#staff | Logs for 2014-03-25

« return
[00:07:23] -!- Cyprus has quit [Quit: ThrashIRC v2.9 sic populo comunicated]
[00:12:43] <paulej72> good news. I was able to get slash to upload a new file to the place I wanted to go. Now I can start working on the faq section.
[00:13:43] -!- Cyprus [Cyprus!~Cyprus@68.63.ljr.ppx] has joined #staff
[00:15:10] <paulej72> Wonder what should be done next. Should I put my prefs code on dev so we can have more people test it?
[00:15:26] <paulej72> or should I go eat
[00:15:37] <paulej72> I vote eat. See you later
[01:10:47] MrBluze|afk is now known as MrBluze
[01:13:13] <MrBluze> i got what looks to be a professional graphic designer volunteer services for the project :)
[01:13:30] <MrBluze> and he's german so probably reliable too
[01:15:14] <MrBluze> and more than likely he is less time poor than me
[01:22:00] -!- Cyprus has quit []
[01:22:13] -!- Cyprus [Cyprus!~Cyprus@68.63.ljr.ppx] has joined #staff
[01:31:30] -!- mrcoolbp [mrcoolbp!~mrcoolbp@Soylent/Staff/mrcoolbp] has joined #staff
[01:31:30] -!- mode/#staff [+v mrcoolbp] by SkyNet
[01:32:16] <NCommander> MrBluze, yay
[01:32:36] <NCommander> Cyprus, honestly, kerberos is almost entirely zeroconf
[01:32:57] <NCommander> It 95% works if you just apt-get install krb5-user
[01:33:05] <NCommander> .voice Cyprus
[01:33:05] -!- mode/#staff [+v Cyprus] by SkyNet
[01:33:27] <NCommander> Cyprus, there's a bug in krb which prevents it from finding the admin server so we set that manually during node bring up (you need to connect with kadmin to setup the keytab)
[01:36:30] <mrcoolbp> NCommander: still mad at me?
[01:36:42] <NCommander> mrcoolbp, I was mad at you?
[01:36:45] <mrcoolbp> <@NCommander> mrcoolbp, damn it, stop destroying my trains of thought
[01:36:49] <mrcoolbp> = )
[01:37:52] <MrBluze> hi NCommander
[01:38:02] <MrBluze> yes, i saw his website - he's got ability
[01:38:40] <mrcoolbp> (hi MrBluze)
[01:38:43] <MrBluze> suits my tastes too lol .. minimalistic and monochromatic hand-drawn art ... matches very very well with text base content presentation
[01:38:46] <MrBluze> hi mrcoolbp
[01:38:51] <MrBluze> i been trying to catch u for ages
[01:38:57] <MrBluze> but i forgot what for now
[01:39:01] <MrBluze> nvm
[01:39:07] <mrcoolbp> oh sorry I was on for like 10 hours today...
[01:39:28] <mrcoolbp> you can always just email me
[01:39:38] <MrBluze> its all good - i been workin by butt off at work anyway
[01:39:46] <MrBluze> as usual . seems everyone is getting sick now
[01:40:11] * NCommander is currently dayjobbing
[01:40:30] <mrcoolbp> NCommander: it's 8:40 pm
[01:45:37] <NCommander> "day" is relative
[01:47:45] <paulej72> mrcoolbp: I was able to bitch slap slash ot put the faq files where I want them.
[01:47:54] <mrcoolbp> nice
[01:48:02] <mrcoolbp> are they up on dev?
[01:48:18] <paulej72> I think it will work best to update all the faq files in one go though.
[01:48:31] <paulej72> no not yet on dev
[01:48:51] <mrcoolbp> yes, and I have no desire to bother LaminatorX about the FAQ page for at least another day or so
[01:49:07] <paulej72> was working on my vm as I did not want to kill dev
[01:49:20] <mrcoolbp> we did enough of that today eh?
[01:49:45] <Cyprus> ncommander: sorry i didn't see the response for a bit, what i meant was not that krb is conf heavy, more that if you're going to get to the point of using centralized sso, its pretty rare to not have central conf management already
[01:50:06] * mrcoolbp checks to see if xlefay is around
[01:50:15] <mrcoolbp> .op
[01:50:15] -!- mode/#staff [+o mrcoolbp] by SkyNet
[01:50:25] <paulej72> mrcoolbp: look at these files https://github.com
[01:50:37] <xlefay> whatcha need?
[01:50:40] <xlefay> o.O I missed a lot
[01:50:52] <mrcoolbp> nothing sir.
[01:50:56] <mrcoolbp> paulej72: saw those
[01:51:03] <mrcoolbp> the original editorial doc is there
[01:51:08] <xlefay> @ NCommander: I may even buy it ;-)
[01:51:31] <mrcoolbp> paulej72: FAQ-meta is an interesting read
[01:51:38] <xlefay> bbs
[01:53:15] test is now known as DashComma
[01:55:47] <paulej72> Just wanted ot make sure you knew they were there, as some of the data may be useful for for the new faq
[01:56:48] <mrcoolbp> I'll do a thorough look through now and check with laminator when I see him
[01:56:51] <mrcoolbp> thx
[01:57:31] -!- FunPika has quit [Quit: Leaving]
[02:03:58] <NCommander> xlefay, buy what?
[02:04:09] <Cyprus> i expect he meant your book =P
[02:06:17] <MrBluze> ok, back to work again
[02:06:38] <mrcoolbp> MrBluze: hit me with an email if you think of anything, later.
[02:06:54] MrBluze is now known as MrBluze|afk
[02:10:47] -!- pbnjoe [pbnjoe!~pbnjoe@Soylent/Users/313/pbnjoe] has joined #staff
[02:13:40] <NCommander> ah
[02:13:51] * NCommander notes that perhaps setting up a tor hidden node might not be a bad idea
[02:14:36] <mrcoolbp> ncommander: I have a box or two I'd be willing to donate but would need a lot of help setting it up
[02:16:12] <NCommander> mrcoolbp, tor is suprisingly idiot proof
[02:16:21] <NCommander> mrcoolbp, but I rather just generate a node for it
[02:16:24] * mrcoolbp is a surprising idiot
[02:16:57] <mrcoolbp> that sounds more realistic
[02:17:08] <mrcoolbp> do we plan on using meta-moderation?
[02:17:35] <NCommander> mrcoolbp, maybe, but I think the concept is inhertiantly flawed ...
[02:18:11] <mrcoolbp> devils advocate: explain?
[02:19:05] <NCommander> mrcoolbp, very few people will ever metamoderate, and those that do will mostly vote up stuff that they see
[02:19:14] <mrcoolbp> makes sense
[02:19:18] <mrcoolbp> thanks
[02:19:41] <mrcoolbp> where's mattie_p at?
[02:20:09] <mrcoolbp> NCommander: do we ban IPs ?
[02:20:33] * mrcoolbp should explain he's looking through slashcode docs for information for the FAQ page
[02:23:42] <mattie_p> I was eating dinner
[02:23:45] <mattie_p> done now
[02:24:22] -!- prospectacle [prospectacle!~b4c880f7@180.200.jji.ihy] has joined #staff
[02:24:22] -!- mode/#staff [+v prospectacle] by SkyNet
[02:25:08] <paulej72> mrcoolbp: that functionality is available, but it is a giant hammer these days with proxies and multilevel nats
[02:25:34] <mrcoolbp> paulej72: so not in use then?
[02:25:53] <mattie_p> well, we didn't ban Khyber...
[02:26:01] <paulej72> lets at least say not yet ;)
[02:26:13] <mrcoolbp> mattie_p: even after 400tp/s?
[02:26:15] <NCommander> As a matter of policy
[02:26:21] <NCommander> We only block to prevent abuse or disruption
[02:26:38] <mrcoolbp> NCommander: would you want that in the FAQ?
[02:27:28] <mrcoolbp> all: I got an interesting suggestion email from ethanol-fueled, I was thinking about passing along to staff email but didn't want to clog inboxes
[02:28:02] <mattie_p> what is the suggestion?
[02:28:20] <mrcoolbp> a few things, it would take a wall of text to post here
[02:28:58] <NCommander> mrcoolbp, not specifically
[02:29:10] <mrcoolbp> ncommander: thanks
[02:29:16] <mrcoolbp> mattie_p: he suggested charging for downloadable reports to view entire comment history (like the other site)
[02:29:17] <mattie_p> If you think it is worth consideration, just pass it along via email. we're been doing decent in keeping up with it
[02:29:18] <mrcoolbp> for one
[02:29:36] <mrcoolbp> also he said: Defend yourselves. When somebody talks shit, ask them to make a
[02:29:36] <mrcoolbp> submission or become more active in a productive manner rather than them
[02:29:36] <mrcoolbp> whining about it. Maybe even remind them that they're HERE for a reason,
[02:29:36] <mrcoolbp> and that the administrators are passionate about being involved, personal
[02:29:36] <mrcoolbp> flaws be damned, than continuing the "Ivory Tower" attitude the "other
[02:29:37] <mrcoolbp> site's" disconnected editors portrayed.
[02:29:52] <mrcoolbp> made my day
[02:30:00] <mrcoolbp> there's a few more things in there too
[02:30:17] * NCommander is going to write another novel next weeked :-)
[02:30:42] * mrcoolbp can't wait
[02:31:15] <mrcoolbp> sometimes I feel the admin email should go to more people so they can see stuff like this
[02:31:30] <mrcoolbp> but until we have a RT system that is probably not viable
[02:32:06] * NCommander notes we can get it on beryllium soonish
[02:32:11] <NCommander> I might just tempt fate and try to LDAP it
[02:32:15] <NCommander> How hard could it really be
[02:32:25] <mrcoolbp> NCommander: cool
[02:33:14] <mrcoolbp> I have a "Senior Helpdesk Support" volunteer I have on hold until the time we have RT setup
[02:33:29] <mrcoolbp> he's submitted many useful bugs
[02:33:29] <prospectacle> The wiki and IRC are such excellent features of this organisation. At the moment a visitor to the home-page, about page, or FAQ page wouldn't know they existed.
[02:33:42] <mrcoolbp> prospectacle: true
[02:33:57] <mrcoolbp> prospectacle: I've been working on those pages since very early on
[02:34:11] <mrcoolbp> prospectacle: some new versions should be up very soon
[02:34:28] <prospectacle> Excellent.
[02:34:47] <prospectacle> NCommander: great post re: vision.
[02:35:04] * NCommander notes ironically the blind man has vision
[02:35:28] <mrcoolbp> NCommander: are you yourself blind? I thought you said it was a friend of yours...
[02:35:34] <NCommander> mrcoolbp, I'm not
[02:35:38] <NCommander> But I'm loosing my vision
[02:35:43] <mrcoolbp> sorry to hear that
[02:35:48] <NCommander> My right eye has become uncorrectable
[02:35:58] <NCommander> I have to wear a thick contact lense in the left
[02:37:27] <mrcoolbp> you don't seem like the type of person that would let that hold you back, but it must be a huge inconvenience
[02:37:56] <NCommander> mrcoolbp, my medical issues list is similiar to my emails
[02:38:02] <NCommander> Long and extremely dense
[02:38:13] <NCommander> Never let it stop me
[02:38:16] * mrcoolbp shudders
[02:38:22] * NCommander is far too stubborn for his own good
[02:38:37] <mrcoolbp> oh that much is clear = )
[02:39:03] <NCommander> My CFLAGS: -DVERBOSE -DINSANE -DSTUBORN
[02:39:10] * mrcoolbp notes it's probably too soon for a vision joke....
[02:39:18] <Cyprus> well hello: active 0-day in ms word RTF parser
[02:39:35] <NCommander> Cyprus, real men use troff
[02:40:02] <prospectacle> "Local website dictator has excellent vision"
[02:40:20] <Cyprus> "can't see it"
[02:41:19] <mrcoolbp> NCommander: where do you want ideas pertaining to generatating revenue for the site? maybe: http://wiki.soylentnews.org ?
[02:41:27] * NCommander notes he was going to drive the Interamericano highway this year
[02:41:39] <NCommander> In case my vision degraded to the point that I loose my license
[02:42:07] <NCommander> brb, tobacco
[02:53:00] <NCommander> mrcoolbp, *grumble* more writing
[02:53:11] * NCommander is going to need a new keyboard
[02:55:18] <NCommander> mrcoolbp, eh, honestly, the biggest problem I have is I suffer from Non-24 Sleep/wake cycle
[02:55:35] <mrcoolbp> NCommander: common around here
[02:55:41] <NCommander> mrcoolbp, no, its not
[02:55:56] <NCommander> http://en.wikipedia.org
[02:57:01] <mrcoolbp> I see, still, I work in a restaurant so my cycles are completly messed up daily
[02:57:14] <mrcoolbp> not to take away from that legitimate condition...
[02:57:50] <NCommander> mrcoolbp, you can maintain regular schedules
[02:57:51] <NCommander> I can't
[02:57:59] <NCommander> As in physically can't
[02:58:09] * NCommander can't go to sleep at 9, get up at 5 in I wanted to
[02:58:38] <mrcoolbp> that's fucking horrible
[02:58:42] * NCommander qualifies for social security in the United States
[02:59:04] <NCommander> Its why I feel I can't leave Canonical
[02:59:29] <NCommander> Since they let me set my own schedule as long as I provide notice on expecting to miss meetings and as long as my total hours worked still add up
[03:00:36] * NCommander has come to terms with it
[03:00:43] <NCommander> Actually, its a large part of why I feel drawn to Alaska
[03:00:56] <mrcoolbp> now I get it
[03:00:59] <prospectacle> NCommander, if you were on a space station and controlled the day-length what would you set it at?
[03:01:06] <NCommander> prospectacle, 27 hours
[03:01:21] * NCommander doesn't drift reliably, but it works out that my sleep cycle flips every week
[03:01:39] <prospectacle> Yeah I would be roughly the same. When I was young and unemployed I went to bed 2hrs later every day
[03:01:39] <NCommander> I do have periods (rarely) which I normalize onto a schedule
[03:02:03] <NCommander> Its gotten worse as I got older
[03:02:08] <Cyprus> i'm the same way actually, but using flux helped a lot
[03:02:22] <NCommander> When I was at boarding schools with strict schedules, I could somewhat function
[03:02:34] <NCommander> But even then, I usually would get a consistent D in period 1-2
[03:03:25] <prospectacle> Stupid chrono-fascists running the world
[03:03:30] <Cyprus> ^^
[03:03:42] <mrcoolbp> heh
[03:04:23] <NCommander> heh
[03:04:29] <NCommander> I manage
[03:04:40] <NCommander> Its just ... sometimes I'd like to be normal
[03:05:08] <prospectacle> nah, normal people have no imagination
[03:05:20] <mrcoolbp> ^^^^^^^^^^^^
[03:05:27] <Cyprus> every so often i just skip a night
[03:06:04] <NCommander> Cyprus, during golive, I skipped two in rapid succession
[03:06:15] <NCommander> I think mrcoolbp remembers me getting up early Friday, and staying up til we launched
[03:06:33] prospectacle is now known as prospectacle_is_away
[03:06:40] <mrcoolbp> yeah I thought he was a robot at first (kinda still do)
[03:07:15] <Cyprus> avoiding full spectrum light at night helps signifigantly though for me
[03:07:33] <NCommander> Cyprus, no effect for me
[03:07:43] <NCommander> The closest I ever felt normal was on Alaska's North Slope
[03:07:50] <NCommander> I intend to retire there
[03:07:54] <Cyprus> nice
[03:07:54] <NCommander> If I ever retire
[03:08:37] <Cyprus> have the site take off, it's like retiring, but with work =P
[03:08:52] <NCommander> Cyprus, I've always wanted to launch a business
[03:09:03] <Cyprus> non profit doesn't mean free labor
[03:09:07] <NCommander> Nope
[03:09:12] <NCommander> Means more labor
[03:09:20] * NCommander notes he's still not happy having ousted Jon
[03:09:21] <Cyprus> no doubt
[03:09:34] <NCommander> I know it was necessary, but I still feel like an ass for forcing it
[03:10:07] <Cyprus> i wouldn't
[03:10:22] <Cyprus> dealt with enough disfunctional boards
[03:11:25] <Cyprus> if it's not working, its not worth it
[03:12:03] <NCommander> Cyprus, call it being human, but we won't be here for Jon
[03:12:19] <NCommander> I might have made Soylent be a thing, but Jon is its founder. I can't deny that.
[03:13:18] <Cyprus> if you think it's bad right now
[03:13:25] <Cyprus> try after 10 years
[03:13:55] <Cyprus> i'm still waiting to hear the verdict on the fiduciary responsibility some time this quarter
[03:15:04] <Cyprus> never again. Set it up right the first time, with people you want to work with, or not at all
[03:15:57] <NCommander> fiduciary responsibility?
[03:16:14] MrBluze|afk is now known as MrBluze
[03:16:25] <Cyprus> board members must act in the interest of the entity, they have a fiduciary responsibility
[03:17:15] <Cyprus> and googlefu is failing me for a good explination
[03:17:25] * NCommander swears
[03:17:32] <Cyprus> http://www.law.cornell.edu
[03:18:34] <NCommander> Cyprus, sounds like a lot of drama
[03:19:20] <Cyprus> tldr version: family started company, lasted 12 or so years, worth several million, new ceo did a textbook takeover with the aid of one of the other parnters to dillute the shares out to nothing so he and another partner could ultimately steal the company
[03:20:08] <Cyprus> you don't want business partners you can't trust, or are gullible, and you want the org set up correctly so it's safe from bad actors
[03:20:26] <Cyprus> even if you trust your people, they can have their shares transfered out of your control through divorce or inheritence events
[03:23:04] <paulej72> OK I have a code framework for putting up a please sumbit stories message. I need two pieces of info: one what should the message be, and what number of measages should turn it off
[03:27:42] -!- pbnjoe has quit [Quit: Leaving]
[03:37:34] prospectacle_is_away is now known as prospectacle
[03:37:55] <prospectacle> Cyprus, worker's co-operative can potentially remove some of those issues. Especially if it's a family business.
[03:44:09] * prospectacle gets in his time machine to warn past Cyprus
[03:44:15] -!- prospectacle has quit [Quit: Web client closed]
[03:46:12] <mrcoolbp> paulej72: "Story submission que is running low, now is your chance to get stories published!" or something to that effect
[03:46:29] <NCommander> audioguy, mattie_p Landon paulej72 does anyone here have a shell account on svc?
[03:46:40] <mattie_p> I don't
[03:46:55] * NCommander will restart the box into single user and get in that way if need be
[03:47:02] <NCommander> I think we can live with the mailer down for a few minutes
[03:47:19] <paulej72> NCommander: I do not
[03:48:14] <NCommander> fuck it
[03:48:14] <Landon> xI dunno, which probably means I don't
[03:48:25] <NCommander> Landon, can you ssh into wiki.soylentnews.org?
[03:48:58] <Landon> I can connect yes, I can login no
[03:49:08] <NCommander> Landon, fuck it
[03:49:10] * NCommander hits shutdown
[03:49:21] <Landon> alt-sysreq-BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB
[03:49:27] <NCommander> wiki/email and god knows what else just went offline
[03:49:34] <Cyprus> you guys have more single mode events per week than anyone i've ever seen *chuckles*
[03:49:48] <NCommander> single mode?
[03:50:13] <Cyprus> single user
[03:50:22] <NCommander> Cyprus, this is the first time we've single usered a system
[03:50:31] <NCommander> But that box has been nothing but miserary for us
[03:50:38] <NCommander> Its the one CentOS node we have
[03:50:56] <NCommander> root pw changed
[03:51:00] * NCommander waits for it to come back
[03:51:09] <Cyprus> okokok root password resets geez
[03:51:10] <mrcoolbp> NCommander, can't we just migrate it to ubuntu?
[03:51:20] <NCommander> mrcoolbp, its a rebuild, and thats a PITA
[03:51:24] <mrcoolbp> ah
[03:52:16] <NCommander> uh oh
[03:52:23] * NCommander notes its taking its sweet time to come back
[03:53:02] <NCommander> Oh
[03:53:07] <NCommander> its clamaving itself
[03:53:09] <NCommander> christ thats slow
[03:53:39] <NCommander> wikis back
[03:53:40] <NCommander> Ok
[03:54:49] <NCommander> ldap.conf is cross platform
[03:54:51] <NCommander> so, in theory
[03:54:57] <NCommander> I just need to copy it from a configured node
[03:55:13] <Cyprus> lol
[03:55:27] <Cyprus> this sounds like the beginning of some of my projects that later involve reimaging
[03:56:01] <mrcoolbp> Cyprus: there's nothing wrong with a structure that let's you reimagine things on the fly = )
[03:56:02] <NCommander> Cyprus, I'm going to have to compile OpenSSH from scratch
[03:56:03] <NCommander> Ugh
[03:56:34] <mrcoolbp> except that....
[03:56:52] <Cyprus> yep, totally sounds like one of my projects
[03:57:18] <Cyprus> mrcoolbp: no doubt, half my stuff i could blow away and puppet would just rebuild it in about 20 min
[03:57:57] <NCommander> yay
[03:58:00] <NCommander> instructions https://wincent.com
[03:58:01] <mrcoolbp> Cyprus that's the beauty of where we're at
[03:58:04] <NCommander> SOmeone else who did it already
[03:58:18] * NCommander notes he could probably just find newer RPMs but ...
[03:58:37] <NCommander> I'd have to go to Fedora for the SRPM and compile it
[03:58:38] <NCommander> Fuck that
[03:58:43] <MrBluze> .. and then u get an auto-maintained up-to-date openssh that u dont have to check for security issues manually
[03:58:50] <Cyprus> yeah its easier to not jump to rawhide
[03:59:02] * NCommander notes Ubuntu makes backports stupid easy
[03:59:06] <NCommander> LIke absurdly easy
[03:59:14] <MrBluze> the debian way is better
[03:59:17] * NCommander had openssh backported from trusty to precise in about 20 minutes
[03:59:23] <Cyprus> yeah, you've about convinced me to convert just from reading #staff. When's that book coming out?
[03:59:25] <mrcoolbp> goodnight guys
[03:59:29] -!- mrcoolbp has quit []
[03:59:32] * NCommander could have officially put it in precise-backports, but there s a thing of going too far
[03:59:52] <NCommander> Though its kinda awesome we can fix bugs by patching the OS directly, then apt-get installing the results :-)
[04:00:21] <Cyprus> ok that's cool
[04:00:31] <NCommander> Cyprus, any Ubuntu Core Developer could do that
[04:00:39] <NCommander> You don't need to work for Canonical to have write bits to the archive
[04:00:48] <Cyprus> oh right, forgot you work there
[04:01:35] <NCommander> HOSTNAME=localhost.localdomain
[04:01:39] <NCommander> FOR THE LOVE OF GOD, WHY
[04:01:55] <Cyprus> heh
[04:01:58] <NCommander> options rotate
[04:01:59] <NCommander> options rotate
[04:01:59] <NCommander> options rotate
[04:01:59] <NCommander> options rotate
[04:01:59] <NCommander> options rotate
[04:01:59] <NCommander> options rotate
[04:02:01] <NCommander> options rotate
[04:02:03] <NCommander> options rotate
[04:02:07] <NCommander> options rotate
[04:02:09] <NCommander> options rotate
[04:02:11] <NCommander> options rotate
[04:02:13] <NCommander> options rotate
[04:02:15] <NCommander> options rotate
[04:02:17] <NCommander> options rotate
[04:02:19] <NCommander> options rotate
[04:02:21] <NCommander> options rotate
[04:02:23] <NCommander> options rotate
[04:02:25] <NCommander> WHY
[04:02:27] <NCommander> WHY
[04:02:29] <NCommander> WHY
[04:02:56] <NCommander> 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 testing.soylentnews.org
[04:02:56] <NCommander> ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 mail.soylentnews.org soylentnews.org
[04:02:57] <NCommander> ...
[04:03:09] <Cyprus> yeah thats default centos
[04:03:09] * NCommander is remembering why he stopped using Red Hat for important shit
[04:03:17] <NCommander> CHrist, even slackware comes with saner crap
[04:03:30] <NCommander> ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 mail.soylentnews.org soylentnews.org
[04:03:33] <NCommander> Well ..
[04:03:44] <NCommander> That explains why postfix has a hardon for IPv6
[04:03:47] <NCommander> Christ
[04:03:51] <Cyprus> indeed
[04:06:58] <NCommander> Networking reconfigured
[04:07:07] * NCommander notes that while I dislike seperate files, at least thats easy
[04:07:21] <Cyprus> you trying to disable ip6?
[04:07:54] <NCommander> mcasadevall@boron:/etc$ ping beryllium
[04:07:54] <NCommander> PING beryllium.li694-22 (192.168.142.35) 56(84) bytes of data.
[04:07:54] <NCommander> 64 bytes from 192.168.142.35: icmp_req=1 ttl=64 time=1.20 ms
[04:08:03] <NCommander> Cyprus, IPv6 is good
[04:08:06] <NCommander> Shit
[04:08:11] * NCommander just leaked an internal IP
[04:08:12] <NCommander> FUck
[04:08:29] <NCommander> Ok, networking is fixed
[04:08:54] <Cyprus> heh leaked internal ip
[04:09:00] <audioguy> Yeah no one would ever guess 192.168...;-)
[04:09:37] <audioguy> They lead out of every email.
[04:09:40] <audioguy> leak
[04:09:48] <NCommander> fuck
[04:09:56] -!- pbnjoe [pbnjoe!~pbnjoe@Soylent/Users/313/pbnjoe] has joined #staff
[04:09:57] <NCommander> I need to enroll the CA certificate
[04:09:58] <NCommander> shit
[04:10:03] * NCommander has no idea how to do that with centos
[04:10:35] <Cyprus> sorry, can't help, never set up real pki on c
[04:10:55] <NCommander> Red Hat 5+: wget -O - http://www.cacert.org >> /etc/pki/tls/certs/ca-bundle.crt (this will be overridden by updated openssl RPMs so it is likely not the best method)
[04:10:56] <NCommander> ....
[04:10:56] * NCommander facepalms
[04:11:16] <Cyprus> that's lovely
[04:11:38] <NCommander> and its not true for Red Hat 6
[04:11:44] <NCommander> (the directory doesn't exist)
[04:12:15] <NCommander> Ok
[04:12:21] <NCommander> looks like its *less* braindead in centos
[04:12:25] <NCommander> I can put it in a private directory
[04:13:19] <NCommander> Looks like I just drop it in the directory
[04:13:23] <NCommander> Ok, points to centos
[04:13:28] <NCommander> That's less error prone than Ubuntu
[04:14:20] <NCommander> I can explicately set the certificate on beryllium in the ldap config
[04:14:21] <NCommander> ok
[04:16:39] <NCommander> [root@li50-41 etc]# system-config-authentication
[04:16:39] <NCommander> -bash: system-config-authentication: command not found
[04:16:42] * NCommander rages more
[04:17:12] <Cyprus> its in the tree
[04:17:17] <NCommander> oh
[04:17:19] <NCommander> fuck that
[04:17:21] <NCommander> it requires gtk
[04:17:24] * NCommander rants more
[04:17:24] <Cyprus> lol
[04:17:31] <Cyprus> i'll cheers to that rant
[04:17:51] <NCommander> God, every config interface in Ubuntu has ncurses fallback
[04:18:01] <NCommander> Christ, no one we're No. #1 in the cloud
[04:18:21] <NCommander> root@wiki.soylentnews.org's password:
[04:18:21] <NCommander> X11 forwarding request failed on channel 0
[04:18:25] <NCommander> ...
[04:18:55] <Cyprus> real men use vi
[04:19:25] <NCommander> oh
[04:19:37] <NCommander> Cyprus, I don't know if it does anything else beside generate ldap.conf
[04:19:42] <NCommander> THe entire client configuration file is missing
[04:19:47] <NCommander> CentOS docs say to run that command
[04:20:03] <NCommander> and it looks like X11 forwrding is completely hosed on CentOS out of the box
[04:20:11] <Cyprus> personally, i hate using anything on centos that starts with system-config
[04:20:20] <Cyprus> i've never been happy with the result
[04:20:38] <Cyprus> if you want x to work, install xauth
[04:20:43] <Cyprus> is my guess
[04:20:48] <NCommander> Well, that was an easy fix
[04:21:03] <NCommander> so ... ugly
[04:21:20] <Cyprus> my guess is this was a minimal install
[04:22:08] <NCommander> Cyprus, its whatever linode gave us
[04:22:13] <paulej72> Cyprus: I would aggree, I normally do not do that on my servers so I do have the tools I need
[04:22:16] <NCommander> Which required several tickets as there image was broken out of the box
[04:22:22] <Cyprus> nice
[04:22:36] <Cyprus> i generally use only minimal, but i'm used to working inside it
[04:22:36] <NCommander> Removing:
[04:22:36] <NCommander> nscd x86_64 2.12-1.132.el6 @base 176 k
[04:22:36] <NCommander> Removing for dependencies:
[04:22:36] <NCommander> nss-pam-ldapd x86_64 0.7.5-18.2.el6_4 @base 454 k
[04:22:39] <NCommander> Fuck you
[04:22:45] * paulej72 is fond of using konsole
[04:22:46] <NCommander> and fuck the horse you rode in on centos
[04:22:56] <NCommander> NSS does not need nscd
[04:23:00] <NCommander> argh
[04:23:11] * NCommander looks at upstart docs to see how I can neuter this in a way that will survive upgrades
[04:23:23] <NCommander> er
[04:23:24] <NCommander> systemd
[04:23:39] <Cyprus> yeah systemd
[04:23:56] <NCommander> I'm amused
[04:24:02] <Cyprus> what are you trying to do? =P
[04:24:02] <NCommander> Its offering to do kerberos auth by default
[04:24:11] <NCommander> Cyprus, LDAP and Kerberosize the one centos node
[04:24:17] <NCommander> I'm sick of this node being a lame panda
[04:24:34] <MrBluze> why cant u just turn it all to one distro
[04:24:35] <NCommander> I already know I'm going to have to compile openssh from source
[04:24:35] <Cyprus> you probably just want to trow the kr5, ldap and pam files by hand
[04:24:44] <MrBluze> stupid question probably
[04:24:46] <NCommander> Cyprus, krb doesn't need a config file fortunately
[04:24:53] <NCommander> We got autoconf working for that
[04:25:04] <Cyprus> autoconf?
[04:25:06] <NCommander> (we do need a tiny stub file to set the admin server explicately, known bug with krb and ubuntu)
[04:25:14] <NCommander> Kerberos can autoconfigure itself with SRV DNS records
[04:25:36] <Cyprus> i know it can use srv, but you don't have to throw up a basic krb5?
[04:25:42] <Cyprus> didn't know that
[04:25:42] <NCommander> Cyprus, that's already done
[04:25:46] <NCommander> oh
[04:25:46] <NCommander> no
[04:25:55] <NCommander> You just need a three line config file for kadmin
[04:25:59] <NCommander> to generate the keytab
[04:26:05] <Cyprus> k yeah thats what i thought
[04:26:14] <NCommander> WTF
[04:26:18] <NCommander> THere's a nice option here
[04:26:22] <NCommander> "Download CA Certificate"
[04:26:25] <NCommander> I'm afraid to click
[04:26:32] <Cyprus> snapshot? =P
[04:28:01] <NCommander> hrm
[04:28:07] * NCommander needs to put the certificate somewhere with HTTP
[04:28:09] <NCommander> k
[04:29:20] * NCommander flips ON switch
[04:30:05] <Cyprus> https://xkcd.com
[04:30:13] * MrBluze holds his breath
[04:30:52] <NCommander> [root@beryllium log]# id mcasadevall
[04:30:52] <NCommander> uid=2500(mcasadevall) gid=2501(sysops) groups=2501,2500(firefighters),2502(db),2503(dev_team),2504(prod_access)
[04:31:03] <NCommander> Chalk one up to the idiots who put CentOS together
[04:31:08] <NCommander> At least it wrote a valid config on the first try
[04:31:15] <Cyprus> woooo
[04:31:31] <NCommander> Now to get SSH backported
[04:31:34] * NCommander whines
[04:31:48] <Cyprus> what's the backport for anyway?
[04:33:04] <paulej72> good night all
[04:33:05] <NCommander> Cyprus, SSH pubkeys in LDAP
[04:33:45] <Cyprus> k, i figured it was that. Neat feature
[04:33:50] <NCommander> Cyprus, do you know where the compiler lives in yum :-0
[04:33:56] <Cyprus> well
[04:34:01] <Cyprus> how ambitious are you feeling?
[04:34:28] <NCommander> I don't really want to install it from source cross compiled from Ubuntu
[04:34:29] <NCommander> :-P
[04:34:32] <Cyprus> my guess is you want "automake gcc*" ummm
[04:34:46] <Cyprus> well not gcc*
[04:34:56] <NCommander> Cyprus, Total download size: 344 M
[04:34:56] <NCommander> Installed size: 1.0 G
[04:34:57] <NCommander> Yeah
[04:35:15] <Cyprus> but you should be able to see what you need from there, my guess is gcc gcc-c++
[04:35:20] <NCommander> That's what I got
[04:35:26] <NCommander> lets see if thats enough
[04:35:34] <Cyprus> you'll probably run into a g requirement
[04:35:39] <NCommander> g requirement?
[04:35:42] * NCommander hopes he doesn't have to play find the library
[04:35:44] <Cyprus> g++ or something
[04:35:44] <DashComma> karma - g: 1
[04:35:49] <Cyprus> oh shut up dash
[04:36:15] <NCommander> Gah
[04:36:17] * NCommander needs kerberos support
[04:36:17] <NCommander> fuck
[04:36:20] <Cyprus> i generally just bang away till it compiles in a reasonable mannor on my dev box so i dont have crazy crap on my normal ones
[04:36:22] <Cyprus> ahahahahhaa
[04:37:05] <Cyprus> openssl is a pain to compile iirc
[04:37:28] <NCommander> I'm not setting up a centos node for this
[04:37:36] * NCommander is compiling on the node itself
[04:38:01] <NCommander> Package krb5-devel-1.10.3-10.el6_4.6.x86_64 already installed and latest version
[04:38:02] <NCommander> WTF?
[04:38:04] <NCommander> really?
[04:38:09] <NCommander> What the hell pulled that in
[04:39:03] * NCommander looses his temper with this pile of shit
[04:40:53] <Cyprus> you know, you could always backend it to gss =P
[04:40:59] <NCommander> Cyprus, we need that too
[04:41:04] <NCommander> Cyprus, I'm seriously understanding why people were telling me upgrading Linux nodes are a nightmare
[04:41:06] <Cyprus> its internal anyway right is my point?
[04:41:17] <Cyprus> so do you need the key protection
[04:41:19] <NCommander> CentOS/RHEL doesn't do anything to ensure ABI compatibility
[04:41:23] <NCommander> Cyprus, we need it for tickets
[04:42:02] <NCommander> YOu know, at least with BSD, you can edit ports easily
[04:42:15] <NCommander> Slackware doesn't clean up old libs for backware compability
[04:42:17] <Cyprus> agree on the compatibility
[04:42:19] <NCommander> gentoo never has old software
[04:42:26] <NCommander> arch ^- same
[04:42:32] <Cyprus> gentoo also has bear traps if you wait too long to upgrade
[04:42:37] <NCommander> So does arch
[04:42:43] <MrBluze> arch has gone to package based
[04:42:46] <MrBluze> u could nearly use it
[04:42:48] <Cyprus> big hulking bear traps
[04:43:38] <Cyprus> rhel is built around a single platform, with rip and replace between major rev because its a solution
[04:43:50] <NCommander> PAM support: yes
[04:43:50] <NCommander> OSF SIA support: no
[04:43:50] <NCommander> KerberosV support: yes
[04:44:01] * NCommander pounds make
[04:44:14] * NCommander notes this is as bad as Mac OS X
[04:44:18] <Cyprus> ewww
[04:44:28] <NCommander> As far as commerical UNIXs go
[04:44:37] <NCommander> At least Solaris and HP-UX are damn good on backwards compat
[04:44:46] <Cyprus> irix ftw
[04:44:56] <NCommander> Cyprus, I made a serious effort to port FIrefox 10 to IRIX
[04:45:03] <Cyprus> i miss my old indy
[04:45:17] <NCommander> Failed to link because the damn linker needed more than the 1 GiB of address space required to build firefox
[04:45:21] <Cyprus> lol
[04:45:34] * NCommander hangs around in the nekochan IRC channel
[04:45:44] <NCommander> ssh tests running
[04:46:36] <Cyprus> this is making me miss being an actual linux engineer
[04:46:50] * NCommander goes to smoke while make tests runs
[04:50:22] <MrBluze> u should drink coffee, it makes your brain work better
[04:50:25] <MrBluze> smokes don't
[04:56:18] <NCommander> cmp: EOF on /root/openssh-6.6p1/regress/copy
[04:56:22] <NCommander> corrupted copy of /bin/ls
[04:56:22] <NCommander> failed local and remote forwarding
[04:56:22] <NCommander> .........
[04:57:45] <NCommander> [root@beryllium openssh-6.6p1]# diff regress/copy /bin/ls
[04:57:45] <NCommander> [root@beryllium openssh-6.6p1]#
[04:57:48] <NCommander> .......
[04:58:03] * NCommander can either conclude the test is broken, or cmp is broken on centos
[04:58:54] <Cyprus> im going with a
[04:58:56] <NCommander> SSH-2.0-OpenSSH_6.6
[04:59:03] <NCommander> Ok, new SSH is installed
[05:00:58] <NCommander> Adding versionlock on: 0:openssh-5.3p1-94.el6
[05:00:58] <NCommander> Adding versionlock on: 0:openssh-server-5.3p1-94.el6
[05:00:58] <NCommander> versionlock added: 2
[05:01:06] <NCommander> and now it won't get clobbered
[05:05:03] <NCommander> Cool
[05:05:07] <NCommander> Its getting ssh keys on the fly
[05:06:14] <Cyprus> version lock?
[05:06:49] <Cyprus> nvm found it
[05:08:14] * NCommander bangs head
[05:08:15] <NCommander> Mar 25 04:08:03 li50-41 sshd[24167]: pam_access(sshd:account): access denied for user `mcasadevall' from `boron.li694-22'
[05:08:15] <NCommander> Mar 25 04:08:03 li50-41 sshd[24167]: fatal: Access denied for user mcasadevall by PAM account configuration [preauth]
[05:10:57] <NCommander> looks like its trying to kerberos me coming in
[05:12:55] <NCommander> Ok
[05:12:59] <NCommander> so it rejected the SSH key
[05:12:59] <NCommander> why
[05:13:02] * NCommander hrms
[05:14:51] <NCommander> Seems the official advance for CentOS
[05:14:55] <NCommander> don't use passworddless auth
[05:16:12] <NCommander> Cyprus, http://bugs.centos.org
[05:16:13] <NCommander> wow
[05:17:12] <Cyprus> ahh
[05:17:33] <Cyprus> those would be in audit
[05:18:38] <Cyprus> this bug looks unrelated
[05:18:42] <NCommander> SELinux is disabled
[05:18:51] <NCommander> This is a fucking mess these PAM files
[05:18:54] * NCommander is trying to sort them out
[05:19:17] * NCommander hates to bitch more but really
[05:19:26] <NCommander> Ubuntu/Debian use a common authetication file
[05:19:32] <Cyprus> the bug is pretty dumb actually, the person overwrote the local file and thus it had the wrong secontext
[05:19:33] <NCommander> Seems EVERY file is different for CentOS
[05:19:40] <Cyprus> centos is very very federated
[05:20:14] <Cyprus> should all be in pam.d though
[05:21:33] <NCommander> It is
[05:21:40] <NCommander> But I'm trying to figure out which file I have to edit
[05:22:04] <Cyprus> let me see how i did it
[05:24:06] <Cyprus> ugh i hate pam
[05:27:12] <Cyprus> hmm not sure you had to backport
[05:27:25] <Cyprus> looks like they may roll in a wrapper on rhel side
[05:31:47] <Cyprus> well anyway good luck on that project
[05:31:56] -!- Cyprus has quit [Quit: zzzzzz]
[05:46:09] * NCommander swears more
[05:46:24] <NCommander> It looks like CentOS stock sshd actually had this patch included for awhile
[06:03:43] MrBluze is now known as MrBluze|afk
[06:14:10] MrBluze|afk is now known as MrBluze
[06:38:45] -!- pbnjoe has quit [Quit: Leaving]
[06:39:09] MrBluze is now known as MrBluze|afk
[06:49:12] -!- pbnjoe [pbnjoe!~pbnjoe@Soylent/Users/313/pbnjoe] has joined #staff
[07:43:25] <xlefay> NCommander: buy the book you were to write haha
[07:44:52] <xlefay> Anyone still here?
[07:52:58] <mattie_p> I am
[07:53:15] <xlefay> Ha, least someone is ;-)
[07:53:22] <mattie_p> I just got first text from the IRC server before my client segfaulted :)
[07:54:17] <mattie_p> "*** Looking up your hostname..." $ Segmentation fault (core dumped)
[07:55:33] <xlefay> That explains why your client always hangs ;-)
[07:55:39] <xlefay> Seems NC had a great time getting CentOS to work
[07:56:06] <mattie_p> actually, it looks like it takes about 4 minutes before it gets input from your server, not sure where I messed that up
[07:56:20] <mattie_p> yeah, no kidding
[07:56:36] <xlefay> mattie_p: that's probably not the case
[07:56:45] <xlefay> to quickly emulate: telnet irc.soylentnews.org 6667
[07:56:50] <xlefay> nick whatevah
[07:57:06] <xlefay> user whatever whatever whatever whatever
[07:57:33] <xlefay> not exactly as per protocol, but the IRC server will accept it ;-) quick to see if that's just the case for your bot or your entire incoming connection
[07:57:52] <NCommander> xlefay, I am
[07:58:12] <mattie_p> my incoming session is good, just the client isn't seeing anything
[07:58:35] <xlefay> NCommander: w00t
[07:58:36] <NCommander> xlefay, check the backscroll re: centos
[07:58:41] <xlefay> I did
[07:58:52] <NCommander> Turns out centos patches their own sshd to do stupid shit
[07:58:56] <xlefay> that sudo config was a bit messed up eh
[07:59:02] <xlefay> Yeah no shit
[07:59:03] <NCommander> But it also has the LKP patch which could be used for LDAP auth
[07:59:15] <NCommander> so I reinstalled the stock one and then hit it with a wrench
[08:00:15] <xlefay> ah, you smacked it into submission then
[08:01:19] <xlefay> Regarding what we talked about earlier, the packages, I do want to take a look at the alternatives, e.g. puppy, etc.
[08:01:30] <xlefay> Just to be thorough before we make a choice what's best for us :)
[08:02:44] <xlefay> Also, I'm looking into UFW, shouldn't be to hard - but we should document what should be open and closed.
[08:03:44] <NCommander> agreed
[08:04:13] <xlefay> sudo for beryllium fixed
[08:04:33] <xlefay> Also, it appears /etc/security/access.conf is also available for centos ;-)
[08:04:47] <xlefay> but you already spotted that
[08:05:48] <xlefay> So what is this "sudo-ldap" I'm reading?
[08:06:45] <xlefay> Guess that would be overkill since posix groups
[08:08:29] <xlefay> NCommander: you mucked with the default openssh installation on CentOS correct? (based on what I'm reading)
[08:09:09] <xlefay> In which case, we might need to exclude ssh from future updates for now on CentOS, we'll get a heads up it's been held back.
[08:11:53] <NCommander> xlefay, I referred it
[08:12:03] <NCommander> *reverted it
[08:12:10] <NCommander> xlefay, sudo-ldap allows for a global suoders file
[08:12:20] <xlefay> So we're using stock?
[08:13:25] <xlefay> A global sudoers isn't a bad idea, but that would be difficult with other groups who need sudo, maybe we can configure that per host in ldap, in which case, our sudo stuff just got a whole lot easier. I'll look into that.
[08:14:16] <xlefay> Then, li694-config package would just contain one sudo file that'll "just work!" for all Ubuntu nodes
[08:14:30] <xlefay> CentOS would require manual config at this point, but that's fine
[08:16:25] <xlefay> also, NCommander there are security upgrades, would "ca-certificates" mess with our config or will it asks us to merge or auto merge? If auto merge, you can just trigger it for all nodes from landscape.
[08:27:50] <NCommander> xlefay, automerge
[08:28:31] <xlefay> ah so you can just push a button in landscape to update all nodes ;-)
[08:29:04] <xlefay> You're probably tired, so sorry for bugging; but is there a reason why we're ignoring /etc/sudoers advise to use /etc/sudoers.d/ instead of editing the /etc/sudoers file directly or just because it's habit?
[08:48:27] MrBluze|afk is now known as MrBluze
[08:48:37] <xlefay> wb MrBluze
[08:48:41] <xlefay> you wanted an e-mail, I heard?
[08:48:52] <MrBluze> yeah
[08:49:02] <MrBluze> since gpg is coming i need to use thunderbird. . the time has come
[08:49:34] <xlefay> MrBluze@soylentnews.org?
[08:49:46] <MrBluze> yeah
[08:49:50] <MrBluze> it'll have to be that lol
[08:50:01] <xlefay> Ok, I'll update all your aliases to that as well.
[08:50:06] <MrBluze> thank you
[08:51:08] * xlefay sighs @ postfixadmin
[08:51:31] * MrBluze grins
[08:51:34] <xlefay> no worries
[08:52:29] <MrBluze> hmm.. i wonder if thunderbird will just autodetect everything
[08:52:47] <xlefay> name-suggestion still in use?
[08:52:58] <xlefay> MrBluze: it won't
[08:53:15] <MrBluze> still in use? huh?
[08:53:21] <xlefay> name-suggestion, style were aliases for you
[08:53:30] <MrBluze> oh that
[08:53:32] <MrBluze> yes
[08:53:42] <xlefay> ok PM :)
[08:53:47] <MrBluze> name-suggestion i never used actually
[08:54:01] <MrBluze> but i think they plan to use it at some point
[08:54:19] <xlefay> MrBluze: we've got a lot of e-mail @ name-suggestion@soylentnews.org
[08:54:28] <xlefay> That's what we used to get initial names, remember?
[08:56:58] <MrBluze> i do not appear to have ever received anything from it .. grrr
[08:56:59] <MrBluze> but ok
[08:57:17] <MrBluze> or .. maybe i did at some point .. but its gone .. which is odd .. but the names i kept at least
[08:57:31] <MrBluze> hotmail is dodgy
[08:57:40] * MrBluze only ever used it as a throw away email way back
[08:57:54] <xlefay> MrBluze: we both received a lot of stuff on there
[08:58:00] <xlefay> I'm fairly sure you did receive e-mail on that
[08:58:25] <xlefay> e.g. we set name-suggestion@soylentnews.org to your & my e-mail address
[08:58:32] <MrBluze> ok at least then u have it still
[08:58:38] <MrBluze> my hotmail has a lot of email missing
[08:59:08] <MrBluze> ok server names .. imap.s..n...org?
[08:59:18] <MrBluze> or is it mail.etc.org
[08:59:41] <xlefay> MrBluze: yep, like I mentioned in PM
[08:59:50] <MrBluze> oh ofc .. sorry
[09:00:21] <xlefay> no worries
[09:00:24] <xlefay> how are you?
[09:01:37] <MrBluze> oh im ok .. did a night shift so .. that sucked
[09:01:55] <MrBluze> but im fine lol - i will have the write up done tonight i reckon :)
[09:02:17] <xlefay> I bet but glad you're fine ;-)
[09:02:21] <xlefay> And thanks hehe
[09:02:31] <xlefay> currently working on ensuring sudoers are set correctly ;-)
[09:03:31] <MrBluze> ah nice
[09:03:37] <MrBluze> u have been a busy boy i see lol
[09:03:53] <MrBluze> its very heartening to know the security side is now very sane
[09:04:41] <xlefay> It's mostly been NCommander though, so far I've done nothing compared to what he's been doing ;-)
[09:12:25] <MrBluze> brb
[09:12:30] MrBluze is now known as MrBluze|away
[09:22:43] -!- pbnjoe has quit [Ping timeout: 246 seconds]
[09:25:28] MrBluze|away is now known as MrBluze
[09:57:27] <xlefay> NCommander: ping?
[09:57:40] <xlefay> I added funpika to ldap however... phpldap doesn't show him
[09:59:38] <xlefay> nvm
[10:11:01] -!- Popeidol has quit [Ping timeout: 246 seconds]
[10:13:05] -!- Popeidol [Popeidol!~matt@791-73-335-87.dyn.iinet.net.au] has joined #staff
[10:53:06] -!- FunPika [FunPika!~FunPika@Soylent/Staff/Wiki/FunPika] has joined #staff
[10:53:06] -!- mode/#staff [+v FunPika] by SkyNet
[11:02:58] <xlefay> FunPika: hi :0
[11:03:00] <xlefay> :)*
[11:03:57] <xlefay> Can you confirm ssh'ing to beryllium (svc) works?
[11:09:09] <FunPika> xlefay: Trying to SSH into staff and getting "Permission denied (publickey,gssapi-keyex,gssapi-with-mic)."
[11:10:18] <xlefay> FunPika: which server are you ssh'ing into?
[11:10:34] <FunPika> staff.soylentnews.org
[11:10:47] <xlefay> username funpika + your ssh key?
[11:11:07] <xlefay> ssh boron.li694-22 # or you're using: ssh staff.soylentnews.org?
[11:11:56] <FunPika> steven@steven-Inspiron-580 ~> ssh funpika@staff.soylentnews.org
[11:11:57] <FunPika> Permission denied (publickey,gssapi-keyex,gssapi-with-mic).
[11:12:41] <xlefay> ah got it
[11:13:53] <xlefay> try now?
[11:14:27] <xlefay> :)
[11:14:48] <xlefay> Be sure to update your kerberos pass and such
[11:15:14] <xlefay> (just follow the kerberos guide) and you're good to go: ssh beryllium ;-)
[11:15:42] <xlefay> I'll be back in 15 - 30 min if you need anything, just shout ;)
[11:33:58] -!- Popeidol has quit [Ping timeout: 246 seconds]
[11:35:56] -!- Popeidol [Popeidol!~matt@360-80-267-616.dyn.iinet.net.au] has joined #staff
[11:57:02] -!- FunPika has quit [Quit: Leaving]
[12:51:41] -!- bytram [bytram!~pc@Soylent/Staff/Developer/martyb] has joined #staff
[12:51:41] -!- mode/#staff [+v bytram] by SkyNet
[12:56:41] bytram is now known as Bytram|afk
[13:04:22] <xlefay> !todo webmail on https
[13:04:22] <DashComma> todo item 4 added
[13:04:56] * xlefay sighs, !todo goes automatic >.<
[13:41:01] -!- Bytram|afk has quit [Ping timeout: 246 seconds]
[14:35:10] paulej72 is now known as paulej72_away
[14:39:50] paulej72_away is now known as paulej72
[15:22:30] -!- Cyprus [Cyprus!~Cyprus@68.63.ljr.ppx] has joined #staff
[15:53:27] -!- mrcoolbp [mrcoolbp!~mrcoolbp@Soylent/Staff/mrcoolbp] has joined #staff
[15:53:27] -!- mode/#staff [+v mrcoolbp] by SkyNet
[15:55:21] -!- mechanicjay [mechanicjay!~jhowe@Soylent/Staff/Developer/mechanicjay] has joined #staff
[15:55:21] -!- mode/#staff [+v mechanicjay] by SkyNet
[15:57:59] <mrcoolbp> !current-uid
[15:57:59] <DashComma> The current maximum UID is 3944, owned by LazyBoot
[16:02:17] <mechanicjay> mrcoolbp: that's disconcerting.
[16:02:28] <mrcoolbp> heh
[16:02:35] <mrcoolbp> same as yesterday
[16:02:57] <mechanicjay> ...and the day before
[16:03:03] <mrcoolbp> oh
[16:05:16] <mrcoolbp> maybe it's time to start "getting the word out"
[16:06:09] <mechanicjay> That's what I was thinking. I've been planning to set my sig on various forums with a link to SN -- but I've been spending all my spare internet time on SN...
[16:06:10] <mechanicjay> :)
[16:06:23] <mrcoolbp> saem
[16:06:29] <mrcoolbp> same
[16:07:37] -!- janrinok [janrinok!~janrinok@Soylent/Staff/Editor/janrinok] has joined #staff
[16:07:37] -!- mode/#staff [+v janrinok] by SkyNet
[16:07:54] <janrinok> hi all
[16:07:59] <mechanicjay> howdy
[16:08:07] <janrinok> mechanicjay: hows things?
[16:08:22] <mrcoolbp> good morning (bonjour?)
[16:08:56] <janrinok> good afternoon for me - mais bonjour, c'est bon
[16:08:57] <mechanicjay> Just got here myself, but all seems quiet.
[16:09:27] <janrinok> if it seems quiet, it just means that we don't know what's going wrong yet....
[16:09:54] <mechanicjay> janrinok: how pessimistic..or is that realistic -- I get those confused sometimes ;)
[16:10:08] <janrinok> lolol
[16:10:23] <mrcoolbp> mechanicjay++
[16:10:23] <DashComma> karma - mechanicjay: 10
[16:10:33] <janrinok> mrcoolbp: hi
[16:10:42] <mrcoolbp> heyo
[16:11:25] <mrcoolbp> submissions are still healthy for now eh?
[16:11:41] <janrinok> don't know - I'm still firing up the computers...
[16:11:49] <mrcoolbp> (23)
[16:12:04] <janrinok> not bad - I can work with that!
[16:12:09] <mrcoolbp> with at least 9 in the que
[16:20:55] <mrcoolbp> janrinok: have you seen mrgirlwhowaspluggedout recently?
[16:21:43] <janrinok> not for over 10 days
[16:22:23] <janrinok> dopefish, mrgwwpo and cactus all seemed to disappear about the same time.
[16:23:31] <mrcoolbp> heh, if you need an extra editor, let me know
[16:24:50] <janrinok> thx - we actually need quite a few more editors, preferably spread through different tz. Since I started over a month ago I've not had a day off and I'm beginning to feel it a little.
[16:26:25] <mrcoolbp> if you need to take a few days off, just let us know
[16:26:42] <janrinok> I think my wife will decide that before I do!
[16:27:28] <mrcoolbp> that does happen, yes.
[16:34:57] <mrcoolbp> .op
[16:34:57] -!- mode/#staff [+o mrcoolbp] by SkyNet
[16:40:34] <mrcoolbp> janrinok: what is the color coding in the "story list" indicating? (red vs green)
[16:42:05] <janrinok> there are 4 colours. When I first edit and release a file it will appear as yellow to me, but red to everyone else, indicating that it requires a second ed to have a look. Once a second ed has seen it, it goes green. Grey would indicate a story that has been stopped for some reason or other.
[16:43:01] <janrinok> The story will still release even if yellow/red, the second look is not enforced but is something that we _try_ to do when manpower permits.
[16:44:05] <janrinok> All the red stories currently have already gone out - there is little point in me trying to check them. The community will tell us _quickly_ if they find a fault! lol
[16:46:55] <janrinok> mrcoolbp: do you know about the setting to stop a story going out? - (the setting that I wish I had known when I released the infamous 'DO NOT RELEASE - For Training Only' story!
[16:47:30] <mrcoolbp> no
[16:47:55] <mrcoolbp> the editor page is really confusing (3 or 4 text boxes without labels)
[16:48:21] <janrinok> OK, if you go to the submissions list and pick a likely story, I can try and talk you through it if you wish.
[16:48:50] <mrcoolbp> I'd at least like to know the process yes
[16:49:05] <janrinok> go ahead and let me know which story you choose..
[16:49:43] <mrcoolbp> "Electronic Cigs may not help"
[16:51:06] <janrinok> OK, I've opened the same page but I will not edit it. The top is the story that would be released if we did nothing else to it. It's mostly in italics which we don't want but we will change that in a moment.
[16:51:38] <mrcoolbp> (remove the tags)
[16:51:52] <janrinok> Below that it tells you the submitter GungnirSniper and the fact that he has had 20 stories so far
[16:52:00] <mrcoolbp> yup
[16:52:21] <janrinok> The title is self evident, the Dept is where we try to put a witty or pithy comment. I hate this bit!
[16:52:40] <mrcoolbp> "quitting-is-for-quitters" dept
[16:53:08] <janrinok> The next line tells you it will go on the Main Page (all ours do) - I like your Dept, type it in.
[16:53:18] <mrcoolbp> node
[16:53:32] <mrcoolbp> okay but wait
[16:53:43] <janrinok> Yep, it will be News and then press the preview button next to it.
[16:54:08] <mrcoolbp> between the "Pending submission...." and the title there are a bunch of boxes, just ignore all those?
[16:54:30] <janrinok> For the time being yes - just select preview
[16:54:38] <mrcoolbp> done
[16:55:00] * mrcoolbp strips out the tags
[16:55:18] <janrinok> OK , you've now got the story as it would appear plus some general bumf about similar stories. Useful for avoiding dupes.
[16:55:34] <mrcoolbp> I'm with you.
[16:56:02] <janrinok> Then is then an empty box and underneath that save/previes/ unsigned and Display. UNTICK THE DISPLAY OPTION.
[16:56:34] <janrinok> preview*
[16:56:53] <mrcoolbp> "unticked" and pressing preview
[16:57:35] <janrinok> OK, as long as the Display option remains unticked your story will never actually get seen outside of ourselves.
[16:57:59] <janrinok> That was my mistake 4 or 5 weeks ago. I didn't remember to untick that box!
[16:58:19] <mrcoolbp> got it.
[16:58:45] <janrinok> OK, for the time being we will ignore the Topics menu because there is nothing to be done for this story.
[16:59:27] <janrinok> The Title is already in place. We have to check that it is in Title case, which is this instance it is.
[16:59:56] <mrcoolbp> agreed
[17:00:33] <janrinok> The Dept is already filled in. A common mistake here is to insert a leading 'the' which the system puts in automatically. So, if you make a mistake you will see a Dept of the-the-whatever.
[17:00:47] <mrcoolbp> okay
[17:01:07] <mrcoolbp> should "The" be capiltilized in "The University of California..."?
[17:01:24] <mrcoolbp> (1st paragraph)
[17:01:25] <janrinok> The author is below that. I don't think that you are on the authors list
[17:01:48] <janrinok> Hang on, we'll come to the story itself in a moment.
[17:02:04] mechanicjay is now known as mechanicjay|lunch
[17:02:14] <janrinok> What is it showing in the author field?
[17:02:41] <mrcoolbp> It is showing me in the drop-down, but it says "unsigned" and my preview has no author
[17:03:34] <janrinok> That's ok, we can still go with that for the time being. You've then got the HTML formatting which is where you must do all of your editing.
[17:03:52] <mrcoolbp> I already started that a little.
[17:04:08] <janrinok> We have a specific style which is different from the other site.
[17:04:32] <janrinok> First of all, GungnirSniper always puts the wrong link before his name.
[17:04:46] <mrcoolbp> heh, so he does
[17:05:13] <janrinok> It should be either his own email address or 'http://soylentnews.org/~gungnirsniper'
[17:05:44] <mrcoolbp> fixed to above link
[17:06:08] <mrcoolbp> do you want "~Gungnirsniper/" or "~Gungnirsniper"
[17:06:15] <janrinok> after the word 'write' insert a ':' and change the italic to a paragraph.
[17:06:40] <janrinok> It doesn't matter, they both show up the same on the display.
[17:07:49] <mrcoolbp> okay, changed to , I added the colon, and I put "GungnirSniper writes:" in it's own as well
[17:08:18] <janrinok> Excellent - don't forget the close italic at the very end to a close paragraph
[17:08:26] <mrcoolbp> already did
[17:09:14] <janrinok> OK, before I leave you to play with that, we will do one more thing just to be on the safe side. Just underneat the Author data there is a date/time. see it?
[17:09:24] <mrcoolbp> yes
[17:09:38] <janrinok> change the time for something like 21:00:00
[17:10:40] <mrcoolbp> "2014-03-25 21:00:00"
[17:11:53] <janrinok> That's good. Now even if you do put it in the story queue, it will not release because Display is unticked, (it will appear grey in the stories list) but it won't go anywhere before 2100 tonight anyway. Gives us time to recover any cock-ups.
[17:12:25] <mrcoolbp> cool, do you want me to "save" and you can review?
[17:12:45] <mrcoolbp> (the "display" box is definitely not checked)
[17:13:17] <janrinok> Play as much as you wish, press review whenever you want to and when you are happy then press save. It will change to the story list and you will see your story in grey.
[17:13:38] <mrcoolbp> alright, thanks!
[17:13:40] <janrinok> I've got to go prepare a meal so I'll be back in a while.
[17:14:19] <janrinok> Clicking on the story that you save in the story list will bring you back into the editor mode again.
[17:14:56] <mrcoolbp> thanks again.
[17:14:59] <janrinok> Change all to 
[17:15:27] <janrinok> remove any single or 
[17:15:50] <mrcoolbp> okay
[17:16:14] <janrinok> bbl
[17:16:53] <mrcoolbp> enjoy
[17:17:09] <janrinok> LaminatorX is correcting all my stories - they also show up in grey because I've entered a dupe from 7 days ago!
[17:19:55] <mrcoolbp> one of the links points to a summary that has a link to the full article which is broken?
[17:20:02] <mrcoolbp> I'm not sure if it's behind a paywall
[17:20:13] <mrcoolbp> weird that it would just be broken though
[17:40:46] <mrcoolbp> BBL
[17:40:48] -!- mrcoolbp has quit []
[18:03:15] -!- LaminatorX [LaminatorX!~18d900fb@Soylent/Staff/Editor/LaminatorX] has joined #staff
[18:03:15] -!- mode/#staff [+v LaminatorX] by SkyNet
[18:29:31] -!- mattiep [mattiep!~mattie_p@Soylent/Staff/Editor/mattiep] has joined #staff
[18:29:31] -!- mode/#staff [+v mattiep] by SkyNet
[18:32:34] -!- mattie_p has quit [Ping timeout: 246 seconds]
[18:44:01] -!- mrcoolbp [mrcoolbp!~mrcoolbp@Soylent/Staff/mrcoolbp] has joined #staff
[18:44:01] -!- mode/#staff [+v mrcoolbp] by SkyNet
[18:54:53] mechanicjay|lunch is now known as mechanicjay
[19:19:36] mattiep is now known as mattie_p
[19:36:37] <janrinok> mrcoolbp: How did your little experiment go?
[19:36:50] <mrcoolbp> did you check it out?
[19:37:00] <mrcoolbp> you tell me = )
[19:37:06] <janrinok> not yet- I've just sat down
[19:37:23] * NCommander is home
[19:37:37] <NCommander> I hate dealing w/ denists
[19:37:50] <janrinok> If I'm happy, shall I release it under my name mrcoolbp ?
[19:37:57] <mrcoolbp> please
[19:38:01] <mrcoolbp> wb NCommander
[19:41:41] <NCommander> xlefay, so, I was thinking ...
[19:41:49] <NCommander> xlefay, Linode has "StackScripts" ...
[19:42:01] <NCommander> xlefay, we could get our entire new node bring up to be single click ...
[19:44:52] <NCommander> mrcoolbp, janrinok: I'm going to remove girlpluggedout's editoral bits until he returns
[19:45:11] <mrcoolbp> Okay, where is he?
[19:45:18] <janrinok> OK - I've no idea where he went to
[19:47:34] <janrinok> mrcoolbp: it goes out at 20:01 UTC. I don't know what you did but I couldn't put my name to it - it will display as 'posted by' blank.
[19:48:48] <mrcoolbp> janrinok: you are not in the dropdown list for me...
[19:49:16] <janrinok> I wasn't for me either after you edited it!
[19:49:21] <janrinok> lolo
[19:49:22] <mrcoolbp> NCommander: can we add me to the "authors" list ?
[19:49:40] <janrinok> mrcoolbp: do you want to run that by LaminatorX?
[19:49:49] <mrcoolbp> oh yeah, probably...
[19:49:50] <mrcoolbp> heh
[19:50:05] <mrcoolbp> LaminatorX, do you have a second?
[19:50:35] <NCommander> uh oh
[19:50:37] <NCommander> shit
[19:50:42] <janrinok> mrcoolbp: There is still a bit more to do, but we can cover that later once I've pushed out a few stories.
[19:51:04] <mrcoolbp> okay, thanks again janrinok.
[19:51:10] <mrcoolbp> NCommander: what now?
[19:51:21] <NCommander> mrcoolbp, Apache took a moment to restart
[19:51:22] <NCommander> http://soylentnews.org
[19:51:27] <NCommander> Ok, I figured out how to update that page
[19:52:02] <NCommander> Who else needs to be on the authors page?
[19:52:12] <mrcoolbp> nice, thanks. janrinok: you are now the editor on that story
[19:52:28] <mrcoolbp> NCommander: LaminatorX isn't showing up for me in that drop-down, not sure why...
[19:52:42] <NCommander> mrcoolbp, I've got him added
[19:52:46] <NCommander> I have to bounce Apache to rebuild the cache
[19:52:48] <NCommander> so who else?
[19:53:27] <mrcoolbp> I have to get auth from LaminatorX
[19:53:46] <NCommander> mrcoolbp, ???
[19:54:03] <mrcoolbp> I'm not sure I'm "allowed" to be an "author"
[19:54:08] <mrcoolbp> should be his decision
[19:54:46] <NCommander> mrcoolbp, if they're actively posting on the index, then they should be in authors
[19:54:56] <NCommander> mattie_p, are you an active editor? Your last story was two weeks ago
[19:55:31] <mrcoolbp> NCommander: I'm not actively posting yet, I just wanted to see how the process worked.
[19:55:42] <NCommander> mrcoolbp, a suadmin has to set the authors flag
[19:55:55] <NCommander> THen you have to rebuild the cache (Slash actually tells you what command to run on hydrogen)
[19:56:39] <mrcoolbp> good to know
[19:57:34] <mrcoolbp> NCommander: he's still editing the page I think but: http://wiki.soylentnews.org
[19:59:28] <NCommander> mrcoolbp, janrinok http://soylentnews.org
[19:59:38] <NCommander> LaminatorX, janrinok: yesh, go team editor
[19:59:50] <NCommander> (the number is articles submitted)
[19:59:58] <NCommander> er, posted
[20:00:24] <mrcoolbp> wow
[20:01:41] <paulej72> there is a slashd process that runs at midnight that updaes the editor list.
[20:02:04] <janrinok> NCommander: LaminatorX is missing from that list and I suspect that he has done the lion's share of posts
[20:02:30] <NCommander> janrinok, huh? I added him
[20:02:40] <NCommander> janrinok, make sure your logged in, or you're getting varnished
[20:02:52] <janrinok> OK
[20:03:01] <paulej72> the tasks is refresh_authors_cache.pl
[20:03:46] <NCommander> janrinok, incidently, LaminatorX has posted two more articles than you
[20:03:50] <janrinok> yep, that worked - the problem with using multiple computers.... and being a plonker.
[20:04:24] <paulej72> NCommander: at least two of LaminatorX articles were dups so janrinok is proably in the lead
[20:04:40] <NCommander> janrinok, I have mixed feelings that the cookies get bound to an IP
[20:04:46] <NCommander> On the plus side: security++
[20:04:53] <NCommander> Downside, people don't stay logged in
[20:05:00] <janrinok> yeah, but np
[20:06:30] <NCommander> janrinok, you might want to fill out your profile on Slash
[20:06:36] <NCommander> janrinok, so it shows up on the authors page
[20:06:52] <janrinok> It does show up for me
[20:07:21] <janrinok> it gives my programming experience, and hobbies...
[20:07:42] <NCommander> janrinok, brain fart.
[20:07:46] <janrinok> lol
[20:07:46] <NCommander> LaminatorX, go fill in your profile
[20:07:49] <janrinok> lolol
[20:08:01] <paulej72> is anyone annoyed that the authors page should be called Editors
[20:08:01] * NCommander notes he probably shouldn't be on the authors cache
[20:08:11] <janrinok> ah, the _other_ janrinok...
[20:08:12] <NCommander> paulej72, I rather rename it to staff, and perhaps subdivide it
[20:08:19] <LaminatorX> You want to join the editors, mrcoolbp?
[20:08:23] <janrinok> paulej72: yes
[20:08:44] <mrcoolbp> LaminatorX, yes!
[20:08:59] <NCommander> http://slashdot.org - holy crap
[20:09:03] <NCommander> That's really broken
[20:09:05] <mrcoolbp> LaminatorX, also should that be "source of nerd *rage*" not "range" ?
[20:09:07] <paulej72> NCommander: where are the author bits stored
[20:09:22] <LaminatorX> We could certainly use you,
[20:09:40] <paulej72> NCommander: authors.pl was on my todo list
[20:10:00] <paulej72> Really needs to be styled properly
[20:10:02] <NCommander> paulej72, in the database, you can see them if you're suadmin
[20:11:34] <mrcoolbp> LaminatorX: thanks. NCommander: You can me to the authors list when you have time
[20:11:39] <NCommander> mrcoolbp, adding
[20:11:43] <mrcoolbp> thanks
[20:12:05] <LaminatorX> What's your availability like, for posting stories?
[20:12:43] <paulej72> NCommander: I was hpoing it was not just a checkbox. That way we could redo it as staff much easier. We would need to update the db with a new field to make a sectioned staff page.
[20:12:45] <mrcoolbp> depends on the week really, my job has crazy hours, but I'm in EST time zone
[20:12:50] <NCommander> paulej72, yeah, I know
[20:12:57] <NCommander> paulej72, there is a field we cold repurpose
[20:13:00] <LaminatorX> NCommander, we also need to give the appropriate permissions to GungnirSniper. He's joining Editors as well.
[20:13:01] <NCommander> "Author in Section"
[20:13:13] <NCommander> LaminatorX, does he need an editor bit for the main page?
[20:15:15] <NCommander> LaminatorX, editor bit granted, and I marked him an author
[20:15:25] <LaminatorX> Yes, please.
[20:15:26] <mrcoolbp> LaminatorX, can I correct that typo on the story? "nerd range" should be "nerd rage"
[20:15:35] <paulej72> NCommander: author is a tinyinit in the db
[20:15:43] <LaminatorX> Please do. Thank you.
[20:15:55] <NCommander> paulej72, ... wtf?
[20:16:34] <NCommander> LaminatorX, janrinok you know, you guys suck at signing off your stories
[20:16:35] <paulej72> usres table author field is a tinyinit(4)
[20:16:41] <NCommander> paulej72, again, wtf?
[20:16:43] <mrcoolbp> done
[20:16:47] * NCommander notes thats aimed at the slash guys
[20:17:04] <janrinok> NCommander: ?
[20:17:22] <paulej72> Yes so I can put a number reperesenting the differnt staff groups.
[20:17:32] <paulej72> Don’t have to change the db
[20:17:36] <mrcoolbp> janrinok: he's expressing the confusion of a sane developer examining slashcode
[20:17:43] <janrinok> lol
[20:18:02] <NCommander> janrinok, red articles on the stories list aren't signed off
[20:18:14] <NCommander> janrinok, if we were enforcing the two man switch, they'd disappear
[20:18:40] <janrinok> NCommander: If they hadn't gone out before I logged on - I would have checked them :)
[20:18:52] <NCommander> janrinok, you should probably check them regardless in case of typo
[20:19:56] <janrinok> I find that once they have gone out the community are very quick to point out typos, dupes, rubbish, etc :)
[20:20:18] <NCommander> at least the main page is nice and colorful
[20:20:55] <mrcoolbp> heh
[20:24:04] <NCommander> janrinok, LaminatorX: I kinda hate to say this, but TBH, I actually think slash is a pretty damn good editoral platform
[20:24:25] <janrinok> I kind of hate to say Thank You
[20:25:26] <NCommander> janrinok, :-P
[20:27:34] <LaminatorX> Well, that is what it was built for.
[20:27:49] <NCommander> Holy shit
[20:27:59] <NCommander> http://blogs.technet.com
[20:28:22] <mechanicjay> Yeah, was just going to check the sub queue for that one before I tried to work one up.
[20:28:24] <paulej72> wtf
[20:28:58] <mechanicjay> ...there's a sub, but it sucks.
[20:29:17] <NCommander> we need a way to tell people why they've been rejected
[20:29:24] <mrcoolbp> ^^^^^
[20:29:29] <LaminatorX> That would be helpful, yes.
[20:29:36] <NCommander> http://www.computerhistory.org - lol, dead already
[20:29:40] <NCommander> Guru Mediation error
[20:29:59] <paulej72> NCommander: there is a feature reqest in for that with a high priority tag on it
[20:29:59] <NCommander> Their varnish config must suck
[20:30:09] <mechanicjay> http://blogs.technet.com
[20:30:13] <NCommander> paulej72, I'm going to assemble a TODO list for Slashcode 04.14
[20:30:27] <NCommander> mechanicjay, yeah, but the source isn't available there
[20:30:30] * NCommander actually wants to take a look
[20:30:46] <paulej72> That better not be a big list or we will not get it out the door :)
[20:31:07] <mrcoolbp> NCommander: if you want ideas for the slashcode todolist: http://wiki.soylentnews.org
[20:31:10] <NCommander> paulej72, so it becomes 05.14 "tardy tasr"
[20:31:23] <mechanicjay> April Fools: "We took the abandonded Dos source code, reworked in it a weekend, and decided to run slash on it!"
[20:31:25] <NCommander> Holy crap
[20:31:32] <NCommander> Its the Windows version fo Word 1.1a
[20:31:41] * NCommander is sorely tempted to download openwatcom and to try and compile it
[20:32:21] <NCommander> mechanicjay, I think april fools this year is slash running on HURD
[20:32:38] <paulej72> the dos code is probably 70% assembly code
[20:32:50] <NCommander> paulej72, 300 KiB of it
[20:32:53] <mechanicjay> NCommander: Yes, I know, which is good too!
[20:33:17] <LaminatorX> Ooh, noes it have Kindal's hidden copyright notice?
[20:34:43] <paulej72> NCommander: for April 1 we should just push out all of our current changes to slash and people would be getting a OMG Ponies type of reaction.
[20:35:14] <paulej72> or should we save that for April 2
[20:35:32] <mechanicjay> paulej72: we revert the codebase on April 2 :)
[20:35:43] <NCommander> paulej72, I rather not be like the other site which frequently was unusable on April 1st
[20:38:59] <NCommander> mechanicjay, ever use Apache with mod_subsitute
[20:39:07] <mechanicjay> NCommander: nope
[20:39:29] <NCommander> mechanicjay, ok, do you have knowledge of milter plugins + postfix
[20:39:50] <NCommander> mechanicjay, I want to GPG sign emails coming from Slash, and I think if we do that on a MTA layer, we'll save ourselves a lot of pain
[20:40:19] <mechanicjay> NCommander: limited postfix/milter experience.
[20:40:50] <NCommander> mechanicjay, how hard to think it would be to impleent a milter plugin that basically runs gpg -s on what passes through
[20:42:37] <mechanicjay> NCommander: hard to say, need to research a little before I can give any resonable speculation.
[20:43:15] <NCommander> mechanicjay, fair enough
[20:43:30] * NCommander notes it might be worthwhile having a way to login via SSH without pubkeys
[20:43:50] * NCommander debates if setting up S/Key as a secondary authetication method is a good idea
[20:44:24] <NCommander> Basically, you can use S/KEY to get onto boron, then kerberos auth across the nodes
[20:45:49] <NCommander> https://wiki.archlinux.org
[20:46:09] <NCommander> or just allow the use of Google Autheticator
[20:46:16] <NCommander> Autheticator + kerberos password
[20:49:02] <mechanicjay> NCommander: 2 minute research shows that gpg-mailgate might work, a quick and easy plugin for postfix. I can look at this closer tonight.
[20:49:25] <NCommander> mechanicjay, appreicated
[20:49:38] * NCommander has a decent idea of how to make Tor hidden node become a thing
[20:52:30] <NCommander> mechanicjay, oh, side note, I fixed X forwarding on Beryllium
[20:52:40] <NCommander> mechanicjay, (part of the miserary getting that system LDAPed)
[20:52:46] <NCommander> mechanicjay, so you can get into sysconfig now
[20:53:09] -!- FunPika [FunPika!~FunPika@Soylent/Staff/Wiki/FunPika] has joined #staff
[20:53:09] -!- mode/#staff [+v FunPika] by SkyNet
[20:55:02] <LaminatorX> NCommander, n1 will also be joining the editors team (along with gungnirsniper and mrcoolbp). he will need privs as well.
[20:55:55] <NCommander> LaminatorX, granted
[20:55:57] <mechanicjay> !todo checkout gpg-mailgate
[20:55:57] <DashComma> todo item 6 added
[20:56:11] <NCommander> mechanicjay, I'm not sure this is going to work out of the box, its meant to encrypt, not sign
[20:57:03] <mechanicjay> erm, yeah, looking at that now
[20:57:12] <mechanicjay> !done 6
[20:57:12] <DashComma> 1 item deleted
[20:57:48] <mechanicjay> !todo investigate pgp postfix plugin for signing
[20:57:48] <DashComma> todo item 6 added
[20:58:40] <paulej72> NCommander submission nudge message is coming along and should be ready soon
[20:58:42] * NCommander just had an idea for the NFP name
[20:58:44] <NCommander> paulej72, <3
[20:58:50] <NCommander> LibreNews Foundation
[21:01:36] <paulej72> Do we want to make a staff page that is similar to the wiki Who’sWho page?
[21:02:35] <mrcoolbp> yet another thing to update all the time paulej72
[21:02:39] <paulej72> because i can do 7 groups with a signed tinyint.
[21:04:47] <paulej72> mrcoolbp: we do not like that the authors page is not authors but editors. NC suggested doing a staff page. I can modifly the autohrs code to give us up to 7 groups that people can belong in. The staff page would be generated from these settings
[21:05:13] <mrcoolbp> cool, I get you know.
[21:10:59] <NCommander> paulej72, I rather it on the site than the wiki. The wiki mostly exists for us, most users aren't going to check it with any regularity
[21:12:55] <paulej72> The we need to define our groups much more rigorously as I only have 7 groups to work with.
[21:14:49] <NCommander> paulej72, is it a bitfield?
[21:14:52] * NCommander grumbles
[21:15:03] <NCommander> paulej72, we could just make it a bigger int with ALTER TABLE
[21:16:13] <paulej72> NCommander: I was going to do a bitfield as users could be in multiple groups. I was also trying not to tocuh the db unless necessary.
[21:16:25] <NCommander> paulej72, well, adding fields is safe
[21:18:03] <NCommander> mechanicjay, paulej72 for April 1st, I think we should launch Tor Hidden Service, signed GPG emails, and a HURD node (this one being the joke)
[21:20:22] <NCommander> xlefay, did you add backups to all the nodes on linode?
[21:28:53] LaminatorX is now known as LaminatorX|afk
[21:35:16] <NCommander> mechanicjay, paulej72: so ... with static page generation disabled, I think we only need to run a single instance of slashd across the network
[21:40:23] <NCommander> Googling around
[21:40:30] <NCommander> I think the biggest problem is we use wildcard vhosts
[21:40:31] <NCommander> hrm ...
[21:40:53] -!- pbnjoe [pbnjoe!~pbnjoe@Soylent/Users/313/pbnjoe] has joined #staff
[21:42:37] <mechanicjay> NCommander: single instance makes sense if all pages are dynamic
[21:43:00] <NCommander> mechanicjay, ah, fuck, no there's still a handful of static pages
[21:43:04] * NCommander glares at about.shtml
[21:43:21] <NCommander> There's got to be something about this in the slashd config file
[21:43:54] * NCommander notes hydrogen getting to the point we're going to want to either load balance or upgrade
[21:46:03] <mechanicjay> Fuck, I've gotten nothing done at work today.
[21:46:15] <mechanicjay> Fuck, I've gotten nothing done for NS today.
[21:47:12] <NCommander> 1102762 0.00 5.89 client_req - Client requests received
[21:47:25] <NCommander> so we're averaging half a million hits per day
[21:47:35] <NCommander> mechanicjay, also:
[21:47:35] <NCommander> 2+04:02:25
[21:47:35] <NCommander> Hitrate ratio: 3 3 3
[21:47:35] <NCommander> Hitrate avg: 0.9428 0.9428 0.9428
[21:47:40] <NCommander> That's stupid sexy
[21:49:41] <NCommander> ^- xlefay
[21:50:08] <mechanicjay> you really want to run varnish stat for while to let the numbers build up so you get the top reading 10 /100 /1000 which gives you the longer term cache rates for the last 10/ 100 / 1000 requests respectively
[21:50:18] <mechanicjay> currently at 55 and counting
[21:50:40] -!- Popeidol has quit [Ping timeout: 246 seconds]
[21:51:00] <MrBluze> half a million
[21:51:12] * MrBluze will drink to that later
[21:51:24] <NCommander> mechanicjay, I'm going to run it in screen under slash
[21:51:38] <NCommander> slash@hydrogen:~$ screen
[21:51:39] <NCommander> Cannot open your terminal '/dev/pts/2' - please check.
[21:51:40] <NCommander> ...
[21:51:46] <NCommander> I think we put the straightjacket on a bit TOO tightly
[21:52:13] <NCommander> mcasadevall@hydrogen:/dev$ ls -lah pts/*
[21:52:13] <NCommander> crw--w---- 1 mcasadevall tty 136, 0 Mar 25 19:14 pts/0
[21:52:13] <NCommander> crw--w---- 1 mcasadevall tty 136, 1 Mar 25 20:34 pts/1
[21:52:13] <NCommander> crw--w---- 1 mcasadevall tty 136, 2 Mar 25 20:52 pts/2
[21:52:13] <NCommander> crw--w---- 1 mechanicjay tty 136, 3 Mar 25 20:52 pts/3
[21:52:14] <NCommander> c--------- 1 root root 5, 2 Mar 23 16:44 pts/ptmx
[21:52:14] <mechanicjay> reading varnish stat is not straight forward, even what i told you there is wrong
[21:52:16] <NCommander> .... wtf?
[21:52:32] -!- Popeidol [Popeidol!~matt@67-9-65-706.dyn.iinet.net.au] has joined #staff
[21:53:26] <mechanicjay> Hitrate ratio: 10 100 164
[21:53:26] <mechanicjay> Hitrate avg: 0.9329 0.8293 0.8248
[21:53:31] <NCommander> mechanicjay, decent guide to varnishstat http://kly.no
[21:53:53] <mechanicjay> yeah, I read that one everytime I look at varnishstat
[21:53:57] * NCommander suspects slashd internal numbers was off
[21:54:11] <NCommander> We're averaging about two hits a second
[21:54:22] <NCommander> right now
[21:56:06] * NCommander wishes we could get realistic numbers
[21:57:10] <mechanicjay> according to varnishstat for dummies, our varnish averages 5.89 requests/second?
[21:57:32] <NCommander> mechanicjay, that sounds abotu right
[21:57:47] <NCommander> mechanicjay, slash has reported at times it was getting 20-30 hits per second before I reworked the varnish config
[21:57:57] <NCommander> Now slash is lucky if it gets 1-2 hits every 2-3 seconds
[21:58:10] <mechanicjay> that is rather sexy
[21:59:06] * NCommander is trying to get a realistic idea of what we get for traffic
[21:59:16] <NCommander> We get roughly ~1000 non-cache hits on every article
[21:59:23] <mechanicjay> ah, if you take the cache_hit and divide by client_req, that should give the server lifetime cache hit rate
[21:59:27] <mechanicjay> 0.861080546
[22:00:13] <NCommander> That's extremely good
[22:00:20] <NCommander> Since we flush the cache every 5 minutes
[22:00:39] <mechanicjay> the whole cache?
[22:00:49] <NCommander> mechanicjay, we invalidate it for non-static assets
[22:01:03] <mechanicjay> okay, that's what I thought.
[22:01:27] <NCommander> mechanicjay, if (req.url ~ "\.(png|gif|jpg|swf|css|js)(\?.*|)$") {
[22:01:27] <NCommander> return (lookup);
[22:01:27] <NCommander> }
[22:01:37] <NCommander> Probably should add shtml there now
[22:02:10] <NCommander> mechanicjay, the varnish backend constantly probes slashcode.css to see if the server is up
[22:02:20] <NCommander> If Apache takes a shit, varnish holds onto its cache for up to 1 hour
[22:02:43] <NCommander> (as for why slashcode.css, slash's internal access logs ignore files ending in .css ..."
[22:03:12] <mechanicjay> ha! clever :)
[22:03:15] <NCommander> set req.http.X-SFINC-SSL = "true";
[22:03:21] <NCommander> Gah, we shouldn't be setting that unconditionally
[22:03:26] * NCommander nukes it from the varnish config
[22:04:01] <NCommander> if (client.ip ~ upstream_proxy && req.http.X-Forwarded-For) {
[22:04:01] <NCommander> set req.http.X-SFINC-SSL = "true";
[22:04:01] <NCommander> set req.http.X-Forwarded-For = req.http.X-Forwarded-For;
[22:04:01] <NCommander> } else {
[22:04:01] <NCommander> remove req.http.X-Forwarded-For;
[22:04:01] <NCommander> set req.http.X-Forwarded-For = client.ip;
[22:04:05] <NCommander> }
[22:04:07] <NCommander> No wait, that's right
[22:04:14] <NCommander> if( (throttle.is_allowed("ip:" + client.ip, "7req/s") > 0s) && !req.http.X-SSL-On) {
[22:04:14] <NCommander> error 429 "Too many requests; 400 TB not accepted";
[22:04:14] <NCommander> }
[22:04:24] <NCommander> .... for the love of god I hope we're rate limiting on nginx
[22:04:39] <mechanicjay> http://gtmetrix.com
[22:05:07] <NCommander> Leverage browser caching
[22:05:09] <NCommander> Hrm
[22:05:16] * NCommander wonders if we can set the cache headers in varnish
[22:05:21] <NCommander> As they come back the other direction
[22:05:31] * NCommander notes we're using varnish as our Apache regex
[22:05:38] <mechanicjay> I'm surprised -- maybe apache isn't setting them on the outbound side?
[22:06:28] <NCommander> mechanicjay, we predate client side caching :-)
[22:06:30] <NCommander> Yay for antiques
[22:06:34] <mechanicjay> :)
[22:06:39] <NCommander> So happy that shit is apparmored
[22:06:47] * NCommander actually isn't hugely concerned with security on it anymore
[22:07:03] <NCommander> mechanicjay, stackoverflow.com/questions/9009966/how-to-set-varnish-cache-control-headers
[22:07:05] <MrBluze> apparmor works
[22:07:07] <NCommander> That seems easy enough
[22:07:21] <mechanicjay> we should set something like set beresp.http.cache-control = "max-age=100000000000000000000000" for static content
[22:07:47] <NCommander> mechanicjay, that should do lovely things for our bandwidth
[22:08:00] <NCommander> Though if we ever change the site layout, we should force a refresh
[22:08:03] <NCommander> how do we do that?
[22:08:45] <mechanicjay> we just flush the entire varnish cache, bounce it (bad) or send the purge http request
[22:09:12] <mechanicjay> I mean, setting the cache on static stuff to like a day is probably fine
[22:09:14] <NCommander> mechanicjay, no, client side caching
[22:09:42] <mechanicjay> yes, set max age headers to a day so clients stop asking us for stuff
[22:09:44] <NCommander> Yeah, just caching the static assets is probably a good idea
[22:09:54] MrBluze is now known as MrBluze|afk
[22:09:56] * NCommander debates if he's willing to tinker with the varnish config
[22:10:11] <mechanicjay> did you disable varnish on dev?
[22:10:28] <NCommander> mechanicjay, no, its in place because it hits codepaths in slash we need to test
[22:11:04] <NCommander> mechanicjay, for when we get a tor hidden node, I plan to have the proxy server for tor set X-Forwarded-By: 255.255.255.255 which will gets a constant IP for Apache for Tor users, and have the added benefit that cookes will work properly
[22:12:16] <NCommander> Basically, for tor clients, we sed the page for //soylentnews.org, and replace with //something.onion/
[22:12:27] <NCommander> Which means that links to SN on the site will "just work"
[22:22:02] <mechanicjay> alright, I have a stanza in vcl_fetch, which sets the cache-control header for clients to 31 days for png|gif|jpg|swf|css|js
[22:22:06] <mechanicjay> on dev
[22:23:28] <mechanicjay> if we like that on dev, we can probably chuck that on prod with no issue.
[22:24:00] <xlefay> NCommander: looking into stack scvripts ;)
[22:24:22] <xlefay> backups are still on my schedule
[22:26:27] <mechanicjay> okay, I'm going to spend the next 30 minutes trying to something for my RL job. I'll check in tonight.
[22:26:34] mechanicjay is now known as mechanicjay|workingIRL
[22:26:49] <xlefay> mechanicjay|workingIRL: hah, good luck ;)
[22:27:03] <mechanicjay|workingIRL> xlefay: it's been a bad productivity day
[22:27:27] <xlefay> I've been AFK for most of it so that makes it for two of us:p
[22:30:14] <xlefay> NCommander: what are you working on now?
[22:30:50] <NCommander> mechanicjay|workingIRL, yeah, I'm happy with that
[22:31:12] <NCommander> mechanicjay|workingIRL, if we do a redesign that drastically changes page assets, we can tell people to ctrl-f5
[22:31:46] <xlefay> we could probably also add a ?<timestamp> to asset urls?
[22:32:02] <xlefay> style.css?last_edited_timestamp etc?
[22:33:02] <xlefay> Then varnish would still be able to cache it (iirc) and browsers will simply re-cache without the ctrl+f5 ;)
[22:33:43] -!- Popeidol has quit [Ping timeout: 246 seconds]
[22:34:48] -!- LaminatorX|afk has quit [Quit: Web client closed]
[22:35:45] -!- Popeidol [Popeidol!~matt@484-42-938-3.dyn.iinet.net.au] has joined #staff
[22:37:12] <NCommander> xlefay, actually ...
[22:37:16] <NCommander> xlefay, that's already there
[22:37:29] <NCommander> Slash appends the CVS ID to static assets
[22:37:35] <NCommander> Thats the T_2_5_XXX thing
[22:38:19] <paulej72> NCommander: how do we change the CVS ID when we do a production update?
[22:38:33] <xlefay> So ctrl+f5 isn't required then, if all's good :)
[22:39:22] <xlefay> Unless, varnish ignores the ?T, but I doubt it
[22:39:28] <paulej72> NCommander: I would not want the css files to get cached for 31 dayes right wen we do an slash update
[22:39:48] <NCommander> paulej72, its in the database
[22:39:51] <NCommander> paulej72, its a var
[22:40:41] <paulej72> NCommander: of course it is, make my life a living hell shashdevs
[22:41:08] <xlefay> I'm looking at AMANDA, Bacula & Duplicity; seems AMANDA or Bacula is the right way to go, ever used Bacula?
[22:42:06] <paulej72> NCommander: we need to update that var then in the db as part of our deploy script, if we want this to work correctly
[22:42:18] <NCommander> paulej72, T_2_5_0_272
[22:42:32] <NCommander> paulej72, cvs_tag_currentcode
[22:43:26] <NCommander> paulej72, all the css/js URLs get that appended to it
[22:43:30] <NCommander> Stattic images don't
[22:44:09] <paulej72> NCommander: I would imagine when we go to regular slash code releases we will change that to our own number scheme
[22:44:44] <NCommander> paulej72, yeah. While I don't expect a resurrence as slash as a CMS, its at least worthwhile to let others play with it
[22:44:56] <NCommander> paulej72, though we might want to consider renaming slashcode
[22:45:03] <NCommander> (though upstream only ever called it slash)
[22:45:21] <xlefay> I'd throw shortform git commit id's after the ?T_ | Anyhow, no opinion regarding AMANDA & Bacula?
[22:45:54] <NCommander> xlefay, I on't know enough really
[22:46:04] <paulej72> NCommander: I think on dev I should modify the script to change that var to the git commit id
[22:46:23] <NCommander> paulej72, go for it. You need to restart apache and slash after updating vars
[22:47:01] <paulej72> NCommander: I am aware of that and I that is alreay part of the deploy script
[22:50:29] <NCommander> cool
[22:52:11] <NCommander> paulej72, BTW, can you look at removing javascript for userfacing. There's nothing int eh UI that requires it AFAIK.
[22:52:28] <NCommander> paulej72, we should only include them if the user is an admin (is_admin flag in the templates), for backslash
[22:52:57] <paulej72> NCommander: I can look into that, but it is a big can of worms
[22:53:02] <NCommander> paulej72, ?
[22:54:13] <paulej72> NCommander: I can’t remember where the JS is loaded and if I can easily wrap it with an admin check.
[22:54:25] <NCommander> paulej72, its in the templates
[22:55:11] <NCommander> paulej72, themes/slashcode/templates/html-header;misc;default
[22:55:13] <paulej72> !todo add admin check to JS load
[22:55:13] <DashComma> todo item 12 added
[22:55:40] <NCommander> paulej72, also, probably try and find most of the images and get a version tag on them so we can expire them on command
[22:56:10] * NCommander notes a page load size of Total page size: 149KB is pretty good but WE CAN DO BETTER
[22:56:26] <xlefay> We can also set up a release schedule and adjust the varnish cache accordingly
[22:56:30] * NCommander is still amazed we often go through 30 GiB of bandwidth
[22:56:47] <xlefay> We can miss releases whatever, but having that pre-defined may make life easier in the long run
[22:57:11] <NCommander> xlefay, I'd like to release slashcode bi-monthly
[22:57:39] <xlefay> If others agree (e.g. other devs), I would modify the cache values accordingly
[22:58:04] <NCommander> xlefay, the problem is it won't help per say
[22:58:12] <NCommander> If a new user comes on, they'll get the full cache
[22:58:38] <xlefay> Ugh I just realized how it worked again
[22:58:52] <xlefay> You set cache for a time, and when someone gets that cache, that's how long it'll last
[23:00:42] <NCommander> xlefay, bingo
[23:01:44] <xlefay> I was confusing cache with bingo, my mind's at the backup stuff
[23:01:50] <xlefay> err, cookies
[23:01:59] <xlefay> well, I just proved my point lol
[23:04:21] <xlefay> btw, you mentioned the other day we can have Linode do services alerts; well it does, but I was talking about monitoring specific processes
[23:04:34] <xlefay> e.g. "slashd", "apache", etc?
[23:05:04] MrBluze|afk is now known as MrBluze
[23:08:40] <xlefay> With proper planning, as mentioned in the Disaster Recovery chapter, Bacula can be a central component of your disaster recovery system. For example, if you have created an emergency boot disk, a Bacula Rescue disk to save the current partitioning information of your hard disk, and maintain a complete Bacula backup, it is possible to completely recover your system from "bare metal" that is starting from an empty disk.
[23:08:45] <xlefay> I'm rather fond of that
[23:12:59] <mrcoolbp> this is interesting/weird: http://soylentnews.org
[23:17:08] <MrBluze> very insightful mrcoolbp
[23:17:56] <xlefay> MrBluze: you work in a tech/medical environment, right?
[23:18:57] MrBluze is now known as MrBluze|afk
[23:20:30] MrBluze|afk is now known as MrBluze
[23:23:22] <xlefay> MrBluze: you work in a tech/medical environment, right?
[23:23:39] <MrBluze> yes
[23:23:44] <paulej72> NCommander: I have updated the delpoy script on dev to add the short git id to the end fo the cvs tag
[23:24:02] <xlefay> MrBluze: what is your take on backup systems there?
[23:24:17] <MrBluze> electrical or data?
[23:24:22] <paulej72> !todo add cvs tag to images
[23:24:22] <DashComma> todo item 13 added
[23:24:40] <xlefay> data
[23:24:43] -!- mechanicjay|workingIRL has quit [Quit: Leaving.]
[23:24:53] <MrBluze> its complex
[23:25:10] <MrBluze> i mean, we have critical equipment that is plugged into the wall
[23:25:18] <MrBluze> it gets unplugged randomly, so it has to survive that
[23:25:43] <MrBluze> so there is redundancy in the equipment .. gives us usually 40 minutes recovery time
[23:25:50] <xlefay> heh..... /etc/init.d/mysql exist... trying to start it, tells me to use 'service mysql start' fine I do so.... and when I try to do so: initctl: Unknown job: mysql; this makes so little sense.
[23:25:52] <paulej72> OK I am off to get food
[23:26:04] <xlefay> MrBluze: I'm mostly talking about backing up data
[23:26:13] <MrBluze> yes.. so the device backs up / mirrors locally
[23:26:28] <MrBluze> well .. not all devices but the critical ones
[23:26:57] <MrBluze> and then there is the server which restores gracefully - downloads offline data on reconnection
[23:27:13] <MrBluze> .. sync etc
[23:27:24] <xlefay> So do you use any software specifically?
[23:27:39] <xlefay> I'm leaning towards Bacula but AMANDA is on the table as well
[23:27:42] <MrBluze> microsoft networking partly
[23:27:45] <xlefay> err, amanda = a backup system
[23:27:46] <xlefay> ooh......
[23:28:01] <MrBluze> but they run squid for proxy
[23:28:31] <MrBluze> the question is how u want to degrade on failure
[23:28:59] <MrBluze> but in 10 years there has never been a down-time for the file server
[23:29:05] <MrBluze> not as far as i am aware
[23:29:28] <xlefay> failover, redundancy and all probably
[23:29:33] <MrBluze> yes
[23:29:42] <MrBluze> it's all mirrored raids etc
[23:29:48] <MrBluze> and multiple sites of storage
[23:29:52] <MrBluze> ie: separate cities
[23:30:07] <xlefay> Yeah a bit too much for us atm :P
[23:30:14] <MrBluze> yeah it is
[23:30:23] <MrBluze> but our tech ppl are not particularly smart
[23:30:26] <MrBluze> they just go by the book on everything
[23:30:42] <MrBluze> cause it has to be simple enough for a noob to come along and find it
[23:31:51] <MrBluze> this is a key point in stability and usefulness of a backup system .. it has to be .. break glass push red button
[23:33:43] <xlefay> MrBluze: it isn't always that simple, but that's not what we're aiming at with a backup system. We just need to make backups, verify them and if need be, then one can deploy a backup back
[23:34:06] <MrBluze> rsync or something
[23:34:52] <mrcoolbp> NCommander there is a story submission in the que regarding the proposed site tagline ("Changing the world, one geek at a time")
[23:35:06] <mrcoolbp> NCommander: want me to run it?
[23:35:07] <xlefay> Going to use Bacula, it appears to be a fully worked out thing that's respected; gotta make a decision instead of keep weighing ;-)
[23:35:59] <MrBluze> well im not an expert but ..
[23:36:11] <MrBluze> my suggestion would be do a bit of what time machine does, but simpler
[23:36:23] <MrBluze> do a holus-bolus live dump of the site to somewhere
[23:36:27] -!- Cyprus has quit []
[23:36:47] <MrBluze> keep it 1 hour minimum old
[23:36:50] -!- Cyprus [Cyprus!~Cyprus@68.63.ljr.ppx] has joined #staff
[23:36:56] <xlefay> Well... we're talking about more than the site eh ;-)
[23:37:00] <MrBluze> set up trip-wires that stop the backup process ..
[23:37:03] <MrBluze> yeah the entire system
[23:37:08] <xlefay> We're talking all our nodes, etc. Doing that hourly will be impossible
[23:37:23] <MrBluze> ok.. the timing is only by way of example
[23:37:52] <NCommander> mrcoolbp, hrm ....
[23:37:54] <MrBluze> .. trip wires stop the backup so u have hopefully a last-known-good
[23:38:16] -!- mode/#staff [+v Cyprus] by SkyNet
[23:38:18] <MrBluze> humans can be a trip wire .. and this flags the sys admins to come and look, and restore if needed.
[23:38:21] <Cyprus> wow lot of scrollback
[23:38:37] <MrBluze> and then u do backups that are x2, x10 age old
[23:38:51] <MrBluze> or something that is log10 or log^n
[23:38:55] <Cyprus> xlefay: i've done pretty complicated bacula
[23:39:11] <xlefay> MrBluze: I'm going to be looking into the best combo of stuff :)
[23:39:24] * MrBluze nods
[23:39:25] <xlefay> Cyprus: what was your take on it? Good/solid or Bad/don't use?
[23:39:36] <Cyprus> i really like it
[23:40:07] <Cyprus> the main issues it has are windows related, which you wouldn't run in to
[23:41:10] <MrBluze> bacula is fine, the quality of the backup is what's important - it has to be a usable mirror imo
[23:42:10] <xlefay> Cyprus: how did you use bacula?
[23:42:15] <xlefay> tape and all?
[23:42:52] <Cyprus> i have
[23:43:06] <Cyprus> we did disk to disk to tape
[23:43:14] <Cyprus> it is easy to set up teirs
[23:44:19] <xlefay> We don't have tape, just 500GB of harddisk space to get the backups on; so I'll have to do the volume stuff from what I've been reading so far
[23:44:46] <Cyprus> yeah even going to disk, it treats the disk like a tape library
[23:45:11] <Cyprus> so you'd want to use a fake vchanger
[23:46:15] <xlefay> hmm, from what I'm seeing, vchanger mounts?
[23:46:54] <Cyprus> basicly, you create a folder of files to act as fake tapes, then a script acts as a wrapper setting a symlink to the "loaded" tapes for the "slots" in the fake tape drives
[23:47:04] <Cyprus> its how you get volume based storage on a big disk pool
[23:47:16] <Cyprus> and still maintain ability to have concurrency
[23:47:34] <xlefay> Oh I see, that's neat
[23:47:38] <MrBluze> how fast is a restore in that system?
[23:48:18] <xlefay> considering that system is in france and our nodes in dallas and we're using a private VPN network, it's not going to be fast for large recoveries
[23:48:33] <xlefay> Then again, we're currently at Linode, we'd just put a snapshot back ;-)
[23:48:35] <Cyprus> well, thats the advantage of bacula, you can federate the data
[23:48:44] <Cyprus> have storage pools at different locations
[23:48:53] <Cyprus> local speed, offsite disaster recovery
[23:49:35] <xlefay> That's nice, only just started reading the Bacula docs (if they're no good, tell me now hah); it seems really well thought out
[23:49:45] <Cyprus> they're quite good as of when i used it
[23:50:05] <MrBluze> so, do your most recent backup on-site in dallas, then archiving to france?
[23:50:06] <Cyprus> i haven't kept up to date since working at my current job except to tend to my local install when it has any issues
[23:50:31] <Cyprus> yeah depending on the dataset, it's either easier to do two seperate jobs, or try to use clone jobs
[23:50:53] <xlefay> MrBluze: linode takes snapshots for us in Dallas (for most nodes that is, non-critical nodes aren't snapshotted); but all nodes are backed up to france
[23:50:54] <Cyprus> you generally want to do incremental / differential all the time, with virtual full rollups, similar to TSM
[23:51:05] <MrBluze> our immediate fallback is local, and the daily? backup is in the next city
[23:51:31] <MrBluze> xlefay: then u just have to be clear about how long a down-time will be if there is one
[23:52:18] <xlefay> Depends on the node, really, if it has a linode snapshot, there probably will be none, if it's offsite, it'll take a bit of time depending on how much you need to recover
[23:52:23] <MrBluze> system here is .. plug in the backup system and go, then work on restoring the live system
[23:52:33] <xlefay> if it's one file, it'll be fast, if it's 15GB of data, it'll be longer
[23:52:41] * MrBluze nods
[23:52:43] <Cyprus> yeah considering this is a web site, its probably easy to just set up a DR site somewhere
[23:53:02] <xlefay> (mind you, most of our linodes are regularly snapshotted)
[23:53:29] <MrBluze> our backup file system here though is read-only, this does occur every few weeks/months for a few min .. some software doesn't like it
[23:53:32] <xlefay> non-critical node @ linode currently is IRC, which I'm still setting up, fairly sure there's another node not being snapshot'd by linode but not sure which
[23:54:40] <xlefay> I'm going to grab something to eat, watch an episode of something and continue ;-)
[23:54:47] <xlefay> Be back in like an hour or so
[23:57:05] <MrBluze> bon appetit
[23:57:48] <MrBluze> my home backup system is now just vm snapshots
[23:59:04] <Cyprus> yeah i graduated to zfs incrementals for the most part
[23:59:09] MrBluze is now known as MrBluze|afk