/srv/irclogs.ubuntu.com/2011/02/14/#ubuntu-za.txt

sakhimoonin06:32
inetprogood morning07:18
superflymorning, inetpro and sakhi07:22
bmg505good morning, in another 2 hours my 5 day holiday starts07:24
* Symmetria begins his crusade against rpki in the defense of internet freedom and autonomy08:56
tumbleweedsuperfly: disabling your ubuntu-za drupal cronjob fro now.08:57
* nlsthzn watches in interest, having no clue what he sees but enjoying it non the less08:57
Symmetriaheh, nlsthzn there are proposals in the works in the global internet community that if implemented would hand governments a rather effective internet kill switch09:02
Symmetriaand the ability to very easily shut off entire isps, countries or sections of the internet09:02
Symmetriathey are *EXTREMELY* dangerous proposals backed by some extremely nasty agendas on the back end, agendas which have been fairly well hidden up till now09:02
Symmetriatrust me, life is about to get very very very interesting going forward09:03
nlsthznhe who holds the switch, holds the power... sounds like America is up to no good again09:03
Symmetriaheh, its worse than just the americans 09:03
Symmetriathis would create a situation where if two countries went to war, the one country could turn off the other country :P09:04
Symmetriait would create a situation where through some simple court orders, a government could decide that only its isp could actually function09:04
Symmetriaits... nasty09:05
Symmetriaand the implications and ramifications of the proposed policy are being very well hidden, the proponents of it with their agendas are playing up the positives rather effectively09:05
nlsthznWell, good luck with your crusade!09:07
bmg505well actually those laws are in place for telephone calls and mail and packages and even humans, so its logical that it will also happen for the internet, it does not make it right though but it does put it in perspective10:11
tumbleweednice job WA, http://ftp.wa.co.za/pub/debian/12:08
cocooncrashHah12:10
tumbleweedthat debian thing, nobody uses it, right? :)12:11
superflynope, no one12:11
superfly:-P12:11
linuxboyubuntu does12:11
tumbleweednobody will miss it then12:11
linuxboynot often though12:11
froztbyte#glug.za/freenode.#glug.za.2011.02.log:1235:2011-02-09 16:19:47<+froztbyte> have WA figured out how to run a mirror yet?12:12
froztbytetumbleweed: ^12:12
tumbleweedfroztbyte: I've been trying to educate them...12:12
tumbleweedthey seem to have worked out how to keep thier mirror in sync (although that could be luck)12:12
superflytumbleweed: did you try lots of pretty pictures in a powerpoint presentation? :-P12:12
tumbleweedthis is a new era of sillyness12:12
* sakhi thinks wa DSL console should be https.12:15
linuxboysakhi: did you see clug when someone bitched about them putting the username/password in the URL?12:18
cocooncrashsakhi: You can use HTTPS.12:18
linuxboyhttp://lists.clug.org.za/pipermail/clug-chat/2008-February/024451.html12:21
sakhilinuxboy: nope I didn't see that post.12:21
linuxboysakhi: happened in 200812:22
sakhicocooncrash: I think that page should be forced to https if it is apache webserver (not sure how you do in IIS)12:26
sakhiits good that it is encryped though.12:27
superflyyeah, I think half their problem is probably IIS and ASP.NET :-P12:32
linuxboyand the other half are some of the people who manage them?12:32
superflyno doubt :-P13:10
marcogSymmetria: any eta on resolving uct's international issues?14:22
Symmetriamarcog, uct is on drugs15:47
Symmetriathere was no problem from tenet's side with international15:47
Symmetriaif there is a problem, its internal15:47
Symmetriaand I told them this, 4 times15:47
froztbyteit's always someone else if they don't know what the problem is15:47
froztbytewe've got the same thing from our clients when they're unable to resolve their internal network issues15:48
froztbyte"must be supplier!!"15:48
marcogSymmetria: you mean icts then, sigh15:48
froztbytesee the part where inability to solve problems was mentioned15:50
Symmetriamarcog heh, if you look at the total seacom bandwidth today, there was never a drop off in traffic 15:50
marcogSymmetria: uct's internet *is* fucked though, whatever the cause15:50
Symmetriathere was a problem with international graphing because at one point we were running without the bandwidth control system (which actually means, all limits and restrictions were not in effect, which would have sped things up, not slowed them down)15:50
Symmetriayeah I see you're running at a peak of only around 150mbit 15:51
Symmetriaand a peak national at around 22015:51
Symmetriawhich is kinda low15:51
Symmetriachances are their proxies arent handling15:51
marcogit does indeed seem to be proxy issues15:51
marcogcause when i tunnel, there are no problems15:51
Symmetriaheh students back today?15:52
marcogyes!15:52
marcog:(15:52
Symmetriaproxies probably getting raped 15:52
Symmetriabecause bandwidth isnt the issue15:52
froztbytewhat hardware do their proxies run on?15:52
SymmetriaI warned them about this 15:52
Symmetriafroztbyte you dont wanna know :)15:52
froztbytewhy?15:53
Symmetria:P well, start by asking what operating system/proxy serverthey use15:53
froztbyteoh dear15:53
froztbyteI suppose we shouldn't go down this road15:54
froztbytewe've done a gigabit of live traffic across a cluster setup of our caches in testing before, so we know we can handle it15:54
froztbyteand we've got some updates coming over the next few weeks which push our capacities even further15:54
froztbytebut yeah...15:54
froztbytewhat are they, bluecoat?15:58
Symmetriafroztbyte microsoft isa16:02
Symmetriaand apparently they are busy prepping 4 new boxes to add to the cluster16:03
* froztbyte sadpandas16:05
cocooncrashfroztbyte: When I first started at UCT, the caches were squids.16:27
cocooncrashThen they changed to Novel BorderManager, which was a complete cockup.16:28
cocooncrashAnd then IIS, which wasn't much better.16:28
Symmetriahttp://www.news24.com/SouthAfrica/News/DUT-classes-resume-after-protests-20110214 16:28
Symmetriaheh16:28
Symmetrianow THERE is something that could disrupt our international bandwidth16:28
Symmetria:P since our international gateway node is there16:28
froztbytecocooncrash: as far as things go, squid's not really all that fantastic either16:29
froztbyteit /really/ is not geared for high traffic loads in its stock form16:29
Symmetriaheh lusca handles high traffic loads better than squid 16:29
froztbyteours is so patched up it looks like a totally different beast16:29
froztbyteyeah, lusca's already a helluva big step up on squid16:29
Symmetrialusca made some huge improvements and can comfortably serve a coupla gigs on a big enough box 16:30
froztbytewe ported our patchbase over to lusca, and are continuing developments there16:30
froztbyteSymmetria: depending on configuration16:30
froztbyteand traffic type across it16:30
Symmetriawe used to use lusca frontend as a load balancer for serving firefox downloads, peaked it out at around 6gigabit/second on a single box 16:30
Symmetriathe real trick to get that kinda through it.... stop caching anything :P16:30
froztbyteif you're running it as a gateway-style proxy for lots of people's connections, you need to do a loooooooooooot of tweaking16:31
Symmetriaheh we tell everyone, turn off your disk caching16:31
Symmetriaif you wanna use the stuff for logging/control fine16:31
* froztbyte kicks ASDM in the nads16:31
Symmetriajust dont try and cache anything16:32
froztbyteurgh *shudder*16:32
Symmetriabecause your disks arent fast enough to keep up 16:32
froztbytesquid + disk logging == B.A.D.16:32
froztbyteso bad16:32
froztbyteit does it synchronous :(16:32
froztbyte(the normal codebase)16:32
Symmetriaheh what they SHOULD do is just stick a damn SCE in line 16:32
Symmetriathat can do the logging for them16:32
Symmetriacompletely transparently16:33
froztbyteyes but that would require them to use their brains16:33
Symmetriaand it logs far more than a proxy server ever would :P16:33
froztbytenot just their wallets16:33
Symmetriathe sce logging facilities are... really really scary16:33
Symmetria(we disable them on the TENET sce, entirely)16:33
Symmetriabut enabled, that thing can tell you the top transmitting email address and exactly how many bytes of email they sent for the last 2 weeks 16:34
Symmetriawhich it picks up from layer 7 analysis of traffic at up to 30gigabit/second16:34
Symmetriawhich is kinda... mindblowing16:34
froztbytewe've got an SCE deployment in limbo in the one customer network at the moment16:34
froztbytewaiting on another project to finish before it can be done16:34
froztbytecan't wait to play with it :)16:35
Symmetriaheh you're gonna have fun deploying sce16:35
Symmetriasetting it up is... a bitch slut whore16:35
Symmetriaonce it works, its fine16:35
froztbytehehe16:35
Symmetriaoh and its management interface = WINDOWS ONLY 16:35
Symmetria(and you *CANNOT* use an sce without that interface)16:35
froztbyteyeah, it's roughly like the ASAs16:35
froztbyteASAs you can still kinda manage on the console....but you wouldn't want to16:36
Symmetriaheh I've worked with cisco pix enough to know how to use an ASA through the console with relative ease16:38
Symmetriathe sce is.... far far far more difficult than that16:38
froztbyteI've been getting to know the ASA console over the last while16:39
froztbyteusually mostly by poking at stuff in ASDM and then seeing what the underlying output is16:39
Symmetriaheh thing is, the SCE relies on a bunch of backend components16:40
froztbytepet peeve of mine is how crap the ASA testing/information commands are compared to the rest of the cisco line16:40
Symmetriawhats known as a collection manager16:40
Symmetriaa subscriber manager16:40
Symmetriaand a management interface16:40
Symmetriaall of which are seperate software components16:40
Symmetriathe collection manager in turn talks to a mysql database16:40
Symmetriathe sce transmits to the collection manager which decodes the shit and shoves it into mysql 16:40
Symmetriabut make no mistake, the sce is a very very powerful platform16:42
Symmetriacapable of insane throughput :)16:42
froztbyteit'll be capable of doing what this network needs for a looooooong time16:43

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!