Back to Home / #linode / 2020 / 03 / Prev Day | Next Day
#linode IRC Logs for 2020-03-10

---Logopened Tue Mar 10 00:00:30 2020
01:42-!-AugustusCaesar24 [] has joined #linode
01:42-!-AugustusCaesar24 is "Augustus Caesar" on #linode
03:14-!-dsapikas [] has joined #linode
03:14-!-dsapikas is "purple" on #linode
03:16-!-aspis [] has quit [Ping timeout: 480 seconds]
03:25-!-aspis [] has joined #linode
03:25-!-aspis is "aspis" on #linode
03:39-!-internat [] has quit []
03:56-!-TJ- [~root@2a02:8011:2007:0:c504:63b9:a078:9d08] has joined #linode
03:56-!-TJ- is "TJ" on #linode #virt
04:07-!-Zajt [~oftc-webi@] has joined #linode
04:07-!-Zajt is "OFTC WebIRC Client" on #linode
04:07<Zajt>Hi! I'm trying to allow 4444 going out from my VPS and getting a reverse shell from my VPS, so I ran: sudo iptables -I INPUT -p tcp -m tcp --dport 4444 -j ACCEPT
04:07<Zajt>But it still doesn't work and I get "the computer did not allow 4444"
04:14<Woet>Zajt: you don't have to allow any ports unless you specifically configured the firewall to block it in the past.
04:14<Woet>Zajt: also, what's the actual error?
04:16-!-dsapikas [] has quit [Quit: Leaving.]
04:22<Zajt>I used another port, thanks though
04:45-!-Cruiser` [~Cruiser@] has joined #linode
04:45-!-Cruiser` is "Cruiser" on #linode
04:48<Woet>Zajt: Linode doesn't block any ports and neither does iptables unless you tell it to do so.
04:50-!-Cruiser [Cruiser@] has quit [Ping timeout: 480 seconds]
04:56<Xion>mcintosh[m]: Understood
05:01-!-dsapikas [] has joined #linode
05:01-!-dsapikas is "purple" on #linode
05:11<chesty>linode doesn't block 4444, but it does block 3 ports
05:11<chesty>for new customers
05:14-!-AugustusCaesar24 [] has quit [Quit: Going offline, see ya! (]
05:19-!-dueyfinster2 [~dueyfinst@] has joined #linode
05:19-!-dueyfinster2 is "NG" on #linode
05:22-!-dueyfinster [~dueyfinst@] has quit [Ping timeout: 480 seconds]
05:22-!-dueyfinster2 is now known as dueyfinster
05:27-!-Dee_ [~oftc-webi@] has joined #linode
05:27-!-Dee_ is "OFTC WebIRC Client" on #linode
05:27-!-Dee_ [~oftc-webi@] has quit []
05:34-!-dueyfinster1 [~dueyfinst@] has joined #linode
05:34-!-dueyfinster1 is "NG" on #linode
05:37-!-dueyfinster [~dueyfinst@] has quit [Ping timeout: 480 seconds]
05:37-!-dueyfinster1 is now known as dueyfinster
07:01-!-DrJ [] has quit [Ping timeout: 480 seconds]
07:07-!-Zajt [~oftc-webi@] has quit [Quit: Page closed]
07:22-!-wraeth is "wraeth" on #oftc
07:22-!-wraeth [] has joined #linode
07:32-!-aspis [] has quit [Ping timeout: 480 seconds]
07:37-!-dueyfinster [~dueyfinst@] has quit [Ping timeout: 480 seconds]
07:45-!-aspis [] has joined #linode
07:45-!-aspis is "aspis" on #linode
08:41-!-Shentino [] has quit [Remote host closed the connection]
08:43-!-Shentino [] has joined #linode
08:43-!-Shentino is "realname" on #qemu #mm #linode #tux3
09:08<LouWestin>Maybe the error was in the client side?
09:08<LouWestin>I don’t think Linux would say this computer.
09:12-!-anomie [] has joined #linode
09:12-!-anomie is "Anomie" on #linode
09:49<linbot>New news from community: Restore a Deleted account <>
10:00-!-cyberindia [~oftc-webi@2409:4052:2e0a:6512:b9e7:d23b:ff34:9c3a] has joined #linode
10:00-!-cyberindia is "OFTC WebIRC Client" on #linode
10:01<cyberindia>we are receiving some complains from a ip belongs to you
10:01<linbot>Linode's abuse contact is , as shown in the abuse contact info for the IP address in question. shows how to look this up yourself.
10:02<@pwoods>cyberindia: we'll need any plain text logs you can share to be emailed to that abuse inbox.
10:02<nate>Just make sure that you send them all relevant details
10:02<millisa>Assuming it *is* abuse that they are complaining about
10:02<@pwoods>There's always a human looking at that inbox, so you should get a response fairly quickly.
10:03<cyberindia>this is the hosted ip
10:03<@pwoods>We'll need the logs that demonstrate what the abuse is.
10:03<cyberindia>illegal activities
10:03<cyberindia>related to gambling
10:03<cyberindia>we need logs for further investigations
10:04<@pwoods>cyberindia: that sounds more along the lines of legal, rather than abuse.
10:04<nate>You're asking linode for logs...? Unless you're law enforcement or a government agency (in which case you probably wouldn't be reaching out on IRC), that's not something easily obtained :P
10:08<@pwoods>cyberindia: we would need a warrant to disclose any activity. Once that happens, it can be sent to
10:08<nate>pwoods: would this be relevant in cases like this?
10:08<nate>Ah there is an email for that, nebermind :P
10:08<millisa>nebermind is my faborite nirbana album
10:08-!-cyberindia [~oftc-webi@2409:4052:2e0a:6512:b9e7:d23b:ff34:9c3a] has quit [Remote host closed the connection]
10:09<nate>guess they didn't like that answer
10:09<rsdehart>what do you mean you don't just hand over private information to anyone who asks for it? One star, worst service eber
10:11<nate>I wonder if a warrant would even be suitable anyways. Linode being mostly relative to US law, and the IP given being located in UK, if they can't even prove someone from india is relative to the IP wouldn't most attorney's probably get a request shot down?
10:13<millisa>"The Terms of Service specifically prohibits the use of our service for illegal activities. Therefore, Subscriber agrees that may disclose any and all subscriber information including assigned IP numbers, account history, account use, etc. to any court who sends us a valid Court Order, without further consent or notification to the Subscriber." (#10 in the TOS)
10:16<nate>millisa: Yes but what I'm saying is, if it's some american in a state where gambling is completely fine, they have 0 relation to india in any form at all, I would imagine linode would challenge a legal request out of india that has no basis
10:16<nate>Chances are most of us are using our linodes in some form that might be illegal in at least one nation somehow :P
10:17<millisa>if you aren't, you aren't doing it right
10:17<millisa>this is why my porknography site is so popular in some places
10:17<millisa>ham you can barely comprehend I tell you
11:10-!-_Cyclone_ [~Cyclone@2600:3c00::f03c:91ff:fe1f:53f4] has quit [Quit: Heigh-Ho I'm off to...]
11:12-!-_Cyclone_ [] has joined #linode
11:12-!-_Cyclone_ is "CPU Heat" on #linode #ceph
11:34<warewolf>cyberindia was connecting from a residential ipv6 ip
11:40-!-kkd [] has quit []
11:44<nate>I noticed that too but I'm not really familiar with india and how they allocate to agencies so :P
11:52<LouWestin>I’m not going to play keyboard lawyer here. That’s what Facebook is for. 😉
11:52-!-eyepulp [] has joined #linode
11:52-!-eyepulp is "eyepulp" on #linode
11:56-!-eyepulp [] has quit [Remote host closed the connection]
11:56-!-eyepulp [] has joined #linode
11:56-!-eyepulp is "eyepulp" on #linode
12:06-!-kkd is "Kumar Kartikeya Dwivedi" on #kernelnewbies
12:06-!-kkd [] has joined #linode
12:15-!-aspis [] has quit [Remote host closed the connection]
12:38-!-dsapikas [] has quit [Ping timeout: 480 seconds]
13:07-!-bhv1 [~bhv1@2600:3c03::f03c:91ff:fe96:f614] has joined #linode
13:07-!-bhv1 is "bhv1" on #linode
13:33<bhv1>I've been deploying a web app by using docker-compose and docker-machine to run a few images on a linode. I'd like to use roughly this process, but remove the part where I have to manually manage the host. is that what kubernetes does?
13:33-!-bhv1 is now known as BrianHV
13:40<linbot>New news from community: Why isn't UFW blocking my PostgreSQL service running in a Docker container? <>
13:55<@bbigger>BrianHV that kind of depends — I want to say "yes" but I think the answer is a bit more complicated than that. I believe this doc has a lot of helpful info that will give you a lot of answers, particularly the "Advantages" section:
14:05<BrianHV>bbigger: thanks! what I gather from that is that kubernetes per se isn't the solution I'm looking for, but services like LKE might be? like, I'll be able to toss some config file describing my docker images at LKE and I'll automagically get those images deployed somewhere?
14:15-!-eyepulp [] has quit [Read error: Connection reset by peer]
14:17<@bbigger>BrianHV right, that's the idea. It's still a bit of a lift to get going, the idea being you're saving yourself future management work after you have things set up. This guide focuses on deploying a Hugo static site packaged in a Docker image to a LKE cluster, but should apply to your web app deployment in similar fashion:
14:19<BrianHV>thanks! I'll check it out
14:19-!-eyepulp [~eyepulp@] has joined #linode
14:19-!-eyepulp is "eyepulp" on #linode
14:19<@bbigger>If you aren't in the LKE beta yet, you can sign up at the following link, or DM me and I can get you set up
14:23-!-debaser [] has joined #linode
14:23-!-debaser is "Textual User" on #linode
14:23<debaser>Hi all. I ran into an issue today:[] said: 550 5.7.1
14:23<debaser> Unfortunately, messages from [] weren't sent. Please contact
14:23<debaser> your Internet service provider since part of their network is on our block
14:23<debaser> list (S3150). You can also refer your provider to
14:36<@bbigger>debaser We see this often, and it's usually connected to lack of rDNS and/or SPF record settings
14:37<@bbigger>it looks like you have those set up for your IP, though
14:37<debaser>Everything is set. rDNS, SPF, DKIM, ARC, DMARC.
14:38<debaser>I sent roughly 20 emails before it was completely blocked.
14:41<@bbigger>It might be an issue of propagation if these settings were made in the past 48 hours. Otherwise, we could request a delisting for you if open up a support ticket asking us to. Be sure to include the message you posted here, the domain you're sending from, and the domain you're sending to, as we'll need this info for our request. Feel free to drop the ticket number here as well.
14:48<chesty>how quickly did you send the 20 emails?
14:56-!-TJ- [~root@2a02:8011:2007:0:c504:63b9:a078:9d08] has quit [Quit: WeeChat 2.6]
15:12-!-micro [] has quit [Remote host closed the connection]
15:14-!-micro [] has joined #linode
15:14-!-micro is "User Micro" on #linode
15:31-!-Shentino_ [] has joined #linode
15:31-!-Shentino_ is "realname" on #tux3 #linode #mm #qemu
15:35-!-Shentino [] has quit [Ping timeout: 480 seconds]
15:39-!-Shentino__ [~desktop@2600:6c54:7a00:133a:9a90:96ff:fece:3992] has joined #linode
15:39-!-Shentino__ is "realname" on #tux3 #linode #mm #qemu
15:41-!-Shentino__ [~desktop@2600:6c54:7a00:133a:9a90:96ff:fece:3992] has quit []
15:42-!-Shentino [~desktop@2600:6c54:7a00:133a:9a90:96ff:fece:3992] has joined #linode
15:42-!-Shentino is "realname" on #qemu #mm #linode #tux3
15:46-!-Shentino_ [] has quit [Ping timeout: 480 seconds]
15:52<debaser>Thanks @bigger
15:53<debaser>@chesty, they were sent out relatively quickly. ~3/minute.
15:55<millisa>debaser: doesn't help you specifically, but I have an outbound mx in the range. I just sent a test mail to an address which usually goes through the same systems. it got accepted ok.
15:57<chesty>I guess you triggered their spam detection by sending so quickly, especially if your ip was new to you and had no reputation
15:57<millisa>not sure if they care that you are using 'microsoft' in your hostname
15:58<debaser>millisa: that is helpful. Thanks for sharing. It seems that my IP was blocked. Wow they block fast. It wasn't even initially inboxing. How many emails/hour do you send through microsoft when you are warming up?
16:00<millisa>from that mx, none really. it may even be the first mail that's gone through it to one of those addresses (it's a system I spun up in the last couple months). so it won't even have a good reputation with them
16:47<Peng_>love it
17:12<warewolf>computers as we know them are broken beyond repair
17:14<nate>I feel like there is far too much dramatic overhyping going on for most of these, that included
17:15<nate>I mean yes it's a critical thing but it requires effective full local access, which basically means you're already screwed anyways
17:15-!-anomie [] has quit [Ping timeout: 480 seconds]
17:16<warewolf>nate: all I'm saying is the chip designers took shortcuts which enabled like 90% of the performance boosts we appreciate today and there's going to have to be some HARD thinking to resolve all these side channel data leak things. I know _I_ don't have the skill.
17:17<nate>of course, but like MANY of these require like fundamental physical access for the most part
17:17<nate>in which case you're already boned lol
17:18<nate>also I really need to poke intel to figure out why my processor apparently doesn't exist to them
17:22<Peng_>And the last AMD vulnerability was more about electrical efficiency than performance. That's depressing. :(
17:26<millisa>but have any of those had a movie trailer video?
17:30<chesty>nate, I thought many or all of these worked from a vps? how many npm packages have been exploited? pip isn't immune. I think javascript running on the browser is safe now (it wasn't originally)
17:32<nate>chesty: I believe only two of them had actual JS Implementations, meltdown and I forget what the other one was. Both were pretty quickly mitigated at the software level.
17:33<nate>A semi-few would work from VPS aspects but usually would still require specific conditions
17:34<nate>Like Intel, a large number of the Intel things surrounded ME/AMT, which required either direct physical access (as it would have to be boot-time exploited) or ME enabled and AMT installed (which is a default-off and largely only corporate-environment used thing)
17:38-!-anomie [] has joined #linode
17:38-!-anomie is "Anomie" on #linode
17:38<Peng_>Or affected things like SGX which nobody uses
17:38<Peng_>Except when they do
17:53-!-hawk [] has quit [Ping timeout: 480 seconds]
17:57<grawity>hmm I seem to remember one of the problems with AMT was that it /wasn't/ default-off?
18:04-!-TJ- [~root@2a02:8011:2007:0:c504:63b9:a078:9d08] has joined #linode
18:04-!-TJ- is "TJ" on #linode #virt
18:11-!-anomie [] has quit [Ping timeout: 480 seconds]
18:22-!-Cruiser` is now known as Cruiser
18:39-!-azwieg104 [] has joined #linode
18:39-!-azwieg104 is "Andrew B. Zwieg" on #linode #lunchdudes
18:42-!-anomie [] has joined #linode
18:42-!-anomie is "Anomie" on #linode
18:42-!-kkd [] has quit [Quit: ZNC 1.7.5 -]
18:43-!-azwieg103 [] has quit [Ping timeout: 480 seconds]
18:46-!-dsapikas [] has joined #linode
18:46-!-dsapikas is "purple" on #linode
18:54-!-kkd [~memxor@2400:8902::f03c:92ff:feac:6d1] has joined #linode
18:54-!-kkd is "Kumar Kartikeya Dwivedi" on #linode #kernelnewbies #debian-next #debian
19:11-!-azwieg104 [] has quit [Quit: leaving]
19:12-!-azwieg103 [] has joined #linode
19:12-!-azwieg103 is "Andrew B. Zwieg" on #linode @#lunchdudes
19:22-!-dsapikas [] has quit [Quit: Leaving.]
19:26-!-anomie [] has quit [Quit: Leaving]
19:33-!-eyepulp [~eyepulp@] has quit [Remote host closed the connection]
20:00-!-elrufles [~oftc-webi@2806:108e:d:897a:d27:15e0:fdeb:245e] has joined #linode
20:00-!-elrufles is "OFTC WebIRC Client" on #linode
20:01<elrufles>Hi there
20:01<elrufles>I have a question, i need a server but i need too 10 publics ips, it's possible?
20:01<linbot>Each Linode comes with 1 public IPv4 address and 1 public IPv6 address. Additional IPv4 addresses are $ 1 per month, and require technical justification. A /64 or /56 of IPv6 can be routed to your Linode at no charge.
20:02<millisa>The important bit is the technical justification if you mean ipv4 addresses
20:02<elrufles>yes ipv4
20:03<millisa>Out of curiousity, why 10?
20:03<elrufles>In Mexico we are with out statics ips
20:03<elrufles>And i need provide vpn service to 10 clientes, each one with one statis IP
20:04<elrufles>Can i have a small linode, and setup 10 ips
20:05<elrufles>One like this Linode 2 vCPU?
20:06<millisa>(I don't know if they'd consider that valid justification or not - as far as I'm aware, the linode size doesn't matter)
20:07<@_brian>We would not approve a request for additional IP addresses to a Linode in order to separate your VPN users
20:07<millisa>At worst though, ten nanodes, each with their own IP would run $50
20:07<@_brian>millisa is correct, the size of the plan does not make a difference for the number of IP addresses
20:08<millisa>or $70 if you enable backups for all of them
20:09<elrufles>There's the only way to have an aditionals IPs, with a technical justification
20:11-!-kbtr [] has joined #linode
20:11-!-kbtr is "kbtr" on #linode
20:13-!-lex [] has joined #linode
20:13-!-lex is "Despite All My Rage.." on #linode
20:13-!-lex is now known as Guest18776
20:16-!-Guest18584 [] has quit [Ping timeout: 480 seconds]
20:17<elrufles>Thanks millisa, i'm going to check nanodes
20:21-!-Guest18776 [] has quit [Ping timeout: 480 seconds]
20:24-!-elrufles [~oftc-webi@2806:108e:d:897a:d27:15e0:fdeb:245e] has quit [Remote host closed the connection]
20:54<dubidub>When will Linode run out of IPv4's?
20:54<dubidub>Or any other similar provider?
20:56<Peng_>In capitalist America we don't worry about running out of scarce resources in the future
20:56<dubidub>Running Exim on a separate IP was accepted as justification :)
20:57<Peng_>dubidub: It's hard to say. Smart hosting companies have been hoarding them for a while. It's likely that it will be possible to buy IPv4 addresses, for more or less money, for some time to come.
20:57<Peng_>Although by 2050 the entire IPv4 space will probably be owned by Amazon and the US military
20:58<dubidub>The military hasn't upgraded to IPv6?
20:59<dubidub>They're not doing much public facing stuff.
20:59<Peng_>I don't know, but they have tons of IPv4 space assigned.
20:59<dubidub>The routing tables must be getting pretty big...
21:00<millisa>from what I understand, the coast guard is still all netbeui
21:01<dubidub>Are blocks getting more and more fragmented?
21:04<Woet>dubidub: just because it was accepted as justification doesn't mean you should be doing it.
21:05-!-fstd [] has joined #linode
21:05-!-fstd is "fstd" on #gentoo #oftc #linode #debian #kernelnewbies
21:05<dubidub>Why not?
21:07<dubidub>I wanted the mail server to identify with a different domain name, not the host's name.
21:13-!-fstd_ [] has quit [Ping timeout: 480 seconds]
22:03-!-TJ- [~root@2a02:8011:2007:0:c504:63b9:a078:9d08] has quit [Quit: WeeChat 2.6]
22:59<FluffyFoxeh>As it stands now, there's no such thing as an IPv6 only server, and no such thing as an IPv6 only client. At least not in any significant way
23:00<FluffyFoxeh>Because servers need to be connectable from IPv4-only clients, and clients need to connect to IPv4-only servers
23:01<FluffyFoxeh>But because everyone still has a v4 address for that reason, there's no reason to adopt IPv6 for those that don't have it yet
23:02<FluffyFoxeh>Is there a list of top 100 sites that still only have IPv4?
23:02<FluffyFoxeh>I remember checking this out for myself before and there were some pretty shocking examples of prominent sites that don't have AAAA records
23:02<HedgeMage>I mean, one *could* make an IPV6-only server, just to be a smartass.
23:03<millisa> has a table. not sure if there's a more recent report
23:03<FluffyFoxeh>If Google turned off IPv4 I think we'd very quickly see this problem resolve itself :p
23:04<joecool>linode give out like, reasonable allocations for ipv6?
23:04<FluffyFoxeh>assuming they don't drown in lawsuits first
23:04<HedgeMage>I've found it quite reasonable.
23:04<joecool>like a /64
23:04<FluffyFoxeh>They give you a /64 by default
23:05<millisa>reasonable? their ipv6 prices are so low, they're practically giving them away! their prices are *insane*
23:05<FluffyFoxeh>They'll give you a /56 if you ask them to
23:05<joecool>ah neat, DO acts like they running out
23:05<@_brian>instances come with just a SLAAC but we'll give you a /64 without hesitation
23:05<joecool>'here are your 13 usable addresses sir'
23:05<@_brian>we'll give out free /56's but we'll ask for a reason first
23:05<joecool>'sorry we cannot provide anymore'
23:05<FluffyFoxeh>joecool: I really don't understand the stinginess of some providers with their IPv6 addresses
23:06<joecool>running a wireguard instance over there and i have to NAT it and do insane voodoo to get ipv6 packets to route before ipv4
23:06<joecool>like that was supposed to be the point of ipv6, to not need NAT
23:07<FluffyFoxeh>I thought the point was that the IPv4 address space was too small
23:08<joecool>and what do you think had to happen because it was so small
23:08<FluffyFoxeh>make a new address space with 128 bits instead of 32
23:09<FluffyFoxeh>I get it
23:10<joecool>i do like that the default mode of ipv6 is to 'figure it out and just work' where ipv4 needed dhcp that often got that and other things wrong
23:11<joecool>but lawdy, when ipv6 goes weird/wrong... it goes real wrong
23:12<FluffyFoxeh>I wonder if IPv6 is a bit wasteful too though. A /64 per customer...
23:12<@_brian>per linode*
23:12<FluffyFoxeh>I mean the standard allocation scheme
23:12<FluffyFoxeh>it's at minimum a /64 per household for residential ISPs
23:13<joecool>nah, it was wasteful at first when they were like 'yo /48's for everyone'
23:13<joecool>you want to have some room to route down to things, i mean you could in theory even do application specific ip's
23:14<joecool>to organize classes of devices it's good to have a few levels in between
23:14<joecool>anyway ipv4 clawed back large amounts of ip's given to various corps and groups
23:24<Peng_>On the other hand that guy at AFRINIC apparently stole a bunch of 'em
23:46<Toba>me joining the video conference during the pandemic
---Logclosed Wed Mar 11 00:00:32 2020