| --- | Log | opened Mon Jan 07 00:00:35 2008 |
| --- | Day | changed Mon Jan 07 2008 |
| 00:00 | <tpope> | I just did apt-get install jabber |
| 00:00 | <tpope> | and some trivial configuration |
| 00:00 | <hobbes006> | o |
| 00:00 | <hobbes006> | that simple ? |
| 00:00 | <tpope> | pretty much |
| 00:00 | <hobbes006> | and a client will be able to connect your jabber-installed/configure server. |
| 00:01 | <hobbes006> | pfff |
| 00:01 | |-| | scottsanders [~scottsand@cpe-024-088-097-122.sc.res.rr.com] has quit [Ping timeout: 480 seconds] |
| 00:01 | <tpope> | the config I copied over from my home box |
| 00:01 | <hobbes006> | sounds trivial |
| 00:01 | <tpope> | which I created years ago |
| 00:01 | <hobbes006> | do you mind sharing your config ? |
| 00:01 | <tpope> | I could but it's 99% the stock debian config |
| 00:02 | <hobbes006> | o |
| 00:02 | <hobbes006> | then it should be pretty straightforward then :D |
| 00:02 | <tpope> | I think the only thing I changed was the host name |
| 00:02 | <hobbes006> | haha |
| 00:02 | <hobbes006> | ok |
| 00:02 | <hobbes006> | what about access rights ? |
| 00:02 | <tpope> | but as I said, years ago |
| 00:02 | <hobbes006> | how do you block/create users? |
| 00:02 | <tpope> | well, the default is that anyone can create a user |
| 00:02 | <tpope> | which strikes me as really dumb |
| 00:02 | <hobbes006> | yup |
| 00:03 | <hobbes006> | i suppose they are trying to encourage "public servers" :) |
| 00:03 | <tpope> | they tried that with email too, look how that turned out |
| 00:03 | <hobbes006> | hahaah :) |
| 00:03 | <hobbes006> | good point |
| 00:03 | <tpope> | but anyways, I've never changed it, and in the several years I've run the server, not one person has created an account |
| 00:03 | <hobbes006> | hehehe |
| 00:04 | <hobbes006> | no one knows of the existence of that server i guess |
| 00:04 | <tpope> | right, it's security through obscurity |
| 00:04 | <hobbes006> | i am googling for video integration |
| 00:05 | <hobbes006> | will be cool if i can set up video-enabled jabber server! |
| 00:05 | <tpope> | I've never tried that |
| 00:05 | <hobbes006> | ye |
| 00:05 | <hobbes006> | i am googling for it |
| 00:05 | <hobbes006> | i doubt that a lot of people would look into that |
| 00:06 | <hobbes006> | check this out - http://answers.yahoo.com/question/index?qid=20071227110547AAaFcHR |
| 00:12 | <hobbes006> | seems like ejabberd might be the answer. |
| 00:12 | <hobbes006> | video/voice enabled |
| 00:16 | |-| | tolecnal [tolecnal@login.tolecnal.net] has quit [Ping timeout: 480 seconds] |
| 00:18 | |-| | tolecnal [tolecnal@login.tolecnal.net] has joined #linode |
| 00:32 | |-| | opello changed nick to Guest2365 |
| 00:32 | |-| | opello [~opello@216.106.237.223] has joined #linode |
| 00:39 | |-| | Guest2365 [~opello@216.106.237.223] has quit [Ping timeout: 480 seconds] |
| 01:00 | |-| | Caleb [~caleb@12-214-1-103.client.mchsi.com] has quit [Quit: Caleb] |
| 01:09 | |-| | avongaus1 [~AVonGauss@c-76-108-54-140.hsd1.fl.comcast.net] has joined #linode |
| 01:09 | |-| | avongauss changed nick to Guest2368 |
| 01:09 | |-| | avongaus1 changed nick to avongauss |
| 01:12 | |-| | Guest2368 [~AVonGauss@c-76-108-54-140.hsd1.fl.comcast.net] has quit [Read error: Operation timed out] |
| 01:30 | <encode> | caker: can you help with a network issue after adding another ip? |
| 01:45 | |-| | clanehin [~lane@cpe-069-134-066-130.nc.res.rr.com] has quit [Ping timeout: 480 seconds] |
| 01:59 | |-| | hobbes006 [~Lin_Chuan@cm62.kappa208.maxonline.com.sg] has quit [Ping timeout: 480 seconds] |
| 02:04 | |-| | h00s [~h00s@78-0-112-78.adsl.net.t-com.hr] has joined #linode |
| 02:11 | |-| | h00s_ [~h00s@83-131-75-97.adsl.net.t-com.hr] has quit [Ping timeout: 480 seconds] |
| 02:13 | <Internat> | caker / tasaro / mikegrb : you can reclaim my free xenode now :) |
| 02:25 | |-| | marcel [~marcel@lt3.xs4all.nl] has joined #linode |
| 02:26 | |-| | christz [~christoph@193.170.124.195] has joined #linode |
| 02:34 | |-| | marcel [~marcel@lt3.xs4all.nl] has quit [Ping timeout: 480 seconds] |
| 02:38 | |-| | Schroeder [1000@kntpin04-nas-02-s20.cinergycom.net] has quit [Ping timeout: 480 seconds] |
| 02:47 | |-| | fake [~fake@c-98-207-158-100.hsd1.ca.comcast.net] has joined #linode |
| 02:54 | |-| | hobbes006 [~Lin_Chuan@cm62.kappa208.maxonline.com.sg] has joined #linode |
| 02:54 | |-| | hobbes006 [~Lin_Chuan@cm62.kappa208.maxonline.com.sg] has left #linode [] |
| 02:59 | |-| | irgeek_ [~jcsincla@cealsa01.centamin.com] has joined #linode |
| 03:12 | |-| | Athenon [~Athenon@r74-192-56-164.vctrcmta01.vctatx.tl.dh.suddenlink.net] has quit [Quit: Leaving] |
| 03:18 | |-| | getsmart [~getsmart@88-149-241-230.dynamic.ngi.it] has joined #linode |
| 03:50 | |-| | digx [~digx@c-76-109-201-140.hsd1.fl.comcast.net] has joined #linode |
| 03:59 | |-| | avongauss [~AVonGauss@c-76-108-54-140.hsd1.fl.comcast.net] has quit [Read error: Operation timed out] |
| 04:12 | |-| | fake [~fake@c-98-207-158-100.hsd1.ca.comcast.net] has quit [Quit: Leaving...] |
| 04:17 | |-| | tierra [~tierra@ibaku.net] has quit [Read error: Connection reset by peer] |
| 04:41 | |-| | tierra [~tierra@ibaku.net] has joined #linode |
| 05:03 | |-| | marcel [~marcel@wc-50.r-195-35-150.atwork.nl] has joined #linode |
| 05:29 | <@linbot> | New news from forums: IPv6 if up fails on Ubuntu 7.10 linode in Linux Networking <http://www.linode.com/forums/viewtopic.php?t=3022>; |
| 05:35 | <@linbot> | New news from forums: Nodes Freezing in Xen Public Beta <http://www.linode.com/forums/viewtopic.php?t=3023>; |
| 05:36 | <Internat> | encode: get ur network issue fixeD? |
| 05:40 | <mariorz> | !rr |
| 05:40 | <@linbot> | mariorz: *click* |
| 05:46 | <encode> | Internat: yeah - i added an ip, it wasn't in the same subnet. i added the info in /etc/network/interfaces and ifup'd the interface |
| 05:47 | <encode> | but i needed to manually add the gateway to get it to work |
| 05:47 | <Internat> | ah yes :) |
| 05:47 | <encode> | i assume thats usually done at boot time |
| 05:47 | <Internat> | i have it in my ifup stuff so |
| 05:49 | <encode> | guess i'll find out in another 200 days :0 |
| 05:49 | <encode> | at least now i have my extra disk and ram |
| 06:35 | |-| | thoth39 [~thoth39@201.29.162.37] has quit [Quit: Saindo] |
| 06:35 | |-| | christz [~christoph@193.170.124.195] has quit [Remote host closed the connection] |
| 07:02 | |-| | TheFirst [gaveup@your.friendly.neighborhood.hellmouth.info] has joined #linode |
| 07:19 | |-| | TheFirst [gaveup@your.friendly.neighborhood.hellmouth.info] has quit [Ping timeout: 480 seconds] |
| 07:28 | |-| | metaperl_ [~metaperl@216.216.112.2] has joined #linode |
| 07:31 | |-| | metaperl [~metaperl@216.216.112.2] has quit [Ping timeout: 480 seconds] |
| 07:44 | |-| | christz [~christoph@193.170.133.99] has joined #linode |
| 07:53 | <kpes> | !rr |
| 07:53 | <@linbot> | kpes: *click* |
| 08:07 | <@linbot> | New news from forums: Postfix not sending to the right domain in Email/SMTP Related Forum <http://www.linode.com/forums/viewtopic.php?t=3008>; |
| 08:19 | |-| | nimaj [~urbs@user-160uagc.cable.mindspring.com] has quit [Quit: Ex-Chat] |
| 08:43 | |-| | getsmart [~getsmart@88-149-241-230.dynamic.ngi.it] has quit [Ping timeout: 480 seconds] |
| 08:50 | |-| | getsmart [~getsmart@88-149-241-230.dynamic.ngi.it] has joined #linode |
| 09:36 | |-| | TJF [~TJF@pat.foulston.com] has joined #linode |
| 09:44 | <@linbot> | New news from forums: Plan Updates - 20% Additional RAM in Linode.com Announcements <http://www.linode.com/forums/viewtopic.php?t=2993>; |
| 09:47 | |-| | avongauss [~AVonGauss@c-76-108-54-140.hsd1.fl.comcast.net] has joined #linode |
| 09:49 | |-| | christz [~christoph@193.170.133.99] has quit [Ping timeout: 480 seconds] |
| 10:00 | |-| | christz [~christoph@193.170.133.5] has joined #linode |
| 10:11 | |-| | scorche|w [~42c007b2@ice.cream.org] has joined #linode |
| 10:20 | |-| | CDMoyer [~cmoyer@darkwing.inarow.net] has quit [Quit: all irc and no play makes lowercase something, something] |
| 10:22 | |-| | CDMoyer [~cmoyer@darkwing.inarow.net] has joined #linode |
| 10:36 | |-| | cramer_as8758 [~cramer_as@fiji.dolphins.ch] has joined #linode |
| 10:42 | <cramer_as8758> | Does anyone now hot to change the hostname ? /etc/hostname does not exist ... can I somply create it ? |
| 10:43 | <@mikegrb> | yes |
| 10:47 | <cramer_as8758> | does linode also offer IPv6 access ?? |
| 10:48 | <mwalling> | you can get it through a tunnel broker |
| 10:51 | <JDLSpeedy> | how much is a ipv6 tunnel? |
| 10:51 | <mwalling> | free? |
| 10:51 | <mwalling> | HE (through tunnelbroker.net) gives you a /64 for nothing |
| 10:53 | <JDLSpeedy> | ah |
| 10:55 | <irgeek_> | mikegrb: How much of a pain on the butt would it be to split a Linode 720 into two Linode 360 under the same account? |
| 10:56 | <@tasaro> | downgrade (migrate) your existing 720 and add a Linode to your account? |
| 10:57 | <irgeek_> | Well that's easy. Out of curiosity, do two linode on one account get a single pool of disk, or is it split 50/50? |
| 10:59 | <@tasaro> | they each get their own (50/50 in your example) |
| 10:59 | |-| | marcel [~marcel@wc-50.r-195-35-150.atwork.nl] has quit [Remote host closed the connection] |
| 11:02 | <irgeek_> | Darn. I wanted to make one big one and one small one. :( |
| 11:04 | |-| | irgeek_ [~jcsincla@cealsa01.centamin.com] has quit [Quit: Resuming human contact in 3... 2... ] |
| 11:10 | |-| | getsmart [~getsmart@88-149-241-230.dynamic.ngi.it] has quit [Ping timeout: 480 seconds] |
| 11:10 | <cramer_as8758> | ipv6 over a tunnel is not what I like, it's not stable enough ... I thought about a native one |
| 11:11 | <mwalling> | afaik, none of the data centers have native ipv6 |
| 11:13 | |-| | getsmart [~getsmart@88-149-241-230.dynamic.ngi.it] has joined #linode |
| 11:22 | <Karnaugh> | mwalling: err, HE has native IPV6, but you have to buy the transit separately so linode doesn't |
| 11:25 | <schmichael> | is anybody using ipv6 on a daily basis or in a production environment? |
| 11:25 | <Karnaugh> | yup |
| 11:25 | |-| | avongauss [~AVonGauss@c-76-108-54-140.hsd1.fl.comcast.net] has quit [Read error: Operation timed out] |
| 11:25 | <mwalling> | schmichael: yep |
| 11:26 | <mwalling> | Karnaugh: so, the net answer is the same... |
| 11:28 | <cramer_as8758> | yup |
| 11:30 | |-| | getsmart [~getsmart@88-149-241-230.dynamic.ngi.it] has quit [Remote host closed the connection] |
| 11:31 | <schmichael> | interesting, may i ask what you're using ipv6 for? |
| 11:31 | <schmichael> | i've been putting off worrying about it because i haven't run into a practical reason to use it yet |
| 11:32 | <Karnaugh> | I'm using it where I use IPv4 |
| 11:36 | <@tasaro> | http://digg.com/linux_unix/Linode_com_Virtual_Server_Review <-- diggit / comment @ hostingfu |
| 11:36 | |-| | irgeek [~jcsincla@41.234.222.115] has joined #linode |
| 11:36 | |-| | tolecnal [tolecnal@login.tolecnal.net] has quit [Ping timeout: 480 seconds] |
| 11:37 | |-| | FireSlash [~FireSlash@166.128.100.251] has joined #linode |
| 11:37 | |-| | hfb [~hfb@pool-71-106-219-180.lsanca.dsl-w.verizon.net] has joined #linode |
| 11:42 | <schmichael> | but doesn't using ipv6 when you could use ipv4 just take a bit more bandwidth? i mean its neglible, but does it offer any benefit? |
| 11:42 | <schmichael> | !avail |
| 11:42 | <@linbot> | schmichael: Linode360 - 66, Linode540 - 25, Linode720 - 28, Linode1080 - 6, Linode1440 - 6 |
| 11:42 | <schmichael> | tasaro: better grab some new servers if you guys about to get dugg ;) |
| 11:43 | <mwalling> | schmichael: probably not, but saying to the bosses that we have ipv6 doesn |
| 11:43 | <mwalling> | t hurt |
| 11:44 | <schmichael> | heh |
| 11:44 | <schmichael> | obviously ipv6 is 50% better than ipv4 |
| 11:45 | <mwalling> | eh? |
| 11:45 | <schmichael> | 4 + (.5 * 4) = 6 |
| 11:45 | <mwalling> | 32 bits vs 128 bits? thats more like 300% better |
| 11:46 | <Bdragon> | There are some POS systems (panasonic...) that run ARCnet... :) |
| 11:46 | <schmichael> | mwalling: ha... touche |
| 11:46 | <irgeek> | It's four times better! IPv4 only has A records. IPv6 has AAAA records. Pfft! |
| 11:47 | |-| | tolecnal [tolecnal@login.tolecnal.net] has joined #linode |
| 11:47 | <mwalling> | irgeek: which is the same... thing... |
| 11:48 | <schmichael> | but with 3 more As! |
| 11:49 | <Bdragon> | is it just me or was AAAA a bad idea? Wouldn't the sane thing to do be to add another query class? |
| 11:49 | <irgeek> | More As must be better. It's simple logic! |
| 11:49 | [~] | schmichael feels safe ignoring ipv6 for a while longer |
| 11:52 | <mwalling> | schmichael: its fun to play with |
| 11:52 | <irgeek> | From the article tasaro posted: "Choose between one of free data centres" Was this written by a brit with a lisp? |
| 11:52 | <schmichael> | mwalling: i have too many things that fall into that category already |
| 11:52 | <mwalling> | bah |
| 11:53 | <mwalling> | it is teh futurez |
| 11:54 | <@mikegrb> | Mon Jan 7 11:48:34 2008|192.168.1.200|debug [13548]: fetcher: try to fetch http://http://us.archive.ubuntu.com/ubuntu/pool/main/v/vim/vim-doc_7.0-035+1ubuntu5.1~dapper1_all.deb |
| 11:54 | |-| | irgeek [~jcsincla@41.234.222.115] has quit [Read error: Connection reset by peer] |
| 12:04 | |-| | metaperl [~metaperl@216.216.112.2] has joined #linode |
| 12:05 | |-| | avongauss [~AVonGauss@md15f36d0.tmodns.net] has joined #linode |
| 12:05 | |-| | irgeek [~jcsincla@41.234.222.115] has joined #linode |
| 12:10 | |-| | metaperl_ [~metaperl@216.216.112.2] has quit [Read error: Operation timed out] |
| 12:10 | |-| | metaperl changed nick to metaperl_ |
| 12:11 | <irgeek> | tasaro: Back to the splitting-a-Linode question. Can I convert to yearly payments at the same time so each 360 ends up with 15GB of disk? 10GB isn't quite going to cut it for me. |
| 12:13 | <@tasaro> | irgeek: yes, that's not a problem |
| 12:13 | <irgeek> | How would I go about doing that? Do I convert the 720 to yearly then split it, or the other way around? |
| 12:14 | <irgeek> | Oh, and will my IP change? |
| 12:15 | <@tasaro> | add a linode via the dashboard, select annual payment on the dropdown menu... you'll have a clean slate, no images, new IP, etc |
| 12:16 | <@tasaro> | then reduce your current 720 down to 15gb and we'll migrate that one to a 360 host |
| 12:16 | <@tasaro> | that one will keep it's IP(s), image(s), etc |
| 12:17 | <@tasaro> | you can opt to clone your existing images to the new Linode, if that speeds up your deployment |
| 12:17 | <irgeek> | Perfect. I'll get on that now. |
| 12:17 | <irgeek> | The new one will be separate. Just a playground for me. |
| 12:25 | |-| | xnemesis [~519847b8@webuser.linode.com] has joined #linode |
| 12:26 | <xnemesis> | Do I get the option to specify where I want my VPS to be on purchase? |
| 12:27 | <@tasaro> | xnemesis: yes, based on availability |
| 12:28 | <xnemesis> | thanks tasaro |
| 12:28 | |-| | xnemesis [~519847b8@webuser.linode.com] has quit [] |
| 12:29 | |-| | fake [~fake@c-98-207-158-100.hsd1.ca.comcast.net] has joined #linode |
| 12:29 | |-| | fake [~fake@c-98-207-158-100.hsd1.ca.comcast.net] has quit [] |
| 12:29 | |-| | chris_ [~chris@68.149.224.207] has joined #linode |
| 12:36 | |-| | FireSlash [~FireSlash@166.128.100.251] has quit [Ping timeout: 480 seconds] |
| 12:47 | <irgeek> | tasaro: I've set up the 360 freed up 5GB on the 720. Can you please set me up to migrate the 720 and switch to annual billing. |
| 12:50 | <@tasaro> | irgeek: all set |
| 12:58 | <irgeek> | Thanks tasaro. It's migrating now. I assume I'll get billed for both yearly charges at the end of this month? |
| 12:58 | <@tasaro> | yes - Feb 1st for both |
| 13:01 | <irgeek> | Linode rocks! |
| 13:02 | <@mikegrb> | yes |
| 13:02 | <@mikegrb> | you like that sexy migration progress stuff? |
| 13:02 | <@mikegrb> | I made it just for you |
| 13:03 | <irgeek> | Actually, I think I was one of the first to ever migrate. |
| 13:03 | <@mikegrb> | well the new migration progress stuff is only a month or two old |
| 13:03 | <@linbot> | New news from forums: Limit Kernel Memory LINODE360 in Performance and Tuning <http://www.linode.com/forums/viewtopic.php?t=3024>; |
| 13:04 | <tierra> | as in progress on copying disk images, etc? |
| 13:04 | <irgeek> | The new stuff is nice. |
| 13:04 | [~] | mikegrb nods |
| 13:04 | <tierra> | cool |
| 13:04 | <@mikegrb> | even an eta |
| 13:05 | <irgeek> | Migrating just shy of 15GB takes a while. It was much faster when I only had 3GB in my account. |
| 13:06 | |-| | tobeya [~atobey@lin-atobey.station.sony.com] has joined #linode |
| 13:06 | <irgeek> | linbot: I'll answer that one... |
| 13:07 | |-| | christz [~christoph@193.170.133.5] has quit [Remote host closed the connection] |
| 13:08 | |-| | adj [~relax@64.22.71.31] has joined #linode |
| 13:09 | <adj> | does anyone else see a big delay in establishing an ssh connection to a linode box? |
| 13:09 | <chris_> | adj: I do |
| 13:09 | <adj> | this is true for cetnos and fedora (i haven't used any other distros on linode) and i see an error in /etc/secure about pam_loginuid failing to open loginuid |
| 13:10 | <adj> | this is related to the the audit system in the kernel, which is probably disabled |
| 13:10 | <chris_> | adj: I am using Debian 4.0 |
| 13:10 | <adj> | SpaceHobo: i've got gssapi off in sshd_config |
| 13:10 | <adj> | of the 100 or so servers i admin, this linode one is the only one behaving this way. it must be something to do with the default linode config |
| 13:11 | <irgeek> | For me, it's Kerberos that causes it. |
| 13:11 | <chris_> | I am having some issues with server performance |
| 13:11 | <adj> | its a roughly 5-10 second delay from when the pam_loginuid errors arrive in the secure log to when the client shows the bash prompt. so it does seem like something in the pam stack timing out |
| 13:12 | <chris_> | sometimes it will be able to server up to 50req/sec and other times it will dive down to 1-5 req/sec |
| 13:12 | <chris_> | has anyone seen something like this before? |
| 13:13 | <Bdragon> | dns reverse lookups? |
| 13:13 | <chris_> | It is an app for a client and hasn't officially been made public, so the server is only receiving hits from me |
| 13:13 | <Bdragon> | adj (~relax@64.22.71.31) joined <-- your ptr looks sick there... |
| 13:13 | <adj> | ? |
| 13:14 | <chris_> | Bdragon: what the reverse dns question directed to me? :) |
| 13:14 | <adj> | i think that has to do with the oftc network |
| 13:14 | <Bdragon> | Nah, oftc does a reverse lookup |
| 13:14 | <Bdragon> | it failed for you |
| 13:15 | <adj> | Bdragon: where did you query it from? i have no problems resolving the rDNS |
| 13:15 | <Bdragon> | if that's a general problem for the ip you're connecting from, I can certainly imagine a 5-10 second stall while the resolver on your linode times out trying to do the same... |
| 13:15 | <Bdragon> | YOUR rdns, not the linode |
| 13:16 | <adj> | Bdragon: thats the ip of my linode. |
| 13:16 | <Bdragon> | oh |
| 13:16 | <Bdragon> | well, that's screwed up too then :P |
| 13:16 | <adj> | and i have no rdns problems =) |
| 13:17 | <adj> | Bdragon: its not. its just oftc not showing it |
| 13:17 | <Bdragon> | OK, because that's the FIRST thing I'd blame |
| 13:17 | <adj> | likewise, but its not a dns problem |
| 13:17 | <Bdragon> | Fair 'nuff |
| 13:18 | <Bdragon> | and you don't have heimdal or mit k5 enabled? |
| 13:18 | <adj> | if it was a slow lookup nscd would've fixed it |
| 13:18 | <adj> | not in pam, and i have GSSAPI set to no in sshd_config |
| 13:18 | <Bdragon> | or yp or any non local name service... |
| 13:19 | <adj> | nah. its all local files in nsswitch |
| 13:19 | <Bdragon> | k |
| 13:19 | <Bdragon> | Do you have a gigantic key? |
| 13:19 | <adj> | haha. no =) i never would have thought of that though |
| 13:19 | <@linbot> | New news from forums: io - limiter in General Discussion <http://www.linode.com/forums/viewtopic.php?t=3025>; |
| 13:20 | <Bdragon> | Heh |
| 13:20 | <Bdragon> | finger? |
| 13:20 | <Bdragon> | err, ident rather |
| 13:21 | <Bdragon> | (where the hell did I come up with finger there? :P) |
| 13:21 | <adj> | haha. you're dating your skills ;) |
| 13:21 | <Bdragon> | No, seriously, ident can still cause issues :P |
| 13:21 | <adj> | why won't kermit download this file any faster! |
| 13:21 | <adj> | haha =) |
| 13:22 | <irgeek> | xmodem forever! |
| 13:22 | |-| | Schroeder [1000@kntpin04-nas-02-s82.cinergycom.net] has joined #linode |
| 13:22 | <adj> | well. i thought maybe it wasn't ssh, but was something starting in my bash profile, but changing shells didnt help either |
| 13:22 | <Bdragon> | I was born in 1984. My skills aren't "dated" as such... :P |
| 13:23 | <Bdragon> | anything interesting if you turn on verbose for ssh? |
| 13:24 | <Bdragon> | -vvv heh |
| 13:24 | <Schroeder> | "Come here," she said, "I'll give ya shelter from the storm." |
| 13:25 | <adj> | it hangs on Entering interactive session. which leads me back to thinking this is something to do with loginuid not being available |
| 13:26 | <irgeek> | tasaro: Is the IO limiter refill rate still the same on all Linode plans? |
| 13:26 | <Bdragon> | Hmm, there's a pam loginuid.so... |
| 13:27 | <adj> | do you see anything like follows in your secure logs? |
| 13:27 | <adj> | Jan 7 13:24:58 li15-30 sshd[26329]: pam_loginuid(sshd:session): set_loginuid failed opening loginuid |
| 13:27 | <Bdragon> | Ahh.. using pam stuff that needs kernel support |
| 13:27 | <Bdragon> | http://www.tektonic.net/forum/showthread.php?t=1486 |
| 13:28 | <adj> | yeah. i think thats whats happening. but, i don't know whats causing it to use that pam module |
| 13:28 | <Bdragon> | http://kb.swsoft.com/article_133_1146_en.html |
| 13:29 | <Bdragon> | Hmm |
| 13:29 | <Bdragon> | Post #3 in the thread I pointed to... |
| 13:30 | <Bdragon> | That looks like the correct solution to me... |
| 13:30 | <adj> | well. like the last post says setting both UseLogin and UsePAM to no seems to help |
| 13:30 | <Bdragon> | (the bottom secion, not the top)( |
| 13:31 | <Bdragon> | "I commented out pam_loginuid.so in /etc/pam.d/sshd" |
| 13:31 | <Bdragon> | That sounds sane to me |
| 13:31 | <Bdragon> | I'd prefer that over usepam no |
| 13:31 | <zeroday> | hmm..I set that error aswell |
| 13:31 | <zeroday> | * see |
| 13:31 | <zeroday> | never noticed it before but I dont get any delay connecting |
| 13:32 | <adj> | Bdragon: well, removing loginuid from the ssh pam stack gets rid of the error, but its not that much faster. |
| 13:32 | <Bdragon> | Hmm.. |
| 13:32 | <adj> | using ssh-keys i see literally 0 delay to every server but this linode, though. so something is still slowing it down |
| 13:33 | <zeroday> | I disabled the gassapi thing |
| 13:33 | <adj> | oh well. its not a major concern, just an annoyance. and removing PAM is not an option i want to use. this isn't slackware ;) |
| 13:34 | <Bdragon> | Heh |
| 13:34 | <Bdragon> | Are you attempting to do x forwarding? |
| 13:34 | <adj> | yes |
| 13:34 | <Bdragon> | Does it work? |
| 13:35 | <adj> | dunno. i'm hunting for a binary that would use it |
| 13:36 | <Bdragon> | Well, I mean in your debug log |
| 13:36 | <Bdragon> | what all is in /etc/pam.d/sshd anyway? |
| 13:37 | <adj> | all points to the default system-auth stack, plus account has nologin and session has keyinit |
| 13:37 | <zeroday> | http://pastebin.linode.com/130 |
| 13:37 | <zeroday> | thats mine |
| 13:37 | |-| | tobeya [~atobey@lin-atobey.station.sony.com] has quit [Quit: Leaving] |
| 13:39 | <adj> | i still think its a VPS thing. i should check the UML forums |
| 13:39 | <zeroday> | is PAM needed for sshd? |
| 13:40 | <adj> | needed, no. is it nice and convenient, yes =) |
| 13:40 | <Bdragon> | got a system.log or anything? |
| 13:41 | <adj> | Bdragon: is that directed to me? |
| 13:41 | <Bdragon> | yeah |
| 13:41 | <adj> | sure. thats OS X though isn't it? i've got messages |
| 13:41 | <Bdragon> | Dunno |
| 13:41 | <Bdragon> | Just wandering around the internet at the moment |
| 13:41 | <adj> | nothing interesting logged besides the loginuid |
| 13:42 | <adj> | which is gone now |
| 13:42 | <adj> | its not big deal. i just got annoyed at lunch and hopped on to see if i wasn't the only one |
| 13:42 | <adj> | i need to get back to admin'ing machines my employer pays me to |
| 13:42 | <Bdragon> | what's the linode's perception of it's name? |
| 13:42 | <adj> | thanks for the tips |
| 13:43 | <zeroday> | adj, http://bugs.centos.org/view.php?id=2191 |
| 13:43 | <zeroday> | posted by a linode user aswell ;) |
| 13:43 | |-| | irgeek [~jcsincla@41.234.222.115] has quit [Ping timeout: 480 seconds] |
| 13:44 | <Bdragon> | And nsswitch is hosts: files dns? |
| 13:44 | |-| | fake [~fake@c-98-207-158-100.hsd1.ca.comcast.net] has joined #linode |
| 13:44 | <adj> | yes |
| 13:45 | <Bdragon> | Big shrug here... |
| 13:45 | <adj> | yeah. same |
| 13:45 | <adj> | its probably something to do with the centos system and the linode kernel like that post points out zeroday |
| 13:45 | <adj> | i'm not going to worry about it anymore |
| 13:45 | <Bdragon> | Only thing I can think if is disabling sshd for a minute and running it in foreground debug mode by hand... |
| 13:46 | <Bdragon> | think *OF* |
| 13:46 | |-| | andrew_j_w [~andrew@88-97-29-168.dsl.zen.co.uk] has joined #linode |
| 13:46 | <adj> | haha. i wouldn't disable ssh, i'd just start it in debug on another port. |
| 13:46 | <adj> | i don't want to typo and lock myself out |
| 13:47 | <Bdragon> | from lish ;) |
| 13:47 | <zeroday> | is the pam error a security issue? |
| 13:47 | <adj> | ahh. lish, yeah. thats nice |
| 13:47 | <Bdragon> | zeroday: It's just a notice that auditing won't work properly, which is true with or without it because it depends on some kernel stuff that isn't compiled in... |
| 13:48 | <zeroday> | k |
| 13:48 | <zeroday> | http://lists.centos.org/pipermail/centos/2007-September/086733.html |
| 13:49 | |-| | Athenon [~Athenon@r74-192-56-164.vctrcmta01.vctatx.tl.dh.suddenlink.net] has joined #linode |
| 13:55 | <zeroday> | I commented it out in a few files and it doesnt give the error any more |
| 14:23 | |-| | fake [~fake@c-98-207-158-100.hsd1.ca.comcast.net] has quit [Ping timeout: 480 seconds] |
| 14:32 | |-| | tolecnal [tolecnal@login.tolecnal.net] has quit [Ping timeout: 480 seconds] |
| 14:39 | |-| | adj [~relax@64.22.71.31] has left #linode [] |
| 14:39 | |-| | chris_ [~chris@68.149.224.207] has quit [Read error: Connection reset by peer] |
| 14:39 | |-| | tolecnal [tolecnal@login.tolecnal.net] has joined #linode |
| 14:42 | |-| | tobeya [~atobey@lin-atobey.station.sony.com] has joined #linode |
| 14:51 | |-| | irgeek [~jcsincla@41.234.216.149] has joined #linode |
| 14:53 | <irgeek> | http://www.theinquirer.net/gb/inquirer/news/2008/01/06/bitmicro-shows-832gb-ssd |
| 14:53 | <irgeek> | 832GB Solid State Laptop Drive. |
| 14:53 | [~] | irgeek drools all over himself |
| 14:58 | <mwalling_> | who needs that much storage? |
| 14:59 | <Schroeder> | mwalling: when I rip my entire CD collection to 256kbps mp3s, it comes out to about 2TB |
| 14:59 | <mwalling_> | why on earth would you use mp3 for that? |
| 15:00 | <Schroeder> | why not? |
| 15:04 | <irgeek> | I'd pee myself if I had that HD in my lappy. I hate only having part of my music collection with me. |
| 15:04 | <irgeek> | Mine's only about 150GB, not 2TB. |
| 15:05 | <irgeek> | But it certainly doesn't fit on my 60GB drive. |
| 15:07 | |-| | irgeek_ [~jcsincla@41.234.216.42] has joined #linode |
| 15:11 | |-| | scorche|w [~42c007b2@ice.cream.org] has quit [Quit: CGI:IRC (Session timeout)] |
| 15:12 | |-| | scorche|w [~42c007b2@ice.cream.org] has joined #linode |
| 15:12 | |-| | tobeya [~atobey@lin-atobey.station.sony.com] has quit [Remote host closed the connection] |
| 15:13 | |-| | irgeek [~jcsincla@41.234.216.149] has quit [Ping timeout: 480 seconds] |
| 15:15 | |-| | irgeek_ [~jcsincla@41.234.216.42] has quit [Quit: Resuming human contact in 3... 2... ] |
| 15:22 | |-| | tobeya [~atobey@lin-atobey.station.sony.com] has joined #linode |
| 15:36 | |-| | chiefinnovator [~chiefinno@c-69-255-197-73.hsd1.md.comcast.net] has joined #linode |
| 15:37 | <chiefinnovator> | Is there a way I can see what ports are being used, and what processes are using them? |
| 15:37 | <chiefinnovator> | I'm on Ubuntu if that matters |
| 15:43 | <zeroday> | netstat |
| 15:44 | <zeroday> | try netstat -ap |
| 15:48 | <chiefinnovator> | there's a lot of stuff |
| 15:48 | |-| | getsmart [~getsmart@88-149-241-230.dynamic.ngi.it] has joined #linode |
| 15:48 | <zeroday> | use grep for a specific program/port |
| 15:49 | <chiefinnovator> | I don't see the ports listed |
| 15:49 | <chiefinnovator> | there's a section Active Internet connections (servers and established) and then a section Active UNIX domain sockets (servers and established) |
| 15:49 | <chiefinnovator> | I guess I should tell you what I'm trying to do :-) |
| 15:50 | <chiefinnovator> | I want to test that a jailed user can't start an SMTP server |
| 15:50 | <zeroday> | the port is listed like this: local/foreign address:port |
| 15:51 | <zeroday> | they might substitue the number to a common service name like pop |
| 15:51 | <chiefinnovator> | ok, so I can ignore the Active UNIX domain sockets section? |
| 15:52 | <zeroday> | I've no idea what they are, so I cant say |
| 15:52 | <zeroday> | although grep will most likely find the port/program you are looking for |
| 15:52 | <chiefinnovator> | good point |
| 15:53 | <chiefinnovator> | $ netstat -ap | grep "25333" |
| 15:53 | <chiefinnovator> | (Not all processes could be identified, non-owned process info |
| 15:53 | <chiefinnovator> | will not be shown, you would have to be root to see it all.) |
| 15:53 | <chiefinnovator> | why does it say that? |
| 15:54 | <zeroday> | I dunno, run the command as root :P |
| 15:58 | <Schroeder> | chiefinnovator: there's not a whole lot you can do to keep someone from starting a certain process, short of mounting /home noexec so he can't install and run it from his home dir |
| 15:58 | <Schroeder> | he can always configure it to use a nonprivileged port |
| 15:58 | <chiefinnovator> | hmm |
| 15:58 | <chiefinnovator> | what about a firewall or iptables? |
| 15:59 | <Schroeder> | well, he can still run it |
| 15:59 | <Schroeder> | it just won't be accessible from the outside |
| 15:59 | <Schroeder> | which is probably good enough |
| 15:59 | <chiefinnovator> | yeah, I'd be ok with that |
| 16:00 | <chiefinnovator> | actually, only one process can use a port at a time, right? So could I just have a daemon that claims all the ports? |
| 16:03 | <Schroeder> | yeah, but that'd be a stupid way to do it |
| 16:04 | <Schroeder> | and you probably wouldn't be able to do it, practically |
| 16:04 | <chiefinnovator> | What's a better way? |
| 16:04 | <Schroeder> | because of limits on the number of open file descriptors |
| 16:04 | <mwalling_> | chiefinnovator: firewalling |
| 16:04 | <Schroeder> | yeah, firewalling is the best way |
| 16:04 | <Schroeder> | it's good enough |
| 16:04 | <Schroeder> | without being stupid and unnecessarily resource-intensive |
| 16:05 | <encode> | firewalling is much better |
| 16:05 | <chiefinnovator> | so with firewalling, I could say certain users can't connect to certain ports? |
| 16:05 | <Schroeder> | just block off incoming connections to all the ports not used by services you yourself are running |
| 16:05 | <mwalling_> | not really... |
| 16:05 | <zeroday> | Schroeder, say I have a user in /home/foo, how would I mount noexec there? |
| 16:05 | <encode> | block outgoing packets to a destination of port 25 |
| 16:06 | <Schroeder> | zeroday: you have to have /home on its own logical partition |
| 16:06 | <Schroeder> | encode: don't do that |
| 16:06 | <Schroeder> | first off, there's no reason to |
| 16:06 | <Schroeder> | since 25 is a privileged port |
| 16:06 | <chiefinnovator> | oh I see, so just block off all incoming connections, except for the web server and ssh |
| 16:06 | <Schroeder> | so ordinary users can't open it anyway |
| 16:06 | <zeroday> | oh ok |
| 16:06 | <Schroeder> | second, he can always reconfigure the server to use another port, that he can open |
| 16:06 | <encode> | Schroeder: nono, to a destination of port 25 |
| 16:06 | <encode> | not local port 25 |
| 16:07 | <mwalling_> | encode: just make sure your mailserver doesn't get screwed by doing that |
| 16:07 | <chiefinnovator> | I'm not running a mailserver so that's ok |
| 16:08 | <mwalling_> | iptables -A OUTPUT -p tcp --dport 25 -j DROP |
| 16:08 | <encode> | chiefinnovator: it would also prevent you using a mail client |
| 16:08 | <mwalling_> | simple and easy |
| 16:08 | <chiefinnovator> | I think blocking incoming connections would be enough. How do I do that :-) |
| 16:08 | <encode> | (to send mail) |
| 16:08 | <mwalling_> | oh... /me re reads the original question |
| 16:08 | <chiefinnovator> | hmm, maybe I shouldn't do that then |
| 16:09 | <chiefinnovator> | so iptables can't work per user? |
| 16:09 | <Toba_> | set it to listen on localhost, silly :p |
| 16:09 | <encode> | no |
| 16:09 | <Schroeder> | chiefinnovator: replace the "OUTPUT" with "INPUT" |
| 16:09 | <mwalling_> | packets don't carry user information |
| 16:09 | <encode> | Toba_: of course, silly me |
| 16:09 | <chiefinnovator> | ohh that makes sense |
| 16:10 | <chiefinnovator> | so what is your iptables rule saying? |
| 16:10 | <Toba_> | unless you accidentally plugges your localhost port into the internet |
| 16:10 | <Toba_> | ...<_< >_>_ |
| 16:10 | <mwalling_> | chiefinnovator: (adding Schroeder's fix)... anything inbound from the outside to port 25 gets dropped. |
| 16:10 | |-| | Sputnik7 [~Sputnik7@c-71-192-5-190.hsd1.ma.comcast.net] has quit [Ping timeout: 480 seconds] |
| 16:10 | <mwalling_> | you could alternativly REJECT it |
| 16:10 | <Toba_> | drop is more fun |
| 16:10 | <Schroeder> | but, that'll only work for port 25 |
| 16:11 | <Schroeder> | which won't stop him from running it on an alternate port |
| 16:11 | <mwalling_> | Schroeder: but how do you recieve mail on an alt port? |
| 16:11 | <chiefinnovator> | right |
| 16:11 | <Schroeder> | blocking incoming connections to port 25 is pointless for what your'e trying to do, since it's a privileged port |
| 16:11 | <Schroeder> | so an ordinary user couldn't do it anyway |
| 16:11 | <Schroeder> | mwalling: reconfigure the mail server |
| 16:11 | <Toba_> | I don't think you can, it's not in the MX record in any way... |
| 16:11 | <chiefinnovator> | so I just want to block all inbound connections except for http and ssh? |
| 16:11 | <Schroeder> | yeah, set the default to drop |
| 16:11 | <Schroeder> | and then set exceptions to allow for the ports you want to open up |
| 16:11 | <mwalling_> | Schroeder: you mean, reconfigure every other mailserver in the world |
| 16:12 | <encode> | yes, what you need to do is block outgoing connections to a destination of port 25, with the exception of one destination, which will be your mailserver's IP address |
| 16:12 | <Toba_> | you could edit a copy of the rfc |
| 16:12 | <Toba_> | heh. |
| 16:12 | [~] | mwalling_ blows a whistle..... |
| 16:12 | <mwalling_> | everyone is talking about a different thing! |
| 16:12 | [~] | encode stops talking |
| 16:12 | <mwalling_> | chiefinnovator: why don't you restate what you're trying to do |
| 16:13 | <Schroeder> | there's no point in blocking incoming connections to port 25 if you're trying to stop your users from running mailservers |
| 16:13 | <Schroeder> | since they can't open port 25 anyway |
| 16:13 | <Schroeder> | it accomplishes nothing |
| 16:13 | <Toba_> | yeah unless your users have root |
| 16:13 | <Toba_> | heh |
| 16:13 | <Schroeder> | Toba_: in which case you've got bigger problems to worry about first |
| 16:13 | <Schroeder> | and in which case they can easily remove any firewall rule you put in place |
| 16:13 | <chiefinnovator> | I'm trying to stop jailed users from running an SMTP server on a high port like say 25333 |
| 16:14 | <Toba_> | oh |
| 16:14 | <mwalling_> | chiefinnovator: to prevent against outbound or inbound mail? |
| 16:14 | <Toba_> | uh, then you'll either have to do somthing like packet shaping or just block them listening at all |
| 16:14 | <chiefinnovator> | outbound |
| 16:14 | <Toba_> | and blocking them listening at all is not a good solution |
| 16:14 | <chiefinnovator> | why not block them listening at all? |
| 16:14 | <Toba_> | is this a general purpose shell server? |
| 16:14 | <chiefinnovator> | no no, just a web server |
| 16:14 | <Toba_> | oh, then block away! |
| 16:15 | <mwalling_> | ok, then `iptables -A OUTPUT -p tcp --dport 25 -j REJECT` is what you want |
| 16:15 | <Toba_> | that will stop them from sending any smtp out |
| 16:15 | <mwalling_> | Toba_: 16:14 < chiefinnovator> outbound |
| 16:15 | <Toba_> | and I don't see the problem with getting smtp in if they can't send it anywhere |
| 16:15 | <Toba_> | oh, dur |
| 16:15 | <chiefinnovator> | so they'd have to address it to 25 to send any email? |
| 16:16 | <Toba_> | yeah pretty much |
| 16:16 | <Toba_> | unless they use a proxy or something |
| 16:16 | <mwalling_> | chiefinnovator: unless they could find an openrela... what he said |
| 16:16 | <Toba_> | yeah. |
| 16:16 | <Toba_> | open relays may not run on 25... |
| 16:16 | <chiefinnovator> | I should probably just block all inbound requests though, I wouldn't really want someone running any kind of server |
| 16:17 | <mwalling_> | iptables -A INPUT -p DROP |
| 16:17 | <chiefinnovator> | except my own apache server on there |
| 16:17 | <chiefinnovator> | of course |
| 16:17 | <Toba_> | heh |
| 16:17 | <Toba_> | yeah, don't do that quite |
| 16:17 | <chiefinnovator> | and i like to connect via ssh |
| 16:17 | <Toba_> | because your ssh connection will probably go poof |
| 16:17 | <@mikegrb> | lolz |
| 16:17 | <chiefinnovator> | lol |
| 16:18 | <Toba_> | put all the commands in a file, etc |
| 16:18 | <Toba_> | and make sure your LISH is in good working order :p |
| 16:18 | <chiefinnovator> | yeah |
| 16:19 | <mwalling_> | touch ~/remove-if-alive; /etc/rc.d/rc.firewall start; sleep 30; if [ -f ~/remove-if-alive ]; then /etc/rc.d/rc.firewall stop; fi |
| 16:20 | <chiefinnovator> | what's that? |
| 16:20 | <Toba_> | hah |
| 16:20 | <Toba_> | that's a dead man's switch, is what it is |
| 16:20 | <chiefinnovator> | what's the fi at the end? |
| 16:21 | <Toba_> | the end of the if |
| 16:21 | <chiefinnovator> | oh |
| 16:21 | <mwalling_> | chiefinnovator: it touches a file, then starts the firewall. if i don't ssh in and remove that file in 30 seconds, it stops the firewall, hopefully allowing me back in |
| 16:21 | <chiefinnovator> | that's pretty neat |
| 16:21 | <mwalling_> | wasn't my idea |
| 16:21 | <chiefinnovator> | is my firewall running now? |
| 16:21 | <mwalling_> | i'm not that smart |
| 16:22 | <Toba_> | me, I'd use screen and open up another shell to kill the file |
| 16:22 | <Toba_> | not ssh in again |
| 16:22 | <mwalling_> | Toba_: if your firewall kills your ssh connection... |
| 16:22 | <Toba_> | it's the same idea, you can't do either one if the firewall kills it. |
| 16:22 | <chiefinnovator> | how do you tell if the firewall is running? |
| 16:23 | <mwalling_> | iptables -nL i think |
| 16:23 | <chiefinnovator> | $ iptables -nL |
| 16:23 | <chiefinnovator> | iptables v1.3.6: can't initialize iptables table `filter': Table does not exist (do you need to insmod?) |
| 16:23 | <chiefinnovator> | Perhaps iptables or your kernel needs to be upgraded. |
| 16:23 | <mwalling_> | you need to be root |
| 16:24 | <chiefinnovator> | Chain INPUT (policy ACCEPT) |
| 16:24 | <chiefinnovator> | target prot opt source destination |
| 16:24 | <chiefinnovator> | Chain FORWARD (policy ACCEPT) |
| 16:24 | <chiefinnovator> | target prot opt source destination |
| 16:24 | <chiefinnovator> | Chain OUTPUT (policy ACCEPT) |
| 16:24 | <chiefinnovator> | target prot opt source destination |
| 16:24 | <chiefinnovator> | so I guess that means it's running? |
| 16:24 | <mwalling_> | its not a service |
| 16:24 | <mwalling_> | its a part of the kernel |
| 16:24 | <chiefinnovator> | oh |
| 16:25 | <chiefinnovator> | but you cant still stop and start it? |
| 16:25 | <mwalling_> | start and stop in this case refer to loading rules and flushing rules |
| 16:25 | <anderiv> | chiefinnovator: running == firewall rules loaded, not running == rules flushed. |
| 16:25 | <anderiv> | mwalling_: you beat me :-) |
| 16:26 | <chiefinnovator> | ah I see |
| 16:26 | |-| | Caleb [~caleb@12-214-1-103.client.mchsi.com] has joined #linode |
| 16:27 | <Caleb> | whats up linoders? |
| 16:27 | <anderiv> | Caleb: good afternoon. |
| 16:27 | <chiefinnovator> | So how can I say: the only external connections are for the web server and ssh, both inbound and outbound. But I can still run a mail client? |
| 16:27 | <anderiv> | chiefinnovator: yes |
| 16:27 | <chiefinnovator> | that seems pretty secure |
| 16:28 | <anderiv> | chiefinnovator: oh...nm. I thought you were asking *if* you could do that. |
| 16:28 | <chiefinnovator> | how do you translate that into iptable talk? |
| 16:29 | <mwalling_> | wanna do it the hard (but you'll know iptables better then God himself) way? |
| 16:29 | <chiefinnovator> | umm |
| 16:29 | <chiefinnovator> | I want to be in the bottom 20th percentile of civilian IP table knowledge :-) |
| 16:29 | <mwalling_> | http://iptables-tutorial.frozentux.net/ |
| 16:30 | <chiefinnovator> | Ok, I'll try it. Learning is good |
| 16:43 | <Caleb> | so how is the linoding goin? |
| 16:43 | <Caleb> | i have been linoding quite a bit lately... |
| 16:45 | |-| | Schroeder [1000@kntpin04-nas-02-s82.cinergycom.net] has quit [Ping timeout: 480 seconds] |
| 16:53 | <mwalling_> | chiefinnovator: this is what happens when you read that tutorial :) : |
| 16:53 | <mwalling_> | cat /etc/rc.d/rc.firewall | wc -l |
| 16:53 | <mwalling_> | 272 |
| 17:03 | |-| | aaron7 [~aaron@190.10.254.20] has joined #linode |
| 17:03 | <aaron7> | hi I'm interested in getting a linode |
| 17:03 | <Deckert> | aaron7: good for you :) |
| 17:04 | <aaron7> | wanted to find out about using xen |
| 17:04 | <Deckert> | aaron7: any specific reason you'd want to use xen? |
| 17:04 | <Caleb> | what about it? |
| 17:05 | <aaron7> | I've heard performance over UML, but biggest is reputation for my customers |
| 17:05 | <Deckert> | aaron7: then stick with UML till xen is stable |
| 17:06 | <Deckert> | aaron7: you can use Xen (Linode does offer it) but it's not quite production-ready yet |
| 17:06 | <Internat> | why would ur customers want an unstable/testing setup ? |
| 17:06 | <aaron7> | that's what I came here to find out about |
| 17:06 | <encode> | xen is considered by linode to be beta quality |
| 17:07 | |-| | paulcager changed nick to paulcager_ |
| 17:07 | <encode> | there is a channel dedicated to the linode xen beta - #linode-xenbeta |
| 17:07 | |-| | paulcager_ changed nick to paulcager |
| 17:08 | <aaron7> | Thanks. If it's not recommended yet, I'll probably need to go with another provider. |
| 17:08 | <encode> | why would you do that? another provider is going to be just as unstable |
| 17:08 | <encode> | the instability is with Xen itself |
| 17:09 | <Deckert> | aaron7: Xen is the unstable component, not Linode |
| 17:09 | <encode> | and other providers don't offer great features like virtual remote console (lish) |
| 17:09 | <mwalling_> | ummmm... when did citrix buy xen? |
| 17:10 | <aaron7> | nobody else is calling Xen unstable. |
| 17:10 | <aaron7> | What version do you use |
| 17:10 | <encode> | aaron7: maybe because they have no alternative |
| 17:10 | <encode> | aaron7: the latest version |
| 17:11 | <Deckert> | mwalling: On 2007-10-22, Citrix Systems completed its acquisition of XenSource |
| 17:11 | <aaron7> | who here speaks for linode.com? I'd hate to dismiss a company I've heard good things about because of a loudmouth on IRC |
| 17:11 | <encode> | its pretty stable unless you do heavy I/O, which can cause xen to hang |
| 17:11 | <mwalling_> | anderiv: the ops |
| 17:11 | <encode> | aaron7: anyone with +o |
| 17:11 | <tierra> | aaron7: see ops in channel |
| 17:11 | <mwalling_> | anderiv: oops... |
| 17:11 | <anderiv> | mwalling_: np |
| 17:11 | [~] | mwalling_ stabs his tab key |
| 17:12 | |-| | aaron7 [~aaron@190.10.254.20] has quit [Quit: aaron7] |
| 17:12 | <anderiv> | heh |
| 17:12 | <Deckert> | *ppof* |
| 17:12 | <Caleb> | so... for the people who don't use xen at linode...they use openVZ right? |
| 17:12 | <Deckert> | *poof* |
| 17:12 | <encode> | Caleb: no, they use UML |
| 17:12 | <anderiv> | Caleb: UML |
| 17:12 | <Caleb> | what is UML? |
| 17:13 | <anderiv> | User Mode Linux |
| 17:13 | <encode> | User Mode Linux |
| 17:13 | <encode> | it's been around a lot longer than Xen |
| 17:13 | <anderiv> | beat ya that time ;-) |
| 17:13 | <encode> | so it's much more stable |
| 17:13 | <Caleb> | i've never heard of it... |
| 17:13 | <Internat> | i dont think encode or anyone else is being a loud mouth about xen. join the #xen channel and ask them if they consider it stable enough yet :) |
| 17:14 | <encode> | Internat: also note that aaron7 didn't join the xen specific channel |
| 17:14 | <Internat> | there are plenty of companies marketing xen servers, but ultimatly there still relying on the support/assistance of the makers of xen whilst its still not at a stable level. UML has been arround for a long time, and there have been tremendous performance increases to it as of late |
| 17:15 | [~] | Deckert agrees |
| 17:15 | <Deckert> | from the 2.4 to the 2.6 kernel the jump has been enormous |
| 17:16 | <Internat> | oh. i didnt notice he quit. how unfortunate |
| 17:16 | <encode> | Internat: yeah, annoying |
| 17:16 | <Deckert> | Internat: unfortunate for him |
| 17:16 | [~] | encode wonders if he should've kept his mouth shut about xen being beta quality |
| 17:17 | <Caleb> | i dont think i've ever come across another UML provider |
| 17:17 | <Caleb> | its all virtuozzo/openvz/xen |
| 17:17 | <anderiv> | encode: nah |
| 17:17 | <Deckert> | encode: we're all so used to UML/Linode stability that we want to point it out (nay, shout it out!) |
| 17:17 | <Caleb> | oh looks like he may have joined #linode-xenbeta.... |
| 17:17 | |-| | aarone [~chatzilla@190.10.254.20] has joined #linode |
| 17:17 | <Caleb> | are you guys all using UML? |
| 17:18 | <anderiv> | Caleb: yes - through linode and at work as well. |
