00:06
<
gchristensen >
the new core server receives thousands of connections an hour from silverlight?
00:06
<
samueldr >
silverlight?
00:07
<
gchristensen >
yeah
00:07
<
gchristensen >
port 4506
00:07
<
gchristensen >
Aug 18 00:07:05 core-1.ewr1.nix.ci kernel: TCP: request_sock_TCP: Possible SYN flooding on port 4506. Sending cookies. Check SNMP counters.
00:07
<
gchristensen >
Aug 18 00:07:06 core-1.ewr1.nix.ci kernel: TCP: request_sock_TCP: Possible SYN flooding on port 4506. Sending cookies. Check SNMP counters.
00:08
<
samueldr >
(or salt stack)
00:08
<
samueldr >
(port 4506) Salt minions connect to the request server as needed to send results to the Salt master, and to securely request files and minion-specific data values (called Salt pillar). Connections to this port are 1:1 between the Salt master and Salt minion (not asynchronous).
00:09
<
gchristensen >
lol sorry
00:09
<
gchristensen >
thousands of connections per second
00:09
<
samueldr >
no worries, I was kinda wondering
00:09
<
samueldr >
wondering too if salt stack makes more sense (being a server)
00:10
<
gchristensen >
unlikely..?
00:13
<
gchristensen >
samueldr: would saltstack be performing thousands of requests a second from thousands of IPs?
00:13
<
samueldr >
I don't know enough about it to be certain, but the feature (pillars) could make it a possibiliy
00:14
<
gchristensen >
no way
00:14
<
samueldr >
probably not for
*thousands* of IPs though
00:14
<
samueldr >
147.75.194.9 right?
00:14
<
gchristensen >
147.75.64.189
00:15
<
gchristensen >
not thousadns of IPS :)
00:15
<
samueldr >
oh, misread then :)
00:16
<
samueldr >
this is highly coincidental if not 100% relevant
00:17
<
samueldr >
(search for 147.75.64.189)
00:18
<
samueldr >
what are the chances?
00:19
<
gchristensen >
nice
00:20
<
gchristensen >
they open their connection with ff00 0000 0000 0000 017f
00:22
<
samueldr >
(I have extremely basic knowledge about salt stack)
00:22
<
samueldr >
(and seeing zeromq makes sense here)
00:24
<
gchristensen >
sure enough
00:24
<
gchristensen >
let's start up a 0mq receiver if I can ... :)
00:24
<
samueldr >
(I find this extremely funny how you want to setup a 0mq thing and are already receiving thousand of requests!)
00:25
<
samueldr >
(and extremely worrying how a master dropped without their minions being fixed?)
00:40
<
gchristensen >
I have no idea what I'm doing
05:40
orivej has quit [Ping timeout: 244 seconds]
09:25
LnL has quit [Read error: Connection reset by peer]
09:32
LnL has joined #nixos-borg
11:29
timokau has joined #nixos-borg
13:59
orivej has joined #nixos-borg
14:19
orivej has quit [Ping timeout: 260 seconds]
14:55
jtojnar has quit [Ping timeout: 240 seconds]
15:01
jtojnar has joined #nixos-borg
18:01
<
LnL >
^ can ok to deploy or are you doing stuff with rabbitmq?
18:38
<
gchristensen >
go ahead lnl
18:38
<
gchristensen >
I'm postponing several more days to test SSL certificate rotation
18:43
<
LnL >
hmm, waiting for agent...
18:43
<
LnL >
yeah doesn't seem up
18:44
<
gchristensen >
I shut it down last night during severe lightning
18:45
<
infinisil >
LnL: gchristensen: Thanks :D
18:46
<
gchristensen >
LnL: should be up
18:46
<
LnL >
yep, it's already running :)
18:46
<
gchristensen >
cool :)
18:47
<
gchristensen >
nixops' send-keys is cool
18:47
<
LnL >
oh neat (assuming it does what you'd expect)
18:47
<
gchristensen >
$ nixops deploy --include ogden
18:47
<
gchristensen >
building all machine configurations...
18:47
<
gchristensen >
ogden.......> copying closure...
18:47
<
gchristensen >
personal> closures copied successfully
18:47
<
gchristensen >
ogden.......> uploading key ‘packet-nixos-config’...
18:47
<
gchristensen >
ogden.......> uploading key ‘buildkite-token’...
18:47
<
gchristensen >
ogden.......> uploading key ‘buildkite-ssh-public-key’...
18:48
<
gchristensen >
ogden.......> uploading key ‘buildkite-ssh-private-key’...
19:12
<
gchristensen >
thanks LnL
19:13
<
infinisil >
I have a mac I'm often not using (when I'm home). Could I use it to help with the darwin builds?
19:20
<
infinisil >
How does it work?
19:21
<
gchristensen >
imo you probably shouldn't run ofborg on a mac you use for anything else :/
19:23
<
infinisil >
Hmm yeah that's probably a good idea
19:23
<
LnL >
yeah, firstly understand that there's no sandboxing and everybody who has access essentially gets access to your local network
19:23
<
gchristensen >
do they have access to your system's files too?
19:23
<
LnL >
it should also have a multi-user install to give at least a bit of isolation
19:24
<
LnL >
anything that's world readable, yes
19:25
<
infinisil >
Wouldn't be a problem for me, I don't use macOS for anything, I would completely wipe it.
19:26
<
infinisil >
Is there nothing one can do against it having access to the network?
19:26
<
infinisil >
(the local one i mean)
19:26
<
LnL >
yeah, I use my machine only for nix-builds so the only sensitive thing on there is the ofborg secret
19:26
<
infinisil >
I guess isolation through the router software would still work
19:26
<
LnL >
no, that's actually the same for linux with sandboxing enabled
19:27
<
gchristensen >
I have my ofborg on a totally separate network
19:28
<
infinisil >
gchristensen: How do you have this separate network set up?
19:28
<
gchristensen >
I'm glad you asked!
19:29
<
LnL >
man, that's so neat
19:30
<
gchristensen >
it was pretty frustrating to set up but since then its cool
19:33
<
infinisil >
Aha! nixos on your router :O
19:34
<
gchristensen >
^ that setup requires a switch which supports VLANs, which I got for free from a friend
19:34
<
LnL >
huh, you have that at home :o
19:35
<
gchristensen >
yeah
19:42
jtojnar has quit [Ping timeout: 244 seconds]
20:04
jtojnar has joined #nixos-borg
21:39
jtojnar has quit [Read error: Connection reset by peer]
21:39
jtojnar has joined #nixos-borg
21:41
LnL has quit [Excess Flood]
21:42
LnL has joined #nixos-borg
22:00
orivej has joined #nixos-borg