--- Log opened Tue Jun 05 00:00:28 2018
02:51 <@Dagmar> It works over very short distances, when nowhere near anything else.  ;0
02:51 <@Dagmar> er ;)
05:16 -!- K`Tetch_ [~no@174-087-054-081.dhcp.chtrptr.net] has joined #se2600
05:20 -!- K`Tetch [~no@unaffiliated/ktetch] has quit [Ping timeout: 256 seconds]
07:09 <@Evilpig> from the random spam desk this morning.   "Hey. I'm Mary. WANNA RELAX? COME IN HERE, OVER 40.000 BABIES ONLINE http://bit.do/emeqH"
07:09 < PigBot>  (at bit.do)
07:44 < aestetix> ok maybe question for all of you
07:44 < aestetix> is it just me, or is it getting harder to read editorials you disagree with
07:45 < aestetix> I wonder if this is because of the polarization
07:45 < aestetix> center-left vs center-right is reasonable and fruitful
07:45 < aestetix> and these days...... rare
08:50 -!- Synx_hm [~Synx_hm@unaffiliated/synx-hm/x-1623004] has joined #se2600
08:52 < Synx_hm> Anybody feel like learning me on best practice of network segmentation/server security... Im struggling with how best to secure a management vlan that has stuff like IPMI, switch mgmt, firewall ssh access etc on it. My issue is that i have some server/services that i want to reside on the mgmt vlan but also be on the L2 home subnet and possible also on a L2 quarantine type subnet for things that are wan facing
08:52 < Synx_hm> for example Plex, i want it to be on the same L2 as my home net but i also dont really like the idea of portforwarding from my wan into that subnet, though perhaps plex is a bad example
08:53 < Synx_hm> or this, plex is in a docker container id also like to have containers that should only be wan facing so maybe put them in a dmz type vlan
08:53 < Synx_hm> but the concern then is that docker host has interfaces on mgmt, dmz, and lan, if it gets compromised them everything else is toast
08:54 < Synx_hm> kinda defeats the purpose of network segregation to begin with
08:54 < Synx_hm> i had considered trying to maybe do private port vlan setup on the mgmt net so devices only could talk directly to the router and do ACL there, but then if i ever lock myself out i might be in a bad spot
08:55 < Synx_hm> im wondering if a L3 switch is maybe the key to this mess
08:56 < Synx_hm> sorry about the wall of text, this has been bugging me for a while
08:59 <@Corydon76_> Synx_hm: There are enough what-ifs in that wall of text to suggest that you simply want the management computer to be completely disconnected from any other VLAN.
08:59 < Synx_hm> ha ya that was a bit all over the place
08:59 <@Corydon76_> You're dealing with the classic problem of security versus convenience.
09:00 <@Corydon76_> It is convenient to be able to access your management ports from anywhere.  But it is not absolutely secure.
09:01 <@Evilpig> there's almost always going to be some point of convergence between your insecure and secure world.  the best practice is to keep that to a minimum
09:01 < Synx_hm> basically here is what i want to know, im migrating my zfs pool to linux, on this single ubuntu host i am going to have my entire zfs pool, nfs shares, direct network access to vcenter for a datastore nfs share, and also run containers for both internal facing stuff (plex, rss, etc) and external wan facing stuff (torrent, speedtest, web file share, etc)
09:01 <@Corydon76_> So the question comes down to, are you willing to allow tradeoffs for convenience or not. Find the risk level you're willing to accept, and you'll have your answer.
09:01 < Synx_hm> vaid, you boiled it down to exactly my issue i think, i just need to make up my mind on "how" secure i want/need
09:02 <@Corydon76_> Sounds like you want a segregated storage vlan, at the very least.
09:02 < Synx_hm> Evilpig, do you have plex 34200 directly wan facing or put it through some sort of reverse proxy?
09:02 <@Evilpig> both
09:02 <@Evilpig> :D
09:02 < Synx_hm> Evilpig, head esplode
09:02 <@Evilpig> for the people that hit it externally the port goes direct to the server
09:03 <@Evilpig> I have a secondary proxy that is a back door that is is proxied through an intermediary 
09:04 < Synx_hm> ahh, i had considered setting up a reverse proxy doing tls client cert validation for quick remote access for a few things
09:04 < Synx_hm> but i have vpn into the net anyways so i guess no point
09:05 < Synx_hm> Corydon76_, i've actually been toying with the idea of putting a reverse proxy in front of the mgmt vlan for lan net access with tls client cert
09:07 <@Corydon76_> Synx_hm: I would love for browsers to be able to work with client certs that are password protected for that purpose.
09:08 <@Corydon76_> Because if the client cert isn't protected, you're back to the "what you have can be stolen" problem
09:08 < Synx_hm> Corydon76_, on that note i was thinking putting a cert pair on my yubi for that exact reason
09:08 <@Corydon76_> What you have and what you know gives you better authentication
09:10 < Synx_hm> totally agreed
09:12 <@Corydon76_> For some reason, this reminded me of the old AIM wars, where AOL required you to hash a set of addresses from the binary of their own client in order to authenticate that you were using AOL's native messenger
09:13 < Synx_hm> ha
09:14 < Synx_hm> Evilpig, you doing hardware transcoding on your plex server? im really wishing my e3-1240v2 had intel quicksync or what ever they call it
09:14 <@Evilpig> no
09:14 <@Evilpig> everytime I've switched on hardware I get complaints that it looks horrible
09:14 <@Evilpig> and it does
09:15 <@Evilpig> any fast action gets translated into what looks like 640x480 with all the artifacting
09:16 <@Evilpig> I have an nvidia 1060 in my desktop that I am going to try it with to see if that is any better
09:19 < Synx_hm> cool, ive been trying to get the live tv solution working lately but where i sit on a hill i just cannot get a good shot at the station towers i care about (had my rf engineer neighbor over and neither of us can build a sweet enough antenna for the job haha)
09:20 < Synx_hm> i took my hdhomerun to my sisters house in murfreesboro and put my antenna in her attic when i get some more time going to setup a point to point vpn link and drop the live stream into plex that way ha
09:20 <@Evilpig> that works
09:21 < Synx_hm> praying it does, we are both on att gigabit so hoping the link stays up most of the time
09:22 <@Evilpig> fuckin' dba's
09:22 < Synx_hm> really dont want to have to buy the hdhomerun that supports h.264 on the fly though
09:22 <@Evilpig> don't look at /proc/meminfo and try to tell me how a server is configured damnit
09:23 <@Evilpig> dba pulled this from meminfo HugePages_Total:    3072  then opened a ticket for me to increase his hugepage sum to 6G
09:23 <@Evilpig> completely ignoring Hugepagesize:       2048 kB
09:23 <@brimstone> wat
09:24 <@Evilpig> oracle uses hugepages
10:22 <@Corydon76_> https://www.acsh.org/news/2018/06/04/anus-rectum-objects-orifices-13046
10:22 < PigBot> Anus & Rectum: Objects In Orifices | American Council on Science and Health (at www.acsh.org) http://tinyurl.com/yd34rmdy
10:22 <@Corydon76_> SFW
13:03 <@Dagmar> Evilpig: You should do it.  *evilgrin*
13:08 <@Dolemite> something something be0tche and h0ez!@
13:09 <@eryc> there's an article somewhere that gives you all the sysctl settings you need for oracle
13:09 <@eryc> its not that difficult
13:21 <@Evilpig> Dagmar: I have.  then I had to fix it when the stupid thing didn't want to boot
13:22 <@Evilpig> that lead to a change in my nagios check for their memory usage and allocation to alert us if someone does something like that again
13:24 -!- _Synx [~Synx_hm@unaffiliated/synx-hm/x-1623004] has joined #se2600
13:27 -!- Synx_hm [~Synx_hm@unaffiliated/synx-hm/x-1623004] has quit [Ping timeout: 264 seconds]
13:28 <@eryc> oracle calculates its own memory constraints
13:28 <@eryc> your dba probabaly isn't smart enough to do it manually
13:29 <@eryc> if you set the correct sysctl's based on system memory oracle will not have any issues managing its own memory
13:38 <@Evilpig> the email I sent back to him after he was defending his claiming that the hugepage total was 3g had to have left him feeling like a fucking moron
13:39 <@Evilpig> I didn't put anything else with it just this:
13:39 <@Evilpig> Pages: 3072
13:39 <@Evilpig> PageSize: 2048
13:39 <@Evilpig> Allocated= 3072 * 2048 = 6,291,456 
13:39 <@Evilpig> 6,291,456 / 1024 / 1024 = 6GB
13:42 <@eryc> you guys like python?
13:43 <@eryc> try this for some lulz
13:43 <@eryc> float(1.2).as_integer_ratio()
13:44 <@opticron> huh
13:44 <@opticron> that's fun
13:45 <@eryc> i thought so
13:47 <@Evilpig> wtf
14:15 -!- shapr [~shapr@haskell/developer/shapr] has left #se2600 ["ERC Version 5.3 (IRC client for Emacs)"]
14:20 <@Dagmar> Jacked up floating point values?
14:20 <@Dagmar> I'd have thought people would be used to seeing shit like 1.5 magically becoming 1.499999999999999999 by now
14:25 <@eryc> > eryc, 1.2 can't be represented with summing a finite series of 2^n terms
14:25 <@eryc> > eryc, but 1.5 can (2^0 + 2^-1)
14:25 <@eryc> > see also https://docs.python.org/3/tutorial/floatingpoint.html
14:25 < PigBot> 15. Floating Point Arithmetic: Issues and Limitations — Python 3.6.5 documentation (at docs.python.org) http://tinyurl.com/k3szr8a
15:05 <@Mirage> grilled some brats for lunch.  finished off the old bottle of Ingelhoffer's Horserdish Sauce and opened a new one.  Holy sht the new one is hot.
15:07 <@Mirage> The new "seasonal" Johnsonville Queso Brats are OK btw.  Not bad, but not awesome either.
15:34 <@eryc> i heard they added paper and wire for a new line of sausages but backed out at the last minute
15:35 <@eryc> and arrested some dude
15:36 <@Evilpig> Mirage: I had me some lamb chops and oven roasted potatoes. :D
16:00 -!- Warcop [~josh@mobile-166-170-59-7.mycingular.net] has joined #se2600
17:34 -!- skiboy [skiboy@gateway/vpn/privateinternetaccess/skiboy] has joined #se2600
17:43 -!- _Synx [~Synx_hm@unaffiliated/synx-hm/x-1623004] has quit [Ping timeout: 276 seconds]
18:30 -!- _Synx [~Synx_hm@unaffiliated/synx-hm/x-1623004] has joined #se2600
18:38 -!- _Synx [~Synx_hm@unaffiliated/synx-hm/x-1623004] has quit [Quit: Leaving]
18:46 <@Dagmar> https://www.gamespot.com/articles/new-diablo-game-project-in-development-blizzard-co/1100-6459406/
18:46 <@Dagmar> ...and just like that, E3 doesn't matter.
18:46 < PigBot> New Diablo Game Project In Development, Blizzard Confirms - GameSpot (at www.gamespot.com) http://tinyurl.com/y8smop8x
18:53 <@Evilpig> That rumor has been out a while.  D4
19:48 -!- ezelkow1 [~ezelkow1@2601:282:702:1eb8:52e5:49ff:fe3d:790a] has quit [Quit: ZNC - http://znc.in]
19:49 -!- ezelkow1 [~ezelkow1@2601:282:702:1eb8:52e5:49ff:fe3d:790a] has joined #se2600
19:49 -!- mode/#se2600 [+o ezelkow1] by ChanServ
19:51 -!- ezelkow1 [~ezelkow1@2601:282:702:1eb8:52e5:49ff:fe3d:790a] has quit [Client Quit]
19:56 -!- ezelkow1 [~ezelkow1@2601:282:702:1eb8:52e5:49ff:fe3d:790a] has joined #se2600
19:56 -!- mode/#se2600 [+o ezelkow1] by ChanServ
19:58 -!- rhia [~rhia@wtcdsl-66-165-15-89.whidbeyteldsl.net] has quit [Read error: Connection reset by peer]
19:58 -!- rhia [~rhia@wtcdsl-66-165-15-89.whidbeyteldsl.net] has joined #se2600
19:58 -!- mode/#se2600 [+o rhia] by ChanServ
20:01 <@ezelkow1> yay, i can haz znc, having that steamos box is handy, seems like at least 50% of its usage is just running various bots for myself
20:03 <@ezelkow1> need to figure out how to go and service-ify all my discord bots and steam card farming instead of using my flock scripts
20:14 -!- ezelkow1 [~ezelkow1@2601:282:702:1eb8:52e5:49ff:fe3d:790a] has quit [Quit: ZNC - http://znc.in]
20:14 -!- ezelkow1 [~ezelkow1@2601:282:702:1eb8:52e5:49ff:fe3d:790a] has joined #se2600
20:14 -!- mode/#se2600 [+o ezelkow1] by ChanServ
20:20 <@ezelkow1> and converted, now to just figure out how to run one on intervals, and not run if already running, since that was the main purpose of flock
21:12 -!- skiboy [skiboy@gateway/vpn/privateinternetaccess/skiboy] has quit [Quit: Leaving]
21:26 -!- skiboy [skiboy@gateway/vpn/privateinternetaccess/skiboy] has joined #se2600
22:30 -!- skiboy [skiboy@gateway/vpn/privateinternetaccess/skiboy] has quit [Quit: Leaving]
23:34 <@Dagmar> THat's because the command "/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin" makes no sense
23:34 <@Dagmar> @#$@
--- Log closed Wed Jun 06 00:00:29 2018