Back to Home / #linode / 2021 / 01 / Prev Day | Next Day
#linode IRC Logs for 2021-01-19

---Logopened Tue Jan 19 00:00:01 2021
04:17-!-tomaw [] has quit [Quit: Quit]
04:18-!-tomaw is "Tom Wesley <>" on #spi #debian #ceph #bitlbee @#admin @#tomaw #sd #perl #ovirt #virt @#thrustvps #supybot
04:18-!-tomaw [] has joined #linode
04:57-!-joecool [] has quit [Quit: ZNC 1.8.2 -]
04:57-!-joecool_ [] has joined #linode
04:57-!-joecool_ is "Joe" on #ck #linode
05:46-!-jojo [~u0_a157@] has quit [Ping timeout: 480 seconds]
05:55-!-jojo [~u0_a157@] has joined #linode
05:55-!-jojo is "fu xin son" on #linode
06:05-!-jticket [~jticket@] has joined #linode
06:05-!-jticket is "Jeremiah Ticket" on #nvda #linode #liblouis #debian-a11y #BRLTTY #bitlbee
06:05-!-WhizzWr [] has quit [Read error: Connection reset by peer]
06:05-!-JeremiahT [~jticket@2600:3c00::f03c:91ff:fe7b:a156] has quit [Read error: Connection reset by peer]
06:06-!-WhizzWr [] has joined #linode
06:06-!-WhizzWr is "Nothing is real" on #redditprivacy #pcl #oftc #linode
06:06-!-dwfreed is now known as Guest10854
06:06-!-dwfreed [] has joined #linode
06:06-!-dwfreed is "dwfreed" on #pax #osm-fi #openttd #openjdk #olpc-devel #oftc-status #oftc-staff #oftc #msys2 #linux #linode-beta #linode #launches #jmc #https-everywhere #help #freedombox #dot #debian-zh #debian-voip #debian-tech #debian-policy #debian-perl #debian-next #llvm #moocows #lowRISC #debian-blends #debian-au #debian #dcs #ck #ceph-orchestrators #ceph-devel #ceph #bcache #arvados #aptosid #OpenRailwayMap #debian-ipv6 #g7
06:06-!-MillerBoss [~B@2001:19f0:5c01:117a:5400:601:be22:419] has quit [Read error: Connection reset by peer]
06:07-!-jojo [~u0_a157@] has quit [Ping timeout: 480 seconds]
06:07-!-Guest10854 [] has quit [Read error: Connection reset by peer]
06:11-!-Ikaros [] has quit [Ping timeout: 480 seconds]
06:13-!-jojo [~u0_a157@] has joined #linode
06:13-!-jojo is "fu xin son" on #linode
06:15-!-Ikaros [] has joined #linode
06:15-!-Ikaros is "Ikaros" on #linode
06:45<linbot>New news from community: Trying to make 2 linodes machines communicate using private IP <>
06:47-!-jojo [~u0_a157@] has quit [Ping timeout: 480 seconds]
06:54-!-jojo [~u0_a157@] has joined #linode
06:54-!-jojo is "fu xin son" on #linode
07:02-!-jojo [~u0_a157@] has quit [Ping timeout: 480 seconds]
07:05-!-jojo [~u0_a157@] has joined #linode
07:05-!-jojo is "fu xin son" on #linode
07:18-!-jojo [~u0_a157@] has quit [Ping timeout: 480 seconds]
07:31-!-jojo [~u0_a157@] has joined #linode
07:31-!-jojo is "fu xin son" on #linode
07:35<linbot>New news from community: How to grant limited user access for Kubernetes? <>
07:41-!-sjk [] has joined #linode
07:41-!-sjk is "sjk" on #linode
07:52-!-jojo [~u0_a157@] has quit [Ping timeout: 480 seconds]
08:02-!-jojo [~u0_a157@] has joined #linode
08:02-!-jojo is "fu xin son" on #linode
08:18-!-jojo [~u0_a157@] has quit [Ping timeout: 480 seconds]
08:18-!-finsternis [] has quit [Remote host closed the connection]
08:22-!-jojo [~u0_a157@] has joined #linode
08:22-!-jojo is "fu xin son" on #linode
08:44-!-jojo [~u0_a157@] has quit [Ping timeout: 480 seconds]
09:02<Peng>Atlanta had another IPv6 outage starting at about 08:29 UTC.
09:03<Peng>Even before the last couple days, mtr seems to show consistent 0.2% IPv6 loss and no IPv4 loss. But I dunno if that's just soem ICMPv6 rate limit or if it also affects other traffic.
09:03<Peng>And I dunno if "0.2% loss"
09:04<@_brian>can you show me?
09:04<Peng> is brief outages or random individual packet loss or what.
09:04<Peng>Show which part?
09:04<@_brian>MTR would be cool. anything you've got, really
09:08<Peng>I wish there was a version of mtr that wrote a log or graph showing *when* packet loss happened. (But also without filling one's disks.)
09:09<Peng>Il'l pastebin something in a few minutes.
09:09<@_brian>no rush, thank you
09:11<Peng>It's also hard to be sure the 0.2% packet loss -- and sometimes it's only 0.1% -- isn't something wrong with *my* Linode, you know?
09:12<@_brian>for sure, but it always helps to get another set of eyes on it. intermittent networking issues, amirite?
09:17<@charris>What's up, you two! Just chiming in to mention I just ran an IPv6 MTR to an Atlanta Linode, wasn't able to replicate any packet loss outside of a bit of rate limiting. Curious to see that pastebin, though
09:25<Peng>Ohh mtr overnight showed a route loop. I hadn't looked closely.
09:26<Peng> <- pastebin NOT showing that. I'll update it in a minute.
09:27<@_brian>Peng ping ping statistics
09:29<Peng>Gist updated.
09:33<Peng>Ah, part of the problem last night was some kind of Telia outage affecting IPv6 at $home.
09:33<Peng>I love when multiple problems happen simultaneously!
09:35<@_brian>that'll do it. you had me worried when i couldn't find anything alerting to an issue
09:36<@_brian>happy to be the rubber duck though
09:38<Peng>That only explains the home-Atlanta issue, though. It doesn't explain the Atlanta-London issue. And probably doesn't explain the DNS stuff -- the Telia outage was in ~Miami and none of that traffic ought tp go through there.
09:45<linbot>New news from community: Having trouble with steps in FarmOS Install Guide <>
09:46<dzho>it's almost like, when traffic in one part of the Internet is disrupted, it causes timeouts and throughput congestion in other parts of the Internet, maybe? (I don't know the magnitude of any of these outages don't @ me)
09:51-!-roar_ [] has joined #linode
09:51-!-roar_ is "Roar Waagsbø" on #linode #suckless #ii
09:57<Peng>Good point. That logicially might explain some of the issue but shouldn't explain all of it.
10:05-!-almutaakhir [~oftc-webi@2607:fea8:21a0:4480:8931:57af:9b8:8de6] has joined #linode
10:05-!-almutaakhir is "OFTC WebIRC Client" on #linode
10:05-!-almutaakhir [~oftc-webi@2607:fea8:21a0:4480:8931:57af:9b8:8de6] has quit [Remote host closed the connection]
10:09<dwfreed>the internet is a series of tubes
10:11<branko>Must be a cat stuck somewhere...
10:11-!-Tulah [] has joined #linode
10:11-!-Tulah is "Tulah Lunarus" on #C #linode
10:15<linbot>New news from community: How do I set up rDNS for email while behind a NodeBalancer? <>
10:19<Peng>Since the seeming loop was in Atlanta itself, that must be where the cat is. :P
10:37<@_brian>i was able to reproduce some loss between a fresh nanode in ATL and the speedtest in London over ip6, but not vice versa. i'm going to escalate to our netops folks to see if they can share their thoughts
10:40<Peng>\o/ Thank you!
10:43<rsdehart>!point _brian
10:43<linbot>rsdehart: Point given to _brian. (24) (Biggest fan: millisa, total: 8)
10:48<Peng>I don't usually complain about every lost packet (and if I did, I would be on the phone with my ISP hours a day) but it could be a symptom of a worse problem. And even 0.1% loss limits TCP bandwidth, I think?
10:49<@_brian>that's valid. even if it were expected behavior, i'd like to be able to explain why.
10:54<Peng>Moreover, there were outages bad enough to disconnect me from some IRC servers on Sunday and today.
10:59-!-lls_ [] has joined #linode
10:59-!-lls_ is "lls" on #linode
10:59-!-lls [] has quit [Read error: Connection reset by peer]
11:30-!-ecs [] has quit [Remote host closed the connection]
11:30-!-ecs [] has joined #linode
11:30-!-ecs is "ecs" on #qemu #linode
11:41-!-jess [] has quit [Quit: Leaving]
11:41-!-jess [] has joined #linode
11:41-!-jess is "back once again with the ill behaviour" on #moocows #tor-dev #linode #debian #bitbot #oftc
11:59<grawity>(unrelated to that, I wish there was an explanation for why London is still ECN marking every single packet as "congestion experienced"...)
12:02<Peng>London's traffic laws are really severe :>
12:56<linbot>New news from community: Linode blacklisted on UCEProtect RBL <>
13:06-!-roar [] has joined #linode
13:06-!-roar is "Roar Waagsbø" on #linode #ii
13:06-!-roar_ [] has quit [Read error: Connection reset by peer]
13:06-!-roar is now known as roar_
13:15-!-nivaldev [] has joined #linode
13:15-!-nivaldev is "OFTC WebIRC Client" on #linode
13:17<nivaldev>I can not access my account
13:18<millisa>greetings. why not?
13:18-!-nivaldev [] has quit []
13:41<Peng> :D
13:44<Peng>I forgot how much of a shitshow that thread was and kind of regret linking it
14:00-!-dannyAAM_ [] has quit [Remote host closed the connection]
14:00-!-dannyAAM [] has joined #linode
14:00-!-dannyAAM is "Danny" on #linode
14:50-!-lls_ [] has quit [Ping timeout: 480 seconds]
15:27<linbot>New news from community: Where (address) can i find my wp data base that was one touch install? <>
15:35-!-roar_ [] has quit [Read error: Connection reset by peer]
15:36-!-Gue______ [~textual@2600:1700:8c20:ae08:c82c:585b:2921:cc9e] has joined #linode
15:36-!-Gue______ is "Textual User" on #linode
15:44-!-Gue______ [~textual@2600:1700:8c20:ae08:c82c:585b:2921:cc9e] has quit [Ping timeout: 480 seconds]
15:48-!-Danielhok [] has joined #linode
15:48-!-Danielhok is "OFTC WebIRC Client" on #linode
15:49<Danielhok>Hi guys, I have a question regarding linode services, anyone that can help?
15:49<@_brian>hi Danielhok
15:49<linbot>If you have a question, feel free to just ask it -- someone's always willing to help. If you don't get a response right away, be patient! You may want to read
15:51<Danielhok>I would like to rent a Linode "Server" but the shared option doesn't seem good to me. What service would be a nice option if I want to host a website where people can order food? Im the dev behind the site, and the client wants to know how much he has to spend ... Any ideas? Is the CPU heavy service a dedicated server which is the right option for me?
15:52<millisa>If you aren't sure, the nice thing about linodes is they are pretty easy to resize
15:52<millisa>You can start with the smaller, shared cpu setup, and if you think you need a dedicated cpu, you can resize to it.
15:52<millisa>it's a short downtime to do it
15:53<Danielhok>hmm, I read a lot on the net that shared is kinda a bad thing to go for, because the available power isn't always the same
15:53<millisa>linodes aren't quiet the same as 'shared hosting'. These are unmanaged vps
15:53<millisa>you are given a hardware allocation, and you install your linux distribution and have 'root'
15:53<Danielhok>yeah thats clear, but I share the resources with other users?
15:53<millisa>er, 'quite' the same...
15:54<millisa>to some extent, yes, the hardware is shared. you can get the dedicated cpu plan if you want to have the cores reserved for just you
15:54<Danielhok>okay the cpu service would then be the choice for me I guess
15:56<Danielhok>Have you experience how good a small website (~100 users per day) runs on shared hardware? Because 30$ per month seems kinda a lot for the client I guess
15:56<millisa>It depends on what those 100 users do and what your code is like, but you could easily support 100 users on the smallest linode potentially
15:57<Danielhok>hmm that seems cool. The users would like to pay for food and order it then, so nothing to special ... I guess the option for 10 bucks would be suitable for me ...
15:57<linbot>New news from community: Destination Host Unreachable <>
15:57<millisa>Food ordering probably doesn't happen during off hours, so you'd have times you can resize it if you find out you are wrong
15:57<Danielhok>If that wouldn't be enough could I still upgrade to the cpu intense option, without sharing resources, am I right?
15:58<millisa>You can switch from shared cpu to dedicated cpu with the same process for resizing.
15:58<Danielhok>ah that is awesome!
15:58<Danielhok>Thank you millisa, have a nice evening! :)
15:59<@_brian>!point millisa
15:59<linbot>_brian: Point given to the old and crusty millisa. (200)
15:59<@rgerke>!point millisa
15:59<linbot>rgerke: Point given to the old and crusty millisa. (201)
15:59<Danielhok>!point millisa
15:59<linbot>Danielhok: Point given to the old and crusty millisa. (202)
15:59-!-Danielhok [] has quit [Quit: Page closed]
16:21<linbot>New news from community: Restrict SSH (or FTP) access to just one folder <>
16:22<millisa>and bind mounts
16:23<kharlan>Well they don’t recommend doing that with SFTP anyway.
16:23<kharlan>There’s a huge rant from the developer about the possible security implications.
16:23<millisa>of putting a bind mount inside a chroot?
16:23<dwfreed>i think just chroot in general
16:24<kharlan>^ yep. It’s been a few years since I read it last, and I’m pretty sure I aswell as others just ignore it because *clients*
16:24<dwfreed>a poorly set up chroot can end up automatically bypassed by sshd by accident
16:25<kharlan>Well they recommend only giving the user access to a folder within the jail.
16:25<dwfreed>that's enforced by sshd
16:26<dwfreed>if the user's home dir is outside the chroot dir, sshd breaks out of the chroot to cd into the home dir (i've done this by accident)
16:27-!-joecool_ is now known as joecool
16:28<kharlan>Hmm I’ve always wished there are a good alternative. It seems like many systems are moving towards sftp , and totally bypassing FTPS .
16:28<kharlan>isn’t there some issue with file transfer rate limits with sftp as well? Something about the window size being too small or what not.
16:29<dwfreed>the biggest issue in ssh these days is lack of parallelism in encryption
16:29<dwfreed>even with AESNI
16:31<dwfreed>which i'm hitting right now
16:31<joecool>big sad when intel can't win on single thread performance anymore
16:32<dwfreed>parallelism will always beat single thread these days, as long as parallelism is possible, and for ssh it can be
16:33<dwfreed>(see the hpn patchset)
16:34<Peng>I've always been afraid of HPN. OpenSSH: Critical software with an excellent security history. HPN: Optimized patch set from like 2 people!?
16:35<dwfreed>hpn is easy to audit, only touches a couple things, and is very obvious
16:36<Peng>Oh, that's oog
16:36<Peng>"oog"? How did I type "oog"?
16:36<dwfreed>the biggest problem with it is that it doesn't use EVP, so at least before openssl 1.1, it doesn't get AESNI
16:37<dwfreed>or at least didn't use EVP the last time i looked at it
16:43-!-anomie [] has joined #linode
16:43-!-anomie is "Anomie" on #linode
16:49-!-jhitesma [sid129210@2001:67c:2f08:1::1:f8ba] has quit [Read error: Connection reset by peer]
16:51-!-jhitesma [] has joined #linode
16:51-!-jhitesma is "Jason Hitesman" on #linode
16:57-!-lls [] has joined #linode
16:57-!-lls is "lls" on #linode
17:00<Peng>Atlanta also has one of those private network SSH flooders. (Reported.) Today sucks. xD
17:17<Peng>Maybe I should just block private network IPv4 SSH traffic. :-/
17:18<dwfreed>but then how would you notice the flooders
17:18<Peng>Noticing them gives me a heart attack.
17:18<Peng>WHY AM I LAGGY AND USING 100% CPU oh
17:19<dwfreed>make a log scraper
17:20<millisa>if you let them in, they'll stop trying
17:20<Peng>millisa: That may not even be true!
17:23<millisa>now i want an ssh tarpit/honeypot that lets me do custom responses for all commands they may run. everything is a success. they did it!
17:27<millisa>wish granted.
17:27<dwfreed>Peng: just scrolled through that UCEProtect thread... wow...
17:28<dwfreed>i didn't even read the whole thing, just read the short posts
17:32-!-anomie [] has quit [Ping timeout: 480 seconds]
17:46<kharlan>“ No one paying a sewer is innocent.” , uh oh
17:47<millisa>Are there places where you dont have to pay for sewer?
17:48<dwfreed>millisa: yeah, have your own septic
17:49<millisa>guess I never thought about whether folks with septic setups pay for community drainage/runoff.
17:49<kharlan>It might be included in state taxes by default.
17:51<dwfreed>yeah, drainage is still handled by taxes, and drain commissioner has the power to make special assessments to pay for improvements
17:52<dwfreed>if you benefit from an improvement, you'll end up paying for part of its cost
17:52<millisa>i think work needs to be done to disassociate 'sewer' with bad things. sewers are possibly the most important utility of civilization.
17:52<millisa>"This place is awesome like a sewer"
17:52<dwfreed>that and garbage
17:56<kharlan>you people aren't innocent! pft
17:56<kharlan>rip at gnax being called a sewer though, never heard that in my life before.
17:57<dwfreed>I mean, GNAX was crap, but not literally
18:03<Peng>"Spammers are are a fatberg in the beautiful sewer of GNAX"
18:51-!-lls [] has quit [Quit: Leaving]
18:59-!-lls [] has joined #linode
18:59-!-lls is "lls" on #linode
19:41-!-jojo [~u0_a157@] has joined #linode
19:41-!-jojo is "fu xin son" on #linode
19:57-!-waltman [waltman@2601:4a:701:4451:dceb:6621:188f:2158] has quit [Quit: leaving]
20:08-!-waltman [waltman@2601:4a:701:4451:dceb:6621:188f:2158] has joined #linode
20:08-!-waltman is "= "Walt"" on #linode
20:10-!-nate [] has quit [Ping timeout: 480 seconds]
20:25-!-nate [] has joined #linode
20:25-!-nate is "Nathan" on #linode #php
20:31*Peng copies and pastes iptables commands from Stack Overflow. :D
20:31<Peng>(That's partly a joke.)
20:40-!-nate [] has quit [Ping timeout: 480 seconds]
20:42-!-nate [] has joined #linode
20:42-!-nate is "Nathan" on #linode #php
20:43-!-nate [] has quit []
20:46-!-nate [] has joined #linode
20:46-!-nate is "Nathan" on #linode #php
20:49-!-nate [] has quit []
20:53-!-nate [] has joined #linode
20:53-!-nate is "Nathan" on #linode #php
20:57<chesty>I'm partly laughing
21:49-!-Lucretia [] has quit [Read error: Connection reset by peer]
21:57-!-nate [] has quit [Quit: (?°?°)?? ???]
22:04-!-nate [] has joined #linode
22:04-!-nate is "Nathan" on #linode #php
22:07-!-Ikaros [] has quit [Ping timeout: 480 seconds]
22:11-!-Ikaros [] has joined #linode
22:11-!-Ikaros is "Ikaros" on #linode
22:16-!-Lucretia [] has joined #linode
22:16-!-Lucretia is "Luke" on #linode #llvm #virt #qemu
22:21<Peng>Wow, I think iptables-persistent barfed and changed the permissions on /tmp.
22:22<Peng>Not the contents of /tmp! Just hte direcotry itself.
22:22<Peng>Hopefully nothing important crashed in the last 2 hours?
22:23<Peng>I assume it barfed because Linode kernel + modprobe.
22:24<Peng>On second thought, I don't think iptables-persistent was at fault.
22:28<Peng>On third thought, I have no idea how it could be at fault -- it's a few dozen lines of sh? -- but I have no idea how anything else could be at fault either. And I first noticed something weird with a temporary file right after running it.
22:36<Peng>Ah, it was my fault. I did a foolish "sudo cp -ai" at around the same time.
22:37<Peng>Mystery solved! iptables-persistent is broken but not destructive. I apologize for insulting it.
22:37<kharlan>Np, it forgives you.
22:38<Peng>So APPARENTLY "sudo cp -ai . /tmp" does not do what I thought it did.
22:39<dwfreed>you wanted what's everuthing in the directory copied, right?
22:39<dwfreed>err, words
22:40<Peng>I was thinking it would be the same as "sudo cp -ai ../foo /tmp" and make /tmp/foo. Which in retrospect does not entirely make sense.
22:47<dwfreed>I don't think it's feasible for cp to determine a directory's name from within that directory
22:48<dwfreed>it technically worked, it just operated on /tmp/.
22:48<Peng>Yes. If it had printed an error message or something, it wouldn'ta taken me 2 hours to notice!
22:49<Peng>Instead, it was completely successful at doing what I told it to, instead of what I meant. :D
22:49<dwfreed>you probably could have avoided the problem by not using sudo, unless you didn't own the files you were copying
22:51<Peng>They were readable but I didn't own them.
22:53<dwfreed>ah, yeah, then cp would have failed because you can't disown files on Linux
22:58<chesty>I don't fully understand, if I can read a file I can copy it to a directory I have write permissions to. I guess -a would try to do a chown? which would fail
23:09-!-jojo [~u0_a157@] has quit [Ping timeout: 480 seconds]
23:13<chesty>I did a test, cp -ai . /tmp works if you only have read permissions on the file. it says "cp: preserving times for '/tmp/.': Operation not permitted" but it still works
23:18<Peng>RIP my times for '/tmp/.'
23:46-!-lls [] has quit [Remote host closed the connection]
23:47-!-lls [] has joined #linode
23:47-!-lls is "lls" on #linode
23:51-!-jojo [~u0_a157@] has joined #linode
23:51-!-jojo is "fu xin son" on #linode
---Logclosed Wed Jan 20 00:00:02 2021