/srv/irclogs.ubuntu.com/2018/02/16/#ubuntu-server.txt

cpaelzergood morning06:28
lordievaderGood morning07:13
ak5hi, I ws upgrading mysql when my ssh crapped out (wasn't in tmux lel) and now I am having issues with it not being configured, tried a bunch of things like `dpkg --reconfigure -a` and removing and reinstalling it... any ideas? https://paste.ubuntu.com/p/QN2v4RvZjR/08:21
rbasakak5: could you edit /var/lib/dpkg/info/mysql-server-5.7.postinst please? Where it says "set -e", make it "set -ex". Then attempt "dpkg --configure mysql-server-5.7" again and pastebin the result. The change will show us where it's failing, and hopefully then I'll have a better idea of what's going on.08:33
ak5will do08:34
ak5rbasak: https://paste.ubuntu.com/p/vPdY7Zf9tS/09:02
ak5sorry that took a while09:02
rbasakLooking09:05
rbasakStill looking09:12
rbasakak5: I can't make sense of this.09:23
rbasakak5: please could you also pastebin /var/lib/dpkg/info/mysql-server-5.7.postinst ? I'd like to check I'm comparing against the right thing09:23
rbasakOh09:25
rbasakI'm comparing against the wrong thing09:25
rbasakOK I've made sense of that pastebin now09:27
rbasakak5: can you check /var/log/mysql/error.log please?09:27
ak5checking09:36
ak5rbasak: https://paste.ubuntu.com/p/4XktNmTjsn/09:37
ak5rbasak: sorry I dropped and didn't notice :(10:21
ak5It's very strange that uninstall and reinstall doesn't work10:22
ak5is it a dpkg issue?10:22
rbasakak5: do you have another mysqld process running?10:42
rbasakIt's not a dpkg issue10:42
rbasakIt's something up with your MySQL installation10:42
ahasenackrbasak: hi, good morning. I updated https://code.launchpad.net/~ahasenack/ubuntu/+source/ubuntu-advantage-tools/+git/ubuntu-advantage-tools/+merge/33721311:12
ahasenackif you could please take another look11:12
ahasenackcommits are on top, no rebase11:12
ak5rbasak: ok I am going to nuke everything mysql related and try again11:12
ak5I am not using mysqld anywhere else11:13
rbasakak5: please make a note of the steps you take. If it happens again and we know exactly what you did, that'll make it much easier to understand what is going on, identify a bug if there is one, etc.11:20
rbasakahasenack: ack11:21
ahasenackthanks11:23
ahasenackrbasak: it also looks like the zstd packages haven't migrated to proposed11:23
rbasakahasenack: stuck in binNEW I expect. Needs an AA?11:23
rbasakahasenack: yeah: https://launchpad.net/ubuntu/xenial/+queue?queue_state=0&queue_text=11:24
rbasakahasenack: does the cronjob really need to be hourly?11:25
rbasakNothing else is hourly by default.11:25
ahasenackrbasak: the livepatch daemon checks in hourly with the livepatch server11:26
ahasenackthat's why I used hourly11:26
rbasakIt's not running by default though presuably?11:26
ahasenackno, it's not11:26
ahasenacknote that "ua status" doesn't ping the network11:27
ahasenackrbasak: I pinged #ubuntu-devel about zstd11:34
ahasenackrbasak: I'll also ping them again about sssd stuck in excuses11:35
ahasenackI have a file I can just copy & paste by now :)11:35
ahasenackhm, I seem to have misplaced that file11:36
rbasakahasenack: when you need an AA, #ubuntu-release is where people tend to ask11:36
ahasenackI did ask there first (sssd) iirc11:37
ahasenackfound it11:39
rbasakahasenack: you're still making a blocking call to $UA_STATUS (which is bash) on first run, no?12:05
rbasakahasenack: AIUI, 50-motd-news doesn't do that. It exits if the cache isn't present if run from PAM.12:05
ahasenackrbasak: on the very first one, yes, if there is no cache12:05
ahasenackyou rather we just exit if there is no cache?12:06
ahasenacknote that the first call also creates the cache12:06
rbasakI'd rather we not have bash ever run on the critical path12:06
rbasakThe first login is still a critical path12:06
ahasenackok12:06
ahasenackI'll fix that12:06
ahasenackrbasak: this update will take a bit longer, as it breaks a lot of tests12:31
jamespagecoreycb: do you think we should do the same thing re boost headers in percona-xtrabackup as I've done in pxc 5.713:24
jamespagei.e just repack the upstream tarball with the required headers13:24
coreycbjamespage: i would say yes if xtrabackup has a hard dependency on a specific version of boost13:25
coreycbjamespage: and it's not in distro13:25
jamespagecoreycb: same with mysql and friends13:26
jamespagecoreycb: I've pushed my bundle-boost.sh changes to the jp-review-fixes branch for pxc5713:26
coreycbjamespage: ok taking a look13:27
Isla_de_MuerteGuys any ideas why the First Byte is that shtty now with SSL https://www.webpagetest.org/result/180216_AD_02d43cf636c0cd19f17ef216943bdefb/ ? I've checked a lot of stuff, tried to fix some others but it seems like it sucks..13:28
jamespagecoreycb: I'm having a tinker with switching to gcc-7 as well13:28
lordievaderIsla_de_Muerte: What kind of setup are you  using? (I'm getting A on that test for my own website)13:37
coreycbjamespage: that seems better, creates a single orig tarball now?13:38
jamespagecoreycb: yes allowing us to using gbp + pristine-tar again13:38
coreycbjamespage: cool. maybe we can do that for horizon sometime.13:38
lordievaderIsla_de_Muerte: Looking at the explanation of that test I barely made it 389/400 ms.13:39
Isla_de_Muertelordievader, Ubuntu 14.04, Apache 2.4.7, OpenSSL 1.0.1f, created the CA through webmin with LetsEncrypt13:39
Isla_de_MuerteWithout SSL that site was full A :/13:39
lordievaderIsla_de_Muerte: The full explanation of the first byte time: The target time is the time needed for the DNS, socket and SSL negotiations + 100ms. A single letter grade will be deducted for every 100ms beyond the target.13:40
lordievaderIsla_de_Muerte: Are you forcing a cipher for which you do not have hardware acceleration?13:41
Isla_de_Muertelordievader, I've made the cipher changes based on ssllabs test, didn't really check them out tbh13:42
lordievaderIsla_de_Muerte: Does your webserver prefer an AES cipher and does your cpu support AES?13:43
Isla_de_Muertelordievader, hmm the server is using Intel(R) Xeon(R) CPU E3-1240 v3 @ 3.40GHz let me check it out13:46
lordievaderOh, that supports AES.13:46
Isla_de_MuerteYeah it does according to cpuinfo :P13:47
patdk-lapwell, what cipher is being used?13:51
patdk-lapaes is NOT the issue13:51
rbasakahasenack: in apt.sh, if you're using --force-confold you should probably also use the matching ucf flag13:51
rbasakIt's an environment variable IIRC13:51
patdk-lapdoesn't matter if you had no hardware support or not, AES it not the problem13:51
ahasenackrbasak: no idea what that is13:51
Isla_de_Muertepatdk-lap, isn't that dependable on the browser/etc ?13:52
Isla_de_MuerteOr I have no idea what I am saying13:52
patdk-lapdepends on the browser and the server13:52
ahasenackrbasak: is this new in this version, or was the same code just moved to the apt.sh "module"?13:52
patdk-lapbut if you don't know what is being used, how can you fix it?13:52
rbasakahasenack: it might be in my diff because it moved13:52
patdk-laphow do you even know what is wrong13:52
rbasakahasenack: to be clear, this isn't a review comment.13:53
rbasakJust something that might want fixing as it might bite some time13:53
patdk-laplordievader, please, the bulk data cipher is not the problem13:53
Isla_de_Muertepatdk-lap, like I previously said I followed ssllabs and editing the apache confi file to the following:13:53
Isla_de_MuerteSSLProtocol ALL -SSLv2 -SSLv313:53
Isla_de_MuerteSSLHonorCipherOrder on13:53
Isla_de_MuerteSSLCipherSuite "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS +RC4 RC4"13:53
ahasenackrbasak: worth noting down so it's not forgotten13:53
rbasakahasenack: yeah that's why I mentioned it :)13:53
ahasenackrbasak: feel free to add it as a review comment, or a bug to be fixed13:53
patdk-lapIsla_de_Muerte, so that is what you perfer, but WHAT WAS USED?13:54
patdk-lapand following ssllabs is great, for SECURITY, not speed13:54
rbasakahasenack: the shell code is good quality, but its structure means that it's hard to understand the packaging implications of the entire package without reading all the shell code13:54
ahasenacklots of indirections indeed13:54
patdk-lapthough, your not following ssllabs at all, cause you have rc4 enabled?13:54
lordievaderpatdk-lap: Then please explain what the problem is.13:55
Isla_de_Muertepatdk-lap, sorry, I really do not know how I can see that. I've got rc4 enabled for older browsers13:55
ahasenackrbasak: thanks for the careful review13:55
patdk-laplordievader, pki time13:55
patdk-lapas it always is13:55
patdk-lapif it was aes that was the issue, the download would take longer, but setup time would remain the same13:56
patdk-lapaes is NOT used during session setup13:56
lordievaderAny way to reduce the delay? Or is it a simple, heavy calculation, takes time, type of thing?13:57
patdk-lapit's a heavy calculation13:57
lordievaderOk, sorry for mentioning AES -.-13:57
patdk-lapjust change it to use something not so heavy13:57
patdk-lapsince we don't know what is being used, since he likely didn't log it13:57
patdk-lapwe have no idea what to change from and to13:57
lordievaderIsla_de_Muerte: ^13:57
patdk-lapDHE is heavy as crap13:57
patdk-laphttps://wiki.mozilla.org/Security/Server_Side_TLS13:58
ahasenackrbasak: got the tests fixed finally13:58
ahasenackRan 97 tests in 7.776s13:58
patdk-lapmozilla balanaces speed first, over pure best encryption for their recommendations13:58
ahasenackbut I need some small refactoring now to avoid code duplication13:58
Isla_de_MuerteThanks for the info and help guys. I'll look how to log this, figure out what is being used and change it13:59
patdk-lapmost systems can do around 80 RSA transactions a second13:59
patdk-lapthat means 80 connections a second :)14:00
patdk-lapunless you have session reuse (tickets/tokens) and the user previously visited your site14:00
sforsheesbeattie, jjohansen: we keep having test errors on the apparmor config options as we move between having and not having stacking patches, what do you guys think of making the test something like this (unstested)? http://paste.ubuntu.com/p/WYPvYFQVbM/14:00
patdk-lapbut that isn't what your solving for here14:00
patdk-lapand if your like mine14:05
patdk-lapit will be 0.2 seconds fast14:05
patdk-lapbut considering yours is 0.4, you will only resolve 0.2 seconds of your issue14:05
patdk-lapthe rest is just you have so many files14:05
patdk-lapso many little images is the issue14:06
sforsheesbeattie, jjohansen: or rather like this - http://paste.ubuntu.com/p/Z53PktVDzh/14:07
Neo1postfix is MTA agent that transport mail form MUA to other MTA or to local mail inbox14:12
Neo1with SMTP14:12
Neo1relay them to other MTA14:13
Neo1after this his work is done14:13
Neo1after transfering or delivering the message postfix job ends14:13
Neo1other servers are responsible for getting message to the end users14:14
Neo1firewall is not an application... this is concept...14:17
Neo1Email is the largest network on the planet14:19
coreycbjamespage: finally got congress and magnum uploaded, they were fun.15:40
jjohansensforshee: I'm fine with that16:32
Isla_de_Muertepatdk-lap, DHE it is16:37
patdk-laptry using one from the mozilla link I posted16:38
patdk-laphopefully that will drop DHE down the list some16:38
patdk-lapodd though, cause ssllabs claims you should be using ecdhe and not dhe with your current config :(16:39
Isla_de_MuerteI don't even have dhe on my config file tbh16:41
patdk-lapalso remember, your first hit is a redirect to ssl16:41
patdk-lapand that is a good 0.3s delay you cannot fix16:41
patdk-lapit's in your config16:41
patdk-lapcause you don't have !DHE16:41
Isla_de_MuerteOh16:41
patdk-lapand it's enabled by default16:41
Isla_de_MuerteDidn't know that16:42
Isla_de_MuerteYeah I know about the redirect, was comparing to google (lol) which takes way less time16:42
Isla_de_MuerteBut I doubt I can lower that part16:42
patdk-lapwhere is the redirect happening16:42
patdk-laphopefully in the webserver, aka, apache/nginx/...16:42
patdk-lapand not via php16:43
Isla_de_Muertehtaccess16:43
patdk-lapok16:43
ahasenackrbasak: latest fix (don't generate the cache at login, ever) pushed16:46
ahasenackthanks16:46
sdezielIsla_de_Muerte: the HTTP->HTTPS redirection can be reduced with HSTS16:47
sdezielIsla_de_Muerte: but yeah, on the first visit there is a latency hit due to the redirection16:47
Isla_de_Muertesdeziel, ty I will look it up!16:48
patdk-lapsdeziel, not for a first time visitor16:48
patdk-lapso it wont help in this specific test case no, returning users, sure16:48
sdezielpatdk-lap: indeed, for that there is HSTS preload but that's a different can of worms ;)16:50
patdk-lapyep16:50
patdk-lapsaw someone that did preload16:51
patdk-lapthe sample hsts they lifted from a tutorial had the preload tag in it16:51
patdk-lapand it was added into all the browsers16:51
patdk-lapand he couldn't figure out why non-http wasn't working16:51
sdezielwow, I thought you needed to opt-in in addition to having the flag16:52
patdk-lapnope, the prelog tag is the optn flag16:52
patdk-lappreload16:52
patdk-lapnow, google doesn't *automatically find* your website16:52
patdk-lapbut on a google crawl of it, or if you submit the website, it will get added16:52
sdezielhttps://hstspreload.org/: "If a site sends the preload directive in an HSTS header, it  is considered to be requesting inclusion in the preload list and may be  submitted via the form on this site."16:53
sdezielnot 100% clear to me if the form submission is needed or not ;)16:53
patdk-lapit's not16:53
patdk-lapa google crawl will also get it added16:53
sdezielgood to know. Fortunately, there is a removal form but it must take a while to percolate to all the users16:54
patdk-lapvery long, next release, everyone to upgrade, ...16:54
Isla_de_MuerteCipher    : DHE-RSA-AES256-SHA Hmm !DHE doesn't change a thing16:54
patdk-lapdidn't do something right16:54
patdk-lapoh, it doesn't call it DHE in openssl but DH16:56
patdk-lapso you have ot use !DH16:56
Isla_de_MuerteCipher    : RC4-SHA /facepalm16:57
Isla_de_MuerteThis is supposed to be last resort fml..16:58
patdk-lapI don't get why your selection of chrome is using such old ciphers16:58
sdezielIsla_de_Muerte: your cipher list looks good from here: https://paste.ubuntu.com/p/HQH2KDVbtf/17:01
Isla_de_Muertesdeziel, hmm first byte is still the same -.-'17:03
patdk-lapECDHE-RSA-AES128-GCM-SHA25617:04
patdk-lapthat is what webpagetest is doing with me, using the same settings as you17:04
patdk-lapwell, not good at all17:04
patdk-lapbut very secure, and if you don't support ecdha, well, you are left to using crap17:04
patdk-lapIsla_de_Muerte, use one of the ones from the mozilla page I posted17:05
Isla_de_Muertepatdk-lap, will try that now17:05
patdk-lapthe backwards compatable/old clients one will get what you want17:05
patdk-lapbut will keep it as secure as possible for those old clients17:06
sdezielpatdk-lap: what's wrong performance-wise with ECDHE-RSA-AES128-GCM-SHA256 ?17:08
patdk-lapthe fact it isn't using it?17:08
patdk-lapbut using DHE-RSA instead17:09
patdk-lapECDHE is much faster than DHE17:09
patdk-lapfor me, it's using ECDHE, but for him it isn't17:09
patdk-lapno idea why it's not17:09
sdezielAFAICT, the IP I poked didn't even offerred a DHE cipher-suite17:10
sdezielIsla_de_Muerte: is there a pool of server behind that name?17:10
Isla_de_Muertesdeziel, I have disabled DHE atm, there are a few domains on that IP17:11
patdk-lapssllabs said it did DHE when I tested it like an hour ago17:11
sdezielIsla_de_Muerte: tuning ECDHE vs DHE will only shrink the pink'ish line in those waterfal17:13
patdk-lapyep17:16
sdezielIsla_de_Muerte: with Firefox, I get TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 which means this part is good17:16
patdk-lapthe only thing you can do, except to physically reloate your server17:16
Isla_de_Muertesdeziel, I just got the same with FF 57 now17:16
sdezielfrom here, TLS setup takes ~120ms17:17
sdezieland I seem to be 100ms away from the box17:17
sdeziel(well, 100ms RTT)17:17
patdk-lapI'm just concerned with the crazy cipher list he had, it's not quick across the board17:17
patdk-lapand that should fixup that *benchmark* website17:17
sdezielIsla_de_Muerte: do you have Keepalive enabled?17:18
patdk-lapsdeziel, did you flush your ssl tickets/tokens?17:18
patdk-lapsdeziel, he has to17:18
Isla_de_MuerteYes, keepalive is on17:18
sdezielpatdk-lap: yep, fresh private instance17:18
patdk-lapI don't think a private instance resolved ticket caching17:19
Isla_de_Muertepatdk-lap, tried the Mozilla recommendations, got worse results, reactivated previous ones for now again17:19
sdezielIsla_de_Muerte: after 3-4 clicks, I saw a new TLS connection being established so you might want to bump the number of requests you accept as keepalive17:20
patdk-laplink?17:20
Isla_de_Muertehttps://www.webpagetest.org/result/180216_DR_55b37aeab2368a96af92d1f5ff3f7021/17:20
Isla_de_Muertesdeziel, I am restarting apache the last X minutes, maybe that;s why17:20
patdk-lapisla, don't take that website as 100% proof17:21
patdk-laptheir systems run shared, and is affected greatly by other load17:21
sdezielyeah, I find the dev tools in browser to be good enough most of the time17:21
patdk-lapI can run the same test 10 times and get highly different results17:21
Isla_de_Muertepatdk-lap, yeah I don't I just find it weird that before the SSL I was getting good results on that, pingdom etc and now I am ~1-2secs extra17:21
patdk-lapwell, in this case it says your redirect to https took a long time to download17:22
patdk-lapbut if you notice the pink part got a LOT better17:22
patdk-lapdown to .2 instead of .417:22
patdk-lapso don't change the ssl ciphers back17:22
patdk-lapas that improved17:22
patdk-lapall the pink bars are shorter, except that last one17:22
patdk-lapand that is likely due to other issue in their testing17:23
sdezielIsla_de_Muerte: have you considered fronting the site with a MITM like Cloudflare an such?17:23
sdezielif you don't care about the privacy implication, this is usually a magic wand ;)17:24
Isla_de_Muertepatdk-lap, just for reference old cipher conf: https://tools.pingdom.com/#!/bXnlmN/http://www.seedboxcenter.com17:24
Isla_de_Muertenew one: https://tools.pingdom.com/#!/d2XAdu/http://www.seedboxcenter.com17:24
patdk-lapso old is 1.51, and new is 1.4217:25
Isla_de_MuerteI am mainly focusing on the 2nd line/bar, maybe that is just stupid17:26
patdk-lapssl on new is 176, and ssl on old is 18817:26
Isla_de_Muertesdeziel, I am just trying to figure out if I am doing something wrong atm :P It might be normal to take that long dunno17:26
patdk-lapit's the only thing you can do17:26
patdk-lapyou can't change how long dns takes, and it's already fast17:26
patdk-lapyou cannot change how long it takes to connect to your server, unless you use a cdn17:27
patdk-lapso you can only do two things17:27
patdk-lapmake ssl faster17:27
patdk-lapmake page deliever/generation faster17:27
patdk-lapoh, what *might* help17:27
Isla_de_MuerteLast link before SSL: https://www.webpagetest.org/result/180208_2W_13870833ff7ddff2762c99b657acd43c/1/details/#waterfall_view_step117:27
patdk-lapis tuning your tcp stack17:27
patdk-lapdunno what kernel your using17:27
patdk-lapyes, but without ssl, your not doing a redirect, so no extra 0.5sec there17:28
Isla_de_MuerteTrue that17:28
patdk-lapand you have no ssl setup time, so no .2 to .4 seconds17:28
sdezielrealistically, once you are settled on HTTPS with HSTS and Google noticed, every legit client will likely connect with HTTPS right from the start so that redirection problem will only slowdown bots17:30
patdk-lapip route | while read p; do ip route change $p initcwnd 45 initrwnd 45; done17:31
patdk-laprun that on your server, and retest :)17:32
patdk-lapactually this also17:32
patdk-lapsysctl net.ipv4.tcp_slow_start_after_idle=017:32
patdk-lapthat should help it send your certificates faster for ssl17:32
patdk-lapbut not sure how much that is affecting you17:32
patdk-lapbut I have that set on all my servers so17:33
patdk-lapadded as an ifup.d script17:33
patdk-laphelps for small tcp sessions17:33
patdk-lapbut now we are really getting over it, for tuning things :)17:34
sdezielIsla_de_Muerte: OCSP stapling would improve connection time too but it's a pain to configure17:34
patdk-lapisn't that enabled by default on trusty+17:35
patdk-lapand no, it won't matter anymore17:35
patdk-lapchrome no longer does oscp checks17:35
patdk-lapand firefox never defaulted to doing them17:35
sdezielpatdk-lap: no, not enabled by default17:35
patdk-lapno, chrome removed support17:36
sdezielpatdk-lap: hmm, looks like you are right, OCSP checks were disabled for DV certs17:39
Isla_de_Muertepatdk-lap, changed the sysctl17:47
Isla_de_Muerteit looks like the sites are loading faster now17:47
Isla_de_Muertewill look into the ip route now17:47
patdk-lapthe sysctl tells linux not to do a tcp slow start17:47
patdk-lapthe route command tells it to allow upto x packets on the first burst without a confirmation, if your window size allows it, so mine above would be 45 packets17:48
patdk-lapthe default used to be 3, but was raised several years ago due to the ssl issue and google search to 1017:48
patdk-lap10 will JUST handle a 2k rsa certificate17:48
patdk-lapmost cdn's have raised theirs to 30 or so17:49
patdk-laphttps://blog.imaginea.com/look-at-tcp-initcwnd-cdns/17:50
patdk-lapgives you a good overview what/why/... and what others are using17:51
patdk-lapand is actually updated/recent :)17:51
Isla_de_Muertepatdk-lap, ty for the link! Looking into it now17:51
patdk-lapthis ONLY matters fir that first byte :)17:51
patdk-lapor if you just want to serve small webpages/grapics really fast17:52
patdk-lapthinking an ad server17:52
patdk-lapnormally the firstbite can fit in the normal default these days of 10, but with ssl, that won't be the case if your using 4k rsa certificates, but you where using 2k, so not sure if this applied directly to you, but still something to think about17:53
Isla_de_Muertepatdk-lap, can I see what are the settings atm?17:54
patdk-lapya, let me remember how, but it should be 1017:54
patdk-lapunless your using like 12.04 or something older17:55
Isla_de_Muerte14.0417:55
patdk-laphttps://www.cdnplanet.com/tools/initcwndcheck/17:56
patdk-lapss -nli | grep cwnd18:00
patdk-lapshows the values for current active connections18:00
Isla_de_Muertepatdk-lap, yy you were right, 10 it is18:07
Isla_de_MuerteSo I basically run -> ip route | while read p; do ip route change $p initcwnd 45 initrwnd 45; done18:09
Isla_de_MuerteDo I need to restart anything after that? tyvm for all the help xD18:09
patdk-lapnope18:09
sdezieldon't forget IPv6 routes :)18:09
patdk-lapmaybe apache, but18:09
patdk-lapprobably need more changes to handle ipv618:10
Isla_de_MuerteHmm it doesn't seem anything changed :P18:15
Isla_de_Muertewhen I run ss -nli | grep cwnd I get the same results18:15
Isla_de_Muerterestarted apache to just in case18:15
patdk-lapas I said, it will only show connections in use18:16
patdk-lapif the connection is closed, you won't see it18:17
Isla_de_MuerteAh okie18:17
patdk-lapyour likely only seeing your old ssh sessions and stuff18:17
patdk-lapwhen you type, ip route18:17
patdk-lapmake sure the default line, has those params on it18:17
Isla_de_MuerteI can see initcwnd 45 initrwnd 4518:18
Isla_de_Muerte next to the lines18:18
Odd_Blokesmoser: Would you be able to review/merge https://code.launchpad.net/~philroche/simplestreams/bionic-i386-ova-not-expected/+merge/337885 please?18:18
Odd_Bloke(I'd ask Rob, but he's out ill today.)18:18
smoserOdd_Bloke: yeah, i'll get that. i'm going to replace the \ though. but other than taht.18:26
Odd_Blokesmoser: I'm sure philroche will be mortally offended. ;)18:29
Isla_de_Muertesdeziel, enabled HSTS too xD18:45
Isla_de_Muertety for all the help and info guys patdk-lap xD18:46
sdezielnp18:46
patdk-lapwhat does it look like now?18:48
Isla_de_Muertepatdk-lap, according to webpagetest the same or a bit worse at random times (well actually it can take from 2sec-5sec) on pingdom it is still stable, nothing changed18:49
Isla_de_MuerteOn my browser I think a bit faster18:50
patdk-lapwell, I expect pingdom was already using ECDHE18:50
patdk-lapmaybe try using a different area, dullas is always the most busy/congested18:50
Isla_de_MuerteI just kept it that because all my previous tests were based on that18:52
smoserOdd_Bloke: favors do not go un-remembered....19:10
smosercould you look at https://code.launchpad.net/~smoser/simplestreams/trunk.fix-bionic-tools/+merge/33789219:10
smoserfound that when trying to test on bionic19:10
smoserand then https://code.launchpad.net/~smoser/simplestreams/trunk.python3-make-test-data/+merge/33789319:28
smoserfound *that* as i was verifying my change in xenial, and had forgotten about python219:28

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!