Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


[NL] NVMe VPS on Ryzen 9 3900X CPU, starting at €2.50 per month! - Page 2
New on LowEndTalk? Please Register and read our Community Rules.

[NL] NVMe VPS on Ryzen 9 3900X CPU, starting at €2.50 per month!

2»

Comments

  • miumiu Member

    100 mbit speed limit issue fixed


    OS : CentOS 7.7.1908 (64 Bit)
    Virt/Kernel : KVM / 3.10.0-1062.1.1.el7.x86_64
    CPU Model : QEMU Virtual CPU version 2.5+
    CPU Cores : 1 @ 3792.874 MHz x86_64 512 KB Cache
    CPU Flags : AES-NI Disabled & VM-x/AMD-V Enabled
    Load Average : 0.00, 0.03, 0.07
    Total Space : 29G (1.4G ~6% used)
    Total RAM : 990 MB (69 MB + 77 MB Buff in use)
    Total SWAP : 1023 MB (0 MB in use)

    Uptime : 0 days 2:42

    ASN & ISP : AS62068, SpectraIP B.V.
    Organization : SpectraIP B.V.
    Location : Amsterdam, Netherlands / NL

    Region : North Holland

    ## Geekbench v4 CPU Benchmark:

    Single Core : 4488 (EXCELLENT)
    Multi Core : 4323

    ## IO Test

    CPU Speed:
    bzip2 : 147 MB/s
    sha256 : 334 MB/s
    md5sum : 656 MB/s

    RAM Speed:
    Avg. write : 5256.5 MB/s
    Avg. read : 10444.8 MB/s

    Disk Speed:
    1st run : 2.0 GB/s
    2nd run : 2.0 GB/s
    3rd run : 2.0 GB/s


    Average : 2048.0 MB/s

    ## Global Speedtest

    Location Upload Download Ping

    Speedtest.net 13.70 Mbit/s 257.77 Mbit/s 3.749 ms
    UK, London (toob Ltd) 143.12 Mbit/s 450.17 Mbit/s 6.892 ms
    France, Lyon (SFR) 11.96 Mbit/s 122.95 Mbit/s 16.466 ms

    Germany, Berlin (DNS:NET) 126.71 Mbit/s 20.21 Mbit/s 15.756 ms

  • miumiu Member

    stem Information

    OS Name : CentOS Linux release 7.7.1908 (Core) N (64 bit)
    Kernel : KVM / 3.10.0-1062.1.1.el7.x86_64
    Hostname : ryzen.vps.comm
    CPU Model : QEMU Virtual CPU version 2.5+
    CPU Cores : 1 core @ 3792.874 MHz
    CPU Cache : 512 KB
    Total RAM : 990 MiB (Free 811 MiB)
    Total SWAP : 1023 MiB (Free 1023MiB)
    Total Space : 29GB (5% used)
    Running for : 2hrs 58min 59sec

    ## CDN Speedtest

    CacheFly : 54.87 MiB/s | 438.97 Mbps | ping 1.065ms
    Gdrive : 10.97 KiB/s | 0.09 Mbps | ping 1.153ms

    ## North America Speedtest

    Softlayer, Washington, USA : 5.62 MiB/s | 44.97 Mbps | ping 80.130ms
    SoftLayer, San Jose, USA : 3.17 MiB/s | 25.32 Mbps | ping 141.330ms
    SoftLayer, Dallas, USA : 0 B/s | N/A | ping error!
    Vultr, New Jersey, USA : 0 B/s | N/A | ping 80.276ms
    Vultr, Seattle, USA : 10.97 MiB/s | 87.79 Mbps | ping 147.175ms
    Vultr, Dallas, USA : 11.60 MiB/s | 92.83 Mbps | ping 113.271ms
    Vultr, Los Angeles, USA : 11.02 MiB/s | 88.17 Mbps | ping 146.692ms
    Ramnode, New York, USA : 5.63 MiB/s | 45.01 Mbps | ping 74.187ms
    Ramnode, Atlanta, USA : 4.21 MiB/s | 33.68 Mbps | ping 102.037ms
    OVH, Beauharnois, Canada : 3.45 MiB/s | 27.62 Mbps | ping 90.140ms

    ## Europe Speedtest

    Vultr, London, UK : 54.05 MiB/s | 432.38 Mbps | ping 7.815ms
    LeaseWeb, Frankfurt, Germany : 45.14 MiB/s | 361.09 Mbps | ping 7.686ms
    Hetzner, Germany : 37.61 MiB/s | 300.86 Mbps | ping 10.008ms
    Ramnode, Alblasserdam, NL : 52.95 MiB/s | 423.62 Mbps | ping 3.668ms
    Vultr, Amsterdam, NL : 55.43 MiB/s | 443.46 Mbps | ping 1.886ms
    EDIS, Stockholm, Sweden : 3.68 KiB/s | 0.03 Mbps | ping 22.424ms
    OVH, Roubaix, France : 39.33 MiB/s | 314.60 Mbps | ping 10.282ms
    Online, France : 36.94 MiB/s | 295.55 Mbps | ping 13.368ms
    Prometeus, Milan, Italy : 7.29 KiB/s | 0.06 Mbps | ping 18.682ms

  • pbxpbx Member

    Swiftnode said: You're not giving cloudflare your personal details. The data would be encrypted.

    as @RickBakkr said, it's encrypted from you to CF and (potentially, you have no way to know) from CF to the backend server. But it has to be unencrypted on CF end. If they wanted, CF could harvest users data. Maybe they do, maybe they don't. But using them when you are an EU provider makes your customer's private information transit through a US company. Sounds a big weird to me: I'd rather connect directly to the provider I decide to trust with my personal information. I understand that CF is useful, easy, cheap, but is that a reason to use them for the most sensitive area of a website? I don't think so.

    Thanked by 1RickBakkr
  • miumiu Member
    edited May 2020

    `--------------------------------------------------------------
    CPU model : QEMU Virtual CPU version 2.5+
    Number of cores : 1
    CPU frequency : 3792.874 MHz
    Total size of Disk : 29.0 GB (1.4 GB Used)
    Total amount of Mem : 990 MB (71 MB Used)
    Total amount of Swap : 1023 MB (0 MB Used)
    System uptime : 0 days, 3 hour 1 min
    Load average : 0.33, 0.11, 0.11
    OS : CentOS 7.7.1908
    Arch : x86_64 (64 Bit)

    Kernel : 3.10.0-1062.1.1.el7.x86_64

    I/O speed(1st run) : 1.9 GB/s
    I/O speed(2nd run) : 2.1 GB/s
    I/O speed(3rd run) : 2.0 GB/s

    Average I/O speed : 2048.0 MB/s

    Node Name IPv4 address Download Speed
    CacheFly 205.234.175.175 56.4MB/s
    Linode, Tokyo2, JP 139.162.65.37 3.83MB/s
    Linode, Singapore, SG 139.162.23.4 439KB/s
    Linode, London, UK 176.58.107.39 47.4MB/s
    Linode, Frankfurt, DE 139.162.130.8 40.2MB/s
    Linode, Fremont, CA 50.116.14.9 4.25MB/s
    Softlayer, Dallas, TX 173.192.68.18 5.87MB/s
    Softlayer, Seattle, WA 67.228.112.250 5.26MB/s
    Softlayer, Frankfurt, DE 159.122.69.4 2.96MB/s
    Softlayer, Singapore, SG 119.81.28.170 4.18MB/s
    Softlayer, HongKong, CN 119.81.130.170 375KB/s
    ----------------------------------------------------------------------`
    ``

  • miumiu Member

    asic System Information:

    Processor : QEMU Virtual CPU version 2.5+
    CPU cores : 1 @ 3792.874 MHz
    AES-NI : ❌ Disabled
    VM-x/AMD-V : ✔ Enabled
    RAM : 990M
    Swap : 1.0G
    Disk : 29G

    fio Disk Speed Tests (Mixed R/W 50/50):

    Block Size 4kb (IOPS) 64kb (IOPS)
    Read 66.11 MB/s (16.5k) 330.17 MB/s (5.1k)
    Write 66.26 MB/s (16.5k) 331.91 MB/s (5.1k)
    Total 132.37 MB/s (33.0k) 662.08 MB/s (10.3k)
    Block Size 512kb (IOPS) 1mb (IOPS)
    ------ ----- ---- --- ----
    Read 908.75 MB/s (1.7k) 1.27 GB/s (1.2k)
    Write 957.03 MB/s (1.8k) 1.35 GB/s (1.3k)
    Total 1.86 GB/s (3.6k) 2.62 GB/s (2.5k)

    iperf3 Network Speed Tests (IPv4):

    Provider | Location (Link) | Send Speed | Recv Speed
    | | |
    Bouygues Telecom | Paris, FR (10G) | 488 Mbits/sec | 6.86 Mbits/sec
    Online.net | Paris, FR (10G) | 494 Mbits/sec | 441 Mbits/sec
    WorldStream | The Netherlands (10G) | 497 Mbits/sec | 471 Mbits/sec
    wilhelm.tel | Hamburg, DE (10G) | 493 Mbits/sec | 462 Mbits/sec
    Biznet | Bogor, Indonesia (1G) | 215 Mbits/sec | 111 Mbits/sec
    Hostkey | Moscow, RU (1G) | 465 Mbits/sec | 390 Mbits/sec
    Velocity Online | Tallahassee, FL, US (10G) | 297 Mbits/sec | 181 Mbits/sec
    Airstream Communications | Eau Claire, WI, US (10G) | 181 Mbits/sec | 73.6 Mbits/sec
    Hurricane Electric | Fremont, CA, US (10G) | 240 Mbits/sec | 159 Mbits/sec

    Geekbench 5 Benchmark Test:

    Test | Value
    |
    Single Core | 967
    Multi Core | 962

  • RedSoxRedSox Member
    edited May 2020

    I think the most informative tests are:

    1. MonsterBench
      curl -LsO bench.monster/speedtest.sh; bash speedtest.sh -eu
    2. Yet Another Bench Script
      curl -sL yabs.sh | bash
    3. Nench
      (curl -s wget.racing/nench.sh | bash; curl -s wget.racing/nench.sh | bash) 2>&1 | tee nench.log

    But you guys started from the 3rd...

  • What control panel is used?

  • spectraipspectraip Member, Patron Provider

    @codedivine said:
    What control panel is used?

    Virtualizor (with full KVM virtualization).

  • Mahfuz_SS_EHLMahfuz_SS_EHL Member, Host Rep

    @miu said:
    100 mbit speed limit issue fixed

    Still the speed doesn't seem promising.

  • spectraipspectraip Member, Patron Provider

    @Mahfuz_SS_EHL said:

    @miu said:
    100 mbit speed limit issue fixed

    Still the speed doesn't seem promising.

    Iperf3 testing on a VPS gives us ± 500 mbps bandwidth.

  • SwiftnodeSwiftnode Member, Host Rep

    You are kidding right... They are literally a man in the middle - who can see everything passing by... And that coming from someone (supposedly) being a provider...

    @pbx said:

    Swiftnode said: You're not giving cloudflare your personal details. The data would be encrypted.

    as @RickBakkr said, it's encrypted from you to CF and (potentially, you have no way to know) from CF to the backend server. But it has to be unencrypted on CF end. If they wanted, CF could harvest users data. Maybe they do, maybe they don't. But using them when you are an EU provider makes your customer's private information transit through a US company. Sounds a big weird to me: I'd rather connect directly to the provider I decide to trust with my personal information. I understand that CF is useful, easy, cheap, but is that a reason to use them for the most sensitive area of a website? I don't think so.

    As long as the provider is using an SSL certificate on the backend webserver, the only thing cloudflare can harvest is your IP, the ports your connecting to, the size of the encrypted packets, etc. Because the entire session is encrypted.

    And if a provider isn't using SSL on their backend, them using cloudflare is the least of your worries to begin with.

    Cloudflare is horrid.. if I am not enough to convince you, please see: https://iscloudflaresafeyet.com/

    I really hope you aren't serious with this website. Let's look through some of the bullet points listed:

    1. "Falsely advertising their VPN application," it's the same as any other VPN service, of course it passes the data to another provider.

    2. "Cloudflare weakens the security and privacy of encrypted connections" This is addressing the "flexible" SSLs where the backend webserver isn't using HTTPS.

    3. "Cloudflare isn't safe because they run DNS resolvers, nameservers, and domain registration services." This has to be a joke.

    And literally at the bottom of the page, it says

    While this site is a parody, it may contain factual information. :)

    Well, it's factual that cloudflare runs resolvers, nameservers, registrar, NTP servers and VPN servers. At least he got that part right I guess..

    Thanked by 1spectraip
  • spectraipspectraip Member, Patron Provider

    Of course we use a SSL certificate on the backend webserver. We use SSL on both the backend webserver and via CloudFlare.

    Thanked by 1Swiftnode
  • RickBakkrRickBakkr Member, Patron Provider, LIR
    edited May 2020

    Swiftnode said: As long as the provider is using an SSL certificate on the backend webserver, the only thing cloudflare can harvest is your IP, the ports your connecting to, the size of the encrypted packets, etc. Because the entire session is encrypted.

    Hell no... that would only be possible if Cloudflare proxied raw TCP, which they don't, or they are really gracious with their IPs. They TERMINATE the connection between end user and them and between them and your backend server. The contents of pages are visible to them. So yes: the connections are encrypted: but only between end user and Cloudflare, and between Cloudflare and the backend server. The man in the middle can see everything - including your sensitive data.

    Figure this: if it is all encrypted as per your statement: how do they know what backend to forward to? Usually this is determined by a Host header, but like you said: encrypted. They cannot know any hostname without terminating SSL on their box hence losing the 'security' you meant to gain by applying SSL.

    Swiftnode said: While this site is a parody, it may contain factual information.

    It contains a lot of factual information, just meant as a parody on them trying to scare unknowing internet users about RPKI in the midst of a pandemic. Real smart move, Cloudflare... Rush is very good!!

    --

    That said: we are arguing about something very futile and says more about you than it does about me. Please don't reply sir. Don't spread more wrong information.

    Lucas: very sorry for all of us breaking your thread. You are a great guy, I have known you for quite some time, nothing personal. Just hate to see people advocating a false feeling of safety. Whatever you do with it, is wholly up to you.

    Thanked by 2jsg pbx
  • SwiftnodeSwiftnode Member, Host Rep
    edited May 2020

    @RickBakkr said:

    Swiftnode said: As long as the provider is using an SSL certificate on the backend webserver, the only thing cloudflare can harvest is your IP, the ports your connecting to, the size of the encrypted packets, etc. Because the entire session is encrypted.

    Hell no... that would only be possible if Cloudflare proxied raw TCP, which they don't, or they are really gracious with their IPs. They TERMINATE the connection between end user and them and between them and your backend server. The contents of pages are visible to them. So yes: the connections are encrypted: but only between end user and Cloudflare, and between Cloudflare and the backend server. The man in the middle can see everything - including your sensitive data.
    Figure this: if it is all encrypted as per your statement: how do they know what backend to forward to? Usually this is determined by a Host header, but like you said: encrypted. They cannot know any hostname without terminating SSL on their box hence losing the 'security' you meant to gain by applying SSL.

    https://lmgtfy.com/?q=what+is+server+name+indication

    https://www.cloudflare.com/learning/ssl/what-is-sni/

    That said: we are arguing about something very futile and says more about you than it does about me. Please don't reply sir. Don't spread more wrong information.

    Is this really how you act when you link a site that literally says it may contain factual information and someone points it out?

    Their flexible SSL plan is the only thing that operates like you're stating. The Full and Strict SSL modes are end to end encryption.

    https://support.cloudflare.com/hc/en-us/articles/200170416-End-to-end-HTTPS-with-Cloudflare-Part-3-SSL-options#h_845b3d60-9a03-4db0-8de6-20edc5b11057

  • UnixfyUnixfy Member
    edited May 2020

    Swiftnode said: As long as the provider is using an SSL certificate on the backend webserver, the only thing cloudflare can harvest is your IP, the ports your connecting to, the size of the encrypted packets, etc. Because the entire session is encrypted.

    If they cannot read the content of your pages.. how do you think things like Rocket Loader, Access, or Apps work? :joy:

    Rick is right.. please try to understand something before asserting that you are right about it.

    Edit: Regarding the site saying it "may" be factual - that doesn't mean the content is not factual. In fact, you can find a lot of resources on the web that back up what the site says.
    After all, Wikipedia has a disclaimer saying that it may not be factual, yet many of us understand it as a fairly reliable source of information, yes?

    Thanked by 1pbx
  • SwiftnodeSwiftnode Member, Host Rep

    @Unixfy said:
    If they cannot read the content of your pages.. how do you think things like Rocket Loader, Access, or Apps work? :joy:

    Rocket loader caches Javascript, that has nothing to do with debating their end to end encryption on Full SSL modes. They don't need to decrypt the session to cache scripts.

    Edit: Regarding the site saying it "may" be factual - that doesn't mean the content is not factual. In fact, you can find a lot of resources on the web that back up what the site says.
    After all, Wikipedia has a disclaimer saying that it may not be factual, yet many of us understand it as a fairly reliable source of information, yes?

    Wikipedia is community driven sourcing that anyone can edit. The website Rick linked is some guy's personal hatred of Cloudflare. The site he linked is 95% criticizing how large Cloudflare has become and the spread of their services, and 5% talking about the Flexible SSL plan which imho, should never be used for a production site.

    Thanked by 1vimalware
  • tenperatenpera Member

    @spectraip /64 will be auto-given or by ticket?

  • UnixfyUnixfy Member
    edited May 2020

    Swiftnode said: Rocket loader caches Javascript, that has nothing to do with debating their end to end encryption on Full SSL modes. They don't need to decrypt the session to cache scripts.

    Rocket loader does not cache JavaScript, that has nothing to do with caching. They do need to decrypt the session to inject the Rocket Loader Javascript.

    Besides, the fact that they serve pages with their own certificate is proof that they can see the decrypted version of a page..

    Think about your logic. What you are saying is that, when you visit a HTTPS page in your browser, you cannot view the page's content.

    Thanked by 1pbx
  • SwiftnodeSwiftnode Member, Host Rep
    edited May 2020

    Think about your logic. What you are saying is that, when you visit a HTTPS page in your browser, you cannot view the page's content.

    None of what you're saying has anything to do with the end-to-end encryption. We weren't arguing about drawing cached page elements (Images/Javascript/Fonts), we were arguing about spying on USER INPUT over an encrypted session.

    the fact that they serve pages with their own SNI certificate is proof that they can see the decrypted version of a page..

    Not even sure what you're talking about with an SNI certificate, SNI allows you to use multiple SSL certificates on a single IP address. There's no "SNI certificate" being shipped by Cloudflare, SNI is an extension of TLS.

    Either way, we've derailed this thread quite a bit, and we're not even arguing the original point of contention anymore.

  • UnixfyUnixfy Member
    edited May 2020

    Swiftnode said: None of what you're saying has anything to do with the end-to-end encryption. We weren't arguing about drawing cached page elements (Images/Javascript/Fonts), we were arguing about spying on USER INPUT over an encrypted session.

    So you think it's possible for CF to inject javascript into a page, but they cannot see input on that page?

    Thanked by 1pbx
  • jsgjsg Member, Resident Benchmarker
    edited May 2020

    @Swiftnode said:
    As long as the provider is using an SSL certificate on the backend webserver, the only thing cloudflare can harvest is your IP, the ports your connecting to, the size of the encrypted packets, etc. Because the entire session is encrypted.

    I suggest you read up on SSL/TLS.
    CloudF%&#! has your official cert, the one the users see and consider yours. Whether the traffic between CF and your server is encrypted is an entirely different question and largely unrelated.

    httpS traffic is NOT public key/asymmetric encrypted but symmetric, e.g. AES. The key that's used to AES en/decrypt traffic however IS created/exchanged during the initial phase (KEX) using public key crypto.

    So, a better visualization would be to say that CF actually runs your website - from the users perspective - but uses your original web server somewhat like a SAN, like a remote device holding data.

    You, the user, run the side show. CF IS your web server as far as a user can tell. The TLS handshake and KEX (the critical and sensible part) are done by CF - and CF fully controls the session and can run a MITM any time it likes (or is told to ...). There may be legal barriers but technically and factually the service CF provides basically IS A MITM, albeit one that's authorized by the user.
    Side note: it's largely legalese details what exactly CF is allowed or not allowed to do with its power but unless you spent 6 figures on a legal team negotiating a bespoke contract with CF you should assume that you basically gave them carte blanche ("sold your soul to the devil").

    This holds also true for CF competitors - but them usually being dimensionally smaller your chances probably are much better. So, if you feel you need a CDN I strongly suggest to go with a provider who "has a face" and to whom you can relate, e.g. BunnyCDN, and preferably a european one.

    @all Oh and please realize already that if you get something for free then usually YOU and/or your data is the price you really pay.
    Anyone seriously "thinking" that a large corp. like CF gives away anything of value for free should urgently contact me for my current special on Eiffel Towers. In fact, if you buy both original Eiffel towers I'll throw in - for free! - the original ancient obelisk. Note that supply is limited.

    Thanked by 2pbx Unixfy
  • pbxpbx Member
    edited May 2020

    @Swiftnode What they mean here is not that it's encrypted from the end user to your server. But from the end user to CF and from CF to your server. CF has full control on the data that transit through their servers, as they are the TLS termination for the end user. They technically can do whatever they want with it before they send it to your backend: it's not "end to end encryption", understood as from the end user to your webserver. Maybe they are trustworthy and won't do anything bad with your data. Maybe not. If you host some crap website it's likely fine, for a customer portal an in house solution - at least real full control on the encryption layer - would sound better to me.

    Thanked by 1Unixfy
  • jsg said: A real HWT?

    wut, even if you get a 'virtual thread', it still has access to the whole cpu, and afaik you can't assign realthread+fakethread of a core lol, that's managed by the kernel and it already knows what's up

  • deer76deer76 Member

    Guys, there's more posts about CloudFlare here than the offer...you can also open a separate thread to discuss that. ~O)

    Kudos to @spectraip, I am using one of the machines and they are great! Great support as well :)

  • # ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## #
    #              Yet-Another-Bench-Script              #
    #                     v2020-02-10                    #
    # https://github.com/masonr/yet-another-bench-script #
    # ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## #
    
    Tue Jun  2 07:01:48 EDT 2020
    
    Basic System Information:
    ---------------------------------
    Processor  : QEMU Virtual CPU version 2.5+
    CPU cores  : 1 @ 3792.874 MHz
    AES-NI     : ❌ Disabled
    VM-x/AMD-V : ✔ Enabled
    RAM        : 990M
    Swap       : 1.0G
    Disk       : 30G
    
    fio Disk Speed Tests (Mixed R/W 50/50):
    ---------------------------------
    Block Size | 4kb           (IOPS) | 64kb          (IOPS)
      ------   | ---            ----  | ----           ----
    Read       | 59.73 MB/s   (14.9k) | 218.97 MB/s   (3.4k)
    Write      | 59.86 MB/s   (14.9k) | 220.12 MB/s   (3.4k)
    Total      | 119.60 MB/s  (29.9k) | 439.10 MB/s   (6.8k)
               |                      |
    Block Size | 512kb         (IOPS) | 1mb           (IOPS)
      ------   | -----          ----  | ---            ----
    Read       | 492.14 MB/s    (961) | 544.55 MB/s    (531)
    Write      | 518.29 MB/s   (1.0k) | 580.82 MB/s    (567)
    Total      | 1.01 GB/s     (1.9k) | 1.12 GB/s     (1.0k)
    
    Geekbench 5 Benchmark Test:
    ---------------------------------
    Test            | Value
                    |
    Single Core     | 954
    Multi Core      | 972
    Full Test       | https://browser.geekbench.com/v5/cpu/2381740
    

    Good support and great machines. thanks to @spectraip

    Thanked by 1spectraip
  • verdverd Member

    @spectraip.
    Is the process automated?
    Because mine is still pending after payment.
    Already create ticket but still no answer.

  • spectraipspectraip Member, Patron Provider

    @verd said:
    @spectraip.
    Is the process automated?
    Because mine is still pending after payment.
    Already create ticket but still no answer.

    New orders have been accepted manually, all VPS orders made today are delivered. If you did not receive the details, please send me a PM.

    Thanked by 1verd
  • verdverd Member

    @spectraip
    Thank you. Already received the details.

    Thanked by 1spectraip
  • @spectraip can AES-NI be enabled upon request?

  • spectraipspectraip Member, Patron Provider

    @sgheghele said:
    @spectraip can AES-NI be enabled upon request?

    Sure, please submit a ticket for this.

    Thanked by 1sgheghele
Sign In or Register to comment.