| --- | Log | opened Sat Feb 16 00:00:23 2008 |
| --- | Day | changed Sat Feb 16 2008 |
| 00:00 | <asmix> | if the texas dc continues to be this slow can i be moved to the california one |
| 00:02 | <guinea-pig> | thanks tom |
| 00:02 | <Mtincasd> | HELP ME WITH TOR! |
| 00:02 | <asmix> | NO! |
| 00:02 | <asmix> | dont they have forums |
| 00:02 | <Mtincasd> | HELP! |
| 00:03 | <guinea-pig> | Mtincasd: you can't mandate help from volunteers, regardless of whether you're in the right place |
| 00:03 | <guinea-pig> | end of discussion. now go to your room! |
| 00:04 | <Mtincasd> | im in my room. |
| 00:08 | <m0unds> | TOR?! |
| 00:08 | <m0unds> | tor is fun when people don't abuse it |
| 00:08 | <m0unds> | which is..rarely ever |
| 00:08 | <m0unds> | (that people don't abuse it, i mean) |
| 00:09 | <Mtincasd> | what the heck is wrong with this thing... |
| 00:09 | <Mtincasd> | system.net.webexception |
| 00:09 | <Mtincasd> | trying to access a page and this come sup |
| 00:10 | -!- | Mtincasd [~eglkfdsir@d206-116-179-183.bchsia.telus.net] has quit [] |
| 00:13 | -!- | gdlt [~greco@user-0c99323.cable.mindspring.com] has joined #linode |
| 00:13 | -!- | greco [~greco@user-0c99323.cable.mindspring.com] has quit [Read error: Connection reset by peer] |
| 00:13 | <Aero187> | anyone know about how long it should take for an RDNS to be set live? |
| 00:13 | <@caker> | 2-24 hours |
| 00:13 | <Aero187> | thanks |
| 00:13 | <Aero187> | =) |
| 00:16 | <m0unds> | that rdns tool is spiffy as hell. |
| 00:17 | <m0unds> | i really liked being able to set rdns without having to submit a ticket or something |
| 00:17 | <asmix> | things are getting quicker now |
| 00:18 | <asmix> | or not.. sigh uploading at 5kb/s |
| 00:19 | <@tasaro> | Dallas looks fine from here |
| 00:19 | * | asmix tries a different ftp client |
| 00:19 | <Xel> | Heya tasaro |
| 00:19 | <@tasaro> | 8% [====> ] 8,010,432 1.61M/s ETA 01:27^ |
| 00:20 | <@tasaro> | Xel: morning |
| 00:21 | <Xel> | Morning? Hmm, you live in the UK? |
| 00:22 | <m0unds> | it's midnight on the east coast, that's technically morning |
| 00:22 | <Xel> | Well that's true. |
| 00:22 | <asmix> | tasaro: it's not fine for me |
| 00:22 | <bd_> | tasaro: it's from certain hosts only |
| 00:22 | <asmix> | i just got kicked off ssh again |
| 00:22 | <bd_> | tasaro: ex, 212.211.132.250 |
| 00:22 | <bd_> | tasaro: http://security.debian.org/pool/updates/main/m/mplayer/mplayer_1.0~rc1.orig.tar.gz with security.debian.org resolving to 212.211.132.250 will reproduce |
| 00:23 | <asmix> | i cant login to ssh now |
| 00:24 | <asmix> | there it goes.. ugh |
| 00:24 | <@caker> | mtr to that IP shows much loss one hop from the target |
| 00:24 | <bd_> | caker: but it's fast from fremont :) |
| 00:24 | <@tasaro> | eww 15.03K/s |
| 00:25 | <asmix> | im getting less than 1kb/s |
| 00:27 | <asmix> | Pinging kestrel.tx.us.slacked.org [67.18.208.232] with 32 bytes of data: |
| 00:27 | <asmix> | Request timed out. |
| 00:27 | <asmix> | Request timed out. |
| 00:27 | <asmix> | Reply from 67.18.208.232: bytes=32 time=137ms TTL=42 |
| 00:27 | <asmix> | Request timed out. |
| 00:27 | <@caker> | asmix: can you http://p.linode.com/ pastebin a trace to your IP from home, please? |
| 00:27 | <asmix> | sure |
| 00:29 | <asmix> | http://p.linode.com/289 |
| 00:31 | <@caker> | asmix: I opened a ticket with the datacenter with your trace |
| 00:32 | <@caker> | asmix: also: http://winmtr.sourceforge.net/ |
| 00:32 | <bd_> | caker: any news on what's been happening with L3 lately yet? :| |
| 00:32 | <asmix> | i have mtr on my linux box |
| 00:32 | <asmix> | http://ln-s.net/1ZER |
| 00:32 | <@caker> | bd_: no, but I've seen problems with them through the atlanta dc, too .. do they just suck or something? |
| 00:32 | -!- | Cnl_Delta [Cnl_Delta@61.17.220.43] has joined #linode |
| 00:33 | <bd_> | caker: well, I mean the outages in dallas really, but from what I've heard they might be L3's fault... well, i don't know, whatever's been happening with dallas anyway :) |
| 00:34 | <Eman> | i havent seen any l3 weirdness at this end (my isp only connects to them) |
| 00:37 | -!- | TheFirst [gaveup@your.friendly.neighborhood.hellmouth.info] has quit [Ping timeout: 480 seconds] |
| 00:37 | <m0unds> | i've got a couple boxes colo'd in a datacenter that has level3 transit and we haven't had any trouble |
| 00:37 | <m0unds> | but it's west coast, though, not east coast |
| 00:39 | <bd_> | dallas isn't really either :) |
| 00:39 | <m0unds> | well, it's closer to the east coast than CA :) |
| 00:39 | <m0unds> | hehe |
| 00:40 | <guinea-pig> | the gulf of mexico counts as east coast, right? |
| 00:40 | <m0unds> | because it's attached sort of indirectly to the atlantic ocean |
| 00:40 | -!- | Cnl_Delta [Cnl_Delta@61.17.220.43] has quit [] |
| 00:45 | -!- | Cnl_Delta [Cnl_Delta@61.17.220.43] has joined #linode |
| 00:56 | -!- | darkbeholder [darkbehold@54.164.240.220.dynamic.dsl.comindico.com.au] has joined #linode |
| 00:57 | -!- | thoth39 [~thoth39@201.29.240.131] has quit [Quit: Saindo] |
| 01:02 | -!- | mikegrb6 [~michael@cl-221.ewr-01.us.sixxs.net] has quit [Ping timeout: 480 seconds] |
| 01:09 | -!- | brough [~brough@broughcut.plus.com] has quit [Ping timeout: 480 seconds] |
| 01:36 | -!- | Cnl_Delta [Cnl_Delta@61.17.220.43] has quit [] |
| 02:24 | -!- | bushblows [bushblows@titan.blinkenshell.org] has left #linode [] |
| 02:31 | <robboplus> | hm how do i find out if i'm running on UML or Xen? |
| 02:32 | <robboplus> | or is it a particular DC that has Xen right now? |
| 02:32 | <asmix> | Xen is still an opt-in beta |
| 02:33 | <asmix> | if theres a Xen logo on the top right of your control panel then your set up for it |
| 02:33 | <asmix> | but you have to have requested it |
| 02:34 | <robboplus> | oh i read you - thank you very much |
| 02:34 | <asmix> | np |
| 02:34 | <robboplus> | but hm, do i gain anything from running on Xen? is faster/better/safer? just wondering |
| 02:34 | <robboplus> | is it* |
| 02:34 | <asmix> | apparently it is |
| 02:34 | <robboplus> | hm. |
| 02:34 | <asmix> | better performance |
| 02:35 | <robboplus> | one thing that i heard of is the fact that UML doesn't allow custom kernel modules and Xen does |
| 02:35 | <asmix> | it might, i'm not sure |
| 02:35 | <robboplus> | hm so overall better performance you say |
| 02:36 | <bd_> | robboplus: UML depends on your not being able to modify kernel code for security; Xen has the hypervisor for that. As such, loadable modules are safe in Xen |
| 02:36 | <bd_> | and indeed, supported in the latest xen kernel |
| 02:37 | <bd_> | (although the kernel doesn't make full use of them yet, but if you want to add a non-standard module to your kernel on the xen linodes you can) |
| 02:37 | <robboplus> | oh hello bd and thank you - that's a decent explanation he he |
| 02:37 | <robboplus> | well it's not really that i wanted to add some module right away but it surely sounds good to be as "independent" as possible |
| 02:37 | <bd_> | to be precise, the xen kernel's configured to allow loadable modules, but the build caker did didn't actually make any for you - apart from the support, it's a normal kind of throw-in-everything-you-might-need linode kernel |
| 02:38 | <bd_> | you can make your own for out-of-tree stuff |
| 02:38 | <bd_> | I know someone made an OpenAFS module |
| 02:38 | <bd_> | http://www.linode.com/src/contrib/kernel-modules/openafs/ |
| 02:39 | <bd_> | go up a few levels and the kernels source you'll need will be there too :) |
| 02:39 | <bd_> | in the future the xen kernel might be modularized more, but that brings with it some problems, such as how to make sure everyone has all the modules they need |
| 02:40 | <robboplus> | oh that's really nice of you, bd, to give such detailed info |
| 02:41 | <robboplus> | i'm kind of new here but i love it already - great community, support and overall perfect services :) |
| 02:43 | <robboplus> | i have one more question: |
| 02:45 | <robboplus> | if i run my linode360 with max mem, does it mean that i won't be able to setup another linode unless i lower that one? even though i have like 50% hd space left |
| 02:45 | <robboplus> | or will it be dynamically spread between those two |
| 02:46 | -!- | metaperl [~metaperl@cpe-75-187-102-204.insight.res.rr.com] has joined #linode |
| 02:46 | <bd_> | robboplus: er, each linode is independent |
| 02:46 | <bd_> | ie |
| 02:46 | <bd_> | if you choose to buy two linode360s |
| 02:47 | <robboplus> | oh i think i used a wrong word |
| 02:47 | <bd_> | you'll pay $40/mo, get 360mb ram each, 10gb disk (15 for annual payments) each |
| 02:47 | <bd_> | etc |
| 02:47 | <robboplus> | linode = separate service |
| 02:47 | <bd_> | ? |
| 02:47 | <robboplus> | i mean i confused a linode with profile :) |
| 02:47 | <bd_> | you can only have one profile running at a time |
| 02:47 | <robboplus> | aargh |
| 02:48 | <bd_> | cpu accounting gets tricky, you see :| |
| 02:48 | <bd_> | plus, you only get one IP by default... |
| 02:48 | <robboplus> | well i have extra and i can always buy more |
| 02:48 | <bd_> | though, you could always post a feature request to the forum |
| 02:48 | <robboplus> | i thought it was like this: |
| 02:49 | <robboplus> | when buying a linode360 i get a total of 360MB of ram and 10GB hdd space which i can configure into as many profiles as i want and run them in parallel assuming that i got enough IPs for that |
| 02:49 | <bd_> | No, you get one linode, and the config profile defines how it is to run |
| 02:49 | <bd_> | BUT |
| 02:49 | <bd_> | you could use a xen host |
| 02:49 | <bd_> | and run your own UMLs inside it :D |
| 02:49 | <robboplus> | he he |
| 02:49 | <robboplus> | sounds like fun :) |
| 02:50 | <robboplus> | hm is it possible to convert into xen or would i need to buy a new linode for that? |
| 02:50 | <bd_> | you can do it on the UML hosts too but UML-in-UML needs some tweaking I think |
| 02:50 | <robboplus> | nah, i guess it would get too tricky ;) |
| 02:50 | <bd_> | either way though there's the downside that it won't have the host kernel patch that's needed for efficient UML operation |
| 02:51 | <bd_> | what you can do is get multiple linodes, and copy disks between them |
| 02:51 | <robboplus> | mhm |
| 02:51 | <bd_> | you aren't charged for bandwidth for copying disk images between linodes from the linode manager |
| 02:51 | <bd_> | even if they're in different datacenters |
| 02:51 | <robboplus> | thats's really great |
| 02:51 | <robboplus> | looks like you thought about just everything |
| 02:51 | <bd_> | hm? |
| 02:52 | <bd_> | <-- not staff :P |
| 02:52 | <robboplus> | oh he he |
| 02:52 | <robboplus> | that's even cooler then :) |
| 02:52 | <robboplus> | as i said - nice community here |
| 02:53 | <robboplus> | hm so would happen to know if xen is available at any of the 3 DCs? |
| 02:53 | <robboplus> | would you* |
| 02:53 | <bd_> | I don't know about xen availability |
| 02:53 | <bd_> | ask caker |
| 02:53 | <robboplus> | will do |
| 02:53 | <robboplus> | well i would consider moving to xen since march |
| 02:53 | <bd_> | http://www.linode.com/avail.cfm This is the UML availability, but xen uses a different pool of hosts |
| 02:54 | <robboplus> | i read you and thank you |
| 02:54 | <bd_> | if changing IP isn't too much of an issue you could ask to be migrated to a DC that has availability, I suppose. But it's probably best to just ask caker when he's in :) |
| 02:55 | <robboplus> | hm it would be a bit hard but still doable |
| 02:55 | <robboplus> | unless there are xens in fremont which would be the easiest solution |
| 02:55 | -!- | atourino [~Antonio@201.218.81.244] has joined #linode |
| 02:55 | <robboplus> | i would just cancel my uml one and order xen |
| 02:55 | <bd_> | nono, don't do that |
| 02:55 | <bd_> | first off, you can't order xen directly |
| 02:55 | <robboplus> | aaargh. |
| 02:55 | <bd_> | what they do is configure a migration |
| 02:56 | <bd_> | and then when it's convenient to you (ie, won't kill things running at the time) |
| 02:56 | <robboplus> | oh so that's how it works |
| 02:56 | <bd_> | you hit a button on the web interface, the disks are copied, and hey presto |
| 02:56 | <robboplus> | so again linode thought just about everything there is :) |
| 02:56 | <asmix> | they really put a lot of thought into that stuff |
| 02:56 | <robboplus> | damn it really looks like it :) |
| 02:56 | <@mikegrb> | lolz |
| 02:56 | <robboplus> | i'm loving linode even more now lol |
| 02:57 | <robboplus> | heyy mikegrb :) |
| 02:57 | <asmix> | its an autoresponse ;[ |
| 02:57 | <@mikegrb> | roflz |
| 02:57 | <robboplus> | rofl.. |
| 02:57 | <robboplus> | well good to know that too :) |
| 02:57 | <bd_> | robboplus: what distribution do you use? |
| 02:57 | <robboplus> | i'm debian |
| 02:58 | <asmix> | debian ftw |
| 02:58 | <robboplus> | but i could do with ubuntu as well |
| 02:58 | <bd_> | install libc6-xen before migrating, and disable the 'move aside /lib/tls' or whatever it is on the config profile after migrating, but before first boot |
| 02:58 | <bd_> | this will help avoid certain weird issues |
| 02:58 | <robboplus> | your help and advices are just priceless |
| 02:58 | <asmix> | i had nothing to back up so i just deleted my images before migrating |
| 02:59 | <asmix> | and installed the images after |
| 02:59 | <asmix> | nice and clean |
| 02:59 | <robboplus> | asmix hm indeed i haven't got much to move either |
| 02:59 | <robboplus> | so i would rather make it quick and dirty |
| 03:00 | <bd_> | robboplus: Well, if you don't care about your data, it will indeed be much faster to delete everything first :) |
| 03:00 | <bd_> | but it doesn't take too long either way |
| 03:00 | <robboplus> | well i do care :) it's just not much - a few databases and some http stuff |
| 03:01 | <robboplus> | i just moved in and will try to stay low till the end of month :) |
| 03:01 | <bd_> | why wait for the end of the month? |
| 03:01 | <robboplus> | hm indeed |
| 03:01 | <robboplus> | if it's a migration... can be done anytime in fact |
| 03:01 | <bd_> | you can migrate whenever :) just need to put in the request, and modulo availability it'll be approved as soon as possible |
| 03:01 | <robboplus> | <--slow, just woke up |
| 03:01 | <bd_> | :) |
| 03:02 | <robboplus> | great thing is that we work in different timezones :) |
| 03:02 | <bd_> | there's a xen beta signup link somewhere in the web panel... I don't remember exactly where (I'm on it now, so obviously the signup form isn't there anymore) |
| 03:02 | <robboplus> | so migration can be done when 99% of my visitors are sleeping :) |
| 03:02 | <bd_> | so if you prod that then you'll get an email with further instructions soon |
| 03:02 | <robboplus> | or wait.. if it's fully automated (is it) then it doesn't even matter |
| 03:03 | <robboplus> | great! i will sign up then |
| 03:03 | <robboplus> | unless there are issues that i should know about with xen |
| 03:03 | <robboplus> | bd, asmix: are you on xen? |
| 03:03 | <bd_> | I am, yes |
| 03:04 | <robboplus> | so i assume that you migrated from uml too? |
| 03:04 | <bd_> | there aren't really any issues at the moment. The kernel's a bit old (but security patches etc are backported of course) |
| 03:04 | <bd_> | yeah, about 24 hours after signing up :) |
| 03:04 | <bd_> | I switched from another xen provider actually, when they were having some network issues |
| 03:04 | <robboplus> | he he so basically exactly like me :) |
| 03:04 | <robboplus> | and i switched from dedicated, expansive server |
| 03:05 | <bd_> | anyway, there were some issues with newer kernels at that time, so since then the newer, buggy kernels have all been disabled, leaving only the working 2.6.18 series, which is fine |
| 03:05 | <asmix> | robboplus: me too |
| 03:05 | <robboplus> | asmix great :) |
| 03:05 | <asmix> | i'm in the process of phasing out a dedicated server costing me way too much |
| 03:05 | <robboplus> | looks like i'm the only one on uml left here :) |
| 03:05 | <robboplus> | aargh you meant dedi |
| 03:05 | -!- | atourino [~Antonio@201.218.81.244] has quit [Quit: Leaving.] |
| 03:05 | * | bd_ finds the 'additional transfer' entry on the extras page so very quaint |
| 03:05 | <asmix> | o.o |
| 03:06 | <robboplus> | well i cancelled because they started playing bad games with me |
| 03:06 | <robboplus> | it made me think twice if i really needed a dedi |
| 03:06 | <bd_> | 40G/$10 <-- you could upgrade to the next level linode (+100G) for that, so I'm not sure why anyone would bother... :) |
| 03:06 | <asmix> | im not using a fraction of the resources on my dedi |
| 03:06 | <robboplus> | limiting bw per protocol isn't really what you expect when paying 79 euro/mo for your box |
| 03:07 | <asmix> | yea thats silly |
| 03:07 | <asmix> | i've had good experiences with awknet and staminus |
| 03:07 | <robboplus> | there were even more issues and generally their support got really bad in the last several months so i just packed up and quit, very happy now :) |
| 03:07 | <asmix> | who were you with, if you dont mind me asking |
| 03:07 | <robboplus> | bd well yes, i will consider getting more linodes in the future |
| 03:08 | <robboplus> | asmix hetzner.de |
| 03:08 | <robboplus> | it used to be a perfect company last year |
| 03:08 | <robboplus> | not anymore... |
| 03:08 | <bd_> | robboplus: the page I'm referring to is about adding resources to an existing linode... but imo the prices are such that it'd be insane to actually use it, vs just upgrading to the next level linode for +$10/mo |
| 03:09 | <robboplus> | bd aargh that you mean |
| 03:09 | <robboplus> | well i didn't analyse that yet :) |
| 03:09 | <bd_> | https://www.linode.com/members/extras.cfm this page |
| 03:09 | <robboplus> | yup |
| 03:09 | <robboplus> | i definetly want to play alot :) |
| 03:10 | <robboplus> | and linode is not just a service - it's pure FUN :) |
| 03:10 | <bd_> | it's not really an issue, it's just... quaint. Like it came from an older, simpler time. :) |
| 03:11 | <robboplus> | hm one issue i noticed so far is that i couldn't wget stuff from imageshack.us |
| 03:11 | <robboplus> | but i didn't mention that to anyone yet ;) |
| 03:12 | <robboplus> | it resolved nicely but kept hanging on the actual request |
| 03:12 | <bd_> | robboplus: which datacenter are you in? |
| 03:12 | <robboplus> | fremont |
| 03:12 | <bd_> | hmm |
| 03:12 | <robboplus> | i thought it was some weird routing issue |
| 03:12 | <bd_> | I'm in fremont, do you have an example of a url that fails? |
| 03:12 | <robboplus> | oh hm let me try one |
| 03:15 | <robboplus> | http://img151.imageshack.us/img151/9792/miasteczkomy9.png |
| 03:15 | <robboplus> | Resolving img151.imageshack.us... 38.99.76.154 |
| 03:15 | <robboplus> | Connecting to img151.imageshack.us|38.99.76.154|:80... |
| 03:16 | <bd_> | worked from me 'node |
| 03:16 | <bd_> | my* |
| 03:16 | <robboplus> | oh hm. |
| 03:16 | <bd_> | try doing a mtr or traceroute to it? |
| 03:16 | <robboplus> | damn that's weird |
| 03:16 | <robboplus> | yah, true that |
| 03:17 | <robboplus> | hm can't mtr it at all |
| 03:17 | <bd_> | at all? |
| 03:17 | <robboplus> | yup |
| 03:17 | <robboplus> | but doh! there comes the light... brb |
| 03:18 | <robboplus> | he he solved |
| 03:18 | <robboplus> | 38.0.0.0/8 |
| 03:19 | <robboplus> | i didn't like visits from PSI Cogent sometime ago |
| 03:19 | <bd_> | aha :) |
| 03:19 | <robboplus> | so i just blocked whole 38.0.0.0/8 |
| 03:19 | <robboplus> | completely forgot about it after |
| 03:19 | <bd_> | yes, blocking 1/256 of the internet can cause some connectivity issues :) |
| 03:19 | <robboplus> | had no idea that imageshack actually uses those |
| 03:19 | <robboplus> | well that's US |
| 03:20 | <robboplus> | and my traffic is 99% euro |
| 03:20 | <robboplus> | and PSI Cogent is really something strange that made me mad |
| 03:21 | <robboplus> | i was reacting quickly and didn't care to check exact networks that they use |
| 03:23 | <robboplus> | speaking of traffic, how is network performance in xen compared to uml? |
| 03:24 | <robboplus> | am i going to be positively surprised about that too? :) |
| 03:25 | <bd_> | I've not had any problems, but again I switched very early, so I don't know :) |
| 03:27 | -!- | getsmart [~getsmart@88-149-240-211.dynamic.ngi.it] has joined #linode |
| 03:31 | <asmix> | same |
| 03:33 | -!- | getsmart_ [~getsmart@88-149-241-194.dynamic.ngi.it] has joined #linode |
| 03:34 | -!- | getsmart_ [~getsmart@88-149-241-194.dynamic.ngi.it] has quit [] |
| 03:39 | <robboplus> | ok :) |
| 03:40 | -!- | getsmart [~getsmart@88-149-240-211.dynamic.ngi.it] has quit [Ping timeout: 480 seconds] |
| 03:40 | -!- | getsmart [~getsmart@88-149-241-194.dynamic.ngi.it] has joined #linode |
| 03:47 | -!- | Cnl_Delta [Cnl_Delta@61.17.220.43] has joined #linode |
| 03:51 | -!- | getsmart [~getsmart@88-149-241-194.dynamic.ngi.it] has quit [Quit: Ex-Chat] |
| 03:52 | -!- | getsmart [~getsmart@88-149-241-194.dynamic.ngi.it] has joined #linode |
| 03:52 | <Talman> | What'd PSI Cogent do? |
| 04:29 | -!- | agentbleubleu [~agentbleu@lns-bzn-32-82-254-19-87.adsl.proxad.net] has joined #linode |
| 04:30 | -!- | getsmart [~getsmart@88-149-241-194.dynamic.ngi.it] has quit [Ping timeout: 480 seconds] |
| 04:33 | <agentbleubleu> | morning all, i have a very wierd one for you today, but i suspect it will be an easy one for you all, I switched the dns and a site over to the new linode about 4 days ago, at home here we run a few computers off a router an switch, its the girlfriends site, and only on her computer (max also) she is still resolving to the old server, on my computer it switched the next day. All the stats show the traffic all but one robot |
| 04:48 | <opello> | try nslookup from both boxes? seems strange ... |
| 04:48 | <opello> | maybe the old ip got set in the hosts file by someone testing stuff? |
| 04:51 | <agentbleubleu> | ok |
| 04:51 | <agentbleubleu> | ns look up shows them both defaulting to differentl placed |
| 04:51 | <agentbleubleu> | s |
| 04:52 | <opello> | odd that it would cache so long |
| 04:52 | <agentbleubleu> | how would i check the fosts file |
| 04:52 | <agentbleubleu> | hosts file |
| 04:53 | <agentbleubleu> | especiall when were using the same connection |
| 04:54 | <agentbleubleu> | if i turned off the old server account would it wake up do you think |
| 04:55 | -!- | robboplus [~no@aje164.neoplus.adsl.tpnet.pl] has quit [Ping timeout: 480 seconds] |
| 05:08 | -!- | getsmart [~getsmart@88-149-241-194.dynamic.ngi.it] has joined #linode |
| 05:09 | -!- | getsmart [~getsmart@88-149-241-194.dynamic.ngi.it] has quit [] |
| 05:10 | -!- | NeonNero [~nn@home.neonnero.net] has quit [Ping timeout: 480 seconds] |
| 05:11 | -!- | see [~dceefc4d@webuser.linode.com] has joined #linode |
| 05:12 | -!- | NeonNero| [neonnero@home.neonnero.net] has joined #linode |
| 05:13 | -!- | NeonNero| is now known as NeonNero |
| 05:16 | -!- | see [~dceefc4d@webuser.linode.com] has quit [Remote host closed the connection] |
| 05:35 | -!- | wabz [~wabz@c211-30-185-177.artrmn2.nsw.optusnet.com.au] has quit [Ping timeout: 480 seconds] |
| 05:38 | -!- | NeonNero [neonnero@home.neonnero.net] has quit [Ping timeout: 480 seconds] |
| 05:39 | -!- | getsmart [~getsmart@88-149-241-194.dynamic.ngi.it] has joined #linode |
| 05:59 | -!- | Coffee [~Coffee@59.92.5.227] has joined #linode |
| 06:00 | <Coffee> | hi, we signed up about an hour ago and waiting for our account to be activated. Is there anything that we should do? Thanks |
| 06:14 | -!- | wabz [~wabz@c211-30-185-177.artrmn2.nsw.optusnet.com.au] has joined #linode |
| 06:35 | <Talman> | • Coffee: I do believe accounts are manually activated. Its very early in the morning in the US. • |
| 06:39 | -!- | getsmart [~getsmart@88-149-241-194.dynamic.ngi.it] has quit [Remote host closed the connection] |
| 06:39 | -!- | Coffee [~Coffee@59.92.5.227] has quit [Read error: Connection reset by peer] |
| 06:43 | -!- | praetorian [~praetoria@124-171-59-99.dyn.iinet.net.au] has quit [Remote host closed the connection] |
| 06:43 | -!- | praetorian [~praetoria@124-171-10-81.dyn.iinet.net.au] has joined #linode |
| 06:48 | -!- | glimpseba [~glimpseba@host-78-12-71-48.cust-adsl.tiscali.it] has joined #linode |
| 06:49 | <glimpseba> | hi to all |
| 06:52 | -!- | glimpseba [~glimpseba@host-78-12-71-48.cust-adsl.tiscali.it] has quit [Read error: Connection reset by peer] |
| 06:52 | -!- | LinodeJavaUser [~LinodeJav@host-78-12-71-48.cust-adsl.tiscali.it] has joined #linode |
| 06:52 | -!- | tandrey [~tandrey@ppp83-237-30-5.pppoe.mtu-net.ru] has joined #linode |
| 06:53 | <LinodeJavaUser> | i'm an happy italian linode user, how to set euro-it-keymap to my vps server? |
| 06:53 | -!- | Talman [~lazy@c-75-64-155-65.hsd1.tn.comcast.net] has quit [Read error: Connection reset by peer] |
| 06:53 | -!- | Talman [~lazy@c-75-64-155-65.hsd1.tn.comcast.net] has joined #linode |
| 06:54 | <Talman> | Hello, again. |
| 07:08 | -!- | aquarion [~aquarion@madrox.geekstuff.tv] has joined #linode |
| 07:13 | <aquarion> | Are there any current known problems with networking? I'm seeing the same packet-loss problems we had a couple of days ago |
| 07:19 | -!- | silverblade [~silverbla@80.175.108.189] has joined #linode |
| 07:23 | <silverblade> | ive got a strange problem... i can ssh to my linode, i can ping it, but http requests do not get responses any more |
| 07:25 | <silverblade> | hmm weird. just restarted webserver and fastcgi, all is well again |
| 07:29 | <Talman> | check your logs? |
| 07:30 | <silverblade> | im doing that... although i currently have "waiting data" in less and that's stalled |
| 07:35 | <@caker> | silverblade: do you know which kernel you were running at the time? |
| 07:36 | <silverblade> | 2.6.23.12-linode41 #1 Wed Feb 13 13:03:11 EST 2008 i686 GNU/Linux |
| 07:36 | <silverblade> | ah its probably because im viewing a live log |
| 07:36 | <silverblade> | "less" is waiting for more data to be written as the file is open |
| 07:37 | <@caker> | 2.6.23.1-linode36 looks like |
| 07:37 | <silverblade> | thats my uname -a |
| 07:37 | <agentbleubleu> | silverblade: i resrtared my server it worked afterwards, i think it all crashed at 6.10 am french time |
| 07:38 | <silverblade> | hmm? |
| 07:38 | <silverblade> | i literally was reading my email via webmail 10 mins ago and it happened |
| 07:44 | * | silverblade kicks apt for not having a package with a security fix |
| 07:48 | <agentbleubleu> | anyone know how to get the system to reboot automatically after a crash |
| 07:50 | <@caker> | agentbleubleu: Lassie ? |
| 07:50 | <agentbleubleu> | ok i look into that thanks |
| 07:50 | <@caker> | http://www.linode.com/forums/viewtopic.php?p=13033 |
| 07:52 | <@linbot> | New news from forums: Reboot: dallas51.linode.com in System and Network Status <http://www.linode.com/forums/viewtopic.php?t=3113>; |
| 07:57 | <agentbleubleu> | thats strange my lassie is enabled, but my system was down from 6 am till 12 when i noticed it |
| 07:57 | <agentbleubleu> | after a reboot it was ok |
| 07:57 | <agentbleubleu> | i could not ssh in or anything when it was down |
| 07:58 | <agentbleubleu> | i looked at the logs and only thing i could see was some crash todo with the email |
| 07:58 | <agentbleubleu> | at the same time |
| 07:58 | <agentbleubleu> | this is from debug Feb 16 06:10:21 li6-87 kernel: eth0: no IPv6 routers present |
| 07:59 | -!- | LinodeJavaUser9 [~LinodeJav@122.164.169.177] has joined #linode |
| 07:59 | <agentbleubleu> | from consol log Feb 16 06:16:57 li6-87 postfix/anvil[1825]: statistics: max connection rate 1/60s for (smtp:213.197.243.20) at Feb 16 06:13:36 |
| 07:59 | <agentbleubleu> | Feb 16 06:16:57 li6-87 postfix/anvil[1825]: statistics: max connection count 1 for (smtp:213.197.243.20) at Feb 16 06:13:36 |
| 07:59 | <agentbleubleu> | Feb 16 06:16:57 li6-87 postfix/anvil[1825]: statistics: max cache size 1 at Feb 16 06:13:36 |
| 08:12 | <LinodeJavaUser> | i'm an happy italian linode user, how to set euro-it-keymap to my vps server? |
| 08:18 | <Talman> | !dns dallas51.linode.com |
| 08:18 | <@linbot> | Talman: 64.5.53.19 |
| 08:18 | -!- | silverblade [~silverbla@80.175.108.189] has quit [Remote host closed the connection] |
| 08:18 | <Talman> | Well, good, I'm not on 51. |
| 08:25 | -!- | atourino [~Antonio@201.218.81.244] has joined #linode |
| 08:43 | -!- | TheFirst [gaveup@your.friendly.neighborhood.hellmouth.info] has joined #linode |
| 09:05 | -!- | LinodeJavaUser9 [~LinodeJav@122.164.169.177] has quit [Quit: LinodeJavaUser9] |
| 09:09 | -!- | sveiss [~sveiss@host86-162-212-99.range86-162.btcentralplus.com] has joined #linode |
| 09:31 | -!- | dpn` [~tripped@ppp121-45-217-235.lns2.bne1.internode.on.net] has joined #linode |
| 09:51 | -!- | Bdragon [~Bdragon@dpc6746139138.direcpc.com] has quit [Quit: HydraIRC -> http://www.hydrairc.com <- Now with extra fish!] |
| 09:55 | -!- | silverblade [~silverbla@80.175.108.189] has joined #linode |
| 10:01 | <silverblade> | Is there any rule against running a bittorrent client on a linode? A friend of mine is trying to get hold of a patch for a game (~650mb) but has been having difficulties downloading the torrent for it and there's no other alternative way to get it :/ |
| 10:02 | <silverblade> | ive got the patch on my home pc but it's going to take hours with my upstream to get it onto the linode |
| 10:02 | <A-KO> | which patch? |
| 10:02 | <A-KO> | Many game patches can be downloaded from single file servers |
| 10:02 | <silverblade> | its a LOTR online patch |
| 10:02 | <A-KO> | filefront.com |
| 10:02 | <A-KO> | send him there, no registration, decent download rate, etc. |
| 10:03 | <silverblade> | heh my bandwidth must be sapped as its taking a while to load |
| 10:04 | -!- | atourino [~Antonio@201.218.81.244] has left #linode [Leaving.] |
| 10:04 | <A-KO> | lower your upload speed |
| 10:06 | <silverblade> | they dont seem to have it |
| 10:08 | <A-KO> | uhm |
| 10:08 | <A-KO> | what's the patch? |
| 10:08 | <A-KO> | It would be better suited for your friend to run the torrent client locally on his PCX |
| 10:08 | <A-KO> | PC* |
| 10:09 | <A-KO> | Ultimately you'll be multiple wasting your linode bandwidth to give him that patch |
| 10:09 | <A-KO> | You'll be wasting bandwidth on DL, on UL, and on UL to your friend when the DL is finished |
| 10:09 | <silverblade> | they tried to run it but it wasnt downloading very fast |
| 10:09 | <A-KO> | lrn2torrent |
| 10:10 | <silverblade> | atm im using my isps bandwidth, my linodes etc |
| 10:21 | -!- | ankur [3bb484a1@webchat.mibbit.com] has joined #linode |
| 10:22 | <cruxeternus> | Question Re: Linode/Postfix. I want to have mail delivered to an encrypted /home partition. However, since my Linode be re-started without notice, and since I have to enter a passphrase/key to re-mount /home, I don't want mail that is sent while /home is un-mounted to be lost. Can Postfix hold received mail in a queue until the partition is re-mounted, or is there some other way to solve this problem? |
| 10:33 | <@caker> | perhaps not having smtp listening until everything is configured? |
| 10:37 | <cruxeternus> | I'm thinking it could be days though.. between the reboot, and my re-mounting /home... wouldn't the remote mailers eventually give up and bounce it? |
| 10:39 | <cruxeternus> | asking in freenode/#postfix to see too... it's probably too early to be asking questions like this :D |
| 10:58 | <iggy> | silverblade: to answer your question, there is no rule against running bittorrent, some trackers don't like you using default ports though |
| 11:00 | <iggy> | the only thing I can think of is 2 seperate configs |
| 11:00 | <iggy> | cruxeternus: ^^^^ |
| 11:00 | <iggy> | 1 delivers to /home when it's mounted, the other to somewhere else when it isn't mounted |
| 11:01 | <iggy> | you'll have plain text email for the periods when your /home isn't mounted, but you'll have that any ways if the mail is sitting in postfix's queue |
| 11:03 | <cruxeternus> | iggy: Yeah, I was hoping to avoid that :( |
| 11:04 | <cruxeternus> | I'm looking through local(8) now.... I might be able to just configure generous timeouts to do what I want |
| 11:04 | <mattbnz> | cruxeternus: most common mailers default to a 4-day retry window before giving up on the mail |
| 11:04 | <mattbnz> | whether you want to rely on that is up to you, people can always change it, etc |
| 11:04 | <mattbnz> | if it's really important that you get the mail while your primary MX is down you should have a secondary :) |
| 11:05 | <cruxeternus> | mattbnz: I may have to.. but if I can get postfix to just sit on it in its queue, that would be ideal :) |
| 11:05 | <mattbnz> | I'm sure you can (I don't know how to make postfix do it) but what's the point? |
| 11:05 | <mattbnz> | if you're going to let it sit in postfix's queue on disk unencrypted |
| 11:05 | <mattbnz> | why bother delivering it to an encrypted partition in the first place? |
| 11:06 | <iggy> | I don't see the difference between your unencrypted mail being delivered somewhere temporarily and it sitting in postfix's queue |
| 11:06 | <cruxeternus> | well, the theory is that would be very rare |
| 11:06 | <cruxeternus> | and for relatively short durations |
| 11:07 | <cruxeternus> | I just don't want the whole of several years worth of e-mails to sit on a hard drive outside my control unencrypted |
| 11:07 | <iggy> | pop! |
| 11:07 | <mattbnz> | i guess that's reasonable ;) |
| 11:07 | <cruxeternus> | iggy: Yeah, but then I can' access my e-mail from any computer :) |
| 11:07 | <cruxeternus> | can't* |
| 11:08 | <iggy> | are you just paranoid or do you actually have email that some people shouldn't see? |
| 11:09 | <iggy> | the difference being that one can be reasoned with, the other can't |
| 11:09 | <cruxeternus> | A little bit from column A, a little bit from column B.... |
| 11:09 | -!- | getsmart [~getsmart@88-149-241-194.dynamic.ngi.it] has joined #linode |
| 11:09 | <cruxeternus> | Actually, I don't care about any individual e-mail being seen |
| 11:09 | <cruxeternus> | I just don't want my disks collected and farmed for personal information. |
| 11:10 | <iggy> | disks collected? |
| 11:10 | <cruxeternus> | i.e. NSA |
| 11:10 | <iggy> | so you're paranoid, gotcha |
| 11:10 | <cruxeternus> | Perhaps you haven't been following the news. :P |
| 11:11 | -!- | saman [~saman@lincdhcp236131.linc.ox.ac.uk] has joined #linode |
| 11:11 | <iggy> | I must have missed the articles on the NSA stealing a bunch of web hosts hard drives |
| 11:11 | -!- | getsmart [~getsmart@88-149-241-194.dynamic.ngi.it] has quit [] |
| 11:12 | <saman> | Hi, can I ask if SELinux is supported in Xen? |
| 11:12 | <cruxeternus> | If they can wiretap without warrants, why not? |
| 11:12 | <iggy> | because that would be a little more obvious |
| 11:13 | <iggy> | anyways, like I said, one can be reasoned with, the other can't..... |
| 11:13 | <cruxeternus> | iggy: A mysterious power outage at a datacenter, with more than enough time to copy certain disks, would obviously not be the NSA? |
| 11:14 | <iggy> | saman: I think the .configs that linode uses are on the forums |
| 11:14 | <cruxeternus> | And to be clear, I'm not so worried about the NSA (or whomever) being specifically interested in me... but this is VPS land we're talking about... my neighbor could be hosting Al-Qaeda video for all I know, and the disks would be copied whole. |
| 11:16 | <iggy> | while I agree with you that there have been egregious erosions of our liberties, I also don't keep anything I don't want any gov't agencies knowing about on a VPS |
| 11:16 | <iggy> | your tinfoil hat wearing friends would be aghast |
| 11:17 | <cruxeternus> | my concern is that data getting rolled into some kind of national database, then lost to the wider internet <--- the government is very prolific at doing this |
| 11:18 | <cruxeternus> | The job I work for, has to clean up a lot of those mistakes. |
| 11:18 | <cruxeternus> | Or try to, anyway. |
| 11:19 | <iggy> | so you're like the people we had to call to come clean up the vacuum cleaner filled with lead paint chips that I spilled off the top of the submarine that one time |
| 11:19 | <iggy> | only with 1's and 0's |
| 11:20 | <iggy> | and don't worry you tree huggers out there, there was no contamination |
| 11:21 | <cruxeternus> | More like database after database of social security numbers and employment information exposed through websites |
| 11:21 | <cruxeternus> | Which have lead to identity theft and even some follow-on security violations |
| 11:22 | <Talman> | Um... |
| 11:22 | -!- | tandrey [~tandrey@ppp83-237-30-5.pppoe.mtu-net.ru] has quit [Ping timeout: 480 seconds] |
| 11:22 | <Talman> | Quite frankly, anything you transfer in and out of your VPS over the internet is already being analyzed by the NSA. |
| 11:22 | <Talman> | Just like this conversation is. |
| 11:22 | <cruxeternus> | Talman: I know and accept that |
| 11:22 | <cruxeternus> | Like I said, individual messages are not the problem |
| 11:22 | * | iggy has quit "oh fuck, wipe the drives, wipe the drives" |
| 11:23 | <Talman> | Are you actually storing sensitive or compartmentalized information on a commercial VPS? |
| 11:23 | <cruxeternus> | it's a consolidated database of years worth of e-mails with every account, every purchase, every interest that I would not want to hand over |
| 11:24 | <Talman> | So host it locally. |
| 11:24 | <cruxeternus> | Why do that, if there's a way to do it for $20/mo in a triple-backboned data center? |
| 11:25 | <Talman> | Because you're afraid of compromise by the United States Government. |
| 11:25 | <Talman> | ANd have no way to physically destroy the data. |
| 11:25 | -!- | getsmart [~getsmart@88-149-241-194.dynamic.ngi.it] has joined #linode |
| 11:25 | <cruxeternus> | I'm trying to find out if there's a solution that will allow delivery to an encrypted /home partition. |
| 11:25 | <Talman> | You realize that the NSA will just decrypt it, right? |
| 11:26 | <cruxeternus> | With their 4096 qu-bit quantum computers? |
| 11:26 | <@mikegrb> | lolz |
| 11:26 | <cruxeternus> | lol, now who's paranoid :P |
| 11:26 | <Talman> | Encryption is to delay compromise, not defeat it. |
| 11:27 | <mwalling_> | cruxeternus: why not deliver mails to a custom delivery agent, and use that to gpg-encrypt the mails before final delivery? |
| 11:27 | <Talman> | Alternatively, mount the maildir's using an encrypted loopback system. |
| 11:28 | <cruxeternus> | mwalling_: I need access via local mutt, Webmail, and Outlook... I'm guessing that would be a pain-in-the-butt to make work for all of them :) |
| 11:28 | <mwalling_> | i think (from reading the last 15lines of scrollback) that asymetric encryption is more what you want, since if you were using a truecryopt partition, you would have to be there to mount it with oyour password, and that partition will be there in wide open view while its mounted |
| 11:28 | <Talman> | Ok, are you encrypting this database of all your emails? |
| 11:28 | <Talman> | And whatever is adding to this database? |
| 11:28 | <cruxeternus> | Talman: That's exactly what I'm trying to do... the one thing stopping me is that machine reboots will require manual re-mounting of /home... but I may not be able to do that immediately... and want to make sure mail doesn't get bounced in the meantime |
| 11:28 | <mwalling_> | cruxeternus: mutt and tbird both work fine with gpg, squerrelmail has a gpg plugin, and outlook is a pos? |
| 11:29 | <cruxeternus> | mwalling_: Yes, Outlook is a pos... but you know as well as I do, that some people can't be talked out of it :P |
| 11:29 | <mwalling_> | yeah i know |
| 11:29 | * | Talman shudders. "Why are you trying to create a secure mail system when the end points aren't?" |
| 11:29 | <mwalling_> | but i also dont see the point of a truecrypted /home... |
| 11:30 | <cruxeternus> | Talman: Because individual message security is not the issue. :P |
| 11:30 | * | Talman doesn't see the point of trying to hide your emails from the NSA cause they'll just read it over the wire. |
| 11:30 | <mwalling_> | it makes sense on a laptop or a desktop, but once that partition is mounted, you lose that security |
| 11:30 | <cruxeternus> | mwalling_: I don't want my data scattered on the internet by an incompetent FBI agent who raided Linode because some kids were hosting mp3s on it |
| 11:31 | <mwalling_> | ... |
| 11:31 | <Talman> | Yeah. |
| 11:31 | <mwalling_> | once you mount that partiton, its in the clear anyway |
| 11:31 | <cruxeternus> | mwalling_: Correct. There's nothing I could do if the system was compromised live. |
| 11:31 | <Talman> | And when they seize the host software, they're going to get access to everything. |
| 11:32 | <cruxeternus> | I'm trying to protect against a power-down and seize scenario. |
| 11:32 | <cruxeternus> | Copy disks, etc. |
| 11:32 | <Talman> | But its a VPS. |
| 11:32 | <cruxeternus> | And? |
| 11:32 | <Talman> | Granted, I don't run UML, but I have run VMWare. Just freeze and dump RAM to disk. |
| 11:32 | <mwalling_> | i also think any warrents i this case would not apply to your images |
| 11:32 | <Talman> | The VPS would never know it was turned off. |
| 11:32 | <cruxeternus> | Talman: That's the live compromise scenario... nothing I can do there, you're right. |
| 11:33 | <Talman> | That's what I'm saying. They're not going to turn it off to copy the disks. |
| 11:33 | <Talman> | They're going to freeze the target VPSes, hook up a drive, and start running dd. |
| 11:33 | <Talman> | Well, they're actually going to use Encase Pro... (Which I have a copy of...) |
| 11:33 | <cruxeternus> | Talman: I guess I'm assuming (with all that means) that the FBI agent incompetent enough to blow my data all over the "intertubes" isn't competent enough to do a live Xen memory dump :P |
| 11:33 | <Talman> | You're assuming wrong. |
| 11:34 | <Talman> | It wouldn't be an FBI agent. It'd be a computer forensics technician. |
| 11:34 | <Talman> | Who has a really cool lunchbox that can rape just about any device on the market. |
| 11:34 | <Talman> | (Unfortunately, I don't have one of those.) |
| 11:34 | -!- | saman [~saman@lincdhcp236131.linc.ox.ac.uk] has quit [Quit: saman] |
| 11:34 | <mwalling_> | cruxeternus: the most an actual agent would do is wal into TP, take your host box, and ship it back to the ;ab |
| 11:34 | <cruxeternus> | One side says I'm too paranoid, the other side says I'm not paranoid enough. Which means I'm probably just about right :) |
| 11:35 | -!- | mwalling__ [~mwalling@72.171.106.148] has joined #linode |
| 11:35 | <cruxeternus> | mwalling_: That's what I'm hoping.. in which case an encrypted partition does the job. |
| 11:35 | <Talman> | But the agent will call for a forensics team. |
| 11:36 | <Talman> | Who won't power the box down. |
| 11:36 | <cruxeternus> | Again, I'm gonna lose in that scenario. I'm willing to accept that. |
| 11:36 | <Talman> | Ok. |
| 11:37 | <Talman> | Why not simply encrypt your directories with loopback? |
| 11:37 | <cruxeternus> | I just figured that an encrypted /home would be easy to do. And if I can get Postfix/local(8) to just hold onto messages until /home is re-mounted, it actually should be pretty easy. |
| 11:37 | <cruxeternus> | Talman: loopback or luks, doesn't matter... still need to manually re-mount on a re-start |
| 11:37 | -!- | getsmart_ [~getsmart@88-149-240-219.dynamic.ngi.it] has joined #linode |
| 11:38 | <Talman> | There's no way to get around manually restarting. |
| 11:38 | <cruxeternus> | I know... which is why I'm trying to find out if Postfix can hold messages in its queue until it *is* manually re-mounted. |
| 11:39 | -!- | getsmart [~getsmart@88-149-241-194.dynamic.ngi.it] has quit [Ping timeout: 480 seconds] |
| 11:39 | <Talman> | But... the queue's unsecure. And, hmm. |
| 11:39 | <cruxeternus> | Yes... a few minute's/hour's worth of a messages would be at risk :) |
| 11:39 | * | mwalling__ still says gpg |
| 11:39 | <Talman> | I would think so, I've had postfix delay writing messages for up to 5 hours till I cleaned my mail box out. |
| 11:39 | <Talman> | gpg is a good idea. |
| 11:40 | <cruxeternus> | mwalling_: I'll put that down on my list to investigate... will have to figure out an Outlook work-around though |
| 11:40 | <cruxeternus> | Talman: Ah, this is what I need to know... |
| 11:40 | <cruxeternus> | So it won't bounce just because it can't write them? |
| 11:40 | <Talman> | But I didn't set anything to do that, it came with a shared host. |
| 11:41 | <Talman> | So, ymmv, you need to check out postfix's config file. |
| 11:41 | <Talman> | here's another vote for gpg, though. |
| 11:41 | <Talman> | If you mount the /home partition with encryption, where's the key going to be stored? |
| 11:41 | <cruxeternus> | haha, yeah.. that's what I'm doing... was hoping someone knew off-hand... it's hard as heck to find this kind of stuff out through docs... seems like trial-and-error is the best way to diagnose these things :P |
| 11:41 | <cruxeternus> | Key will be on disk... but encrypted with a pass-phrase |
| 11:42 | <mwalling__> | cruxeternus: gpg4win.org |
| 11:42 | <Talman> | No, I mean... the key is going to be in memory, is it not? |
| 11:42 | <cruxeternus> | mwalling__: Ah, cool. Will check it out. |
| 11:42 | <Talman> | After all, it has to decrypt on the fly. |
| 11:42 | <mwalling__> | i'm still waiting for it to load, but the google page description looks good |
| 11:42 | <cruxeternus> | Talman: Yes, once mounted, the key is in RAM. |
| 11:42 | -!- | getsmart_ [~getsmart@88-149-240-219.dynamic.ngi.it] has quit [] |
| 11:42 | <cruxeternus> | So, like I said, live compromise can't be beaten. |
| 11:42 | <Talman> | Yeah. |
| 11:42 | <Talman> | Ok. |
| 11:42 | <Talman> | Here's the deal. |
| 11:42 | * | Talman was hosted on a server that the FBI raided. |
| 11:43 | <Talman> | For paypal fraud. |
| 11:43 | <cruxeternus> | I'm trying to protect against incompetent more than spooks. :P |
| 11:43 | <Talman> | I was in contact with The Planet. |
| 11:43 | <cruxeternus> | incompetence* |
| 11:43 | <Talman> | The simple fact is, it isn't your data that's going to get out there in the world. |
| 11:43 | <Talman> | Its going to be a live clone of your data. |
| 11:44 | <cruxeternus> | Talman: If they want my data bad enough to do that, then they can have it. :) |
| 11:44 | <cruxeternus> | I'll move to Fiji. |
| 11:44 | <Talman> | No, cruxeternus... |
| 11:44 | <Talman> | Someone on your linode server is Al BobDole. |
| 11:44 | <Talman> | What they're going to do is clone the ENTIRE hard drive, while the disk is running. |
| 11:45 | <Talman> | They'll freeze it for a second with encase. |
| 11:45 | <cruxeternus> | I don't think they can do it as one drive though. |
| 11:45 | <Talman> | Its not "Riht, we have a warrant, shut this all off and ship it back to the FBI." |
| 11:45 | <Talman> | WHy not? |
| 11:45 | <Talman> | I'm not talking about your hard drive on your linode. I'm talking about the host server's drive. |
| 11:46 | <cruxeternus> | My disk image is encrypted with a key that's stored in memory specific to my Xen VM> |
| 11:46 | -!- | getsmart [~getsmart@88-149-240-219.dynamic.ngi.it] has joined #linode |
| 11:46 | <Talman> | So they dump the RAM. |
| 11:46 | <cruxeternus> | Right, but they'd have to do it separately for each vm running. |
| 11:47 | <mwalling__> | no |
| 11:47 | <mwalling__> | the host knows of the presence of thee guest's ram. |
| 11:47 | <cruxeternus> | Oh, I see... dump all the RAM, then copy the whole disk.. then try to reverse engineer which memory slices pertained to which vm's, etc? |
| 11:48 | <Talman> | That's what you do. Copy everything. |
| 11:48 | <cruxeternus> | Like I said, for $20/mo, I can't expect to defend against that kind of forensics :P |
| 11:48 | <Talman> | Clone the box. |
| 11:48 | <Talman> | This way, you have maintained chain of custody of the entire device. |
| 11:48 | <cruxeternus> | Hell, if I hosted here in my apartment, they could break down my door and do that same damn thing :P |
| 11:49 | <cruxeternus> | So there's no way to *ever* protect against that. :P |
| 11:49 | <Talman> | Yes, so I wonder why you're trying to encrypt your mail when they'll just unencrypt it. Same result, the FIBI has your stuff, and could release it on accident. |
| 11:49 | <cruxeternus> | Unless you had some kind of case-open-triggered bomb :P |
| 11:49 | <Talman> | It doesn't matter if the warrant is for mp3shere.com |
| 11:50 | <Talman> | they're going to seize the entire box. Clone it. |
| 11:50 | <Talman> | Then turn it off and remove the drives. |
| 11:50 | <Talman> | The ENTIRE box gets entered into evidence. |
| 11:50 | <Talman> | But they take a clone of the live box first, so that they can use the RAM as evidence. |
| 11:50 | <cruxeternus> | Talman: Again, because I figure the chances of being collateral damage in some mp3 investigation are much greater than a spook performing millions of dollars of analysis on my particular Xen VM to profile my newegg shopping preferences :P |
| 11:51 | <Talman> | ... this isn't milliions of dollars. |
| 11:51 | <cruxeternus> | Dude, hammers cost $20,000 at the NSA... what do you mean it's not millions of dollars? :P |
| 11:51 | * | Talman hasn't done forensics work in a few years, but this would be about 5k worth of work. |
| 11:52 | <cruxeternus> | The actual copying might be fairly cheap... |
| 11:52 | <@caker> | yeah, don't you guys watch CSI? :) |
| 11:52 | <Talman> | Sup, caker. :) |
| 11:52 | <cruxeternus> | it's the analyzing the RAM to find the keys, then decrypt the particular disk images that takes time |
| 11:53 | <Talman> | Actually, in all the years of Linode, you ever had a box seized by the FIBI? |
| 11:53 | <cruxeternus> | caker: All Linode's come with a self-destruct-on-case-open function, right? :P |
| 11:53 | <cruxeternus> | Federal Incompetent Bureau of Investigation, he means |
| 11:53 | <@caker> | "Lemme zoom in on this ATM camera video feed that's 640x480 to read 12 pt font 200 yards down the street. Engaging Video Enhancement Protocol. Done" |
| 11:53 | <Talman> | That's not millions of dllars, cruxeternus. That's only several thousand dollars of the FBI Computer Forenics Lab's time. :) |
|
