| --- | Log | opened Tue Jan 08 00:00:05 2008 |
| --- | Day | changed Tue Jan 08 2008 |
| 00:00 | <chiefinnovator> | they don't have that for ubuntu? |
| 00:00 | <chiefinnovator> | brb |
| 00:04 | |-| | avongauss [~AVonGauss@c-76-108-54-140.hsd1.fl.comcast.net] has joined #linode |
| 00:11 | <chiefinnovator> | ok, that does seem faster |
| 00:11 | <chiefinnovator> | I still don't see why |
| 00:12 | <chiefinnovator> | I think all OUTPUT was allowed before |
| 00:12 | <chiefinnovator> | now netstat is hanging, golly what's going on? |
| 00:13 | |-| | Caleb [~caleb@12-214-1-103.client.mchsi.com] has joined #linode |
| 00:13 | <Caleb> | HI GUYS I <3 LINODE KTHX |
| 00:14 | <Bdragon> | oh, netstat always hangs if you don't use -n... |
| 00:15 | <opello> | always? |
| 00:15 | <Bdragon> | Well |
| 00:15 | <opello> | just resolves things :p |
| 00:15 | <Bdragon> | It always hangs if you have stuff without proper reverse entries :P |
| 00:15 | <Bdragon> | That was a <handwave of dismissal> around that btw |
| 00:16 | <chiefinnovator> | ok that works |
| 00:16 | <Bdragon> | It's not about OUTPUT being allowed, it's about OUTPUT being allowed right away so the kernel doesn't have to keep paperwork on the socket pair |
| 00:16 | <chiefinnovator> | ohhh |
| 00:16 | <chiefinnovator> | The only other thing is sftp now takes like 5 seconds to connect |
| 00:16 | <chiefinnovator> | it was instant before |
| 00:17 | <Bdragon> | ok, that sounds a lot like resolver issues |
| 00:17 | <chiefinnovator> | what's that? |
| 00:17 | <Bdragon> | which also is what caused the netstat slowdown |
| 00:17 | <Bdragon> | Finding out the hostname of an ip address |
| 00:17 | <Caleb> | dont you just love SFTP? i just discovered how easy it is...so much better than setting up an FTPd and stuff |
| 00:17 | |-| | Caleb [~caleb@12-214-1-103.client.mchsi.com] has left #linode [] |
| 00:17 | <chiefinnovator> | but it really seems correlated with the iptables change |
| 00:17 | |-| | Caleb [~caleb@12-214-1-103.client.mchsi.com] has joined #linode |
| 00:17 | <chiefinnovator> | yes, it's very nice, Caleb |
| 00:17 | <Bdragon> | Perhaps you blocked dns from yourself? |
| 00:18 | <chiefinnovator> | how would that work? |
| 00:18 | <Bdragon> | Not very well, I imagine |
| 00:18 | <chiefinnovator> | well I only blocked incoming connections |
| 00:19 | <chiefinnovator> | in this case my home computer is trying to connect via the ssh port (22?) to the server |
| 00:20 | <Bdragon> | Are you sure you only blocked incoming connections? |
| 00:21 | [~] | Bdragon does a few searches |
| 00:22 | <chiefinnovator> | http://pastebin.com/d226accd1 |
| 00:23 | <Bdragon> | protocol 0? |
| 00:24 | <chiefinnovator> | what's that? |
| 00:24 | <Bdragon> | uh |
| 00:24 | <Bdragon> | where's your return path? |
| 00:24 | <chiefinnovator> | what's that? |
| 00:25 | <Bdragon> | # |
| 00:25 | <Bdragon> | # Permit packets in to firewall itself that are part of existing and related connections. |
| 00:25 | <Bdragon> | # |
| 00:25 | <Bdragon> | iptables -A INPUT -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT |
| 00:25 | <Schroeder> | Do you remember the first time we met, living together in colossal times? |
| 00:25 | <Bdragon> | You need to be able to accept *return packets* from outgoing connections |
| 00:25 | <chiefinnovator> | ! |
| 00:25 | <Bdragon> | Otherwise you ask the dns server about something and then block the reply |
| 00:25 | <chiefinnovator> | wow |
| 00:25 | <chiefinnovator> | so how does anything work right now? |
| 00:25 | <Bdragon> | Well, ssh port and www port |
| 00:26 | <Bdragon> | I'd say "barely works" |
| 00:26 | <chiefinnovator> | so that could be my whole problem? |
| 00:26 | <Bdragon> | I'm frankly amazed it continuted to work without an established,related rule... |
| 00:26 | <Bdragon> | Yeah |
| 00:26 | <Bdragon> | That should fix netstat as well |
| 00:27 | <chiefinnovator> | I'm still not understanding the issue. SSH is completely open right? |
| 00:27 | <Bdragon> | Sure |
| 00:27 | <Bdragon> | but your box tries to do a dns lookup to figure out who's connecting for the logfile |
| 00:28 | <Bdragon> | which times out after 5 seconds because the firewall blocked the reply |
| 00:28 | <Bdragon> | Inject that rule and try netstat without the -n again |
| 00:28 | <Bdragon> | And then try sftp again |
| 00:29 | <chiefinnovator> | sftp works fast again yay! |
| 00:29 | <Bdragon> | Netstat should be working fast again as well |
| 00:29 | <chiefinnovator> | netstat too! |
| 00:29 | <Bdragon> | ok, good |
| 00:30 | <chiefinnovator> | you're brilliant |
| 00:30 | <chiefinnovator> | I'm still not seeing why it wasn't working though |
| 00:30 | <Bdragon> | That rule basically says "If the connection was allowed to be opened, allow returning traffic from the same connection to pass through" |
| 00:30 | <Bdragon> | Remember that communication is *TWO WAY* |
| 00:30 | <chiefinnovator> | but isn't that just the default? |
| 00:30 | <Bdragon> | DNS does not come in over the www or ssh ports |
| 00:30 | <chiefinnovator> | no? |
| 00:31 | <Bdragon> | It comes in over a random high port |
| 00:31 | <chiefinnovator> | ok, that was my confusion. |
| 00:31 | <Bdragon> | TCP has socket *PAIRS* |
| 00:31 | <Bdragon> | There's a server and a client |
| 00:31 | <chiefinnovator> | so my server could send out a dsn request but not get anything back |
| 00:31 | <Bdragon> | Well, it would get stuff back, but the firewall would steal it and throw it away |
| 00:31 | <Bdragon> | because of your input drop rule |
| 00:31 | <chiefinnovator> | someone should edit that wiki page. I didn't think that step applied to me :-) |
| 00:32 | <Bdragon> | Heh |
| 00:32 | <chiefinnovator> | that makes perfect sense now |
| 00:32 | <Bdragon> | It basically makes "single connection" sized temporary holes to allow the return traffic for a connection started by your server |
| 00:32 | <Bdragon> | But only for that connection |
| 00:32 | <chiefinnovator> | so when I try to connect to a blocked port now, it just hangs. Is that because I said to drop and not reject? |
| 00:33 | <Bdragon> | Yeah |
| 00:33 | <chiefinnovator> | wow, everything is working |
| 00:33 | <chiefinnovator> | this is great |
| 00:33 | |-| | clanehin [~lane@cpe-069-134-066-130.nc.res.rr.com] has quit [Ping timeout: 480 seconds] |
| 00:34 | <chiefinnovator> | now I just have to save these iptables settings. I think that wiki page says how |
| 00:35 | <chiefinnovator> | hmm, maybe one more thing to block |
| 00:35 | <Bdragon> | How can there be anything more to block? |
| 00:36 | <chiefinnovator> | I want to be sure someone can't set up an email server and send out spam |
| 00:36 | <chiefinnovator> | could I just block output to port 25? |
| 00:36 | <Bdragon> | Ahh, so now you don't even trust yourself? ;) |
| 00:36 | <chiefinnovator> | hmm |
| 00:37 | <chiefinnovator> | I guess that would prevent me from sending email as well |
| 00:38 | <Bdragon> | Heh, fwiw, mine: http://p.linode.com/133 |
| 00:38 | <Bdragon> | ;) |
| 00:38 | <chiefinnovator> | what's that? |
| 00:39 | <Bdragon> | My (lack of) firewall ;) |
| 00:39 | <@mikegrb> | lolz |
| 00:39 | <chiefinnovator> | lol |
| 00:39 | <chiefinnovator> | I'm a special case though ... |
| 00:39 | <Bdragon> | heh, finger root@rtk0.net |
| 00:40 | <chiefinnovator> | I've got everything running a jail, but this guy still managed to set up an stmp server http://utilitymill.com/edit/test111111 |
| 00:40 | <Bdragon> | (Somewhat of a "traditional" setup regarding handing out info on local users) |
| 00:40 | <chiefinnovator> | A nice guy, just pointing it out, nothing malicious |
| 00:41 | <Bdragon> | Uh, you're allowing people to execute raw python? |
| 00:41 | <chiefinnovator> | so can I block outgoing traffic addressed to another computer's email port? |
| 00:41 | <chiefinnovator> | Yeah, but it's in a jail |
| 00:41 | <chiefinnovator> | among other things |
| 00:41 | <Bdragon> | Suggest you don't let the jail make outgoing connections whatsoever... |
| 00:41 | <chiefinnovator> | I know I know, but people really love making screen scraping utilities |
| 00:42 | <chiefinnovator> | :-( |
| 00:42 | |-| | Caleb [~caleb@12-214-1-103.client.mchsi.com] has quit [Quit: Leaving] |
| 00:42 | <Bdragon> | Fair enough |
| 00:42 | <chiefinnovator> | and AFAIK, I can't block connections just from the jail |
| 00:42 | <Bdragon> | Why not do this: |
| 00:42 | <chiefinnovator> | you can't tell IPtables to filter by certain processes or users? |
| 00:42 | |-| | rainkid [~a254ea74@webuser.linode.com] has joined #linode |
| 00:43 | <Bdragon> | Well, you can filter on target ports |
| 00:43 | <chiefinnovator> | yeah, that's what I was thinking |
| 00:43 | <Bdragon> | why not block all target ports but 53, 80, 443 |
| 00:43 | <chiefinnovator> | what's 53, and 443? |
| 00:43 | <rainkid> | 40% packet loss to atlanta |
| 00:43 | <Bdragon> | dns, https |
| 00:43 | <chiefinnovator> | ah, so I do need those |
| 00:43 | <Bdragon> | err, I *think* 443 is https |
| 00:43 | <tpope> | it is |
| 00:44 | <tpope> | grep https /etc/services |
| 00:44 | <chiefinnovator> | so just block all other target ports across the whole server? |
| 00:44 | <tpope> | you can filter iptables on users if you need to |
| 00:44 | <chiefinnovator> | really? someone told me no |
| 00:44 | <tpope> | there's a module for it |
| 00:45 | <Bdragon> | oh? That might be better... |
| 00:45 | <chiefinnovator> | sounds complicated, would it slow down the server? |
| 00:45 | <tpope> | search for owner |
| 00:45 | <chiefinnovator> | then I could still send email |
| 00:45 | <tpope> | it's no more complicated than filtering on anything else |
| 00:46 | <tpope> | search for owner in the iptables manpage |
| 00:46 | <tpope> | if you do just filter everything, you probably want to let 22 through too |
| 00:46 | <chiefinnovator> | yeah, jailed users can't connect to lower ports anyway |
| 00:47 | <chiefinnovator> | oh no target |
| 00:47 | <chiefinnovator> | sorry |
| 00:47 | <tpope> | they can't bind to lower ports |
| 00:47 | <tpope> | I thought we were talking outgoing |
| 00:47 | <chiefinnovator> | right, we're talking about target ports |
| 00:47 | <chiefinnovator> | my mistake |
| 00:48 | <Athenon> | hey guys, whats an easy way to monitor hard drive usage, cpu, ram usage, etc? I have the latest version of ubuntu on a Linode VPS. |
| 00:48 | <npmr> | i use munin |
| 00:50 | <rainkid> | seems like gnax is throttling verizon connections... |
| 00:50 | <rainkid> | *sigh* |
| 00:50 | |-| | hpj [~hpj@189.190.15.43] has quit [Ping timeout: 480 seconds] |
| 00:50 | <rainkid> | 45% packet loss to all my atlanta linodes |
| 00:51 | <chiefinnovator> | userid or UID, is that the user name or the number? |
| 00:51 | <Athenon> | npmr: will munin do CPU and memory and stuff? it looks more like an application monitor or something |
| 00:52 | <npmr> | http://dorothy.movealong.org/munin/movealong.org/dorothy.movealong.org.html <-- Athenon, take a peek |
| 00:52 | <chiefinnovator> | how do I know if my kernel has support for the iptables owner module? |
| 00:52 | <Bdragon> | chiefinnovator: zcat /proc/config.gz | less ? |
| 00:53 | <npmr> | [inkblot@dorothy:~][inkblot@dorothy:~]$ zgrep OWNER /proc/config.gz |
| 00:53 | <npmr> | CONFIG_IP_NF_MATCH_OWNER=y |
| 00:53 | <npmr> | CONFIG_IP6_NF_MATCH_OWNER=y |
| 00:53 | <npmr> | ^-- chiefinnovator |
| 00:53 | <npmr> | looks like your answer is "Yes" |
| 00:53 | <Athenon> | hrm...im not seeing any current statistics...nothing that says "you are using 25% of your available memory (25/100)" or w/e |
| 00:53 | |-| | scorche [Blah@cpe-76-169-210-85.socal.res.rr.com] has quit [Read error: Connection reset by peer] |
| 00:53 | |-| | scorche [Blah@cpe-76-169-210-85.socal.res.rr.com] has joined #linode |
| 00:54 | <chiefinnovator> | wow, how'd you know that? |
| 00:54 | <Athenon> | if it had that, it looks like a pretty good program |
| 00:54 | <npmr> | chiefinnovator, years of experience |
| 00:54 | <chiefinnovator> | wow |
| 00:54 | <Bdragon> | Athenon: Just use top |
| 00:54 | <npmr> | Athenon, look harder |
| 00:55 | <Athenon> | top is noob tbh -_- |
| 00:55 | <Bdragon> | vmstat? |
| 00:55 | <npmr> | http://dorothy.movealong.org/munin/movealong.org/dorothy.movealong.org-memory.html <-- memory usage |
| 00:55 | <chiefinnovator> | so how do I set this up? I guess I need a default DROP for output? |
| 00:56 | <chiefinnovator> | that's tricky, how do I say allow all output for everyone but these users? |
| 00:57 | <Athenon> | ubuntu center used to be decent for this sort of thing, but it seems its gone -_- |
| 00:59 | <Bdragon> | How about just dropping those users? |
| 00:59 | |-| | scorche` [Blah@cpe-76-169-210-85.socal.res.rr.com] has joined #linode |
| 00:59 | <chiefinnovator> | except that I want them to do certain target ports |
| 01:00 | <chiefinnovator> | can you have a negative port expression :-) |
| 01:00 | <chiefinnovator> | oh wait maybe you can? |
| 01:01 | <npmr> | start specific and add broader and broader rules |
| 01:01 | <npmr> | 1) allow your restricted users to make traffic on the ports they're allowed to use |
| 01:01 | <npmr> | 2) block anything from your restricted users |
| 01:01 | <npmr> | 3) allow anything from anyone else |
| 01:02 | <npmr> | in that order |
| 01:02 | <chiefinnovator> | I see npmr. I'll try it |
| 01:03 | <chiefinnovator> | side question, how to I get the user ids? The numbers? |
| 01:04 | <npmr> | use the 'id' command |
| 01:04 | <npmr> | for example: |
| 01:04 | <npmr> | [inkblot@dorothy:~][inkblot@dorothy:~]$ id uucp |
| 01:04 | <npmr> | uid=10(uucp) gid=10(uucp) groups=10(uucp) |
| 01:04 | <npmr> | also, it's in /etc/passwd |
| 01:04 | <chiefinnovator> | thanks |
| 01:05 | |-| | scorche [Blah@cpe-76-169-210-85.socal.res.rr.com] has quit [Ping timeout: 480 seconds] |
| 01:05 | |-| | scorche` changed nick to scorche |
| 01:05 | |-| | hpj [~hpj@189.190.15.43] has joined #linode |
| 01:08 | <chiefinnovator> | npmr, step 3 doesn't require any rule, right? |
| 01:10 | <chiefinnovator> | sample rule, what am I missing: iptables -A OUTPUT -m owner --uid-owner 1001 --dport 53 -j ACCEPT |
| 01:10 | <chiefinnovator> | oh wait Unknown arg `--dport' |
| 01:10 | <chiefinnovator> | hmm |
| 01:11 | <tpope> | -m tcp |
| 01:11 | <tpope> | and -m udp |
| 01:11 | <tpope> | you need both for dns |
| 01:11 | <chiefinnovator> | so that would be two rules? |
| 01:12 | <tpope> | yes |
| 01:12 | <tpope> | actually -p not -m |
| 01:12 | <chiefinnovator> | yeah |
| 01:13 | |-| | hobbes006 [~Lin_Chuan@cm228.kappa210.maxonline.com.sg] has joined #linode |
| 01:13 | <hobbes006> | hi linoders |
| 01:13 | <hobbes006> | i am having a strange problem on my site |
| 01:14 | <chiefinnovator> | ok, this works, now I'll write up a giant script: |
| 01:14 | <chiefinnovator> | iptables -A OUTPUT -p tcp --dport 53 -m owner --uid-owner 1001 -j ACCEPT |
| 01:14 | <hobbes006> | my server crashes everytime i try to "update" my local working folder via SVN client (TortoiseSVN) |
| 01:14 | <hobbes006> | and i have to reboot the server again |
| 01:14 | <hobbes006> | any idea where i can look for a log file to see what the problem is? |
| 01:15 | |-| | irgeek [~jcsincla@cealsa01.centamin.com] has joined #linode |
| 01:15 | <npmr> | chiefinnovator, that depends on your default policies |
| 01:15 | |-| | hpj [~hpj@189.190.15.43] has quit [Ping timeout: 480 seconds] |
| 01:19 | <chiefinnovator> | where's that linode pastebin? |
| 01:19 | <npmr> | pb.linode.com |
| 01:20 | <opello> | p.linode.com |
| 01:20 | <opello> | shorter :) |
| 01:21 | <npmr> | meh |
| 01:22 | <chiefinnovator> | Ok, here's what my iptables have now: http://pastebin.linode.com/136 |
| 01:22 | <chiefinnovator> | and here's what I propose to run: http://pb.linode.com/134 |
| 01:22 | <chiefinnovator> | what do you guys think? |
| 01:24 | <npmr> | where's all that owner stuff you were asking about? |
| 01:24 | <chiefinnovator> | it's there right? |
| 01:24 | <npmr> | no |
| 01:24 | <rainkid> | okay, i know it's not just me with atlanta issues now. |
| 01:25 | <chiefinnovator> | npmr, you're looking at this one? http://pb.linode.com/134 |
| 01:25 | <npmr> | oh, whoops |
| 01:25 | <npmr> | wrong one |
| 01:25 | <chiefinnovator> | I'm about to add the owner stuff :-) |
| 01:26 | |-| | hpj [~hpj@189.190.15.43] has joined #linode |
| 01:26 | <npmr> | your new rules will have no effect |
| 01:27 | <chiefinnovator> | oh no why! |
| 01:27 | <npmr> | because of the existing rule in the OUTPUT chain |
| 01:27 | <chiefinnovator> | hmm |
| 01:27 | <npmr> | and the fact that you're appending your new rules |
| 01:27 | <chiefinnovator> | the existing rule is just for loopback, right? |
| 01:28 | <npmr> | the existing rule basically achieves nothing, anyway since the policy for the chain is ACCEPT |
| 01:28 | <chiefinnovator> | makes sense |
| 01:28 | <npmr> | you may as well just get rid of it |
| 01:28 | <npmr> | then you can add your new rules and it looks like they should work |
| 01:29 | <chiefinnovator> | Bdragon said it might let it look up the loopback faster |
| 01:29 | <Bdragon> | I could of course be wrong ;) |
| 01:29 | <npmr> | perhaps marginally |
| 01:29 | <chiefinnovator> | but that was before we figured out I wasn't allowing established connections |
| 01:29 | <chiefinnovator> | which was probably the real speed issue? |
| 01:29 | <chiefinnovator> | I'll try removing it, see if it hurts |
| 01:29 | <npmr> | if i cut the antenna off of my car, it'll increase my top speed there, too, but you don't see me running to get the pliers |
| 01:30 | <npmr> | same deal with the rearview mirrors |
| 01:31 | [~] | irgeek prefers racing stripes to improve car speed |
| 01:31 | <npmr> | chiefinnovator, actually i missed the part about the existing rule working only on the loopback device |
| 01:32 | <npmr> | chiefinnovator, nevermind my earlier comment about interfering with new rules |
| 01:32 | <chiefinnovator> | Should I put it back then? |
| 01:32 | [~] | npmr shrugs |
| 01:32 | <npmr> | your default policy for that chain will allow the traffic anyway |
| 01:33 | <chiefinnovator> | ok |
| 01:33 | <chiefinnovator> | so my new rules should work? |
| 01:33 | <npmr> | i would expect so |
| 01:33 | <chiefinnovator> | excellent |
| 01:33 | <npmr> | good night |
| 01:33 | <chiefinnovator> | I wonder how I can test it? Where's some web resource with a non standard port? |
| 01:35 | <chiefinnovator> | thanks for the help |
| 01:38 | <chiefinnovator> | what's the search for that? |
| 01:38 | <irgeek> | My SMTP server listens on 2525 |
| 01:39 | <irgeek> | Or do you want an actual http server? |
| 01:39 | <chiefinnovator> | SMTP is fine |
| 01:39 | <chiefinnovator> | mind if I try to connect? |
| 01:39 | <irgeek> | Nope. |
| 01:39 | <chiefinnovator> | address? |
| 01:39 | <irgeek> | dig mx irgeek.com ;) |
| 01:39 | <irgeek> | mt-elbert.irgeek.com |
| 01:40 | <chiefinnovator> | what's the first one? |
| 01:40 | <irgeek> | My STMP server is the MX record for my domain. And my domain is my username + .com |
| 01:41 | <chiefinnovator> | I connected |
| 01:41 | <chiefinnovator> | I assume I can't send mail? |
| 01:41 | <chiefinnovator> | connecting is enough of a test |
| 01:41 | <irgeek> | You can send to admin@irgeek.com |
| 01:41 | <irgeek> | I think... |
| 01:42 | <irgeek> | Sorry. admin@nurfherder.com |
| 01:42 | <chiefinnovator> | just connecting would be sending packets to that port though, right? |
| 01:42 | <irgeek> | Yes. |
| 01:49 | <chiefinnovator> | Thanks irgeek |
| 01:49 | <irgeek> | np |
| 01:49 | <chiefinnovator> | Those rules didn't seem to work |
| 01:49 | <chiefinnovator> | well maybe they did but the whole server seemed to stop working |
| 01:50 | |-| | Dreamer3 [~Dreamer3@74-142-174-231.dhcp.insightbb.com] has quit [Ping timeout: 480 seconds] |
| 01:50 | <irgeek> | I didn't see the beginning of the discussion. Can you pastebin your full rule set. |
| 01:51 | <chiefinnovator> | here's what I had before http://pastebin.linode.com/136 |
| 01:51 | <chiefinnovator> | and here are the rules I added: http://pb.linode.com/134 |
| 01:51 | <chiefinnovator> | maybe it's just too slow to check against all those rules? |
| 01:52 | <irgeek> | That's not so many. The iptables is pretty quick at checking rules. |
| 01:52 | <chiefinnovator> | hmm |
| 01:58 | <chiefinnovator> | what is my network interface? eth0? |
| 01:58 | <chiefinnovator> | how do I tell? |
| 01:58 | <irgeek> | Yup. |
| 01:58 | <irgeek> | ifconfig |
| 01:58 | <chiefinnovator> | thanks |
| 01:59 | <irgeek> | What do you mean the whole server stopped working? |
| 01:59 | <irgeek> | And what, exactly, are you trying to accomplish? |
| 01:59 | |-| | Dreamer3 [~Dreamer3@74-142-174-231.dhcp.insightbb.com] has joined #linode |
| 02:00 | <chiefinnovator> | I want certain users to only be able to send packets to ports 80 and 443 |
| 02:00 | <irgeek> | For a proxy server? |
| 02:01 | <chiefinnovator> | no, just my regular server |
| 02:01 | <chiefinnovator> | I don't want jailed users to be able to send email |
| 02:02 | <irgeek> | An anonymous proxy listening on port 80 or 443 would get around that. Or you just not want the mail to originate from your IP? |
| 02:02 | <chiefinnovator> | yeah, just not originate |
| 02:03 | <Toba> | if they can send anything out they can probably find a way to spam |
| 02:04 | <Toba> | so don't try to fix that problem |
| 02:04 | <chiefinnovator> | really? |
| 02:04 | <Toba> | the proxy angle, I mean |
| 02:04 | <Toba> | by all means block 25 outgoing |
| 02:04 | <chiefinnovator> | that's done |
| 02:04 | <irgeek> | Do you run an SMTP server that sends outbound mail? |
| 02:04 | <chiefinnovator> | well they can't bind to my port 25 |
| 02:05 | <chiefinnovator> | no, there's no email on this server |
| 02:05 | <irgeek> | Just block outbound on port 25 for everyone. |
| 02:05 | <irgeek> | And.. um... |
| 02:05 | |-| | h00s_ [~h00s@83-131-23-194.adsl.net.t-com.hr] has joined #linode |
| 02:07 | <irgeek> | I can't remember the port for the user mail drop service. |
| 02:09 | <chiefinnovator> | oh well, I guess that's enough for tonight. I'll fool more with iptables later |
| 02:09 | <chiefinnovator> | thanks for the help though |
| 02:10 | <irgeek> | Found it. |
| 02:10 | <chiefinnovator> | what is it? |
| 02:10 | <irgeek> | Port 587 is the submission. |
| 02:10 | <irgeek> | port |
| 02:10 | <irgeek> | It's meant as an alternate port for MUAs to submit mail for delivery. |
| 02:11 | <chiefinnovator> | interesting |
| 02:11 | <chiefinnovator> | I'll have to do that one too |
| 02:12 | <irgeek> | So if you blocked outbound connections on port 25 and 587, your users would only be able to use a proxy of some sort to send outbound mail to a host with a standard configuration. Doing that, it wouldn't originate from you IP, but the proxy's. |
| 02:12 | <chiefinnovator> | that should work |
| 02:12 | |-| | h00s [~h00s@78-0-112-78.adsl.net.t-com.hr] has quit [Ping timeout: 480 seconds] |
| 02:13 | <chiefinnovator> | I'll try it later. Thanks |
| 02:13 | <irgeek> | np |
| 02:13 | |-| | chiefinnovator [~chiefinno@c-69-255-197-73.hsd1.md.comcast.net] has quit [Quit: Leaving] |
| 02:14 | |-| | Athenon [~Athenon@r74-192-56-164.vctrcmta01.vctatx.tl.dh.suddenlink.net] has quit [Quit: Leaving] |
| 02:14 | |-| | FireSlash` [~FireSlash@70-9-220-169.area4.spcsdns.net] has quit [Read error: Connection reset by peer] |
| 02:18 | |-| | rainkid [~a254ea74@webuser.linode.com] has quit [Quit: CGI:IRC (Ping timeout)] |
| 02:43 | |-| | jsmith- [~john@peter.mcinerney.id.au] has quit [Ping timeout: 480 seconds] |
| 02:43 | |-| | chris_ [~chris@68.149.224.207] has left #linode [] |
| 02:43 | |-| | jsmith [~john@peter.mcinerney.id.au] has joined #linode |
| 02:51 | |-| | getsmart [~getsmart@88-149-241-230.dynamic.ngi.it] has joined #linode |
| 02:51 | |-| | jsmith [~john@peter.mcinerney.id.au] has quit [Ping timeout: 480 seconds] |
| 02:51 | |-| | jsmith [~john@peter.mcinerney.id.au] has joined #linode |
| 03:03 | |-| | Dreamr_3 [~Dreamer3@74-142-174-41.dhcp.insightbb.com] has joined #linode |
| 03:03 | <irgeek> | caker, mikegrb or tasaro: There's a small bug in the LPM. The Extras page has a link to submit a support ticket for upgrading, but there is no closing tag on it so the whole page becomes a link. |
| 03:05 | |-| | jsmith [~john@peter.mcinerney.id.au] has quit [Read error: Operation timed out] |
| 03:10 | |-| | jsmith [~john@peter.mcinerney.id.au] has joined #linode |
| 03:19 | <praetorian> | linkerific |
| 03:25 | |-| | sneakums [sneakums@jenny.ondioline.org] has quit [Ping timeout: 480 seconds] |
| 03:26 | |-| | marcel [~marcel@wc-50.r-195-35-150.atwork.nl] has joined #linode |
| 03:26 | |-| | bushblows [bushblows@blinkenshell.org] has quit [Read error: Connection reset by peer] |
| 03:26 | |-| | bushblows [bushblows@blinkenshell.org] has joined #linode |
| 03:26 | |-| | jsmith [~john@peter.mcinerney.id.au] has quit [Ping timeout: 480 seconds] |
| 03:27 | |-| | jsmith [~john@peter.mcinerney.id.au] has joined #linode |
| 03:29 | |-| | Schroeder [1000@kntpin04-nas-02-s248.cinergycom.net] has quit [Ping timeout: 480 seconds] |
| 03:30 | |-| | digx [~digx@c-76-109-201-140.hsd1.fl.comcast.net] has quit [Quit: digx] |
| 03:35 | |-| | jsmith [~john@peter.mcinerney.id.au] has quit [Ping timeout: 480 seconds] |
| 03:35 | |-| | jsmith [~john@peter.mcinerney.id.au] has joined #linode |
| 03:50 | |-| | jsmith [~john@peter.mcinerney.id.au] has quit [Read error: Operation timed out] |
| 03:53 | |-| | jsmith [~john@peter.mcinerney.id.au] has joined #linode |
| 04:00 | |-| | jsmith [~john@peter.mcinerney.id.au] has quit [Read error: Operation timed out] |
| 04:03 | |-| | jsmith [~john@peter.mcinerney.id.au] has joined #linode |
| 04:11 | |-| | jsmith [~john@peter.mcinerney.id.au] has quit [Read error: Operation timed out] |
| 04:11 | |-| | avongauss [~AVonGauss@c-76-108-54-140.hsd1.fl.comcast.net] has quit [Ping timeout: 480 seconds] |
| 04:13 | |-| | jsmith [~john@peter.mcinerney.id.au] has joined #linode |
| 04:28 | |-| | jsmith [~john@peter.mcinerney.id.au] has quit [Read error: Operation timed out] |
| 04:30 | |-| | jsmith [~john@peter.mcinerney.id.au] has joined #linode |
| 04:35 | |-| | christz [~christoph@193.170.135.218] has joined #linode |
| 04:45 | |-| | jsmith [~john@peter.mcinerney.id.au] has quit [Read error: Operation timed out] |
| 04:47 | |-| | jsmith [~john@peter.mcinerney.id.au] has joined #linode |
| 04:54 | |-| | jsmith [~john@peter.mcinerney.id.au] has quit [Read error: Operation timed out] |
| 04:56 | |-| | jsmith [~john@peter.mcinerney.id.au] has joined #linode |
| 05:05 | |-| | jsmith [~john@peter.mcinerney.id.au] has quit [Ping timeout: 480 seconds] |
| 05:05 | |-| | jsmith [~john@peter.mcinerney.id.au] has joined #linode |
| 05:12 | |-| | hobbes006 [~Lin_Chuan@cm228.kappa210.maxonline.com.sg] has quit [Ping timeout: 480 seconds] |
| 05:15 | |-| | getsmart [~getsmart@88-149-241-230.dynamic.ngi.it] has quit [Remote host closed the connection] |
| 05:18 | |-| | dpn` [~tripped@ppp59-167-101-105.lns3.bne1.internode.on.net] has joined #linode |
| 05:22 | |-| | jsmith [~john@peter.mcinerney.id.au] has quit [Ping timeout: 480 seconds] |
| 05:23 | |-| | jsmith [~john@peter.mcinerney.id.au] has joined #linode |
| 05:31 | |-| | jsmith [~john@peter.mcinerney.id.au] has quit [Ping timeout: 480 seconds] |
| 05:33 | |-| | jsmith [~john@peter.mcinerney.id.au] has joined #linode |
| 05:39 | |-| | jsmith [~john@peter.mcinerney.id.au] has quit [Read error: Operation timed out] |
| 05:39 | <mariorz> | could doing a system updater casue rkhunter to report file properties changes in find and locate? |
| 05:39 | <mariorz> | system update* via aptitude |
| 05:39 | <irgeek> | Yes, if they were updates. |
| 05:40 | <mariorz> | so i should check for what was updated on the aptitude logs rigt? |
| 05:41 | <mariorz> | i cant find anythong about them on /var/log/aptitude |
| 05:41 | <irgeek> | Yeah. Look at what packages were updated and where your system grabbed them from. From a different system, grab the same packages, extract and get an MD5 sum for them. |
| 05:41 | <irgeek> | Compare that to the MD5 sum of the binaries on your system/ |
| 05:42 | |-| | jsmith [~john@peter.mcinerney.id.au] has joined #linode |
| 05:42 | <mariorz> | well if i have to systems updated from the same sources running ubuntu 7.10 the md5 sum for both should be the same no? |
| 05:43 | <irgeek> | Both are in the findutils package. |
| 05:43 | <irgeek> | Yes. |
| 05:43 | <mariorz> | oh |
| 05:43 | <mariorz> | ok yeah then i see that on the aptitde logs |
| 05:43 | <mariorz> | ill check the md5 sums, thanks |
| 05:44 | <irgeek> | BTW, if you want to know which package owns an executable: dpkg -S `which locate` |
| 05:44 | <mariorz> | cool didnt know that |
| 05:45 | <irgeek> | If you want to know the owner of a file that's not an executable in your path, just replace the `which <executable>` with the path to the file. `which <executable>` is just a shortcut. |
| 05:48 | <mariorz> | handy, yeah i got that :) |
| 05:54 | |-| | jsmith [~john@peter.mcinerney.id.au] has quit [Ping timeout: 480 seconds] |
| 05:56 | |-| | jsmith [~john@peter.mcinerney.id.au] has joined #linode |
| 06:02 | |-| | jsmith [~john@peter.mcinerney.id.au] has quit [Read error: Operation timed out] |
| 06:05 | |-| | jsmith [~john@peter.mcinerney.id.au] has joined #linode |
| 06:12 | |-| | jsmith [~john@peter.mcinerney.id.au] has quit [Read error: Operation timed out] |
| 06:15 | |-| | jsmith [~john@peter.mcinerney.id.au] has joined #linode |
| 06:21 | |-| | jsmith [~john@peter.mcinerney.id.au] has quit [Read error: Operation timed out] |
| 06:22 | |-| | aNDY-away [~andy@218.79.227.107] has joined #linode |
| 06:24 | |-| | jsmith [~john@peter.mcinerney.id.au] has joined #linode |
| 06:25 | |-| | aNDY-away changed nick to Gay |
| 06:25 | |-| | Gay [~andy@218.79.227.107] has left #linode [] |
| 06:32 | |-| | jsmith [~john@peter.mcinerney.id.au] has quit [Ping timeout: 480 seconds] |
| 06:34 | |-| | jsmith [~john@peter.mcinerney.id.au] has joined #linode |
| 06:40 | |-| | jsmith [~john@peter.mcinerney.id.au] has quit [Read error: Operation timed out] |
| 06:43 | |-| | jsmith [~john@peter.mcinerney.id.au] has joined #linode |
| 06:50 | |-| | jsmith [~john@peter.mcinerney.id.au] has quit [Read error: Operation timed out] |
| 06:52 | |-| | jsmith [~john@peter.mcinerney.id.au] has joined #linode |
| 06:58 | |-| | jsmith [~john@peter.mcinerney.id.au] has quit [Read error: Operation timed out] |
| 07:02 | |-| | jsmith [~john@peter.mcinerney.id.au] has joined #linode |
| 07:08 | |-| | jsmith [~john@peter.mcinerney.id.au] has quit [Read error: Operation timed out] |
| 07:10 | |-| | TheFirst [gaveup@your.friendly.neighborhood.hellmouth.info] has joined #linode |
| 07:11 | |-| | jsmith [~john@peter.mcinerney.id.au] has joined #linode |
| 07:19 | |-| | jsmith [~john@peter.mcinerney.id.au] has quit [Read error: Operation timed out] |
| 07:21 | |-| | jsmith [~john@peter.mcinerney.id.au] has joined #linode |
| 07:22 | |-| | soul9 [~PFY@li21-144.members.linode.com] has joined #linode |
| 07:29 | |-| | jsmith [~john@peter.mcinerney.id.au] has quit [Ping timeout: 480 seconds] |
| 07:30 | |-| | jsmith [~john@peter.mcinerney.id.au] has joined #linode |
| 07:36 | |-| | jsmith [~john@peter.mcinerney.id.au] has quit [Read error: Operation timed out] |
| 07:39 | |-| | jsmith [~john@peter.mcinerney.id.au] has joined #linode |
| 07:41 | |-| | hpj [~hpj@189.190.15.43] has quit [Ping timeout: 480 seconds] |
| 07:47 | |-| | jsmith [~john@peter.mcinerney.id.au] has quit [Ping timeout: 480 seconds] |
| 07:49 | |-| | jsmith [~john@peter.mcinerney.id.au] has joined #linode |
| 07:52 | |-| | TheFirst [gaveup@your.friendly.neighborhood.hellmouth.info] has quit [Ping timeout: 480 seconds] |
| 07:54 | |-| | jsmith [~john@peter.mcinerney.id.au] has quit [Read error: Operation timed out] |
| 07:56 | |-| | hpj [~hpj@189.190.15.43] has joined #linode |
| 07:57 | |-| | getsmart [~getsmart@88-149-241-230.dynamic.ngi.it] has joined #linode |
| 07:58 | |-| | jsmith [~john@peter.mcinerney.id.au] has joined #linode |
| 08:07 | |-| | jsmith [~john@peter.mcinerney.id.au] has quit [Read error: Operation timed out] |
| 08:09 | |-| | jsmith [~john@peter.mcinerney.id.au] has joined #linode |
| 08:09 | |-| | zeroday [~zeroday@i.loled.net] has quit [Quit: leaving] |
| 08:10 | |-| | zeroday [~zeroday@i.loled.net] has joined #linode |
| 08:34 | |-| | clanehin [~lane@cpe-069-134-066-130.nc.res.rr.com] has joined #linode |
| 08:39 | <mwalling_> | the us is going to go into a recession and ban VPS? wth is he smoking... |
| 08:39 | <mwalling_> | http://www.linode.com/forums/viewtopic.php?t=2980 |
| 08:41 | <mwalling_> | i've restrained myself from talking about the OP, but what the hell? troll meat? |
| 08:42 | <irgeek> | A recession is going to cause the US to ban VPS? |
| 08:42 | [~] | irgeek falls on floor laughing |
| 08:44 | |-| | dpn` [~tripped@ppp59-167-101-105.lns3.bne1.internode.on.net] has quit [Remote host closed the connection] |
| 08:51 | <getsmart> | what is vps? |
| 08:51 | <getsmart> | I am not in the us, just curios |
| 08:51 | <mwalling_> | getsmart: what is linode? |
| 08:51 | <getsmart> | it's a provider of virtual pcs |
| 08:52 | <getsmart> | so? |
| 08:52 | <getsmart> | you mean is a vps? |
| 08:52 | <irgeek> | Virtual Private Server... |
| 08:53 | <getsmart> | ah ok |
| 08:53 | <zeroday> | virtual private server |
| 08:53 | <irgeek> | Jinx, 1,2,3,4,5,6,7,8,9,10 |
| 08:53 | <zeroday> | http://en.wikipedia.org/wiki/Vps |
| 08:53 | <getsmart> | anyone uses linodes to provide email services? |
| 08:53 | <getsmart> | how they go? |
| 08:53 | <irgeek> | Quite a few, I suspect. |
| 08:54 | <irgeek> | I've been running mail services on Linode for about a dozen domains for almost five years. |
| 08:54 | <irgeek> | I guess you could say I like it here. |
| 08:54 | <getsmart> | problem is the antispam subsystem. generakky they are very resource hungry |
| 08:55 | <getsmart> | I have used spamassassin and assp, not very satisfied of both |
| 08:55 | <irgeek> | When my Linode had 120MB of memory, spamassassin was a killer. But now it's not really an issue. |
| 08:55 | <getsmart> | and rbl I suppose SpaceHobo |
| 08:56 | <getsmart> | here in .it are strongly adopted |
| 08:56 | |-| | cake [~535b0d4e@webuser.linode.com] has joined #linode |
| 08:56 | <irgeek> | I've yet to try out a RBL with an acceptable false-positve rate for me. Meaning zero. |
| 08:56 | <cake> | :D |
| 08:56 | <zeroday> | how do I check how many bytes/mb/gb have bee transferred on eth0? |
| 08:56 | <zeroday> | * been |
| 08:56 | |-| | clanehin [~lane@cpe-069-134-066-130.nc.res.rr.com] has quit [Ping timeout: 480 seconds] |
| 08:57 | <cake> | hmm |
| 08:57 | <irgeek> | Spamassassin use RBLs, but I have the rules weighted pretty low. |
| 08:57 | <cake> | can i wiew stats for another account or can they be shared thrugh website somehow? |
| 08:57 | <irgeek> | zeroday: ifconfig |
| 08:58 | <@mikegrb> | mmm cake |
| 08:58 | <irgeek> | cake: What stats are you talking about? |
| 08:58 | <cake> | were sum gais sitting in an IRC |
| 08:59 | <cake> | and was just talking about stats on the IRC |
| 08:59 | <getsmart> | SpaceHobo, nice thing this spampd, but you need also antivirus (amavisd and assp do also that) |
| 08:59 | <cake> | but i want the stats for the whole server. |
| 09:00 | <mwalling_> | zeroday: /proc/net/dev |
| 09:00 | <@mikegrb> | mmm cake |
| 09:00 | <cake> | cake |
| 09:00 | <@mikegrb> | mmm cake |
| 09:00 | <cake> | cake |
| 09:00 | <@mikegrb> | lolz |
| 09:00 | <cake> | lol |
| 09:00 | <cake> | omfgwtfbbq |
| 09:00 | <@mikegrb> | mmm cake |
| 09:00 | <getsmart> | cake :) |
| 09:01 | <cake> | yesh? |
| 09:01 | |-| | cake [~535b0d4e@webuser.linode.com] has left #linode [] |
| 09:02 | <irgeek> | That would have gotten old quickly. |
| 09:09 | |-| | digx [~digx@c-76-109-201-140.hsd1.fl.comcast.net] has joined #linode |
| 09:10 | |-| | linville [~linville@sapphire.tuxdriver.com] has joined #linode |
| 09:11 | |-| | jsmith [~john@peter.mcinerney.id.au] has quit [Ping timeout: 480 seconds] |
| 09:12 | |-| | jsmith [~john@peter.mcinerney.id.au] has joined #linode |
| 09:14 | <@tasaro> | anyone in here? --> "Do you have any case studies/reference sites of others using Linode to run robust java-based applications on tomcat?" |
| 09:20 | |-| | jsmith [~john@peter.mcinerney.id.au] has quit [Ping timeout: 480 seconds] |
| 09:22 | |-| | jsmith [~john@peter.mcinerney.id.au] has joined #linode |
| 10:00 | |-| | tolecnal [tolecnal@login.tolecnal.net] has quit [Ping timeout: 480 seconds] |
| 10:02 | |-| | tolecnal [tolecnal@login.tolecnal.net] has joined #linode |
| 10:08 | |-| | scorche|w [~42c007b2@ice.cream.org] has joined #linode |
| 10:25 | |-| | avongauss [~AVonGauss@c-76-108-54-140.hsd1.fl.comcast.net] has joined #linode |
| 10:29 | |-| | TJF [~TJF@pat.foulston.com] has joined #linode |
| 10:34 | |-| | adj [~relax@64.22.71.31] has joined #linode |
| 10:35 | <adj> | whats the procedure for having a linode moved from one datacenter to another? |
| 10:35 | <irgeek> | Trouble ticket, I believe. |
| 10:35 | <adj> | ok. thanks |
| 10:37 | |-| | markhemp [~8995e530@webuser.linode.com] has joined #linode |
| 10:37 | <markhemp> | hey there |
| 10:37 | <irgeek> | 'lo |
| 10:37 | <markhemp> | linode n00b here |
| 10:38 | <markhemp> | looking for some good info on java-based services deployed on linode |
| 10:38 | <markhemp> | anybody out there running....tomcat? |
| 10:39 | <irgeek> | Not me. |
| 10:39 | <adj> | i imagine most linodes are running a LAMP stack or a rails stack, but the forums might have some java deployment info |
| 10:40 | |-| | nduboc [~nduboc@194.3.248.134] has joined #linode |
| 10:40 | <markhemp> | yeah I saw some |
| 10:43 | <markhemp> | what about large deployments? are there any famous examples? |
| 10:46 | |-| | jsmith [~john@peter.mcinerney.id.au] has quit [Ping timeout: 480 seconds] |
| 10:47 | |-| | irgeek [~jcsincla@cealsa01.centamin.com] has quit [Quit: Resuming human contact in 3... 2... ] |
| 10:48 | |-| | jsmith [~john@peter.mcinerney.id.au] has joined #linode |
| 10:50 | <CDMoyer> | LLPP stack! |
| 10:53 | <mwalling_> | you have to be different don't you |
| 10:53 | <adj> | linux, lighty, postgres, python? |
| 10:53 | <Pryon> | plone, possibly |
| 10:53 | <Peng> | Or LiteSpeed. :O |
| 10:53 | <CDMoyer> | I am reminded of an... 80s song. OPP! |
| 10:54 | <CDMoyer> | But, no, the last P is primarily PHP for me. |
| 10:54 | <Pryon> | I suppose plone and python are synonymous, though |
| 10:54 | <Pryon> | oh |
| 10:54 | <CDMoyer> | With some perl. |
| 10:54 | <adj> | why postgross over mysql? |
| 10:54 | <Pryon> | o.O |
| 10:54 | <Pryon> | oh |
| 10:54 | <Pryon> | I thought you said "*with* postgres over mysql" |
| 10:54 | <Peng> | ONFR! |
| 10:54 | <CDMoyer> | Mainly for a new experience. And, I had read that it was easier to keep the memory footprint down. |
| 10:55 | <Peng> | OpenBDS, Nginx, Firebird, Ruby. :) |
| 10:55 | <Peng> | OpenBSD* |
| 10:55 | <CDMoyer> | It was interesting converting some existing perl and php scripts over to postgres. |
| 10:56 | <CDMoyer> | Most of my linode uses are hobbyist and personal education, so I experiment alot. |
| 10:56 | |-| | jsmith [~john@peter.mcinerney.id.au] has quit [Ping timeout: 480 seconds] |
| 10:56 | |-| | [1]Leonord [Leonord@79.113.133.52] has joined #linode |
| 10:56 | |-| | Leonord [Leonord@79.113.133.52] has quit [Read error: Connection reset by peer] |
| 10:56 | |-| | [1][1]Leonord changed nick to Leonord |
| 10:58 | |-| | jsmith [~john@peter.mcinerney.id.au] has joined #linode |
| 11:01 | <adj> | wow. the migration process is simple |
| 11:02 | <adj> | To: Linode staff. Thanks for being awesome. |
| 11:03 | <CDMoyer> | where'd you migrate? |
| 11:05 | <adj> | dallas |
| 11:05 | <adj> | if i kept a few persistant connections open to my atlanta linode they would drop every 24 hours or so |
| 11:05 | <adj> | which got to be to annoying to bear |
| 11:06 | <adj> | s/be to/be too/ |
| 11:07 | <CDMoyer> | what do you persist that long? |
| 11:07 | <mwalling_> | CDMoyer: leaving a screen session open? |
| 11:07 | <adj> | yeah. irc was a big one |
| 11:07 | <CDMoyer> | oh, outbound connections? ew. |
| 11:08 | <adj> | em? |
| 11:08 | <adj> | err. ew? why ew? |
| 11:08 | <CDMoyer> | yeah, I leave irc and centerim up all the time in screen from fremont without issue. |
| 11:08 | <CDMoyer> | no, that they drop. |
| 11:09 | <adj> | yeah. exactly. i've been doing a lot of work with rbot, and having the damn thing drop every night was getting absurd |
| 11:09 | <CDMoyer> | is that a ruby irc bot? |
| 11:09 | <adj> | yeah |
| 11:10 | <Peng> | Atlanta blocks port 6667. |
| 11:11 | <adj> | yeah. which isn't really a big deal since there are plenty of other ports most ircd's listen on |
| 11:11 | <adj> | i never understood that port block, either |
| 11:11 | <Peng> | So apparently Atlanta sucks. |
| 11:12 | <Peng> | (Not the city, the data center. :) ) |
| 11:12 | <adj> | no. they both suck |
| 11:12 | <Peng> | DoSes, port blocking and unreliable connections. |
| 11:12 | <Peng> | Heh. |
| 11:12 | <adj> | i was pretty excited when i moved out of ATL |
| 11:12 | <Peng> | I've driven through Atlanta a couple times. First three-level overpass I've been on. |
| 11:12 | [~] | Bdragon has had excellent experiences with dallas over the last couple years... |
| 11:13 | <Bdragon> | in the whole "leave my persistent connections alone, damnit |
| 11:13 | <Bdragon> | 'department |
| 11:14 | <adj> | yeah. don't f*%k with my packets. haha |
| 11:14 | <Bdragon> | "You want to keep a socket open for 150 days? No problemo!" |
| 11:15 | <CDMoyer> | unless I can watch. [base driven porn music here] |
| 11:15 | [~] | CDMoyer ducks |
| 11:15 | [~] | Bdragon swings and misses |
| 11:15 | <CDMoyer> | er, bass |
| 11:15 | <Bdragon> | damn lag |
| 11:15 | <mwalling_> | Bdragon: must be raining in maryland :P |
| 11:15 | <Bdragon> | mwalling_: I'm on Hughesnet, remember? |
| 11:15 | <Bdragon> | I live in South Dakota. |
| 11:16 | <mwalling_> | yeah |
| 11:16 | <mwalling_> | where's your downlink station? |
| 11:16 | <mwalling_> | (hint, maryland) |
| 11:16 | <Bdragon> | I know what you meant :P |
| 11:16 | |-| | marcel [~marcel@wc-50.r-195-35-150.atwork.nl] has quit [Remote host closed the connection] |
| 11:18 | <Bdragon> | Actually, exceptionally good latency today... |
| 11:18 | <Bdragon> | Pinging darkwing.inarow.net [65.19.178.48] with 32 bytes of data: |
| 11:18 | <Bdragon> | Reply from 65.19.178.48: bytes=32 time=919ms TTL=51 |
| 11:18 | <Bdragon> | Reply from 65.19.178.48: bytes=32 time=804ms TTL=51 |
| 11:19 | <mwalling_> | rtt min/avg/max/mdev = 678.190/1047.403/1547.946/332.898 ms, pipe 2 |
| 11:19 | <mwalling_> | lucky bastard |
| 11:19 | <Bdragon> | muahahaha |
| 11:20 | <Bdragon> | And then there's my other gateway... |
| 11:20 | <Bdragon> | 5 packets transmitted, 5 received, 0% packet loss, time 4037ms |
| 11:20 | <Bdragon> | rtt min/avg/max/mdev = 239.926/251.449/277.438/15.144 ms |
| 11:21 | <Bdragon> | Too bad dialup sucks bandwidth wise :3 |
| 11:23 | <adj> | rtt min/avg/max/mdev = 72.946/73.483/74.394/0.626 ms |
| 11:23 | <adj> | how is mine THAT much better? are you really dialing in to the net? |
| 11:23 | <Bdragon> | ping satcom.rtk0.net :P |
| 11:23 | <Bdragon> | I have satellite as primary and dialup as backup |
| 11:24 | <opello> | heh |
| 11:24 | <adj> | that sucks |
| 11:24 | <adj> | 20M sync fiber here |
| 11:24 | <opello> | Bdragon needs to move a few miles into civilization |
| 11:24 | <Bdragon> | Well, I *do* live seven miles of town, and have no line of sight anywhere :P |
| 11:25 | <opello> | qwest should be able to quote you for a fiber run :) |
| 11:25 | <Bdragon> | Anyway, when I need anything better, I can always drive into town and mooch off someone |
| 11:25 | <Bdragon> | Screw qwest :P |
| 11:25 | <opello> | heh |
| 11:25 | <adj> | http://www.speedtest.net/result/219838537.png |
| 11:25 | <Bdragon> | PrairieWave 4 eva ;) |
| 11:26 | <opello> | haha |
| 11:26 | <adj> | dont look at that if you're on sattelite |
| 11:26 | <Bdragon> | Nice |
| 11:26 | <opello> | that's pretty nice |
| 11:27 | <mwalling_> | Bdragon: are you doing the split routing stuff? |
|
