3DDAAAR64.tor-irc.dnsbl.oftc.net] has joined #linode
09:19-!-ChauffeR1 was kicked from #linode by ChanServ [Please use another method to access #linode]
09:19-!-ChauffeR1 is "dug" on (unknown)
09:43-!-jtsage|ded is now known as jtsage
10:02-!-eXeler0n [~qable@torrouter.ucar.edu] has joined #linode
10:02-!-eXeler0n was kicked from #linode by ChanServ [Please use another method to access #linode]
10:02-!-eXeler0n is "Solvius" on (unknown)
10:35-!-nameservers [~oftc-webi@pool-71-108-248-154.lsanca.dsl-w.verizon.net] has joined #linode
10:36<nameservers>hi what are the linode namservers?
10:36<DrJ>ns1.linode.com
10:36<DrJ>up to ns5 or 6
10:36<nameservers>thanks
10:37<shinji257>It's up to 5
10:37-!-Hhhhkk [~oftc-webi@host81-152-174-144.range81-152.btcentralplus.com] has joined #linode
10:37-!-shingshang [~shingshan@115-64-27-246.static.tpgi.com.au] has joined #linode
10:38-!-Hhhhkk [~oftc-webi@host81-152-174-144.range81-152.btcentralplus.com] has quit [Remote host closed the connection]
10:38<DrJ>yea, I thought maybe they added a 6th one though since they just opened a new datacenter
10:38<DrJ>wasn't sure
10:45-!-mkoskar [~mkoskar@0001f272.user.oftc.net] has quit [Ping timeout: 480 seconds]
10:45<dwfreed>they really should add a 6th one; APAC is extremely under-represented
10:45-!-mrapple [~cryptk@e4-10.rana.at] has joined #linode
10:45-!-mrapple was kicked from #linode by ChanServ [Please use another method to access #linode]
10:51-!-Sputnik7 [~Sputnik7@c-65-96-243-35.hsd1.ma.comcast.net] has quit [Quit: -=SysReset 2.53=-]
10:54<nameservers>sorry newbie here but to add a new domain for linode server I just need to go to DNS Manager and add a domain zone www.mydomainname.com is it correct?
10:57<Hobbyboy>do you mean rdns?
10:58<DrJ>nameservers: yes, and obviously point your domains nameservers to linodes
10:59<nameservers>I used to use cpanel which create a home folder for me when I add a domain name, how do I do that with my linode which does not have cpanel
11:01<DrJ>nameservers, I use webmin/virtualmin ... a free cpanel alternative
11:02<nameservers>does it auto install with a new Ubuntu image or I have to install myself
11:02<DrJ>you have to install it yourself
11:02<DrJ>there might be stackscripts though
11:03<DrJ>https://www.linode.com/docs/websites/cms/webmin-control-panel
11:03<DrJ>once you install webmin you then add the virtualmin module to it
11:03<DrJ>the virtualmin module is what allows you to create new websites/accounts with home folders and everything preconfigured
11:03<nameservers>thanks
11:03<nameservers>doing it not
11:04<nameservers>now
11:10<nameservers> ssh root@45.79.79.82
11:10<nameservers>how long does it take to get my server online
11:10<nameservers>i setup and still cannot connect
11:10<nameservers>it is not online yet
11:13<dwfreed>did you boot it?
11:16<tswartz>^^^
11:16<tswartz>takes about a minute from start to finish usually
11:25-!-jonsowman [~jonsowman@kryten.hexoc.com] has quit [Remote host closed the connection]
11:25-!-nameservers [~oftc-webi@pool-71-108-248-154.lsanca.dsl-w.verizon.net] has quit [Remote host closed the connection]
11:26-!-hfb [~hfb@cpe-108-185-247-93.socal.res.rr.com] has quit [Ping timeout: 480 seconds]
11:30-!-acald3ron [~acald3ron@177.239.97.5] has joined #linode
11:33-!-rogst [~xul@tor-exit.squirrel.theremailer.net] has joined #linode
11:49<+linbot>New news from forum: General Discussion • Possible to deploy linode using image from a stackscript? <https://forum.linode.com/viewtopic.php?t=11899&p=67241#p67241>
11:50-!-mkoskar [~mkoskar@0001f272.user.oftc.net] has joined #linode
11:52-!-descender [~heh@218.186.45.98] has quit [Ping timeout: 480 seconds]
11:56-!-hfb [~hfb@pool-96-247-49-104.lsanca.dsl-w.verizon.net] has joined #linode
12:03-!-rogst [~xul@9S0AAARD5.tor-irc.dnsbl.oftc.net] has quit []
12:19-!-descender [~heh@218.186.45.98] has joined #linode
12:23-!-laser` [~chris@149.18.11.242] has joined #linode
12:28-!-descender [~heh@218.186.45.98] has quit [Ping timeout: 480 seconds]
12:32-!-anew [~anew@57.Red-83-34-47.dynamicIP.rima-tde.net] has quit [Ping timeout: 480 seconds]
12:32-!-KnightsWhoSayNi [~haz@90.203.62.159] has joined #linode
12:33-!-descender [~heh@218.186.45.98] has joined #linode
12:37-!-ViciousPariah_ [~viciouspa@pool-71-168-113-203.cncdnh.fast02.myfairpoint.net] has quit [Ping timeout: 480 seconds]
12:43-!-descender [~heh@218.186.45.98] has quit [Ping timeout: 480 seconds]
12:44-!-JamesHarrison [~Sirrush@79.142.70.4] has joined #linode
12:57-!-JamesHarrison [~Sirrush@79.142.70.4] has quit [Ping timeout: 480 seconds]
13:03-!-Sami345 [~SquallSee@62.210.105.116] has joined #linode
13:03-!-Sami345 was kicked from #linode by ChanServ [Please use another method to access #linode]
13:07-!-zivester [~zivester@cpe-72-229-26-112.nyc.res.rr.com] has joined #linode
13:29-!-anew [~anew@57.Red-83-34-47.dynamicIP.rima-tde.net] has joined #linode
13:36-!-zivester [~zivester@cpe-72-229-26-112.nyc.res.rr.com] has quit [Remote host closed the connection]
13:37-!-CobraKhan007 [~Crisco@37.187.129.166] has joined #linode
13:55-!-descender [~heh@218.186.45.98] has joined #linode
13:56-!-Bdragon [~bdragon@2001:470:c37f:30:f2de:f1ff:fe5a:8ef3] has quit [Remote host closed the connection]
14:00-!-phillipadsmith [sid2905@id-2905.charlton.irccloud.com] has quit [Remote host closed the connection]
14:00-!-noah [sid10017@charlton.irccloud.com] has quit [Remote host closed the connection]
14:00-!-nitemare [sid405@id-405.charlton.irccloud.com] has quit [Remote host closed the connection]
14:00-!-lbot [sid34239@id-34239.charlton.irccloud.com] has quit [Remote host closed the connection]
14:00-!-daleharvey [sid513@id-513.charlton.irccloud.com] has quit [Remote host closed the connection]
14:00-!-LK- [sid3229@id-3229.charlton.irccloud.com] has quit [Remote host closed the connection]
14:00-!-thorrr [sid26124@id-26124.charlton.irccloud.com] has quit [Remote host closed the connection]
14:05<dcraig>these clouds...
14:05<dcraig>they're no good
14:05-!-netstatic [~oftc-webi@c-50-176-72-7.hsd1.ma.comcast.net] has joined #linode
14:06-!-netstatic [~oftc-webi@c-50-176-72-7.hsd1.ma.comcast.net] has quit []
14:06-!-nitemare [sid405@id-405.charlton.irccloud.com] has joined #linode
14:06-!-netstatic [~oftc-webi@c-50-176-72-7.hsd1.ma.comcast.net] has joined #linode
14:06<netstatic>hi, is there a way I can escalate a ticket?
14:06-!-daleharvey [sid513@id-513.charlton.irccloud.com] has joined #linode
14:07<dcraig>I suppose you could call and harass them :D
14:07<netstatic>that might not be a bad idea
14:07-!-CobraKhan007 [~Crisco@3DDAAASJK.tor-irc.dnsbl.oftc.net] has quit []
14:10-!-KnightsWhoSayNi [~haz@90.203.62.159] has quit [Ping timeout: 480 seconds]
14:11<@mmustac>wat u say bout our clouds, son!?
14:11<luca>netstatic: what is this "call" thing of which you speak?
14:12<dcraig>not *your* clouds... the ircclouds
14:12<dcraig>unless the ircclouds are linodes?J!?!?!?!!?1/d
14:12<@mmustac>turtles all the way down brah
14:13<luca>cloud == someone else's hardware
14:14<luca>did we ever hear why a facility having 8 generators gets taken out when 1 generator fails?
14:14<luca>maybe the generators need generators
14:15<luca>who watches the watchers
14:15-!-phillipadsmith [sid2905@id-2905.charlton.irccloud.com] has joined #linode
14:15<dcraig>every server needs a battery, like a laptop
14:15<dcraig>and then you have an hour to play around with the generators
14:15-!-LK- [sid3229@id-3229.charlton.irccloud.com] has joined #linode
14:16<dcraig>before anything too bad happens
14:16-!-Phase [~Snowcat4@heaven.tor.ninja] has joined #linode
14:16-!-Phase was kicked from #linode by ChanServ [Please use another method to access #linode]
14:16-!-Phase is "Coe|work" on (unknown)
14:17<luca>yeah, sorry, tor not available at the moment, Phase
14:17<nate>luca: "A facility", at what point did you get an impression that the -entire- facility was taken out by 1 failed generator?
14:17<arlen>the building wasn't taken out, just part of it
14:17<nate>Or the impression that linode makes up the -entire- FMT2 facility?
14:17<nate>:P
14:17<dcraig>it doesn't??
14:17<luca>nate: WHAT? linode doesn't occupy the entire colo?
14:17<luca>nate: you need to get on that
14:18<luca>nate: let me rephrase: i expected a facility having 8 generators to have redundancy in generator capacity
14:18<luca>nate: so i'm wondering how things are laid out, power wise
14:18<arlen>oh well
14:18<luca>nate: curious, is all
14:19<luca>dcraig: i think both google and facebook, what with their custom servers, are placing batteries adjacent to each PDU
14:19-!-descender [~heh@218.186.45.98] has quit [Read error: Connection reset by peer]
14:19<luca>dcraig: and avoiding traditional UPS altogether
14:20<dcraig>they obviously don't work :D
14:20-!-descender [~heh@218.186.45.98] has joined #linode
14:20<Peng>Outages aren't really a problem for Google, though.
14:20<luca>dcraig: yup
14:20<dcraig>my laptop can survive an 8-hr power outage, and I'm not even trying
14:20<Peng>Individual server outages, I mean.
14:20<Peng>Why did all of Linode's stuff have to be on the bad generator?
14:24-!-noah [sid10017@id-10017.charlton.irccloud.com] has joined #linode
14:24<dcraig>it was supposed to be the good generator!
14:27<Peng>Maybe they brought the generator over from fmt1 when Linode moved
14:29<praetorian>talking about the good generator ... MY GOOD GENERATOR
14:29<praetorian>thakn you, i'm here all week
14:31<luca>try the fish
14:32<praetorian>bingo is on tuesday nights
14:37<luca>https://linode.statuspage.io/incidents/2rm9ty3q8h3x
14:37-!-noah [sid10017@id-10017.charlton.irccloud.com] has left #linode [Cycling]
14:37-!-noah [sid10017@id-10017.charlton.irccloud.com] has joined #linode
14:37<luca>okay, that's what i was looking for
14:43-!-thorrr [sid26124@id-26124.charlton.irccloud.com] has joined #linode
14:45-!-carpool4 [~oftc-webi@f051250070.adsl.alicedsl.de] has joined #linode
14:48-!-carpool4 [~oftc-webi@f051250070.adsl.alicedsl.de] has quit []
14:49<dcraig>why can't the power from one generator be used to start another generator?
14:52-!-lbot [sid34239@id-34239.charlton.irccloud.com] has joined #linode
14:53<praetorian>so i heard linode had linodes in singapore.
14:54<praetorian>http://drop.nullis.net/1gxWA/2tx7Uslz
14:54<dcraig>what system have you hacked into there?
14:55<praetorian>if only.
14:55-!-nupanick [~Zyn@176.10.99.201] has joined #linode
14:57<dcraig>I only got 4 emails about the singapore linodes
14:58-!-mkoskar [~mkoskar@0001f272.user.oftc.net] has quit [Ping timeout: 480 seconds]
14:59<praetorian>apparently one of the emails doesnt have a linode username associated.
14:59<praetorian>how cool is that.
15:10-!-mkoskar [~mkoskar@0001f272.user.oftc.net] has joined #linode
15:12-!-hd [~hd@cpe-104-231-153-82.columbus.res.rr.com] has quit [Ping timeout: 480 seconds]
15:15-!-eldinhadzic [~oftc-webi@x590e358f.dyn.telefonica.de] has joined #linode
15:15<eldinhadzic>Hello, i deleted my Account but i forgot to write that i want my money back. What can i do
15:16<praetorian>email support@linode.com
15:18<eldinhadzic>thank you
15:19-!-adrian [~adrian@0001c392.user.oftc.net] has joined #linode
15:21-!-eldinhadzic [~oftc-webi@x590e358f.dyn.telefonica.de] has quit [Quit: Page closed]
15:25-!-nupanick [~Zyn@3DDAAASNM.tor-irc.dnsbl.oftc.net] has quit []
15:30-!-hd [~hd@cpe-104-231-153-82.columbus.res.rr.com] has joined #linode
15:48-!-zivester [~zivester@cpe-72-229-26-112.nyc.res.rr.com] has joined #linode
15:49-!-kaare_ [~kaare@94.191.186.244.mobile.3.dk] has joined #linode
15:51<Ikaros>Hm, nice, Verizon's about to secure chat me on the routing problem to my Dallas-based Linode.
15:52<kcaj>What do they need to chat about?
15:52<kcaj>There is either a routing problem or there isn't
15:53-!-Bdragon [~bdragon@2001:470:c37f:30:f2de:f1ff:fe5a:8ef3] has joined #linode
15:55-!-kaare__ [~kaare@94.191.185.140.mobile.3.dk] has quit [Ping timeout: 480 seconds]
16:00<Ikaros>Just to verify I'm an actual customer before they look at anything
16:01<kcaj>lol wut
16:02<kcaj>Would it really matter if you were a customer or not if their network had a routing issue
16:02<Ikaros>I had contacted them on their social media page.
16:02<Ikaros>And apparently they took interest.
16:02<Ikaros>So yeah
16:02<kcaj>All companies take interest of social media
16:02<kcaj>It's public..
16:03<Ikaros>Yeah, but anyone could post to their page, even if they weren't a customer. Get me?
16:03-!-KnightsWhoSayNi [~haz@90.203.62.159] has joined #linode
16:04<Ikaros>Not like my profile blatantly says hey, I'm a Verizon customer
16:08-!-zivester [~zivester@cpe-72-229-26-112.nyc.res.rr.com] has quit [Remote host closed the connection]
16:11<Ikaros>Helpful, indeed. This shocks me.
16:11<kcaj>Yeh but a routing issue is a routing issue, they should deal with it regardless.
16:21<Peng>kcaj: There's little reason to prioritize a minor issue nobody who gives them money cares about.
16:22<kcaj>If I were managing a network and some outsider approached me and said "hey, I've spotted this routing issue" I'd be grateful for them bringing it to my attention before an actual customer had the opportunity to do so
16:22<Peng>kcaj: You have a soul, unlike an American ISP
16:23<kcaj>Haha
16:23<Peng>Though, that's a good point, that it's good to fix things before a customer may notice.
16:23<kcaj>It's just a weird stance. The issue won't be account specific, so just escalate it.
16:24<Peng>yeah
16:25-!-DanielNM_ [amen@0001518c.user.oftc.net] has quit [Ping timeout: 480 seconds]
16:27-!-andygraybeal [~andy@h181.206.189.173.dynamic.ip.windstream.net] has quit [Ping timeout: 480 seconds]
16:29<Ikaros>Heh, they said they're going to forward it to their IP network team. Gave them a forward and a reverse trace. Big surprise, they don't match at all, not even close.
16:29<kcaj>they don't have to match
16:30<Ikaros>Coming from my Dallas Linode, trace is straight through Dallas right up until...whoops...it hits their SJC network for a moment and then comes back to me.
16:30<kcaj>As long as the routes are ideal
16:30<Ikaros>It's a subtle increase in latency that pointed that out to me.
16:31<Ikaros>Runs about ~4ms right up until the last few hops, then latency just jumps, and the IP it jumped up at was not local to Dallas.
16:31<Ikaros>lol
16:31-!-DJComet [~Atomizer@exit2.blackcatz.org] has joined #linode
16:31-!-DJComet was kicked from #linode by ChanServ [Please use another method to access #linode]
16:31-!-DJComet is "mps" on (unknown)
16:31<Ikaros>Then it comes back to my ISP's systems in DFW and then back to me.
16:32<kcaj>I've raised small issues like that with ISPs previously, got me nowhere
16:32<kcaj>Actually, the route was UK > Paris > UK
16:32<kcaj>They changed it to UK > Frankfurt > UK
16:32<kcaj>Should have kept my mouth shut :P
16:36-!-ynazarov [ynazarov@00013691.user.oftc.net] has joined #linode
16:41<Ikaros>Well the support guy I'm speaking with now seems to acknowledge there might be an issue, and even he doesn't get why my route would be going from Dallas -> San Jose -> Dallas. But the NOC won't look at it unless it's causing latency to 100ms or greater. He did say though he'll contact his supervisor via email and see if there's any insight they can provide as to why that might be happening.
16:42<Peng>Interesting that they have a specific policy
16:43<Ikaros>Yeah I thought so too, but you look at it and that seems a reasonable enough policy for this case.
16:43<shinji257>The ISP I work for won't really look into any latency related thing.
16:44<shinji257>So your lucky that your ISP will look at it when it exceeds 100ms.
16:44<Ikaros>It wasn't so much the latency though, as it was the routing.
16:44<Ikaros>And that unusual route occurred within the ISP network so yes naturally I'll be talking to them first.
16:45<Peng>They're probably routing you to an NSA collection site.
16:45<Ikaros>Seems to be anything SoftLayer too, not just my Dallas Linode.
16:45<Ikaros>As a traceroute to the main softlayer.com domain results in the same exact unusual routing
16:45<Peng>Maybe they peer with NetworkLayer in a couple places, so BGP thinks it's a good route?
16:48<Ikaros>And why would BGP think that taking my traffic generated from Dallas, sending it to San Jose, then sending it back to Dallas, would be a 'good route', or why would that even be a satisfactory route to begin with
16:48<Ikaros>That reminds me.
16:48<Ikaros>I need to scream at HE too
16:49<Peng>Ikaros: If Verizon peers with SoftLayer in San Jose, it's a shorter route.
16:49<Ikaros>For me it's not.
16:49<Peng>you have a different definition of shorter than BGP.
16:49<Ikaros>Well obviously, lol
16:49<Ikaros>But I want to know for sure. I don't really care at this point about anything being 'fixed', I just need to know the 'why'.
16:50<Ikaros>Hm
16:50<Peng>Verizon -> SoftLayer is shorter than, say, Verizon (Dallas) -> Zayo (Dallas) -> SoftLayer (Dallas).
16:50<Ikaros>Number of networks traversed, I know.
16:51<dwfreed>BGP goes by AS path length and path metric
16:51-!-descender [~heh@218.186.45.98] has quit [Ping timeout: 480 seconds]
16:51-!-[rEAl] [~Admin@tsn109-201-154-233.dyn.nltelcom.net] has quit [Remote host closed the connection]
16:51<dwfreed>and there's always local preference
16:51<Peng>I was kind of dismayed when Dallas started using "networklayer" heavily. Routes were often slightly worse like that.
16:51<Ikaros>(and just to point it out...don't get me started on Zayo's crap)
16:52<Ikaros>Now then
16:52<dwfreed>Peng: NetworkLayer is SoftLayer's network
16:52<dwfreed>note that that is different than nLayer
16:53<dwfreed>(yay confusing)
16:53<Peng>Yeah.
16:53<Ikaros>I'd really like native IPv6 back...but I don't like having my IPv6 tunnel based in Dallas generating 80ms latency to my Dallas Linode. And yes, this appears to be a BGP-related thing on HE's end, perhaps local preference in this case too, not related to Verizon this time.
16:53<Peng>Real tier 1 networks have better peering than some half-assed one a provider creates.
16:53-!-descender [~heh@218.186.45.98] has joined #linode
16:54-!-[rEAl] [~Admin@46.166.190.165] has joined #linode
16:54<dwfreed>Ikaros: you know, HE is generally pretty responsive to support emails, even if you're a customer of a customer of a customer
16:54<Ikaros>Yeah I'm going to email them about it
16:54<Peng>For example, Atlanta -> Dallas over IPv4 goes Linode Atlanta -> SoftLayer Atlanta -> SoftLayer Dallas -> Linode Dallas. But IPv6 goes Linode Atlanta -> Level 3 Atlanta -> Level 3 WAS -> SoftLayer WAS -> SoftLayer Atlanta -> SoftLayer Dallas -> Linode.
16:55<Ikaros>dwfreed: And it's not just from me to the IPv4 tunnel server address for Dallas that's wonky. Even lg.he.net shows the same wonky routing when done from core1.dal1.he.net
16:56<dwfreed>Ikaros: what's your home IP? I want to see the BGP table
16:57<Ikaros>173.57.240.253
16:58-!-Dedalo [~Dedalo@77-72-35-178-static.bbbell.com] has quit [Remote host closed the connection]
16:58-!-kaare_ [~kaare@94.191.186.244.mobile.3.dk] has quit [Ping timeout: 480 seconds]
16:59<dwfreed>Ikaros: looking at it now, the best route shows next-hop to be a verizon router in IAD
16:59<dwfreed>if rDNS is to be believed
16:59<Ikaros>Yeah I get the same result
17:00<dwfreed>oh right, IAD is DC
17:00<dwfreed>heh
17:00<trippeh>so there is .azure now
17:00<trippeh>when will there be .linode
17:00<Nivex>when you buy it for them
17:00<trippeh>(whyyyyyy)
17:00<trippeh>heh.
17:02<dwfreed>Ikaros: even more interesting is that the dallas router thinks the best route to IAD is via SJC
17:02-!-laser` [~chris@149.18.11.242] has quit [Remote host closed the connection]
17:02-!-shingshang [~shingshan@115-64-27-246.static.tpgi.com.au] has quit [Ping timeout: 480 seconds]
17:02<Peng>I told you, it's because most of the NSA collection points are on the coasts.
17:02<Ikaros>dwfreed: Give me a sec, I'll show you a trace to HE's Dallas tunnel server.
17:03-!-descender [~heh@218.186.45.98] has quit [Ping timeout: 480 seconds]
17:03<Nivex>probably is. get over to SJC then hop a trans-continental fiber straight to the east coast
17:03<Ikaros>http://pastebin.com/3FKzzTm9
17:03<dwfreed>Nivex: yeah, the only routes Dallas has to DC is via the west coast
17:06<Ikaros>So now my IPv6 tunnel is pretty laggy for going from Dallas to Dallas, as a result of that route right there, since I have to first traverse that route there to reach the tunnel endpoint in the first place.
17:07-!-introom [~introom@0001fc54.user.oftc.net] has joined #linode
17:07<Ikaros>Oh but sure, once I'm operating on the IPv6 network, it's all fine and dandy, it goes straight over Dallas IPv6 networks to reach SoftLayer's IPv6 backend and core network.
17:07<trippeh>Ikaros: you have been tasked for collection
17:08*Ikaros sighs
17:08<introom>hi. could anyone give me a sample host ip from US, so that I can test the latency from my place to the linode datacenter?
17:08<dwfreed>!speedtest
17:08<+linbot>http://www.linode.com/speedtest
17:08<dwfreed>introom: ^
17:08<Ikaros>trippeh: I'd actually have a shred of belief in that, if ALL my traces were going out of the way to get to otherwise straightforward destinations.
17:08<introom>cool. thnx
17:08<Ikaros>But the fact is they aren't
17:09<Ikaros>e.g I can trace to, say, one of Rizon's IRC servers that's in Dallas, and wham, it goes straight there without the looping around and other BS.
17:13<Ikaros>Hahaha, some interesting routes I'm finding.
17:15-!-dusti [~jakekosbe@tor-exit2-readme.puckey.org] has joined #linode
17:15-!-dusti was kicked from #linode by ChanServ [Please use another method to access #linode]
17:15-!-dusti is "Jebula" on (unknown)
17:16<Ikaros>Anyway, my thinking is that perhaps what happened is the original route that BGP had last thought was the 'best' in terms of path length, was either lost or changed in such a way it was no longer the 'best'.
17:18-!-descender [~heh@218.186.45.98] has joined #linode
17:19<introom>is linode's pricing caculated upon a natural month or hourly based?
17:19<Peng>introom: Both? What's a "natural month"?
17:20<Peng>introom: If you have the $10 plan for a month, you'll pay $10. You won't pay $11.50 or $12.00 or whatever depending on the number of days in the month.
17:20<introom>what if I shutdown the machine for some time?
17:20<Peng>introom: You pay for it when it's shut down. You have to delete it if you want to stop paying.
17:21<introom>thanx for explanation.
17:35-!-wicope [~wicope@0001fd8a.user.oftc.net] has quit [Read error: Connection reset by peer]
17:39-!-seanh-corona [~Adium@67-61-119-133.cpe.cableone.net] has joined #linode
17:42-!-SlosHeD [azrael@zombiestomper.net] has quit [Quit: ZNC - 1.6.0 - http://znc.in]
17:44-!-Azrael_Ak [azrael@zombiestomper.net] has joined #linode
17:55<luca>hrm. anyone on a linode a fremont just experience a short network outage?
17:57<luca>and again
17:58<luca>and again 5% of packets in the last 60s
18:03<sirpengi>5% packetloss sounds pretty standard
18:03<sirpengi>where are the packers being dropped?
18:04<sirpengi>*packets
18:04<luca>40% in the last 60s isn't normal
18:04<luca>and i wouldn't say 5% is normal, either
18:05<luca>droped by router3-fmt.linode.com to my linode
18:05-!-acald3ron [~acald3ron@177.239.97.5] has quit [Ping timeout: 480 seconds]
18:05<luca>so internal to fremont
18:05<luca>i've submitted a ticket
18:07<sirpengi>things are okay on my end
18:07<sirpengi>my traffic seems to route through router4-fmt. though
18:07-!-Jebula [~PierreW@hessel0.torservers.net] has joined #linode
18:07<sirpengi>so it might be that router you're connected to
18:35-!-DanielNM_ [amen@2001:470:1f05:3ff:2600:2600:2600:2600] has joined #linode
18:37-!-Jebula [~PierreW@3DDAAASXW.tor-irc.dnsbl.oftc.net] has quit []
18:40-!-DanielNM_ [amen@2001:470:1f05:3ff:2600:2600:2600:2600] has quit []
18:46-!-Ikaros [~ikaros@0001b4e0.user.oftc.net] has quit [Quit: Leaving]
18:48-!-RumpledElf [~textual@ppp121-44-60-177.lns20.syd4.internode.on.net] has joined #linode
18:51-!-mgbhard [~oftc-webi@186.138.142.109] has quit [Remote host closed the connection]
18:55-!-holoirc [~holoirc@166.175.62.197] has joined #linode
18:55-!-acald3ron [~acald3ron@177.239.97.5] has joined #linode
19:02<holoirc>Any photo of the data center?
19:02<Peng>Which one?
19:09<tmberg>Yours!
19:14<dcraig>http://farm4.staticflickr.com/3423/3711548965_ac92c34952_z.jpg?zz=1
19:14<luca>that's impressive
19:14<luca>i appreciate the consistency in color
19:15<Peng>if you want consistency in color, you should see Fremont. everything is pitch black ;-)
19:16<luca>oh, i like fremont
19:16<dcraig>fremont is bestmont
19:16<luca>generally speaking, very close to me in terms of hops and latency
19:17<luca>and only recently problematic in terms of intermittent packet loss
19:17<Peng>dcraig: it's the onlymont
19:18<Peng>Question about data center architecture: should they have been able to do something about the Fremont generator? Might another data center have, say, a spare generator that could be plugged in before the UPSes were drained? Or were they unlucky?
19:19<Peng>they just unlucky*
19:20-!-anew [~anew@57.Red-83-34-47.dynamicIP.rima-tde.net] has quit [Quit: Leaving]
19:21<luca>they could have tied the generators into the distribution infrastructure in a number of ways
19:21<luca>the key is to synchronize them
19:22<luca>but it sounds like one generator per bus rather than N+1 for all buses
19:23<Peng>the alternative sounds like the kind of complex infrastructure that fails bizarrely and produces a dc-wide outage ;-)
19:23<Peng>rather than just 1/8
19:36<Ttech>time to move to fremont 3
19:37<zifnab>Peng: $OLD_JOB's RFO stated they had to replace breakers
19:38<zifnab>Peng: if that was the case, and it was a main, i wouldn't be suprised if they didn't have extras
19:38<zifnab>also good luck getting a real RFO out of anyone
19:42<zifnab>personally i enjoy zayo's rfos
19:42<zifnab>'fiber cut in texas caused an outage between seattle and montana'
19:42<zifnab>GJ GUYS
19:43<Peng>I'm impressed that Zayo operates at all. They're an amalgamation of like 30 different companies.
19:44<Peng>You'd think it would be a total clusterfffffff...frack.
19:46<zifnab>yeah
19:46<zifnab>they're shit
19:46<zifnab>360 networks was actually quite good
19:47<zifnab>their largest corporate building was in the city i went to school in
19:47<Peng>Zayo hasn't burned down Atlanta, at least.
19:47-!-acald3ron [~acald3ron@177.239.97.5] has quit [Ping timeout: 480 seconds]
19:48<zifnab>i'm glad i'm out of isp land
19:49<zifnab>thinking about trying to get back into network-land on the software side
19:49-!-Tarazed [~SinZ|offl@torland1-this.is.a.tor.exit.server.torland.is] has joined #linode
19:53-!-acald3ron [~acald3ron@177.239.97.5] has joined #linode
19:55<zifnab>can't wait for graphics on kvm to be supported...
19:55-!-seanh-corona [~Adium@67-61-119-133.cpe.cableone.net] has quit [Quit: Leaving.]
19:55<zifnab>might actually get around to setting up a DC then
19:57-!-MJCS [~script@ip68-4-179-185.oc.oc.cox.net] has quit [Ping timeout: 480 seconds]
19:58-!-adrian [~adrian@0001c392.user.oftc.net] has quit [Ping timeout: 480 seconds]
19:59-!-fstd_ [~fstd@xdsl-87-78-19-42.netcologne.de] has joined #linode
20:02-!-MJCS [~script@ip68-4-179-185.oc.oc.cox.net] has joined #linode
20:04-!-adrian [~adrian@0001c392.user.oftc.net] has joined #linode
20:07-!-fstd [~fstd@xdsl-87-78-11-1.netcologne.de] has quit [Ping timeout: 480 seconds]
20:07-!-fstd_ is now known as fstd
20:13-!-wtfdudes [~oftc-webi@89-70-126-66.dynamic.chello.pl] has joined #linode
20:13<wtfdudes>ohh some guys hosted some virus site on this linode host
20:13<Peng>!abuse
20:13<+linbot>Linode's abuse contact is abuse@linode.com , as shown in the abuse contact info for the IP address in question. http://www.iana.org/abuse/faq.html shows how to look this up yourself.
20:14<wtfdudes>ty
20:15-!-wtfdudes [~oftc-webi@89-70-126-66.dynamic.chello.pl] has quit []
20:15<Peng>how do people find #linode but not the abuse address..
20:16<zifnab>i don't know
20:16<virtualsid>Must be using a website to input the IP address, that doesn't give full whois output perhaps?
20:16<zifnab>problem: i want to go do shit tonight
20:16<zifnab>but i have a fucking ear infection
20:17<zifnab>i think i ruined a pillowcase too
20:17<virtualsid>as long as it's just the pillowcase
20:19-!-Tarazed [~SinZ|offl@5NZAADDR9.tor-irc.dnsbl.oftc.net] has quit []
20:19-!-Uniju1 [~Nephyrin@79.142.68.7] has joined #linode
20:19-!-Uniju1 was kicked from #linode by ChanServ [Please use another method to access #linode]
20:21<zifnab>virtualsid: pillow has a spot but its my pillow so idgaf
20:22<zifnab>quite fun when you wake up and you're ear hurts, then a few hours later it starts bleeding everywhere...
20:23<virtualsid>'fun' is one way to describe it...
20:23<zifnab>not really
20:23<zifnab>i got my wisdom teeth out without pain killers or sedation
20:23<zifnab>i'd rather go through that again than this morning
20:24<zifnab>modern medicine might suck in the US but at least its good
20:24<zifnab>at fixing thigns*
20:25<Peng>without painkillers...?
20:25<virtualsid>only thing wrong with modern medicine in the US was cost, I thought?
20:26<zifnab>Peng: i'm not counting ibuprofen or tylenol or weed
20:26<dzho>cost has a distorting effect on behavior
20:27<zifnab>i can't have opiates, and the few synthetics i've been given usually end up with me in the ER anyways :/
20:27<Peng>oh
20:27<zifnab>virtualsid: my only two other complaints were a) trying to get into see a specialist and b) easy access on weekends
20:28<zifnab>a was solved by moving to seattle, b is still a valid problem
20:28<virtualsid>yeah, I'm not sure where weekend access is easy - US or not. :(
20:28<zifnab>yeah
20:28<virtualsid>Unless you go to hospital emergency.
20:28<zifnab>i had a 3 hour wait to see a doctor today
20:28<virtualsid>which isn't exactly a good option.
20:29<zifnab>bright sides: i could actually see someone, and it was only slightly more expensive than normal
20:29<zifnab>post-insurance the office visit was $75, and the meds were $10
20:29<Peng>virtualsid: if you're not immediately dying, the emergency department may not be much faster
20:29<zifnab>(pre-insurance it was $150 and $229...)
20:29<virtualsid>Peng: oh, it almost certainly won't be faster - but if that's the only option...
20:29<Peng>though they may prioritize anyone who might bleed on the furniture
20:29<zifnab>well, that and ambulance arrivals
20:30<virtualsid>I was gonna say - how to bypass the queue: be sick enough that you need an ambulance.
20:30<Peng>only costs, what, $1500
20:30<zifnab>tbh, i think i've decided if i can get there on my own i don't need to go to the ER
20:31<zifnab>great way to deal with panic attacks :)
20:31<virtualsid>well, in the UK, there is no cost (that I know of). I know in insurance cases (like, motor insurance, etc), the ambulance can claim costs from the insurance company.
20:31<virtualsid>It does cost here in AU though, in some places. It's all a bit weird.
20:31<zifnab>virtualsid: i pay 48/mo for a $300 deductible and $2500 max out of pocket
20:31<zifnab>employer pays about 600 a month
20:32<zifnab>after the $300, i pay 25%
20:32<virtualsid>that's for health insurance, not motor insurance, right?
20:32<zifnab>yeah health
20:32<zifnab>i agree, it shouldnt' be mandatory
20:33<zifnab>but you know, america, anti-socialism
20:33<virtualsid>I think it's more about "well, if you can't afford it, you should die".
20:33<zifnab>i'm slightly opposed to more taxes
20:33<virtualsid>At least it's what some people seem to think. :P
20:34<zifnab>i don't agree :/
20:34<zifnab>seattle has this huge homeless problem/population
20:34<zifnab>most of the ones i've interacted with (and known they were obviously homeless) have serious mental issues
20:34<zifnab>and might not be homeless if they could afford the medical care :/
20:35<virtualsid>I don't mean I think what I just said above btw.
20:35<zifnab>i really don't know if thats the case or not
20:35<Peng>but institutionalizing people is inhumane and costs money
20:35<Peng>much better to have them live on the streets until they get arrested and them put them in a private contract prison
20:35<zifnab>i have a cousin who has severe schizophrenia, but on meds he's pretty alright
20:35<zifnab>problem is he doesn't know when his meds are working and when they aren't, so he still needs someone to be around
20:35<virtualsid>Mental health issues suck. :(
20:36<zifnab>that they do
20:36<zifnab>i'm lucky to have nothing more than occasionable crazy anxiety
20:36<zifnab>knowing the rest of my family background, stupidly lucky...
20:41<arlen>maybe you're really adopted
20:42<arlen>surprise!
20:42-!-malex [~malex@mail.tagancha.org] has left #linode []
20:45<zifnab>arlen: i'd never be happier about anything, but i made the mistake of watching the video when i was a child...
20:46<Peng>did you check for careful editing?
20:46<Peng>CGI?
20:46<zifnab>i was like 5
20:46<zifnab>i figured out the vcr
20:46<zifnab>i think that is burned in my brain forever, once i was told what it was
20:47<Peng>All Photoshopped. The video was actually a Ukrainian woman in a wig, and your father was spliced in.
20:48<zifnab>lol
20:48<zifnab>he wasnt' there
20:48<zifnab>why am i sharing all this shit on irc
20:48<zifnab>must be the stupid combination of shit ive taken today, and the lack of food
20:49<arlen>the video was of your birth?
20:49<zifnab>^^
20:49-!-KristopherBel [~jwandborg@exit.tor.uwaterloo.ca] has joined #linode
20:49-!-KristopherBel was kicked from #linode by ChanServ [Please use another method to access #linode]
20:49<zifnab>why the fuck anyone would record that
20:49-!-luca [~lucaf@luca.sponsor.oftc.net] has quit [Remote host closed the connection]
20:50<arlen>that's rough
20:51<+linbot>New news from forum: Feature Request/Bug Report • Bug report: Same UUID is used every time a "deployment" is made! <https://forum.linode.com/viewtopic.php?t=11900&p=67242#p67242>
20:52<Peng>It's an important event. Recording it sounded like a good idea at the time, I guess.
20:52-!-holoirc [~holoirc@166.175.62.197] has quit [Ping timeout: 480 seconds]
20:55-!-dape [~dani@2a02:2f0d:b1f0:a300:a288:b4ff:fe50:b4fc] has quit [Quit: Leaving]
20:55-!-Sputnik7 [~Sputnik7@c-65-96-243-35.hsd1.ma.comcast.net] has joined #linode
20:55<zifnab>arlen: i missed the spork stage because of that shitty video
20:55<zifnab>er, stork*
20:55<zifnab>sporks are still cool
20:56-!-Ikaros [~ikaros@2001:470:e114:2:bdbd:2:1337:d00d] has joined #linode
20:58<arlen>I never had that stage
21:15<zifnab>:(
21:16-!-acald3ron [~acald3ron@177.239.97.5] has quit [Ping timeout: 480 seconds]
21:24-!-Kizzi [~Teddybare@kbtr2ce.tor-relay.me] has joined #linode
21:26-!-luca [~lucaf@luca.sponsor.oftc.net] has joined #linode
21:28-!-howard [~oftc-webi@36-231-31-109.dynamic-ip.hinet.net] has joined #linode
21:37-!-howard [~oftc-webi@36-231-31-109.dynamic-ip.hinet.net] has quit []
21:49-!-hays [~quassel@hays.user.oftc.net] has quit [Ping timeout: 480 seconds]
21:54-!-Kizzi [~Teddybare@5NZAADDVM.tor-irc.dnsbl.oftc.net] has quit []
21:54-!-Zeis [~mog_@nx-01.tor-exit.network] has joined #linode
21:55-!-hays [~quassel@hays.user.oftc.net] has joined #linode
21:56-!-adrian [~adrian@0001c392.user.oftc.net] has quit [Ping timeout: 480 seconds]
22:01-!-ynazarov [ynazarov@00013691.user.oftc.net] has quit [Ping timeout: 480 seconds]
22:07-!-kaare_ [~kaare@94.191.189.45.bredband.3.dk] has joined #linode
22:14<zifnab>arlen: sense8 has a really nasty c-section/birth section, i just realized it could have been worse :/
22:15-!-luca [~lucaf@luca.sponsor.oftc.net] has quit [Quit: leaving]
22:20-!-Ikaros [~ikaros@0001b4e0.user.oftc.net] has quit [Quit: Leaving]
22:24-!-Zeis [~mog_@5NZAADDWU.tor-irc.dnsbl.oftc.net] has quit []
22:24-!-WedTM [~PuyoDead@1.tor.exit.babylon.network] has joined #linode
22:30<arlen>fun
22:30-!-ynazarov [ynazarov@2601:d:2700:128b:d498:6d82:5c5b:5f81] has joined #linode
22:34-!-acald3ron [~acald3ron@177.239.97.5] has joined #linode
22:36-!-syntaxman [wade@discourse.syntaxman.org] has joined #linode
22:43<zifnab>more ew
22:43<zifnab>but sure
22:45<arlen>is sense8 good?
22:47-!-meher [~oftc-webi@115.184.193.213] has joined #linode
22:48-!-luca [~lucaf@luca.sponsor.oftc.net] has joined #linode
22:49<meher>hi ....which security like firewall is provided to Linode server
22:50-!-meher [~oftc-webi@115.184.193.213] has quit []
22:51<arlen>none
22:54-!-WedTM [~PuyoDead@5NZAADDXW.tor-irc.dnsbl.oftc.net] has quit []
22:54-!-cmrn [~bildramer@marcuse-1.nos-oignons.net] has joined #linode
23:00<kyhwana_>??
23:00*kyhwana_ gets ready to dist-upgrade, backups things
23:09-!-seanh-corona [~Adium@67-61-119-133.cpe.cableone.net] has joined #linode
23:11<devilspgd>Stupid question, but should I be able to reply to a support ticket by email and have the reply show up?
23:13<luca>Please use https://manager.linode.com/support/ticket/4689640 to respond to this ticket.
23:13<luca>that's what one of my support emails says
23:13<luca>so, i'd conclude no
23:14<luca>1800s in, no packet loss
23:14<luca>okay, network sanity restored
23:14<luca>jfred: thanks
23:16-!-hfb [~hfb@pool-96-247-49-104.lsanca.dsl-w.verizon.net] has quit [Quit: Leaving]
23:17-!-hays_ [~quassel@hays.user.oftc.net] has joined #linode
23:17-!-hays [~quassel@hays.user.oftc.net] has quit [Ping timeout: 480 seconds]
23:18<@jfred>no problem :)
23:20<zifnab>arlen: i'm enjoying it
23:20<arlen>nice
23:20<zifnab>tl;dw: certain people are mentally linked
23:24-!-cmrn [~bildramer@5NZAADDYT.tor-irc.dnsbl.oftc.net] has quit []
23:24-!-Mraedis [~TehZomB@madiba.guilhem.org] has joined #linode
23:31-!-hays_ [~quassel@hays.user.oftc.net] has quit [Ping timeout: 480 seconds]
23:37-!-hays [~quassel@hays.user.oftc.net] has joined #linode
23:37-!-Azrael_Ak is now known as SlosHeD
23:45-!-Agnes [~oftc-webi@114-42-23-72.dynamic.hinet.net] has joined #linode
23:45<Agnes>Hi
23:45<retro|blah>Yes, hi.
23:46<Agnes>I have a question about video streaming. I was using shared hosting service for my website and found there is a size limitation(around 30mb) for upload one video.
23:47<Agnes>Do you have this kind of limitation as well?
23:48<Agnes>They said it's not expandable on a shared hosting
23:48<retro|blah>You get a VPS that you have root access to, and you can configure it however you need to. There is no size restriction on files you upload, up to the size of the disk.
23:49<pharaun>but past a certain size you're probably better off using an cdn/aws
23:49<Peng>Note well the bandwidth and transfer limits of your plan.
23:50<Agnes>what's cdn/aws?
23:50-!-seanh-corona [~Adium@67-61-119-133.cpe.cableone.net] has quit [Quit: Leaving.]
23:50-!-hays [~quassel@hays.user.oftc.net] has quit [Remote host closed the connection]
23:50<Peng>content distribution network
23:51<Peng>amazon web services, who offer various... web services, including a CDN
23:51<Agnes>i see
23:51<Agnes>thank you so much.
23:52<Peng>You pay a CDN company and they make your videos (or other places) go places fast, efficiently and at scale.
23:52<Peng>or other files*
23:53<Agnes>okay, cool.
23:54-!-Mraedis [~TehZomB@9S0AAAR85.tor-irc.dnsbl.oftc.net] has quit []
23:54<Agnes>but if my videos is just about 200mb, will your service run good as well?
23:54-!-Aethis1 [~dux0r@193.111.136.164] has joined #linode
23:54-!-Aethis1 was kicked from #linode by ChanServ [Please use another method to access #linode]
23:54<Peng>Agnes: Yes. But there are downsides to doing it that way. You can only serve a certain number of users -- depending on which plan you use -- and if they are far away, performance will not be good.
23:55<Peng>Agnes: streaming performance, anyway
23:55<pharaun>Agnes: for a simple few video files on your sites, putting it on linode is probably fine
23:55<pharaun>it'll handle it just fine
23:56<Peng>Agnes: This is not to say not to use Linode. It would still be good to use Linode for your website itself, and as an origin for a CDN. But for large-scale video stuff, you probably want a CDN as well.
23:56<pharaun>but if you're going to be toting around with hundreds and multi-gig video streams, yeah i would start looking at aws/cdn for that stuff.
23:57<Agnes>i see. thank you. i think yours will do just fine for me as a starter.
23:57<Agnes>but it's good to know aws/cdn.
23:58-!-hfb [~hfb@cpe-108-185-247-93.socal.res.rr.com] has joined #linode
23:59-!-seanh-corona [~Adium@67-61-119-133.cpe.cableone.net] has joined #linode
---Logclosed Sun Jun 07 00:00:02 2015