#staff | Logs for 2014-03-24

« return
[00:03:53] <NCommander> mattiep, xlefay audioguy http://wiki.soylentnews.org
[00:04:03] <NCommander> Does that look sane, esp with SSH proxying and kerberos?
[00:06:51] * NCommander adds some useful information to the various motds
[00:09:37] <audioguy> Should I send a red alert to staff list? Someone has obviously hacked NCommanders account, and is writing stuff on the wiki. Clearly this is not normal behavior.
[00:11:00] <audioguy> [deep cpncern]
[00:11:25] <mattiep> roflmao audioguy
[00:12:34] MrBluze|afk is now known as MrBluze
[00:13:28] <xlefay> looks good NCommander, I just added something to the .ssh/config excerpt
[00:13:55] <xlefay> for people like me who have different usernames locally and on SSH, that will save them some pain trying to figure it out ;-)
[00:14:05] <NCommander> audioguy, have you seen the other pages I wrote?
[00:14:33] <NCommander> audioguy, http://wiki.soylentnews.org - how the client stuff is setup everywhere (at least on global services)
[00:14:40] <audioguy> Yes, keep it up, I like it. ;-)
[00:15:06] <NCommander> audioguy, xlefay, are either of you super familiar with CentOS?
[00:15:30] <audioguy> No.
[00:15:44] <audioguy> Why?
[00:15:45] * NCommander would LIKE to get beryillium LDAP-ed and kerberosed
[00:15:51] <xlefay> I'm fairly familiar with it.. which now I'm regretting.
[00:15:52] <NCommander> kerberos is idiot proof, thats easy
[00:15:58] <NCommander> LDAP - that's hard
[00:16:05] <audioguy> [gave up on binary distros 10 years ago]
[00:16:07] <xlefay> but I wouldn't start doing that on production though..
[00:16:25] <NCommander> audioguy, gentoo or LFS?
[00:16:28] <xlefay> Also, fairly sure MJ is better at CentOS then me.
[00:16:49] <NCommander> audioguy, I want a source based distro without the rolling releases :-/
[00:16:51] <audioguy> Gentoo. Though if Gentoo pisses me off enough I will go there.
[00:17:04] <NCommander> So I could reasonably use it for servers
[00:17:28] <NCommander> There's value in compiling everything from scratch
[00:17:34] <MrBluze> gentoo
[00:17:36] <NCommander> *but*, I don't want to deal with constantly updating software
[00:17:48] <audioguy> Yeah, my solution is essentially to only update what is needed for security, every two tyears, completel reinstall.
[00:17:59] <audioguy> But I roll out as binaries, easy
[00:18:00] <MrBluze> or debian stable and compile all your packages
[00:18:11] <xlefay> The only reason I used Gentoo was to learn - I even ran it for a while on my desktop but honestly... I don't have the time to wait for every darn update ;-)
[00:18:16] <xlefay> emerge -_-"
[00:19:08] <NCommander> xlefay, I didn't find it too bad
[00:19:13] <NCommander> Unless openoffice updated
[00:19:28] <xlefay> I didn't find it that bad either till you need some huge ass package ;-)
[00:19:34] <audioguy> The thing I found was that I spent as much time resolving dependencies and removing crap I did not want from binary distros asit toool to do all the Gentoo compiles. But that was 10 years ago - today, hardware is so fast the compiles are nothing.
[00:19:59] <MrBluze> i thought there was nothing stopping you from building from sources in debian
[00:20:14] <NCommander> MrBluze, customization is a bit hard. We don't have an easy version of USE flags
[00:20:25] <audioguy> Well, I am into servers and minimalist systems for them. For a user machine, that is a different project entirely.
[00:20:29] <MrBluze> arch still allows for source only
[00:20:37] <xlefay> MrBluze: only if you use BBS which is another pain
[00:20:51] <xlefay> If you want a source Linux? Gentoo is really the way to go.
[00:21:09] <audioguy> Gentoo make is very easy to build from source, just emerge xxxx all else just happens.
[00:21:11] <MrBluze> Gentoo is renound for it anyway .. lfs
[00:21:28] <MrBluze> renowned
[00:21:35] <MrBluze> or something.. cripes my spelling is going down the toilet
[00:21:37] * NCommander uses gentoo to benchmark compiler changes and CFLAGS
[00:22:17] <audioguy> What is cool about the compiles is that the process itself handles MOST of the dependency problems - gnu configure deals with it
[00:22:44] <audioguy> With binaries, you are stuck with how they were compiled.
[00:23:05] <MrBluze> Gentoo is non US based is it?
[00:23:14] <NCommander> xlefay, if we really want to get stupid snazzy, we need to juju the backend
[00:23:15] <xlefay> On the bright side however, apt seems to give you a lot of options to reconfigure it ;-)
[00:23:21] <NCommander> juju deploy slashcode :-)
[00:23:29] <audioguy> Don't know MrBluze
[00:23:33] <xlefay> juju deploy li69422-awesomeness
[00:23:38] <NCommander> Honestly
[00:23:47] <NCommander> It wouldn't be difficult, just need to write the charms and setup a local store
[00:23:50] <xlefay> li694-22 = going to be an awesome name in 10 years
[00:24:49] <NCommander> xlefay, we'll probably retire it when we move to dedicated infrastructure
[00:24:53] <NCommander> */killjoy*
[00:24:57] <xlefay> :<
[00:25:04] <NCommander> We can leave an alias :-)
[00:25:10] <xlefay> Good, good.
[00:25:30] <NCommander> I think I need to write the guide on Kerberos for idiots
[00:25:32] <xlefay> Cause li694-22 is going to be so cryptic in 10 years, and new people will be asking "Wait, what's li694-22?"
[00:25:54] * NCommander notes that robinld and mechanicjay llkely have no krb5 experience
[00:25:56] <NCommander> :-/
[00:26:34] <NCommander> Kerberos documentation, handy notes in motd
[00:26:38] <xlefay> Fortunately, learning it isn't impossible ;-)
[00:26:38] <NCommander> Email
[00:26:44] <NCommander> xlefay, its shockingly simple
[00:26:52] <NCommander> xlefay, to create a user is one command
[00:27:00] <NCommander> add_principle *username*@LI694-222
[00:27:01] <NCommander> add_principle *username*@LI694-22
[00:27:07] <xlefay> I know :P
[00:27:10] <NCommander> Adding a host is documented
[00:27:48] <xlefay> I'm just thinking about the centos ldap stuff
[00:27:59] <NCommander> xlefay, ready to tempt fate on that box?
[00:28:08] * NCommander notes berylium is that blasted blackbox in the concern
[00:28:12] <xlefay> Only if you deploy a clone for it..
[00:28:17] <NCommander> Its out walled in Netware Server that no one knows whats on it
[00:28:25] <NCommander> s/out/our/g
[00:28:27] <xlefay> I'll happily try my luck on a clone but I'm not doing it on the production machine :p
[00:28:35] <NCommander> xlefay, the only thing on its the wiki
[00:28:40] <xlefay> and mail
[00:28:43] <NCommander> xlefay, screw up, and we loose the documentation
[00:28:44] <NCommander> :-P
[00:28:52] <NCommander> xlefay, ugh, maybe should migrate somewhere else
[00:28:55] <NCommander> boron? :-)
[00:29:19] <xlefay> forums on it still
[00:29:24] <xlefay> boron = staff only, no?
[00:30:25] <xlefay> mailing list, mail, wiki @ svc
[00:31:01] <NCommander> xlefay, yeah
[00:31:03] <xlefay> Mail would survive a small interruption if I do fuck something up, as for the wiki, best to move it somewhere else first for safe guarding
[00:31:09] <NCommander> Probably
[00:31:11] <xlefay> The mailing list wouldn't be so happy
[00:31:19] <NCommander> linode's backups don't work properly with centos
[00:31:19] * FunPika could back up the wiki database pretty quickly if needed
[00:31:26] <xlefay> oh..
[00:31:30] <xlefay> so you can't make a snapshot first?
[00:31:36] <NCommander> xlefay, no
[00:31:41] * NCommander looks at the node
[00:31:42] <xlefay> That's just great ;-)
[00:31:49] <xlefay> FunPika: Yes, please do so.
[00:31:58] <xlefay> In fact, please back it up in it's entire.
[00:32:27] <xlefay> NCommander: let's start with something like: yum remove -y -f '*' # :)
[00:32:35] <NCommander> xlefay, I can duplicate the HDD actually
[00:32:41] <xlefay> NCommander: ooh yes, let's do that.
[00:32:50] <NCommander> There's free space on that linode so I can just clone it as a new partition
[00:32:54] <xlefay> So we'll have a working copy, just in case.
[00:33:23] <NCommander> xlefay, due to the way kerberos works, we should work on the live copy, and restore if we fuck it up
[00:33:26] <mattiep> have we tested backup/restore procedures yet?
[00:33:32] <NCommander> mattiep, no.
[00:33:37] * NCommander coughs
[00:33:38] <mattiep> it was on my todo list to ask at some point, but then it dropped off
[00:33:41] <NCommander> We need offsite backup
[00:33:42] <mattiep> lets do that soon
[00:33:43] <NCommander> Ideas?
[00:33:59] * NCommander notes with kerberos setup, we can have a single script run from any node, and back up the world
[00:34:08] <xlefay> NCommander: rent a low-end box with lot's of hdd space somewhere ;-)
[00:34:14] <xlefay> rsync that stuff
[00:34:43] <NCommander> Hrm
[00:34:46] <NCommander> Could work
[00:34:47] <mattiep> we could probably dropbox or something, if we trust them with our data
[00:34:52] <NCommander> Rather not do that
[00:34:57] <xlefay> We don't trust them, at all.
[00:35:07] <mattiep> thus the or something
[00:35:40] <mattiep> maybe someone write an ask soylent article?
[00:35:41] <xlefay> would 500 GB suffice?
[00:35:51] <NCommander> xlefay, yes
[00:36:06] <xlefay> https://www.kimsufi.com look at the bottom 8 euro/m
[00:36:23] <NCommander> xlefay, and sold
[00:36:27] <xlefay> $11
[00:36:40] <xlefay> ;-)
[00:36:50] <NCommander> xlefay, who wants to get this setup?
[00:37:09] <NCommander> xlefay, what we can do is create a sysops account in LDAP
[00:37:12] <xlefay> you're highlighting me and asking who wants to get this set up, is that a hint? ;-)
[00:37:18] <NCommander> maybe
[00:37:38] <xlefay> Sure, I'll get it set up, if you get the server first
[00:37:42] * NCommander guesses oxygen just got taken off the node name list
[00:37:52] <NCommander> xlefay, smoke first, then setup
[00:37:58] <xlefay> NCommander: you sure we can't call it after a drug?
[00:39:10] <xlefay> btw, this is a dedicated server tho eh, and if *all* goes well, it'd be setup in 2 minutes ;-)
[00:39:18] <MrBluze> drugs would be more fun
[00:39:35] * xlefay notes there is a small installation fee of 10 euros though
[00:39:44] <xlefay> 3.60 euro vat (21%), meaning:
[00:40:05] <xlefay> 21.59 € in total, for the first month. Second month would be cheaper, of course
[00:40:16] <xlefay> 8.00 + 21% vat = regular price
[00:41:01] <xlefay> ooh wait
[00:41:13] <xlefay> the regular price 8.00 = including vat. Only the set up fee has vat included
[00:43:44] * xlefay sighs
[00:45:29] -!- stderr [stderr!~pohol@GetOffMyLawn/stderr] has parted #staff
[00:46:31] <FunPika> all right wiki should be backed up
[00:46:41] <xlefay> awesome, thank you.
[00:53:31] -!- Popeidol [Popeidol!~matt@558-04-736-30.dyn.iinet.net.au] has joined #staff
[01:03:01] <xlefay> btw, writing the dns docs in the hitchikers guide to li694-22
[01:04:16] <NCommander> Alright, back
[01:04:31] <NCommander> xlefay, hrm, whats the best way to do this, push model or pull model
[01:04:59] <NCommander> xlefay, so we can only be in France
[01:05:15] <xlefay> I think push, if a node ever gets replaced or whatnot, the backup node won't be trying to pull it
[01:05:18] <NCommander> Thats depressing. I rather have a cooler country, not one which surrenders at the first sign of resistence :-P
[01:05:24] <xlefay> LOL
[01:05:50] <xlefay> btw, the 8 euros doesn't incl. vat, disregard my earlier messages about that; had a brainfart ;-)
[01:05:52] <NCommander> xlefay, it also makes permissions easiers; we don't have to deal with rsync trying to sudo to root, we can just have a local service account
[01:06:21] <xlefay> exactly
[01:06:39] <NCommander> xlefay, we should make sure to do I/O rate limiting on rsync though
[01:07:36] <xlefay> Sure
[01:07:41] <xlefay> brb though, docs
[01:08:28] <NCommander> xlefay, creating a node
[01:08:39] <xlefay> awesome ;-)
[01:09:59] <NCommander> xlefay, well, reading the EULA firrst
[01:11:21] <NCommander> xlefay, waiting for paypal to auth payment, and then for the server to exist
[01:11:40] <NCommander> Paid
[01:11:45] <xlefay> The server itself should be online pretty quick
[01:11:45] <NCommander> Server creation in process
[01:12:11] <audioguy> If you do a pull model, it makes it easier to deal with stuff like 'backup full'. Of course that would never, ever happen to us. ;-)
[01:12:15] <xlefay> I'm guessing they use WOL + network imaging, etc.
[01:12:43] <xlefay> We could always set up an alert for when the disk is almost full ;-)
[01:12:59] <NCommander> audioguy, pull is a bit annoying because we need to smack rsync to sudo to root
[01:13:12] <NCommander> audioguy, I don't want anything being able to remote auth straight to root
[01:13:38] <audioguy> You'll want some way to check then ;-)
[01:14:41] <audioguy> ssh run remote script to check disk full, exit with email if full, then do backup if ok.
[01:17:39] <NCommander> audioguy, well, push also means we can do the mysqldump on each node, and push that seperately
[01:17:44] <audioguy> I do with to change my dns, because I have a brain dead nin fixed ip address here at home in the countryy.
[01:18:20] <NCommander> audioguy, I can put it on landscape
[01:18:27] <NCommander> audioguy, landscape will yell at me when it gets to 85% full
[01:18:30] <audioguy> Not arguing with push, just saying a check is needed.
[01:18:45] <audioguy> yeah.
[01:18:47] <NCommander> Ok, order is processed
[01:19:19] <audioguy> Then you later go, well, I have a little bit left here, I'll just change that to 95%, then... ;-)
[01:19:59] * NCommander gives xlefay a Windows Server installation
[01:20:00] * NCommander ducks
[01:20:21] <xlefay> Oh, I don't mind, really.
[01:20:49] <NCommander> xlefay, backing up POSIX -> Windows is a bitch
[01:20:57] <NCommander> unless you abuse internix or cygwin
[01:21:07] <xlefay> s/don\'t//
[01:21:12] <xlefay> :P
[01:21:31] <xlefay> also, NCommander s/backing up POSIX ->//
[01:21:32] <xlefay> ;-)
[01:21:48] <NCommander> xlefay, er ... dcpromo is *really* easy for directory services
[01:21:51] <NCommander> */just saying*
[01:21:52] <xlefay> Which OS are you throwing on it?
[01:21:58] <NCommander> xlefay, Ubuntu 12.04.LTS
[01:22:07] <xlefay> Ok ;-)
[01:22:31] <xlefay> It'll probably come with a gresecurity kernel
[01:22:44] <NCommander> xlefay, I'm not hugely worried too much on apparmor on this box
[01:22:50] <NCommander> We're using it basically as a big honking HDD
[01:22:59] <xlefay> oh I'm not either ;-)
[01:23:23] * NCommander would like to have LDAP authethication working, but that means getting slurp to work over the internet
[01:23:24] <xlefay> But, kimsufi is from OVH, last time I had servers with them, every install of CentOS and stuff came with gresecurity ;-)
[01:23:25] <NCommander> *PASS*
[01:23:39] <xlefay> In this situation, VPN would be awesome for it ;-)
[01:23:45] <NCommander> xlefay, hrm ...
[01:23:51] <NCommander> That's probably a good idea
[01:24:12] <NCommander> We can use boron's network interface as bandwidth out from there shouldn't cause the rest to be effected
[01:24:36] <NCommander> then we can kerberos it, and LDAP it
[01:24:37] <NCommander> yay!
[01:25:06] <NCommander> actually, if we kerberos, and setup a root krb account, we COULD make pull work nicely
[01:25:10] <audioguy> Either of you ever use sshfs?
[01:25:14] <xlefay> yep
[01:25:23] <NCommander> audioguy, I do, but only sparingly, its quirky
[01:25:23] -!- LaminatorX [LaminatorX!~44bc6685@Soylent/Staff/Editor/LaminatorX] has joined #staff
[01:25:23] -!- mode/#staff [+v LaminatorX] by SkyNet
[01:25:44] <xlefay> NCommander: I was actually thinking, if we get a VPN up - we could throw CentOS on the back up machine temporarily and try a ldap set up there
[01:26:06] <NCommander> what backup machine?
[01:26:12] <xlefay> and then later on just re-use the VPN for backup up stuff to the Ubuntu OS (which will initially run CentOS)
[01:26:15] <xlefay> The kimsufi box
[01:26:29] <audioguy> Really good way to do little mounts. I tried this between my home machine and my remote, and was surpised it maintained the mount after two weeks of dynamic dns changes etc.
[01:26:32] <NCommander> xlefay, I already provisioned Ubuntu onto it
[01:26:48] <xlefay> NCommander: it's just an idea tho ;-)
[01:26:49] <NCommander> audioguy, its fine for basic stuff, but FUSE gets wonky if you do something like try and compile something
[01:26:54] <xlefay> You can provision whatever on it whenever you want
[01:27:04] <xlefay> (least, last time I was with OVH/Kimsufi, that is)
[01:27:06] <NCommander> xlefay, rather not introduce more CentOS into our lives, and we have nice documentation for Ubuntu
[01:27:15] <LaminatorX> I got some emails from lists bounces yesterday when things were weirde. did they go through to staff eventually?
[01:27:22] <NCommander> LaminatorX, not sure
[01:27:27] <xlefay> I was thinking about testing LDAP stuff with CentOS so we know what we have to do with our SVC box ;-)
[01:27:31] <NCommander> xlefay, holy crap their provisioning is installed
[01:27:36] <NCommander> xlefay, SVC == burn it with fire?
[01:27:44] <NCommander> xlefay, honestly, at this point, I think its torch and burn is the way to go
[01:27:46] <xlefay> Yeah, they're using some funny stuff, network boot, etc...
[01:27:57] <NCommander> xlefay, setup a new node, put lxc, and then do reverse proxying to the Apache instances
[01:28:08] <audioguy> Well, would not normally compile over such a llink. ;-)
[01:28:22] <NCommander> audioguy, real men compile their code on NFS
[01:28:29] <NCommander> Hrm ...
[01:28:29] <xlefay> ha! ;)
[01:28:41] * NCommander *really* wishes we had IPv6 on the internal backend
[01:28:50] <NCommander> I'd like to connect the tunnel on IPv6 only
[01:28:56] <NCommander> IPv4ing two private namespaces kinda sucks
[01:29:07] <xlefay> NCommander: then, you make the VPN act as a tunnel, no?
[01:29:12] <xlefay> e.g. OVH has ipv6 support
[01:29:13] <NCommander> xlefay, yeah
[01:29:21] <NCommander> xlefay, so does linode, but only on the front facing interface
[01:29:22] <xlefay> so, you'll simply VPN over IPv6, it just won't work internally..
[01:29:29] <xlefay> which does suck
[01:29:35] <NCommander> Which defeats the point :-)
[01:29:37] * xlefay kicks linode >.<
[01:29:44] <xlefay> NCommander: oh I thought you meant to the backup box
[01:30:07] <NCommander> There is no need! We have designed our IPv6 accounting so that local IPv6 traffic within one facility does NOT count against your transfer quota. Use them just like private IPs.
[01:30:09] <xlefay> but then again I suppose using a VPN as a proxy in that case wouldn't be neat either
[01:30:12] <NCommander> OH
[01:30:14] <NCommander> xlefay, - There is no need! We have designed our IPv6 accounting so that local IPv6 traffic within one facility does NOT count against your transfer quota. Use them just like private IPs.
[01:30:21] <NCommander> xlefay, so if we use IPv6, it just works
[01:30:26] <NCommander> That's fucking sweet
[01:30:39] <NCommander> The routing going to be a bitch though
[01:30:46] <NCommander> Since we want it to route through the VPN tunnel
[01:30:49] <xlefay> no shit :o
[01:31:06] <NCommander> Honestly, gluing two IPv4 private networks sounds saner
[01:31:08] <NCommander> :-/
[01:31:10] <xlefay> "so that local IPv6 traffic within one facility" that's kinda a bitch tho..
[01:31:15] <xlefay> Yes, it does.
[01:31:28] <NCommander> xlefay, I think we need to get a linode abandonment plan when we burn through our lumps of credit
[01:31:57] <NCommander> xlefay, ok .. it provisioned
[01:32:00] <xlefay> NCommander: perferablly one which includes two highend (but not too costly) dedicated servers on which we can virtualize ourselves + hot failover and crap
[01:32:01] <NCommander> How to fuck do I get in?
[01:32:12] <xlefay> NCommander: you normally get an e-mail from them
[01:33:20] <NCommander> xlefay, got it
[01:34:23] <NCommander> mcasadevall@tranquility:~/src/charybdis$ ssh root@ns359611.ip-91-121-158.eu
[01:34:25] <NCommander> root@ns359611.ip-91-121-158.eu's password:
[01:34:25] <NCommander> Welcome to Ubuntu 12.04.4 LTS (GNU/Linux 3.10.23-xxxx-std-ipv6-64 x86_64)
[01:34:25] <NCommander> Awesome
[01:34:42] <NCommander> xlefay, do you know how to setup VPN?
[01:34:51] * NCommander notes openvpn pretty easy
[01:34:56] <NCommander> IPsec - that's hard
[01:36:10] <NCommander> xlefay, actually, openvpn pretty idiot proof
[01:36:19] <NCommander> xlefay, I'm going to setup a tap bridge from boron to the new node
[01:36:29] <xlefay> I've done it before, I'll take a look at it
[01:37:03] <NCommander> xlefay, this looks really easy https://help.ubuntu.com
[01:37:43] <xlefay> yea
[01:39:29] * NCommander sets the common name o the certificate to boron
[01:39:31] <NCommander> er
[01:39:33] <NCommander> staff.soylentnews.org
[01:39:50] <NCommander> actually
[01:39:51] <NCommander> no
[01:39:54] <NCommander> boron.li694-22
[01:39:56] <LaminatorX> GungnirSniper is our newest editor. We need permissions for him, and I wanted to see about training him on the dev system. Is that feasible?
[01:40:30] <LaminatorX> (That being the more important of the bounced emails.)
[01:42:30] <xlefay> "bounced emails"?
[01:43:16] <LaminatorX> I sent two to the staff list last night, and they got weird replies from the server.
[01:43:32] <xlefay> FunPika:
[01:43:36] <FunPika> ?
[01:43:43] <xlefay> we're currently _not_ doing anything with the SVC box, can you disable maintenance mode?
[01:44:00] <xlefay> I will give you a heads up when we do, however if you're not around - how do I enable the maintenance mode?
[01:44:13] <xlefay> LaminatorX: can you forward one of those mails to me xander@xandev.nl please
[01:44:28] <xlefay> I'll look into if there's something wrong, it's probably just a temp error
[01:44:53] <FunPika> I usually just use a special page on the wiki to do it, only accessible to bureaucrats currently.
[01:44:54] <NCommander> LaminatorX, yeah we can get him editor bits on dev
[01:45:33] <NCommander> xlefay, hrm ... we need to be able to get bi-directional traffic to/from the VPN
[01:45:35] <NCommander> from all nodes
[01:45:39] * NCommander notes this just got ugly
[01:45:56] <LaminatorX> I'll fwd those to you later this evening, xlefay.
[01:46:00] <NCommander> xlefay, unless we do this as a pull
[01:46:13] <xlefay> LaminatorX: sounds good.
[01:47:17] <xlefay> NCommander: hmm, I'm not fond of using pull itself, we could even create one hop in between (e.g. servers > boron > backup) but wouldn't be nice...
[01:48:32] <NCommander> xlefay, I'm debating on how best to handle this.
[01:48:34] <xlefay> I'm going for, let's just proxy everything via boron, like a similar way we do with SSH; surely that's possible?
[01:48:51] <NCommander> xlefay, actually, its not a huge deal. We need the VPN for LDAP+Kerberos
[01:49:07] <NCommander> xlefay, but we could push directly via IPv6 outbound
[01:49:11] <NCommander> xlefay, problem solved.
[01:49:19] <xlefay> Or we could do that ;-)
[01:50:13] <NCommander> xlefay, means I need to get slurp up though
[01:50:14] <NCommander> BLeh
[01:50:40] * NCommander notes this is ugly routing
[01:50:40] <NCommander> actually ...
[01:50:41] <NCommander> wait
[01:50:44] * NCommander mulls
[01:50:52] <NCommander> xlefay, we *are* doing TLS authetication
[01:51:08] <NCommander> xlefay, nothing is stopping us from (and I hate to say this) LDAPing over the internet
[01:51:09] <xlefay> We are.
[01:51:12] -!- bytram [bytram!~pc@Soylent/Staff/Developer/martyb] has joined #staff
[01:51:12] -!- mode/#staff [+v bytram] by SkyNet
[01:51:22] <xlefay> That sounds kinda weird, but I suppose nothing is.
[01:51:33] <NCommander> xlefay, the problem is we don't have a proper subnet
[01:51:41] <LaminatorX> I take it that's what the request for publik keys was about?
[01:51:44] <NCommander> xlefay, the DNS has the internal IPs on it
[01:51:53] <NCommander> LaminatorX, do you need a shell account ? :-)
[01:51:54] <xlefay> it also has the public ones
[01:52:03] <NCommander> xlefay, as different hostnames ...
[01:52:13] <xlefay> correct
[01:52:22] <xlefay> (for obvious reasons)
[01:52:58] <NCommander> xlefay, https://library.linode.com
[01:53:11] <LaminatorX> I don't think I need one. If you want me to be on the in case of emergency list to restart slashd or something I could probably do so.
[01:53:36] <NCommander> OH GOD
[01:53:41] <xlefay> The joy... ;')
[01:53:43] <NCommander> I know how to solve this
[01:53:48] <NCommander> xlefay, ... NAT
[01:53:53] <LaminatorX> HAHAHAHAHA
[01:53:54] * NCommander squirms
[01:54:09] <xlefay> oh god
[01:54:20] <NCommander> xlefay, outside node can resolve internal IPs
[01:54:27] <xlefay> I'm fairly sure that's what I meant by proxying via boron ;-)
[01:54:39] <NCommander> xlefay, we publish the world IP addresses in the li694 zone
[01:54:44] <NCommander> Holy indigestion
[01:54:51] <NCommander> But
[01:54:53] <NCommander> It solves the problem
[01:55:00] <NCommander> I should be able to poke all the internal nodes
[01:55:07] <xlefay> "The world IP addresses"?
[01:55:20] <xlefay> As in, changing carbon and such to show their public IPs?
[01:55:30] <xlefay> carbon.li694-22. -> pub_ip, etc..?
[01:56:06] <NCommander> xlefay, no
[01:56:06] <NCommander> xlefay, if we're natting through a VPN, and set the routing tables on oxygen correctly
[01:56:19] <NCommander> 192.168.x should route properly through the VPN
[01:56:20] <xlefay> It'll be able to ping carbon, internally
[01:56:37] <NCommander> That gives me the bloody jeevees
[01:56:40] <xlefay> exactly, what I was thinking but the "world IP addresses" was rather confusing ;-)
[01:57:02] * NCommander feels unclean
[01:57:19] <NCommander> TAP bridge is up
[01:57:20] <NCommander> tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
[01:57:20] <audioguy> Isn't hat just what a vpn does normally?
[01:57:20] <NCommander> inet addr:10.8.0.1 P-t-P:10.8.0.2 Mask:255.255.255.255
[01:57:32] <NCommander> audioguy, not really ... not if you have properly routable address space :-P
[01:57:55] * NCommander plugs the client in
[01:58:13] * xlefay sees a building burning down
[01:59:54] <xlefay> wait, if you can clone a hdd from a linode, then you can mount it - can you not DD it then and later on convert it to another format?
[02:00:13] <xlefay> e.g. so we could *technically* with the right set up throw it into something else to boot?
[02:00:20] <NCommander> xlefay, yeah
[02:01:09] <xlefay> That's good to know for whenever we're really building the migration strategy ;-)
[02:01:20] <xlefay> Least, at all times we'll have full backups from nodes in case we missed stuff
[02:01:45] <xlefay> also, NC, bittorrent tracker, which node?
[02:01:52] <NCommander> xlefay, tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
[02:01:52] <NCommander> inet addr:10.8.0.6 P-t-P:10.8.0.5 Mask:255.255.255.255
[02:01:52] <NCommander> UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
[02:01:52] <NCommander> RX packets:0 errors:0 dropped:0 overruns:0 frame:0
[02:01:52] <NCommander> TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
[02:01:52] <NCommander> collisions:0 txqueuelen:100
[02:01:54] <NCommander> RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
[02:02:03] <NCommander> We have a VPN bridge
[02:02:04] <xlefay> That on the bbox?
[02:02:28] <NCommander> xlefay, yeah
[02:02:33] * NCommander is getting it to push routes
[02:02:34] <NCommander> stand by
[02:02:46] * xlefay goes to stand real pretty and waits
[02:05:09] <NCommander> xlefay, 192.168.0.0 10.8.0.5 255.255.128.0 UG 0 0 0 tun0
[02:05:14] <NCommander> We have a route
[02:05:18] * NCommander whimpers
[02:05:24] <xlefay> And we've got liftoff!
[02:05:28] <xlefay> err, route*
[02:05:32] <NCommander> xlefay, hrm
[02:05:34] <xlefay> doesn't sound so exciting as liftoff tho ;'(
[02:05:39] * NCommander debates if he wants to risk just doing normal routing
[02:06:37] <xlefay> btw, I really, really hate writing documentation. Documentation for code? Sureeeeeeeeee that's simple.
[02:07:07] <xlefay> Writing docs like this, not so much. Unlike NC, I'm not going to give a primer on DNS. Just going to tell you a few simple things.
[02:07:09] <NCommander> root@ns359611:/etc/openvpn# ping 192.168.174.17
[02:07:09] <NCommander> PING 192.168.174.17 (192.168.174.17) 56(84) bytes of data.
[02:07:09] <NCommander> From 91.121.128.164 icmp_seq=1 Time to live exceeded
[02:07:12] <NCommander> That's a new error
[02:07:30] <NCommander> I don't think I've ever seen that before
[02:07:49] <audioguy> NOARP ?
[02:07:50] <xlefay> LOL
[02:08:23] <NCommander> yeah ...
[02:08:24] <NCommander> ok
[02:08:25] <NCommander> plan b
[02:08:38] <xlefay> NCommander: btw, what kernel is that beast running?
[02:08:53] <NCommander> xlefay, root@ns359611:/etc/openvpn# uname -a
[02:08:53] <NCommander> Linux ns359611.ip-91-121-158.eu 3.10.23-xxxx-std-ipv6-64 #1 SMP Tue Mar 18 14:48:24 CET 2014 x86_64 x86_64 x86_64 GNU/Linux
[02:09:04] <xlefay> oh my that's disappointing
[02:09:11] <xlefay> std, not gresecurity :'[
[02:10:00] * NCommander fiddles with iptables
[02:10:01] <NCommander> root@ns359611:/etc/openvpn# telnet 192.168.174.17 22
[02:10:01] <NCommander> Trying 192.168.174.17...
[02:10:01] <NCommander> telnet: Unable to connect to remote host: No route to host
[02:10:21] <audioguy> did you add a route?
[02:10:35] <audioguy> on both sides.
[02:11:09] <xlefay> Also, NCommander: bittorrent, which node? (stderr has obviously decided to leave and asked me to move our stuff off his server)
[02:11:36] <NCommander> xlefay, uh ... hrm
[02:11:39] <NCommander> audioguy, er, no I didn't
[02:11:41] <NCommander> audioguy, thanks
[02:11:56] <NCommander> audioguy, never mind, I did 10.8.0.0 10.8.0.2 255.255.255.0 UG 0 0 0 tun0
[02:11:56] <NCommander> 10.8.0.2 0.0.0.0 255.255.255.255 UH 0 0 0 tun0
[02:12:10] <audioguy> and the other thigs Ii was wondering about was the NOARP
[02:12:34] <audioguy> perhaps proxy arp needed?
[02:12:38] <NCommander> oh wait
[02:12:41] <NCommander> that isn't a proper route
[02:12:42] <NCommander> Stand by
[02:12:52] * NCommander tries to remember the route command syntax
[02:13:01] <xlefay> route add
[02:13:04] <xlefay> will tell you ;-)
[02:13:30] <xlefay> route add 10.8.0.0 default gw 10.8.0.1 dev tun0 # something like that?
[02:13:32] <audioguy> really? never notied that ;-)
[02:14:00] MrBluze is now known as MrBluze|afk
[02:14:09] <xlefay> LaminatorX: I don't recall that memo
[02:14:19] <xlefay> what was it?
[02:14:32] <audioguy> oh , just the default help. I was hpoing for a cisco IOS type thing. ;-)
[02:14:51] <NCommander> xlefay, probably
[02:15:30] <audioguy> you don't want default down that link though
[02:15:42] <xlefay> err, right
[02:15:45] <xlefay> don't default that
[02:15:50] <LaminatorX> Looks like it was from earlier this week re contact@sn
[02:16:04] <xlefay> more like last week, march 14
[02:16:18] <LaminatorX> heh. So it was.
[02:16:45] <LaminatorX> Looks like I need to look at the status tab more often
[02:17:42] <FunPika> xlefay: You should be able to lock the database now by using http://wiki.soylentnews.org and unlock it using http://wiki.soylentnews.org
[02:17:59] <LaminatorX> I'm thinking about putting up a story tomorrow morning calling on members to submit a story each week. Thoughts?
[02:18:04] <xlefay> FunPika: did you grant me admin privileges?
[02:18:31] <NCommander> https://community.openvpn.net
[02:18:32] <NCommander> AH
[02:18:58] <FunPika> I created a new group with that ability on the wiki and added you to it
[02:19:02] <xlefay> LaminatorX: for now that could work I suppose; in long term, perhaps we could code something that'll automatically post an alert (a simple, alert, not an entire story) asking for new submissions if the queue gets lower than a predefined value
[02:19:28] <bytram> g'day everyone!
[02:19:41] <xlefay> bytram: hi ;-)
[02:20:05] <xlefay> Thank you FunPika, that helps a lot ;-)
[02:20:06] <FunPika> It is not full wiki admin, but it does have a few extra rights other than locking and unlocking the DB (for example you can edit the sidebar and other interface messages)
[02:20:26] <bytram> looking to create an ssh key; I've got PuTTYgen running... what kind of key do you need? SSH-1(RSA) or SSH-2 RSA or SSH-2 DSA?
[02:20:42] <audioguy> ssh2 rsa
[02:21:01] <bytram> audioguy, okay, thanks!
[02:21:49] <xlefay> NCommander: guess it's a good thing we've got kerberos, otherwise PuTTy clients would have a hard time ;-)
[02:22:42] <audioguy> Putty handles normal connections fine.
[02:23:16] <xlefay> audioguy: true, however - you can only SSH to boron. Without Kerberos, he wouldn't be able to get anywhere else, since the other servers don't have his ssh key ;-)
[02:23:30] <NCommander> xlefay, yeah
[02:23:34] <audioguy> One thing - if I remenber right I had to make some small mod to the key putty created to make it work
[02:23:39] <xlefay> That's why I'm saying, good thing we've got Kerberos ;-)
[02:23:47] <bytram> suggestions on pass-phrase length? is 40 chars enough?
[02:23:53] <xlefay> bytram: 40 chars pfffffft
[02:23:55] <audioguy> Minor format change obvious to the ryr.
[02:23:59] <audioguy> eye
[02:24:18] <audioguy> The bible is really secure for a passphrase.
[02:24:21] <xlefay> This is our entire infra we're talking about bytram :P
[02:24:40] <bytram> xlefay, how long are YOUR passphrases?
[02:24:44] <xlefay> Although, the SSH key will only get *you* as far as boron, from there you'll need to kinit through
[02:24:49] <NCommander> ah
[02:24:50] <xlefay> so you'll need a secondary password too
[02:24:54] <NCommander> FUck it, I'm going to masquerade it
[02:25:11] <xlefay> bytram: I'm not going to reveal that sensitive information ;-)
[02:25:16] <audioguy> routing still not working?
[02:25:38] <bytram> xlefay, how about a range of lengths?
[02:25:38] <xlefay> bytram: honestly, 40 chars is more than fine
[02:25:43] <bytram> k
[02:25:51] <xlefay> but, the bible would still be preferable
[02:26:27] <audioguy> I've used ip rewriting in iptables to do that sort of thing.
[02:27:04] <audioguy> Latin editions preferred, ov course.
[02:27:06] <bytram> xlefay, I agree, but the question is what translation to use? KJV, RSV, NRSV, NAB, or should I just catenate them all together and use THAT? =)
[02:27:35] <audioguy> The cat sounds like the best option, overall. ;-)
[02:27:36] <bytram> hmm, maybe I should use the Nestle new testament greek?
[02:27:51] <paulej72> bytram: orginal aramaic
[02:27:52] <bytram> LOL! I can hax passphraze?
[02:28:02] <xlefay> bytram: you do all of them, then, you encrypt that string with multiple encryption methods and then you use one real encryption algo, and THEN you have a key
[02:28:13] <xlefay> of course you shuffle dat string first, and in between each time
[02:28:22] <bytram> ok, brb!
[02:28:46] <bytram> h, wait... .hsould I also rot26 it?
[02:28:46] <xlefay> Good luck!
[02:28:53] <xlefay> and rot13, of course.
[02:29:15] <xlefay> Don't forget bcrypt naturally.
[02:30:32] <NCommander> xlefay, root@ns359611:/etc/openvpn# telnet 192.168.174.17 22
[02:30:32] <NCommander> Trying 192.168.174.17...
[02:30:32] <NCommander> Connected to 192.168.174.17.
[02:30:32] <NCommander> Escape character is '^]'.
[02:30:32] <NCommander> SSH-2.0-OpenSSH_6.5p1 Ubuntu-6~precise1
[02:30:34] <NCommander> YAY
[02:30:47] <NCommander> (that's helium's SSH port)
[02:31:03] <xlefay> Fuck yes
[02:31:08] <xlefay> now let's update /etc/resolv.conf ;-)
[02:31:46] * NCommander runs through the node setup instructions
[02:31:57] <audioguy> So we COULD set our default route to the heart of Europe, and surf in a country with sane privacy laws. ;-)
[02:32:27] <NCommander> audioguy, the networking config here is a bit wonky
[02:32:38] <NCommander> Whatever we do, don't reboot boron without a good reason
[02:33:41] <xlefay> LOL
[02:33:42] <xlefay> !grab NCommander
[02:33:42] <Bender> Added quote 79
[02:33:49] <xlefay> That inspires a lot of trust, rofl
[02:33:58] <audioguy> Europorn, here we come! ;-)
[02:34:16] <NCommander> xlefay, hrm, DNS traffic isn't being routed
[02:34:59] <xlefay> hmm :/
[02:35:11] <NCommander> oh
[02:35:12] <xlefay> nslookup carbon 192.168.174.17
[02:35:14] <NCommander> need redirect-gateway
[02:35:46] <NCommander> er
[02:35:46] <NCommander> oops
[02:35:48] <NCommander> shit
[02:35:51] * NCommander broke DNS setup
[02:35:55] <xlefay> :o
[02:36:08] <NCommander> xlefay, only having the nodes in there means it can't resolve staff.soylentnews.org :-)
[02:36:08] <NCommander> oops
[02:36:36] <xlefay> hmm ;-)
[02:36:51] <xlefay> (that would be fixed if we were to move the current external DNS over to helium & boron) ;-)
[02:37:13] <xlefay> and just for coverage, we could have oxygen as tertiary
[02:37:14] <NCommander> yeah
[02:37:18] <NCommander> DNS traffic just not going through
[02:37:19] <NCommander> hrm
[02:37:19] <audioguy> you only need one
[02:37:54] <xlefay> "One oughta be enough for everybody"
[02:37:59] <audioguy> just make one machine a slave, internal only
[02:38:07] <xlefay> actually
[02:38:09] <NCommander> shit
[02:38:16] * NCommander wishes he saved the original resolv.conf
[02:38:17] <xlefay> audioguy: you're right, let me do that ;-)
[02:38:19] <audioguy> split dns
[02:38:21] <NCommander> xlefay, do you know where they have it saved?
[02:38:25] <xlefay> NCommander: nameserver 8.8.8.8
[02:38:27] <xlefay> fixed
[02:39:17] <NCommander> root@ns359611:/etc/openvpn# nslookup carbon 192.168.174.17
[02:39:17] <NCommander> Server: 192.168.174.17
[02:39:17] <NCommander> Address: 192.168.174.17#53
[02:39:17] <NCommander> Name: carbon.li694-22
[02:39:17] <NCommander> Address: 192.168.136.231
[02:39:19] <NCommander> GOT IT
[02:39:27] <NCommander> we are in business
[02:39:37] <xlefay> That reminds me, you can set the DNS in openvpn config iirc
[02:40:03] <xlefay> so you'll have the default resolv.conf going out, and you'll have the tunneled stuff going through our DNS
[02:44:23] <NCommander> xlefay, root@ns359611:/usr/share/ca-certificates# id mcasadevall
[02:44:23] <NCommander> uid=2500(mcasadevall) gid=2501(sysops) groups=2501(sysops),2500(firefighters),2502(db),2503(dev_team),2504(prod_access)
[02:44:34] <NCommander> Its LAGGY as fuck
[02:44:36] <NCommander> But it works
[02:44:41] <NCommander> (NSS takes several seconds to do anything)
[02:44:57] <NCommander> (its two levels of TLS going through each other)
[02:46:21] <audioguy> I still don't understand why a normal vpn setup won't do this.
[02:46:25] <xlefay> It caches right?
[02:46:39] <audioguy> Its just connecting two internal networks, right?
[02:46:49] <NCommander> audioguy, the problem isn't the connection
[02:47:07] <NCommander> audioguy, we don't control the internal LAN, so we can't tell it to route 10.x.x.x packets across switches
[02:47:42] <audioguy> AH, now I understand. Me, I like having control over my own hardware.
[02:48:16] <audioguy> Cloud shit. SPIT
[02:50:01] <NCommander> audioguy, cloud was quick. I want to move us to dedicated infrastructure within 3 months
[02:50:11] <NCommander> audioguy, basically need to wait until all the credit we have on Linode is burned through
[02:50:18] <xlefay> Actually.. we just made our own sort of cloud ;')
[02:50:20] <xlefay> "cloud"
[02:50:34] <NCommander> xlefay, oxygen isn't resolving from boron
[02:50:42] <xlefay> pub.oxygen ?
[02:50:51] <xlefay> [00:09] root@boron $ host pub.oxygen
[02:50:53] <xlefay> pub.oxygen.li694-22 has address 91.121.158.169
[02:50:54] <xlefay> pub.oxygen.li694-22 has IPv6 address 2001:41d0:1:dfa9::1
[02:50:56] <xlefay> [00:09] root@boron $
[02:51:17] <NCommander> xlefay, no, oxygen itself needs that
[02:51:28] <NCommander> oxygen.li694-22 == 91.121.158.169
[02:51:32] <xlefay> oh...
[02:51:45] <xlefay> eek... there goes that format
[02:52:06] <audioguy> I understand. ;-)
[02:52:27] <NCommander> xlefay, this is kludgy :-/
[02:52:30] <xlefay> done
[02:52:35] <NCommander> mcasadevall@tranquility:~/src/charybdis/charybdis-li694-3.4.2$ ssh pub.oxygen.li694-22
[02:52:35] <NCommander> The authenticity of host 'pub.oxygen.li694-22 (<no hostip for proxy command>)' can't be established.
[02:52:35] <NCommander> ECDSA key fingerprint is 2f:06:2c:f5:44:a8:19:f8:81:b8:08:e4:c9:4e:48:0f.
[02:52:35] <NCommander> Are you sure you want to continue connecting (yes/no)? yes
[02:52:35] <NCommander> Warning: Permanently added 'pub.oxygen.li694-22' (ECDSA) to the list of known hosts.
[02:52:36] <NCommander> Creating directory '/home/mcasadevall'.
[02:52:39] <audioguy> A cloud within a cloud
[02:52:40] <NCommander> yay
[02:52:52] <NCommander> audioguy, I dunno, I think our cloud might be raining
[02:53:05] -!- mrcoolbp [mrcoolbp!~mrcoolbp@Soylent/Staff/mrcoolbp] has joined #staff
[02:53:05] -!- mode/#staff [+v mrcoolbp] by SkyNet
[02:53:25] <NCommander> xlefay, I'm *not* super locking SSH down on oxygen
[02:53:36] <audioguy> I hope nothing TOO important depends upon this link. ;-)
[02:53:38] * mrcoolbp returns finally
[02:53:39] <xlefay> Warning: Permanently added 'oxygen.li694-22' (ECDSA) to the list of known hosts.
[02:53:41] <xlefay> Creating directory '/home/xlefay'.
[02:53:42] <NCommander> xlefay, it doesn't look like I have a backup console, so if LDAP goes in, direct root SSH is the only way to go
[02:53:58] <NCommander> xlefay, ... you're proxying through the US to reach a server in france
[02:53:59] <NCommander> >.<;
[02:54:10] <xlefay> NCommander: actually, just lock down SSH - if it goes wrong, you simply boot the rescue system
[02:54:28] <NCommander> xlefay, if the VPN goes down, LDAP goes down
[02:54:33] <NCommander> Which means no remote login
[02:54:36] <bytram> mrcoolbp, good to "see" you!
[02:54:43] <mrcoolbp> good to be seen
[02:54:45] <xlefay> Yes, in which case, nothing can happen anyway, right?
[02:54:53] <NCommander> xlefay, .... point
[02:54:57] * NCommander will leave it as is for now
[02:55:04] <mrcoolbp> audioguy: how's everything lookin'?
[02:55:07] <xlefay> Yes, let's first see if it'll stays working
[02:55:15] <xlefay> if it does, lock it down - if not, it's terribly slow anyway
[02:55:36] <xlefay> NCommander: @ oxygen: 2
[02:55:40] <xlefay> err, type: w
[02:55:43] <NCommander> mrcoolbp, our cloud got an interesting new addition
[02:55:49] <xlefay> nvm
[02:55:50] <mrcoolbp> do tell
[02:55:50] <NCommander> xlefay, huh?
[02:55:57] <NCommander> mrcoolbp, we added a European backup node
[02:55:59] <xlefay> nvm, forgot about the SSH proxy -_-"
[02:56:02] <mrcoolbp> cool
[02:56:05] <xlefay> But it's pretty awesome, we're doing it via IPv6.
[02:56:15] * xlefay notes the AAAA records are good for something in the end anyway!
[02:56:18] <NCommander> yay
[02:56:26] <audioguy> mrcoolbp - good, got things working with three separate pages, added a few little frills f=to make the user inteface better.
[02:56:29] <NCommander> huh
[02:56:33] <NCommander> It couldn't find the kerberos servers
[02:56:46] <mrcoolbp> audioguy: is it ready to go?
[02:56:46] <xlefay> It doesn't appear to be installed?
[02:56:53] <xlefay> The program 'kinit' can be found in the following packages:
[02:56:56] <audioguy> mrcoolbp: pm
[02:58:00] <NCommander> mcasadevall@oxygen:~$ kinit
[02:58:00] <NCommander> kinit: Client not found in Kerberos database while getting initial credentials
[02:58:01] <NCommander> damn it
[02:58:06] <NCommander> xlefay, its having issues
[02:58:13] <NCommander> I think something isn't going across the VPN
[02:58:22] * NCommander is giving it a bit of a hand in locating its brain
[02:58:24] <xlefay> http://wiki.soylentnews.org
[02:58:56] <xlefay> Did you set the /etc/krb-thing-config?
[02:59:01] <NCommander> xlefay, kinit works
[02:59:01] <xlefay> krb5.conf iirc
[02:59:08] <NCommander> xlefay, no
[02:59:11] <xlefay> And so it does ;-)
[03:00:48] <NCommander> ktab generated
[03:01:54] <mrcoolbp> NCommander: the phone you provided is not a cell (i.e. doesn't accept texts) correct?
[03:02:46] <NCommander> mrcoolbp, no :-/
[03:02:49] <NCommander> xlefay, we're KRB5ed
[03:02:54] <NCommander> xlefay, bi-drectional
[03:02:55] <NCommander> SHINY
[03:03:01] <xlefay> Haha, it is!
[03:03:31] <mrcoolbp> NCommander: let us know when you get the cell setup, I'm hesistant to make voice calls....
[03:03:43] <NCommander> mrcoolbp, oh you can text my normal number
[03:03:46] <NCommander> mrcoolbp, its google voiced
[03:03:55] <NCommander> xlefay, we might want to use this box as a secondary SSH proxy ...
[03:04:02] <NCommander> though since it needs to go to boron for VPN ...
[03:04:14] <mrcoolbp> cool
[03:04:24] <xlefay> NCommander: I was thinking the same but I don't think that's going to add anything but latency.
[03:04:51] <xlefay> Even for me, going through boron to other nodes is faster than going to oxygen, so I'm guessing the reverse would be the same
[03:05:00] <xlefay> you would: oxygen -> boron -> other node
[03:05:14] <xlefay> Whereas with boron, you go: boron -> other node
[03:05:39] <xlefay> oxygen is definitely the slowest hop (because of the VPN, that is)
[03:05:53] <NCommander> xlefay, necessary evil
[03:06:17] <NCommander> xlefay, hrm ... we could use kerberosed rsh, might be faster
[03:06:19] <xlefay> Agreed, but I wouldn't enjoy using oxygen as a frontend SSH server ;-)
[03:06:26] <NCommander> xlefay, http://wiki.soylentnews.org - node list is up
[03:06:55] <xlefay> Yep, I saw it earlier
[03:07:04] <mrcoolbp> bytram: available for some testing?
[03:07:10] <xlefay> also fixed the {staff,status} the wiki doesn't like |'s in between stuff
[03:07:13] * NCommander loves how half the nodes came into existence this weekend
[03:07:21] <xlefay> hahahaha yea
[03:07:59] <xlefay> So we'll leave berillium alone for now?
[03:08:04] <xlefay> Let's first see what MJ thinks
[03:08:28] <xlefay> beryllium*
[03:08:34] <bytram> mrcoolbp, what do you have?
[03:08:55] <NCommander> xlefay, single sign on is seriously paying dividines for the time I spent getting it up
[03:09:00] <NCommander> kerberos too
[03:09:18] <mrcoolbp> we are testing the email voting scheme, do you have an SN email address yet?
[03:09:40] <NCommander> mrcoolbp, nice work
[03:09:43] <xlefay> It's definitely making things a whole lot easier for us ;-)
[03:09:50] <NCommander> Oooh
[03:09:57] <NCommander> We shold try and get neon to be our DB backup
[03:10:04] <NCommander> That way we can have the noble servers
[03:10:17] <xlefay> "neon"?
[03:10:21] <bytram> mrcoolbp, I thnk so,but am not sure...
[03:10:29] <NCommander> xlefay, noble gases
[03:10:33] <mrcoolbp> NCommander: Did you see my "new plan" email? We should be able to start the collection of domains in the next day or so.
[03:10:34] <xlefay> !grab NCommander
[03:10:34] <Bender> Added quote 80
[03:10:36] <xlefay> gotcha!
[03:10:40] <bytram> IIRC, I have a forwarding addy.
[03:10:42] <mrcoolbp> hee
[03:10:57] <mrcoolbp> bytram that will work, what is it?
[03:11:00] <xlefay> and yeah, we should NCommander :p
[03:11:09] <NCommander> mrcoolbp, I haven't, but I've been so deep in the backend that I haven't seen daylight for three days
[03:11:11] <xlefay> mrcoolbp: it's email@SN that only gets forwarded
[03:11:11] <bytram> mrcoolbp, let me try something first, brb
[03:11:24] <mrcoolbp> xlefay: noted, that should work
[03:11:25] <xlefay> e.g. email@SN -> real@email
[03:11:41] <xlefay> you can't generally send from email@SN (with forwarder only) without spoofing
[03:11:48] <mrcoolbp> xlefay: do you know how the mailbox rollout is coming?
[03:11:53] * xlefay sighs
[03:11:56] <mrcoolbp> my mailbox is working pretty well
[03:12:01] <xlefay> I send an e-mail to the entire list
[03:12:06] <mrcoolbp> yeah
[03:12:14] <xlefay> people have to respond in order to get a mailbox ;-)
[03:12:15] <mrcoolbp> and?
[03:12:21] <xlefay> Only one did, cosurgi
[03:12:24] <mrcoolbp> lol
[03:12:24] <NCommander> bytram, what boxes do you need access to?
[03:12:34] <bytram> mrcoolbp, I just sent an e-mail to martyb@SN and it was autoforwarded back to me.
[03:12:50] <bytram> NCommander, not sure of the naming conventions you have now...
[03:12:50] <mrcoolbp> nice
[03:13:11] <xlefay> bytram: dev?
[03:13:21] <NCommander> bytram, http://wiki.soylentnews.org
[03:13:22] <bytram> would like accss to dev; and on an emergency basis to prod (to, e.g., bounce slashd)
[03:13:23] <xlefay> bytram: http://wiki.soylentnews.org
[03:14:03] <mrcoolbp> .op
[03:14:03] -!- mode/#staff [+o mrcoolbp] by SkyNet
[03:14:30] <xlefay> tssk. mrcoolbp what are you doing in my realm?
[03:14:44] * xlefay looks at NCommander, how long have you been sitting there?
[03:15:23] <NCommander> xlefay, long enough I've forgotten what oxygen was like until I booted it up
[03:15:31] <bytram> NCommander, I'm confused... you asked for what *boxes* and gave me a link to list of *groups*
[03:15:43] <xlefay> !GRAB NCommander
[03:15:46] <xlefay> !grab NCommander
[03:15:46] <Bender> Added quote 81
[03:15:47] <xlefay> damn bot
[03:15:50] <mrcoolbp> .deop = (
[03:15:55] <mrcoolbp> .deop
[03:15:55] -!- mode/#staff [-o mrcoolbp] by SkyNet
[03:15:56] <xlefay> That was funny ;-)
[03:15:56] <NCommander> bytram, which permissions do you need :-)
[03:16:02] <mrcoolbp> = (
[03:16:13] * xlefay looks down on all his servents
[03:16:19] <xlefay> err, fellow coworkers
[03:16:28] <NCommander> What's concerning me is that most of our servers are unstable
[03:16:33] <NCommander> or highly flamable
[03:16:37] <bytram> NCommander, king of the universe?
[03:16:44] * NCommander looks forward to when we get to metalic elements
[03:16:54] <xlefay> Well then, I'd argue against neon :P
[03:17:04] <xlefay> more gasses would most definitely make things go boom
[03:17:08] * bytram wishes the elements were listed in the order that they appear in the periodic table
[03:17:20] -!- mode/#staff [-o mrcoolbp] by SkyNet
[03:17:32] <mrcoolbp> ?
[03:17:39] -!- FunPika has quit [Quit: Leaving]
[03:17:41] <NCommander> I can add an atomic weight column :-0
[03:18:18] * NCommander is curious what happens when robin or mechanicjay|afk come back and wonder what happened to the servers
[03:18:30] <bytram> NCommander, tey're unstable or flamable only at STP; we're safe at about 20 kelvin or so... right?
[03:18:46] <bytram> NCommander, not atomic *weight*... atomic *number*
[03:19:09] <bytram> https://en.wikipedia.org
[03:20:19] * bytram looks forward to the Aluminum/Aluminium debate =)
[03:20:21] <NCommander> bytram, I smell a chemistry major
[03:20:41] <bytram> nope... but I did get a "5" on the AP chem test.
[03:21:28] <bytram> was bored one day and memorized the first 18 elements or so.
[03:21:35] <NCommander> bytram, that's easy. We'll decide based on where the server is physically located. If its in the US, Aluminum. If its in UK Aluminium. If its in China then its 铝
[03:21:49] <bytram> NCommander, ROFLMAO!
[03:22:13] <bytram> NCommander, oh oh.... can I ssh into that?
[03:22:26] <NCommander> Security through i18n :-)
[03:22:31] <xlefay> LOL
[03:22:45] <xlefay> !grab NCommander
[03:22:45] <Bender> Added quote 82
[03:22:50] <xlefay> Another keeper ;-)
[03:22:57] <xlefay> Ok, so that bittorrent bot?
[03:23:00] <bytram> NCommander, more like "Security through o7y"
[03:23:01] <xlefay> s/bot/box/
[03:23:17] <NCommander> xlefay, why don't you add some international domains to our TLD :-P
[03:24:03] <xlefay> Sure, what's "never going to happen" in Chinese?
[03:24:13] <bytram> NCommander, but seriously, I don't really need master of the universe privs, but I'd like to be able to help with development on the dev server and be able to do what's neeeded on the prod box when it is wonky... under the guidance of others, of course.
[03:24:25] <xlefay> Thus, you're in the dev_team?
[03:24:29] <NCommander> and prod_access
[03:24:46] <bytram> twice now, I've known that I just needed to restart slashd and had my hands tied.
[03:24:51] <xlefay> bytram: how sure are you about production access? :)
[03:25:02] <NCommander> xlefay, service slashd restart isn't rocket science
[03:25:08] <NCommander> We should probably just put that in a crontab
[03:25:15] <xlefay> NCommander: maan you broke my joke :'(
[03:25:31] <bytram> I am very nervous about doing *anything* that would cause unintended consequences. well nigh paranoid. only for emergency use.
[03:25:34] <NCommander> xlefay, I'd feel bad if you were funny :-P
[03:25:46] <xlefay> dammit you noticed that eh? :)
[03:26:06] <bytram> but that's just an example.
[03:26:27] <NCommander> xlefay, so ... backups. I'm still open to ideas here
[03:26:30] <xlefay> So, put the service slashd restart in a cronjob and we'll have that stuff done
[03:26:39] <NCommander> xlefay, we could do something like armada
[03:26:47] <xlefay> "armada"?
[03:26:58] <xlefay> *googles it*
[03:27:01] <bytram> there was a consensus of what needed to be done, that there were no negative consequences, and ... I couldn't do a thing but *WAIT* for someone else to appear.
[03:27:30] <bytram> that's just an *instance* of the *kind* of problem...
[03:27:39] <NCommander> er, ARMANA
[03:27:58] * bytram had one once, great microwave!
[03:28:09] <NCommander> http://wiki.zmanda.com
[03:28:14] <NCommander> ^- xlefay
[03:29:06] <xlefay> Seems interesting, have you used it before?
[03:29:30] <NCommander> xlefay, nope
[03:29:40] <NCommander> Backups: Those things you wish you had BEFORE shit hit the fan
[03:30:26] <xlefay> That's generally true *awaits a comment from Audioguy*
[03:30:41] <NCommander> xlefay, I recommend though we store whatever in /srv/backup/*hostname*
[03:31:32] <xlefay> Unless you're going to symlink it to something in /home, that's not going to work out well
[03:31:41] <NCommander> xlefay, ?
[03:31:46] <xlefay> partition scheme
[03:31:49] <xlefay> @ oxygen
[03:31:50] <NCommander> oh
[03:31:52] <NCommander> gah
[03:31:57] <NCommander> ok, /home/backups/hostname
[03:31:58] <NCommander> bleh
[03:32:01] <xlefay> Unless you reinstall oxygen with expert mode ;')
[03:32:15] <NCommander> no
[03:32:18] <NCommander> I just got the damn thing up
[03:32:20] <xlefay> /home/backups/ seems fine ;)
[03:32:27] <xlefay> s/seems/is/
[03:32:42] <NCommander> xlefay, who was using putty?
[03:32:46] * NCommander notes kerberos really is good for that
[03:32:56] <xlefay> bytram:
[03:32:57] <bytram> NCommander, I would be
[03:33:12] <NCommander> bytram, I'm sorry :-/
[03:33:17] <NCommander> bytram, be happy we kerberos :-)
[03:34:01] <bytram> NCommander, FYI... I *wasted* over an hour this morning waiting for anybody to appear who had *access* to fix production...
[03:34:16] <bytram> i was FRUSTRATING.
[03:34:20] <bytram> s/i/it/
[03:34:30] <NCommander> bytram, believe it or not, it was worse before I got this shit setup
[03:34:36] <NCommander> bytram, a lot worse
[03:34:41] <mrcoolbp> bytram: check you're email, this is the first round of a test poll
[03:34:42] <NCommander> we have proper access permissions now :-)
[03:34:50] <xlefay> NCommander: funny thing about this morning is.. no-one cared to highlight me, I was still here (but not looking at IRC), and I went to bed 15 minutes before stderr highlighted me without intending my specifically ;-)
[03:34:51] <bytram> NCommander, I have no doubt. hold on...
[03:35:02] <bytram> NCommander++ # a much belated token of thanks!
[03:35:03] <Bender> karma - ncommander: 9
[03:35:04] <bytram> NCommander++ # a much belated token of thanks!
[03:35:05] <Bender> karma - ncommander: 10
[03:35:18] <NCommander> xlefay, implement a !emergency in the bot
[03:35:21] <NCommander> which pings all of us
[03:35:34] <bytram> NCommander, better to have an !ics
[03:35:36] <xlefay> Wouldn't be a bad solution
[03:35:46] * NCommander wants !fudge
[03:35:51] <bytram> !ics alert=yellow
[03:35:52] <xlefay> how about... !alert <team> <message> ;-)
[03:36:02] <bytram> xlefay, better!
[03:36:27] <xlefay> Then again, I could also bring the 'sysops' group back in GroupServ and people can /ms send !sysops message
[03:36:35] <xlefay> /notices highlight too
[03:36:39] <xlefay> least.. they do here
[03:37:25] <mrcoolbp> bytram: email received?
[03:37:41] <bytram> MrBluze|afk, lemme cchk; brb
[03:38:16] <bytram> mrcoolbp, let me check... brb (too many m's)
[03:38:38] <xlefay> ^ no-one ever says that about m&m's for instance..
[03:38:53] <mrcoolbp> heh
[03:39:51] <bytram> mrcoolbp, one issue... scoring is backwards... say another choice comes up; but you're stuck at a max of "9". need to go the other way.
[03:40:45] <bytram> mrcoolbp, besides... "We are number 1, yay!" is what I'd normally think of when ordering things by preference... #1 is best/favorite/preferred
[03:41:07] xlefay changed topic of #staff to: woop woop
[03:41:10] <xlefay> someone take command ;-)
[03:41:48] <bytram> xlefay, wish I could, am heading to bed in about 5 minutes.
[03:43:16] <mrcoolbp> bytram, did you respond to the email?
[03:43:38] <bytram> i replied to you here, am now putting into e-mail
[03:44:28] <mrcoolbp> I got the feedback, just follow instructions in the email for the actual domain gathering (add a domain)
[03:45:23] * NCommander is too tired to take command
[03:45:38] <NCommander> !sysops
[03:45:41] <NCommander> xlefay, nope
[03:45:59] <xlefay> :/
[03:46:00] <NCommander> bytram, I'm installing your LDAP user now
[03:46:11] <bytram> NCommander, Great! THANKS!
[03:47:36] <NCommander> bytram, root@helium:~# id martyb
[03:47:36] <NCommander> uid=2508(martyb) gid=2500(firefighters) groups=2500(firefighters),2501(sysops),2502(db),2503(dev_team),2504(prod_access)
[03:47:52] <NCommander> bytram, I'm installing your SSH key, and generating kerberos principle for you
[03:48:07] <NCommander> bytram, read this while you wait, as you need to use kerberos since you use putty and can't proxy
[03:48:21] <NCommander> bytram, http://wiki.soylentnews.org
[03:48:23] <bytram> NCommander, brb
[03:50:30] <NCommander> bytram, installed
[03:50:36] <NCommander> bytram, see if you can access staff.soylentnews.org
[03:50:50] <bytram> NCommander, i'm back...
[03:51:01] <bytram> bear with me here..
[03:51:26] * NCommander is generating your kerberos principle
[03:52:58] <NCommander> bytram, kerberos principle generated, let me know when you're on boron
[03:53:29] <bytram> am trying... am not used to putty; it's umm >different<
[03:54:00] <NCommander> bytram, not used to SSH?
[03:54:11] <bytram> I'm on win XP
[03:54:13] <NCommander> bytram, you could install cygwin SSH :-P
[03:54:33] -!- Dopefish [Dopefish!~47b1d396@Soylent/Staff/Editor/Dopefish] has joined #staff
[03:54:33] -!- mode/#staff [+v Dopefish] by SkyNet
[03:54:39] * NCommander licks Dopefish
[03:54:43] <bytram> I tried cygwin years ago... install so borked up my system it took me a couple weeks to getit working again.
[03:55:10] <mrcoolbp> bytram: thanks for you help/feedback bytram: much appreciated
[03:55:21] <bytram> gladly try any *other* ssh client, though.
[03:56:16] <bytram> NCommander, so, I'm trying to connect to ?? boron.soylennews.org ??
[03:56:18] <bytram> NCommander, so, I'm trying to connect to ?? boron.soylentnws.org ??
[03:56:49] <Dopefish> that's gross
[03:56:53] <NCommander> bytram, staff.soylentnews.org
[03:57:17] <bytram> NCommander, huh? where's boron ?
[03:57:21] <bytram> NCommander, will do.
[03:57:33] <NCommander> bytram, staff == boron. We don't expose the machine names to the world
[03:57:55] <mrcoolbp> you just did...this is public channel...
[03:57:57] <bytram> indirection for the obfuscation.
[03:58:07] <bytram> ^^^^^^^^^^
[03:58:26] <NCommander> mrcoolbp, the machine names are on the wiki, but we don't publish them in DNS
[03:58:44] <mrcoolbp> ah
[03:59:33] <bytram> NCommander, I apologize. it's late, I'm tired, and not thinking clearly. Are you familiar enough with putty to walk me through?
[03:59:54] <bytram> hold on... what port?
[04:00:01] <xlefay> 22
[04:00:03] <NCommander> bytram, 22
[04:00:07] <bytram> k
[04:00:09] <NCommander> bytram, I haven't used putty in ages
[04:00:20] <xlefay> (you don't actually have to fill it in)
[04:00:23] <xlefay> it'll default to 22
[04:00:36] <bytram> xlefay, I see that, thanks!
[04:01:15] <bytram> xlefay, where do I put my SSH key?
[04:01:34] <xlefay> ehm, you have to go to "ssh" in the sidebar and search there...
[04:01:38] <xlefay> I don't quite remember
[04:01:53] <xlefay> btw.. you didn't as audioguy suggested make an openssh key, right?
[04:02:11] <xlefay> Otherwise you'll have to throw it through puttygen in order to make putty be able to read it (least, iirc)
[04:02:36] <xlefay> Putty doesn't accept plain ssh keys... it needs it's own format and deals with it internally.
[04:02:51] <bytram> xlefay, woops... lost me there. oh, oh.
[04:03:15] <bytram> does that mean I need to create a new key and send that to NCommander ?
[04:03:30] <NCommander> bytram, I think he sent me the right forward
[04:03:43] <NCommander> It had the putty certificate things on it
[04:04:15] <bytram> NCommander, I made it using puttygen, so I'd like to think it knows how to format things for itself. :/
[04:05:50] <bytram> the server's host key is not cached in the registry...
[04:06:04] <xlefay> NCommander: the ssh key = good on our side, but putty uses it's own format to send it
[04:06:06] <xlefay> .ppk or something
[04:06:25] <bytram> xlefay, that's the one I gave to putty
[04:06:43] <xlefay> bytram: good, then you should be able to connect
[04:06:49] -!- pbnjoe [pbnjoe!~pbnjoe@Soylent/Users/313/pbnjoe] has joined #staff
[04:06:57] <mrcoolbp> NCommander: I know you've been very busy with the backend stuff, we have a plan for the public vote in case we don't have the time to re-work the poolbooth that would utilize audioguys email voting method he coded, have a sec?
[04:07:34] <bytram> xlefay, I've got a security alert: the server's host key is not cached in the registry. You have no guarantee that the server is the computer you think it is.
[04:07:47] <bytram> the server's rsa2 key fingerprint is...
[04:07:52] <xlefay> yes, what is it?
[04:08:02] <bytram> tugh to type, hold on.
[04:08:03] * xlefay notes we should publish those signatures..
[04:08:08] <xlefay> bytram: kiddding, accept it
[04:08:09] <xlefay> kidding*
[04:08:18] <xlefay> but we should publish those signatures nonetheless
[04:08:36] <NCommander> mrcoolbp, let me finish writing this wiki page
[04:08:37] <bytram> server unexpectedly closed netork connection
[04:08:40] <mrcoolbp> okay
[04:08:46] <NCommander> xlefay, agreed
[04:09:00] <xlefay> bytram: where are you connecting to?
[04:09:13] <NCommander> xlefay, check auth.log
[04:09:14] <bytram> trying to get to staff.soylentnews.org
[04:09:24] <xlefay> NCommander: am checking but not getting an alert from martyb's user
[04:09:50] <xlefay> bytram: try again
[04:10:03] <bytram> looks better...
[04:10:06] <xlefay> ok got you now
[04:10:09] <xlefay> what was the error on your side?
[04:10:12] <bytram> "login as:" and I entered my username
[04:10:15] <bytram> waiting...
[04:10:26] <xlefay> [martyb's IP] failed - POSSIBLE BREAK-IN ATTEMPT!
[04:10:35] <xlefay> No supported authentication methods available [preauth]
[04:10:40] <xlefay> Are you submitting your ssh key?
[04:10:45] <bytram> thought so.
[04:10:53] <xlefay> re-check
[04:11:00] <bytram> yup
[04:12:13] <bytram> xlefay, logical name of remote host(e.g. for SSH key lookup)
[04:13:24] <bytram> same error.
[04:14:03] <xlefay> That's rather odd
[04:14:51] <bytram> I can send you the log
[04:14:58] <xlefay> bytram: can you re-connect on port 99 ?
[04:15:02] <xlefay> (instead of 22)
[04:15:11] <bytram> sure.
[04:16:56] <bytram> same error
[04:16:57] -!- Dopefish has quit [Quit: Web client closed]
[04:17:34] <bytram> xlefay, here comes the log...
[04:17:46] <bytram> 2014-03-23 23:16:40 Looking up host "staff.soylentnews.org"
[04:17:46] <bytram> 2014-03-23 23:16:41 Connecting to 173.255.194.21 port 99
[04:17:46] <bytram> 2014-03-23 23:16:41 Server version: SSH-2.0-OpenSSH_6.5p1 Ubuntu-6~precise1
[04:17:46] <bytram> 2014-03-23 23:16:41 Using SSH protocol version 2
[04:17:46] <bytram> 2014-03-23 23:16:41 We claim version: SSH-2.0-PuTTY_Release_0.63
[04:17:47] <bytram> 2014-03-23 23:16:42 Doing Diffie-Hellman group exchange
[04:17:49] <bytram> 2014-03-23 23:16:42 Doing Diffie-Hellman key exchange with hash SHA-256
[04:17:51] <bytram> 2014-03-23 23:16:46 Host key fingerprint is:
[04:17:53] <bytram> 2014-03-23 23:16:46 ssh-rsa 2048 b0:82:21:50:dd:e7:fc:4a:e0:1e:ff:0c:c2:46:1d:1d
[04:17:55] <bytram> 2014-03-23 23:16:46 Initialised AES-256 SDCTR client->server encryption
[04:17:57] <bytram> 2014-03-23 23:16:46 Initialised HMAC-SHA-256 client->server MAC algorithm
[04:17:59] <bytram> 2014-03-23 23:16:46 Initialised AES-256 SDCTR server->client encryption
[04:18:01] <bytram> 2014-03-23 23:16:46 Initialised HMAC-SHA-256 server->client MAC algorithm
[04:18:03] <bytram> 2014-03-23 23:16:47 Reading private key file "C:\Program Files\PuTTY\keys\private.20140323a.ppk"
[04:18:05] <bytram> 2014-03-23 23:16:51 Offered public key
[04:18:07] <bytram> 2014-03-23 23:16:51 Server refused our key
[04:18:09] <bytram> 2014-03-23 23:16:51 Using SSPI from SECUR32.DLL
[04:18:11] <bytram> 2014-03-23 23:16:51 Attempting GSSAPI authentication
[04:18:13] <bytram> 2014-03-23 23:16:52 GSSAPI authentication initialisation failed
[04:18:17] <bytram> 2014-03-23 23:16:52 No credentials are available in the security package.
[04:18:19] <bytram> 2014-03-23 23:16:52 Disconnected: No supported authentication methods available (server sent: )
[04:19:08] <NCommander> bytram, it didn't like your key
[04:19:17] <NCommander> BTW, kerberos administration page written
[04:19:18] <NCommander> http://wiki.soylentnews.org
[04:19:25] <NCommander> I think thats the last of the major TODOs here.
[04:19:34] * NCommander notes varnish needs a writeup, as does apache, but those can wait
[04:20:10] <NCommander> xlefay, does that look sane and well written
[04:20:18] <bytram> NCommander, hmmm... should I generate another one?
[04:21:24] <NCommander> bytram, let me make sure your key is correct
[04:21:32] <bytram> NCommander, k, thanks!
[04:21:44] <NCommander> root@helium:/root# /etc/ssh/ldap_ssh.sh martyb
[04:21:44] <NCommander> root@helium:/root#
[04:21:46] <NCommander> ....
[04:21:46] <NCommander> hrm
[04:22:28] <NCommander> oh
[04:22:29] <NCommander> fuck
[04:22:31] <NCommander> Its in the wrong format
[04:22:57] <xlefay> NCommander: '''s don't work in <pre>'s, I'll fix
[04:23:15] <bytram> xlefay, much obliged!
[04:23:41] <xlefay> bytram: I'm actually looking at the docs from NC
[04:24:03] <bytram> xlefay, Oh! <heh> my bad.
[04:24:28] <bytram> NCommander, do I need to do something to fix the format on my end? or is that something you do there?
[04:24:48] <NCommander> Oh
[04:24:52] <NCommander> its getting base64 encoded
[04:25:48] <NCommander> bytram, your key got linewrapped
[04:25:49] <NCommander> Hold on
[04:26:04] * bytram is holding on
[04:27:10] <NCommander> bytram, root@helium:/root# /etc/ssh/ldap_ssh.sh martyb
[04:27:10] <NCommander> ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAqtNySaHALmD96itgubnSs18CvYuRJAf+t3/sQ8jMYv4lcLzCcOyNrM6fzBH6KWqQa0x9UhkpMjyJsIE94qDAoNANtfZ+mSG5D+pNJb2nC5R9C1cjIZf41zIXLhsh6OwlO1cI0/KnKwz1moeHuYLtNzNDEe1Ir2D29oO7bm8R4BIM3fUR8BNy2wo+UarQJqezIvqUPOoxmiNGmTLdI5Fd8M5ODJ9d2wZZs60x2B23qw6S4f1eClwRAoTXaUK0GWnSFxbUzsLCsti5qxfr5q1mdS7XIsvoNAum9gITqwTG7EMkMFUUVckT5tMBTzwnSlM9yo4C86ZKvxjzAAO3Oodk7Q==
[04:27:12] <NCommander> bytram, try it now
[04:27:22] <xlefay> NCommander: we'll deal with the backup stuff tomorrow (unless you're staying up much longer), same goes for the bittorrent stuff
[04:27:36] <NCommander> xlefay, I am, need to write emails
[04:27:39] <bytram> passphrase for key...
[04:27:50] <bytram> rsa-key-20140323
[04:27:56] <xlefay> bytram: the encrypted bible and all, remember?
[04:28:05] <bytram> doh!
[04:28:13] <xlefay> NCommander: yeah so we'll deal with the other stuff tomorrow ;-)
[04:28:15] <NCommander> Well, at least its asking for a key
[04:28:26] <NCommander> xlefay, I'm kinda going to go on soy-hitatus
[04:28:31] <NCommander> this weekend has been exhausting
[04:28:33] <xlefay> he got signed in
[04:28:42] <xlefay> NCommander: that's fine, I'll look into it further ;-)
[04:28:53] <bytram> NCommander, xlefay S U C C E S S ! ! ! !
[04:28:55] <NCommander> bytram, let me give you your kerberos passwd
[04:28:57] <bytram> I'm on boron
[04:29:16] <xlefay> poor martyb, he can't even ssh to another node without first kinit'ing
[04:29:38] <NCommander> xlefay, pfft, better than the alternative
[04:29:47] <xlefay> guess that's what you get for using windows bytram :P
[04:29:59] <NCommander> xlefay, http://monkeyswithbuttons.wordpress.com
[04:30:02] <NCommander> ^_ bytram
[04:30:09] <NCommander> Possible way to proxycommand with putty
[04:30:29] <xlefay> oh nice!
[04:31:32] <xlefay> bytram: best to save sessions in putty ;-)
[04:32:26] <bytram> xlefay, did that once before, but don't remmeber how... hold on I'm dealing with kpasswd
[04:33:06] <xlefay> yep
[04:33:10] <bytram> xlefay, k, I'm back!
[04:35:19] <xlefay> wb lol :p
[04:35:42] <xlefay> you fill in all the settings, then one the first page/tab of putty, you fill in a name (on the bottom of the screen) and press "save"
[04:35:50] <bytram> xlefay, methnks I needed to save session *befoer* I catually connected?
[04:35:54] <xlefay> next time, click the session, load, connection
[04:36:01] <xlefay> Yes, I would do that if I were you.
[04:36:28] <xlefay> woah, Invalid Signature, NCommander? :)
[04:36:51] <NCommander> xlefay, on my GPG key?
[04:36:55] <bytram> oay, I need to creaet a NEW session...
[04:36:56] <xlefay> yea
[04:37:00] <NCommander> xlefay, I renewed the expiration. Do a refresh to get it
[04:37:36] <xlefay> done
[04:37:59] <xlefay> The signature is valid, but the key's validity is unknown. ;-)
[04:38:11] <NCommander> O_o?
[04:38:13] <NCommander> xlefay, odd
[04:38:20] <NCommander> xlefay, it worked fine to upload to the PPA
[04:38:37] <xlefay> NCommander: probably has to do with trust
[04:38:43] <xlefay> e.g. the gpg trust model and stuff
[04:38:50] <NCommander> oh, thats right
[04:38:57] <xlefay> ;)
[04:38:58] <NCommander> we need a staff KSP
[04:41:08] <paulej72> going to bed see you all tomorrow.
[04:41:17] <xlefay> night, ciao :)
[04:41:22] <bytram> paulej72, g'nite!!!!!!!!
[04:41:35] <paulej72> later
[04:42:31] <bytram> NCommander, yay! I'm onto staff, with a saved profile :^)
[04:42:35] <bytram> thanks-you!
[04:42:48] <bytram> xlefay, many thanks for the putty help!
[04:42:54] <bytram> NCommander++
[04:42:54] <Bender> karma - ncommander: 11
[04:42:57] <bytram> xlefay++
[04:42:57] <Bender> karma - xlefay: 33
[04:43:02] <bytram> and, why not?
[04:43:04] <xlefay> no worries
[04:43:05] <bytram> bacon++
[04:43:05] <Bender> karma - bacon: 26
[04:45:55] bytram is now known as martyb|zzz
[04:46:10] <martyb|zzz> good night everybody! thanks for all the help!
[04:50:42] paulej72 is now known as paulej72_away
[04:52:38] -!- martyb|zzz has quit [Ping timeout: 246 seconds]
[05:06:51] <NCommander> xlefay, check email
[05:14:59] <Landon> !current-uid
[05:14:59] <Bender> The current maximum UID is 3944, owned by LazyBoot
[05:15:02] <Landon> heh
[05:15:13] <Landon> funny seeting artifacts of current-uid from the bot's account
[05:15:16] <Landon> seeing*
[05:16:42] <xlefay> NCommander: just read the mail, very nice. Thank you! ;)
[05:17:34] <NCommander> xlefay, feel free to volunteer for Netherlands :-)
[05:17:40] * NCommander needs more asses to ride
[05:17:52] <Landon> !grab NCommander
[05:17:52] <Bender> Added quote 83
[05:17:55] <Landon> !quote 83
[05:17:55] <Bender> Quote 83 - <NCommander> xlefay, feel free to volunteer for Netherlands :-)
[05:17:56] <Landon> damn
[05:18:01] <Landon> curseeeeeeeeeeeeeeeeees
[05:18:10] <NCommander> Being /me makes you unquotable
[05:18:13] * Landon shakes fist
[05:18:34] <Landon> !todo subscribe to ctcp actions in quote plugin
[05:18:34] <Bender> todo item 24 added
[05:36:42] <xlefay> btw Landon, you probably have to teach it the concept of CTCP first
[05:37:55] <xlefay> NCommander: paulej72_away: can anyone grant me to make a repository under SoylentNews? It's for the IRC stuff.
[05:38:22] <NCommander> xlefay, I think I can do it ...
[05:38:23] <NCommander> ugh
[05:38:24] <NCommander> !todo
[05:38:24] <Bender> todo for ncommander: 1) make sure install-slashsite installs proper schema 2) quit smoking 3) look at rewiring pollbooth for SERIOUS votes 4) write up YAFAP for nethack 5) find volunteer who may be willing to work on mod_perl rework effort 6) clean production database of unused vars/tables from Tags/FIrehose/Achievements 7) make LDAP a thing yesterday 8) fix slashboxs - 1 more
[05:38:35] <NCommander> !todo-done 7
[05:38:35] <Bender> 1 item deleted
[05:38:37] <NCommander> !todo
[05:38:39] <Bender> todo for ncommander: 1) make sure install-slashsite installs proper schema 2) quit smoking 3) look at rewiring pollbooth for SERIOUS votes 4) write up YAFAP for nethack 5) find volunteer who may be willing to work on mod_perl rework effort 6) clean production database of unused vars/tables from Tags/FIrehose/Achievements 7) fix slashboxs 8) email to FSF/SPI w/ mattie_p - 1 more
[05:38:54] <xlefay> !more
[05:38:54] <Bender> input 9) get mechanicjay|afk to crontab auto restarts for slash 10) upstart job for apache
[05:39:02] <NCommander> bleck
[05:39:03] <xlefay> Seriously.. #9?
[05:39:08] <NCommander> !todo-done 9
[05:39:08] <Bender> 1 item deleted
[05:39:12] <NCommander> I was feeling snarky
[05:39:21] <NCommander> xlefay, feel free to take 10 from me
[05:39:24] <xlefay> @daily root /etc/init.d/slashd restart # something like that?
[05:39:30] <xlefay> For production?
[05:39:35] <NCommander> xlefay, you can practice on lithium, its an identical apache setup
[05:39:41] <xlefay> Cool, will do
[05:39:44] <xlefay> !take NCommander 10
[05:39:49] <NCommander> 9 now
[05:39:51] <xlefay> oh god, that sounds bad didn't it?
[05:40:01] <xlefay> !todo upstart job for Apache
[05:40:01] <Bender> todo item 3 added
[05:40:10] <xlefay> er.. I shouldn't be adding it to bender
[05:40:32] * xlefay uses his ZNC's built in *notes system
[05:40:43] <NCommander> xlefay, I'm doing a writeup of everything we did this weekend
[05:40:45] <NCommander> FUcking long list
[05:40:53] * NCommander notes we were stupidly productive
[05:41:19] <xlefay> It sure is ;-) I'll check into Amanda tomorrow and possible alternatives, and I'll set it up (naturally, starting with dev)
[05:41:31] <xlefay> I really wish we could make snapshots in advance :<
[05:49:38] <mrcoolbp> xlefay: just a friendly reminder you still have a little work to do on that IRC team page
[05:50:43] <xlefay> I know
[05:50:56] <xlefay> Important things first tho ;-)
[05:51:50] <mrcoolbp> yes, I know I can see you've been busy, still importnant that people know what is being worked on etc.
[05:52:02] <mrcoolbp> not trying to take aways from all your efforts at all
[05:52:21] <xlefay> don't worry hehe
[05:53:03] <mrcoolbp> oh and I for one welcome my new team member.
[05:53:21] <mrcoolbp> cheers
[05:53:30] <xlefay> haha ^^
[05:54:38] <mrcoolbp> xlefay: is LDAP all setup?
[05:55:44] <xlefay> NCommander: finished most of the LDAP set up so far ;-)
[05:56:18] <mrcoolbp> so still a bit of work to do?
[05:57:04] <xlefay> Only local replication, and kerberos integration, correct NC?
[05:58:15] <NCommander> xlefay, think so, check the email I'm writing in a few minutes
[05:58:30] <NCommander> mrcoolbp, we have new staff?
[05:58:49] <mrcoolbp> NCommander: xlefay joined "Community Support"
[05:59:30] <xlefay> In fairness, as it stands, I'm the one person in the staff that has the most time in the day ;-)
[05:59:44] <xlefay> Once I finally find a darn job, I'll have to cut down on stuff ;)
[05:59:57] <mrcoolbp> NCommander: xlefay: some users have been confused that they need to create a new acount in wiki (can't use SN login). Should we throw a disclaimer on wiki saying you must create a new account. Is there plans to have single sign on eventually?
[06:00:38] <mrcoolbp> xlefay: no worries, happy to have someone at all
[06:03:48] <NCommander> mrcoolbp, yes, and yes
[06:03:57] <mrcoolbp> thanks
[06:11:53] <mrcoolbp> NCommander: when there is an issue with a user I can't solve I used to send them to zak, who would you recommend these days?
[06:12:14] <mrcoolbp> mattiep helped a few times
[06:12:43] <mrcoolbp> I can send them to him I guess...I just know his inbox is approaching the insanity of yours
[06:13:09] * mrcoolbp has a love/hate with his inbox (mostly hate though)
[06:14:10] <NCommander> mrcoolbp, any sysop, xlefay or myself probably as we currently know the best on the new setup
[06:14:48] <mrcoolbp> mattiep: kids in bed yet?
[06:15:00] <mrcoolbp> NCommander: perfect thanks!
[06:15:21] <xlefay> mrcoolbp: another option is /dev/null, it generally works _really_ well
[06:15:27] <mrcoolbp> heh
[06:15:32] * xlefay remembers the time he /dev/null'd his inbox
[06:15:44] <mrcoolbp> oh that would be liberating
[06:15:48] <xlefay> it was
[06:16:16] <xlefay> Of course, I did have a back up ;-)
[06:16:20] <xlefay> "just in case"
[06:17:07] <mrcoolbp> I could never fo through with it
[06:17:12] <mrcoolbp> go*
[06:18:09] <xlefay> well if you've got a backup there isn't much of a problem
[06:18:15] <xlefay> I just did it cause I was tired of having full folders
[06:18:20] <xlefay> err, a full folder*
[06:18:36] <xlefay> too lazy to sort it all, figure if I ever need something, I'll just imap to the read-only backup ;-)
[06:19:23] <xlefay> That's why I love server side filtering
[06:19:32] <xlefay> least you don't have to do it on a ton of clients
[06:21:28] <NCommander> xlefay, need ability to do procmailing for soylentnews
[06:21:30] <NCommander> chop chop
[06:21:40] <xlefay> NCommander: it's on my rather lengthy todo list ;-)
[06:22:02] * xlefay sighs
[06:22:08] <NCommander> xlefay, ?
[06:22:10] <xlefay> I really have to install Thunderbird, kmail is sluggish
[06:22:21] <xlefay> click email, pres delete, wait 10 seconds for it to actually delete
[06:22:47] <mrcoolbp> eek
[06:23:32] <NCommander> and that's why I stopped using kmail
[06:24:38] <xlefay> I can understand why. btw: "/* rsa key: the public key for this oper when using Challenge." looks interesting
[06:25:36] <NCommander> xlefay, fighting with athamie?
[06:25:45] <xlefay> no
[06:25:56] <xlefay> Was just looking through IRCd configs
[06:26:21] <xlefay> for /oper, we currently have requirement of certificate fingerprint (certfp) + ssl only, etc...
[06:26:26] <xlefay> but the rsa key seems more interesting
[06:27:19] <xlefay> Then again, I was looking if we could feed it into LDAP, so we could have a group of IRCops in there, the "single staff management" thingy kinda sticks with me :P
[06:28:07] <xlefay> I'm going to look if the IRCd comes with some apparmoring
[06:29:01] <mrcoolbp> NCommander: where are the lameness filter paramaters? I'd like to have those public somewhere (maybe attached to the FAQ)
[06:31:12] <mrcoolbp> NCommander: nvm, just saw that there will be error messages displayed to users
[06:31:45] <xlefay> btw, NCommander, is there a special host file required to get access to the phpldap?
[06:31:57] <NCommander> xlefay, yeah, its bound to 127.0.0.1 :-)
[06:32:04] <xlefay> the ssh tunnel itself just returns "It works!" on which I just reply "yeah... but it doesn't show me what I need!"
[06:32:19] <NCommander> xlefay, oh, http://127.0.0.1:8080
[06:32:25] <xlefay> oh lol!
[06:32:29] <NCommander> I didn't put that URL up?
[06:32:35] <NCommander> xlefay, phpmyadmin is also available
[06:32:39] <xlefay> I'll put it in the docs
[06:32:45] <xlefay> docs just say 127.0.0.1:8080
[06:32:45] <NCommander> Thought it was there ...
[06:32:47] <NCommander> oops
[06:33:36] <xlefay> it is now ;-)
[06:33:37] <xlefay> no worries
[06:34:57] <NCommander> xlefay, we can extend the LDAP schema if we need more information for IRC services
[06:35:14] <NCommander> xlefay, you know, with the VPN, it IS possible to get kerberos tickets on 127.0.0.1 ...
[06:35:47] <xlefay> https://github.com
[06:35:55] <NCommander> xlefay, (yes, we can autheticate our staff on their home machines. Yes its sexy)
[06:36:05] <xlefay> NCommander: IRC services + ldap works for /ns id, but that'd break the rest
[06:36:11] <xlefay> rest = existing db
[06:36:27] <NCommander> xlefay, we can migrate the nickserv database into LDAP
[06:36:47] <NCommander> xlefay, I don't mind having normal users in there, if we ever have public shell accounts, they'll be in LDAP, just not in firefighters
[06:37:01] <xlefay> NCommander: we could, but we want to integrate with the normal site right?
[06:37:12] <NCommander> xlefay, so we get slash to autheticate with ldap
[06:37:13] * NCommander coughs
[06:37:16] <xlefay> Technically, a link between slash <-> openldap would be awesome
[06:37:20] <NCommander> actually, thats not THAT hard
[06:37:30] <NCommander> There's already infrastructure for that in place for OpenID
[06:37:42] <xlefay> hah, in which case, the IRCd could also but I'm just so afraid of what'll happen if our LDAP kicks out (in it's entire, even when we have replication)
[06:37:42] <NCommander> TO attach authetication tokens to slash account
[06:37:52] <xlefay> In which case, EVERYTHING will be fuckt
[06:37:59] <NCommander> xlefay, so run slurpd/slapd on the ircd nodes
[06:38:07] <NCommander> This problem can be solved with MORE REPLICATION
[06:38:19] <xlefay> I suppose so :P
[06:38:27] <xlefay> Also, services stall if LDAP is down >.<
[06:38:39] <NCommander> xlefay, so every box that runs services run slapd :-)
[06:38:47] <xlefay> Yeah :p
[06:38:48] <xlefay> but
[06:38:52] <NCommander> xlefay, actually, its probably easier to make that work with kerberos vs. ldap itself
[06:38:53] <xlefay> btw*
[06:38:57] <xlefay> https://github.com
[06:39:07] <NCommander> xlefay, actually ...
[06:39:08] <NCommander> hrm
[06:39:15] <NCommander> xlefay, thinking about it, we don't need it to talk to ldap directly
[06:39:23] <NCommander> xlefay, add a field in the database for POSIX account
[06:39:29] <NCommander> Then perl just needs to run id to get permissions
[06:39:57] <xlefay> That'd be neat, then you can also do the setuid bits via LDAP, no?
[06:40:00] <NCommander> xlefay, http://stackoverflow.com
[06:40:01] <xlefay> just create another group
[06:40:05] <NCommander> xlefay, bingo.
[06:40:11] -!- pbnjoe has quit [Quit: Leaving]
[06:40:13] <NCommander> xlefay, if user is editoral == seclevel 100
[06:40:20] <NCommander> slash_suadmin == 10000
[06:40:22] <xlefay> exactly
[06:40:32] <NCommander> That wouldn't even be hard to implement
[06:40:35] <NCommander> Thats an hours work, tops
[06:40:46] <xlefay> That's really nice ;-) We should try that on dev sometime :P
[06:40:52] <xlefay> btw, the link I sent to the challenge
[06:41:23] <xlefay> I could write a script that gets the public key of people in the ircops group, create a local file for opers, re-generate config file (I should make a script for that); and rehash the server
[06:41:26] <NCommander> hrm
[06:41:33] * NCommander wonders if we can just kerberos it
[06:41:37] <xlefay> Unfortunately, charybdis doesn't support direct ldap :<
[06:42:15] <NCommander> xlefay, just getrpid for the user
[06:42:24] <NCommander> xlefay, just getrgid for the user
[06:43:31] <mrcoolbp> xlefay: going to forward a user to you, claims to have registered a nick but I can't find him (and he can't log in)
[06:43:31] <xlefay> yeah it grabs the group for a certain user
[06:44:23] <xlefay> mrcoolbp: well you know his e-mail address, did you try a password reset first? (e.g. just enter his e-mail?)
[06:44:39] <mrcoolbp> he claims to have a U
[06:44:45] <mrcoolbp> UID owned by someone else
[06:44:55] <mrcoolbp> by another nick anyway
[06:45:00] <xlefay> so it isn't his then
[06:45:09] <mrcoolbp> he has an email showing it is
[06:45:36] <mrcoolbp> also how do you do that password reset? on slashcott I was doing it through the admin panel
[06:45:39] <xlefay> NCommander: first thing I'm going to do tomorrow is try to apparmor charybdis ;-)
[06:45:48] <NCommander> xlefay, aa-genprof is your friend
[06:46:05] <xlefay> http://soylentnews.org
[06:46:31] <mrcoolbp> okay, let's try that and see what happens then
[06:46:42] <mrcoolbp> should be interesting
[06:46:53] <xlefay> NCommander: does apt has something like yum whatprovides?
[06:47:40] <NCommander> xlefay, what's whatprovides do?
[06:47:44] <NCommander> (its been too long)
[06:48:28] <NCommander> xlefay, files in general, or installed?
[06:48:31] <NCommander> For installed, dpkg -S
[06:48:36] <xlefay> apt-file search aa-genprof
[06:48:37] <NCommander> for packages in general, apt-file
[06:48:40] <xlefay> like what apt-file does ;-)
[06:48:45] <xlefay> haha yea, that's what I was looking for
[06:48:51] <NCommander> xlefay, apt-get install apparmor :-)
[06:49:05] <NCommander> xlefay, check out the email to the list, see if I forgot anything
[06:49:07] <xlefay> I thought it came by default :P
[06:50:31] <mrcoolbp> off to bed, see y'all tomorrow
[06:51:20] -!- mrcoolbp has quit []
[06:51:37] <xlefay> "Looking for someone to work out the necessary sudo voodoo"
[06:51:40] <NCommander> xlefay, it isn't by the linode image
[06:51:40] <xlefay> consider it done
[06:51:47] <NCommander> sweet
[06:51:53] <NCommander> xlefay, this was a stupidly productive weekend
[06:53:07] <NCommander> xlefay, so we've had 202k hits on varnish in 11 hours
[06:53:27] <NCommander> cache hitrate: 88%
[06:53:29] <NCommander> Holy shit
[06:53:42] <NCommander> The new varnish config is *really* doing its job
[06:53:47] <xlefay> Sounds about right
[06:53:53] <xlefay> LOL
[06:53:55] <xlefay> That's amazing!
[06:54:06] <NCommander> No wonder the site feels more responsible
[06:54:10] <NCommander> Apache isn't doing anything
[06:54:20] <xlefay> The way it's supposed to be ;-)
[06:54:42] * NCommander rolls eyes
[06:54:48] * NCommander needs to setup status.soylentnews.org
[06:55:06] <xlefay> btw, I also want to LXC some stuff on IRC box, for "playgrounds" on experimenting with stuff; so we don't risk breaking other stuff
[06:55:26] <xlefay> I wonder if we can apparmor bender... maybe a bit too far?
[06:55:35] <xlefay> >.<
[06:55:52] * xlefay might have fallen a bit in love with our set up here..
[06:56:20] <xlefay> *updates charybdis-li694-22"
[06:56:34] <xlefay> ok.. how do I fix this crazy error?
[06:56:51] <xlefay> invoke-rc.d: unknown initscript, /etc/init.d/charybdis not found. <-- did the upgrade, what do I need to do at this point to make it go away? < NCommander
[06:57:00] <xlefay> s/</|/
[06:58:20] <NCommander> xlefay, http://status.soylentnews.org
[06:58:36] <NCommander> xlefay, did you upgrade to the latest page?
[06:58:39] <NCommander> er
[06:58:39] <NCommander> fuck
[06:58:41] <NCommander> ...
[06:58:45] * NCommander is tired and doesn't want to look
[06:59:00] <NCommander> xlefay, http://status.soylentnews.org
[06:59:00] <xlefay> I tried upgrading to the last package
[06:59:11] <xlefay> can I just remove it and reinstall it and all will be fixed? (the lazy way)
[06:59:16] <NCommander> xlefay, possibly
[06:59:21] <xlefay> Yes, I'm looking at that page :P
[07:00:13] <xlefay> OK that worked!
[07:00:40] <NCommander> xlefay, probably the uninstall script got mucked
[07:01:21] <xlefay> yeah :)
[07:01:41] <xlefay> The staff user dir, what stuff can we use?
[07:01:47] <xlefay> only plain HTML and crap atm?
[07:02:53] <NCommander> xlefay, for the moment, can install stuff on user demand
[07:03:06] <NCommander> xlefay, I don't want boron becoming beryllium 2.0 though
[07:03:41] * NCommander should have called the node firefighters ...
[07:03:45] <NCommander> Ah well
[07:04:05] <xlefay> would be too painful atm :p
[07:05:26] <xlefay> nslookup firefighters.li694-22.
[07:05:48] <NCommander> I got firefighters in LDAP
[07:05:49] <NCommander> I'm happy
[07:06:19] <xlefay> just added a cname for it :P
[07:06:28] <xlefay> just so the awesome people can ssh into firefighters instead :P
[07:06:48] <xlefay> w00t w00t
[07:07:10] <xlefay> wish I could change it's PTR record without breaking stuff :P
[07:07:20] <xlefay> "last logged in from firefighters.li694-22." :P
[07:07:55] <NCommander> xlefay, pfft, I'll autheticate with kerberos here locally, then really go to town
[07:08:08] <NCommander> xlefay, that being said, krb5 + VPN offers some interesting authetication possibilities
[07:08:37] <xlefay> Such as?
[07:09:53] <NCommander> actually, once the KDC slave is setup, we could auth directly
[07:10:36] <NCommander> xlefay, well, oper via krb5. kinit on 127.0.0.1, become IRC superuser. Connect suadmin on the site (possibly overkill but nice to think about :-))
[07:10:54] <xlefay> haha yea :P
[07:10:59] <xlefay> It does sound awesome tho :D
[07:11:15] <NCommander> xlefay, BTW, you can use mod_auth_kerberos
[07:11:28] <NCommander> xlefay, for Apache/HTTP authetication
[07:11:33] * NCommander is a strong believer in single signon
[07:11:53] <NCommander> xlefay, if I was truly sadistic, I'd require two-factor authetication
[07:12:02] <NCommander> (I want the option for 2-factor for slash soonish)
[07:12:06] <xlefay> I don't think this as sadistic tho :P
[07:12:17] <NCommander> I'm going to get sysops to riot of me
[07:12:23] <xlefay> This is'll save a lot of effort in the long run, 2 factor is inconvenient at times
[07:13:06] <NCommander> xkhttp://code.google.com
[07:13:09] <NCommander> xlefay, http://code.google.com
[07:13:25] <xlefay> I've heard of the google authenticator before
[07:13:32] <xlefay> Something to do with oauth iirc?
[07:13:42] <xlefay> oh OATH
[07:13:50] <NCommander> Yeah
[07:14:03] <NCommander> Despite the name, its not dependent on Google
[07:14:03] <xlefay> For SSH, I'd say, that would be a bit too much :P
[07:14:06] <NCommander> Yeah
[07:14:08] <NCommander> No kidding
[07:14:21] <xlefay> If you can use it for other stuff, e.g. slash by all means
[07:14:30] <NCommander> ssh keys good enough
[07:14:33] <xlefay> but guessing you can't without a lot of hacking
[07:14:40] <NCommander> Eh, its not THAT hard
[07:14:44] <NCommander> There's a perl module for that
[07:14:48] <xlefay> !grab NCommander
[07:14:48] <Bender> Added quote 84
[07:14:51] <NCommander> hrm
[07:14:52] <xlefay> ... of course, there is ;-)
[07:15:13] <xlefay> haha :P
[07:15:15] <NCommander> xlefay, for single-signon, we should use openid for the wiki http://www.mediawiki.org
[07:15:22] <NCommander> (you can make it work non-stupidly)
[07:15:39] <xlefay> Hmm, the wiki supports PostgreSQL?
[07:15:53] <NCommander> Believe so
[07:15:57] <NCommander> Paging FunPika
[07:16:02] <xlefay> I'm going to suggest we start using PostgreSQL wherever possible, since we do want to go there eventually, right?
[07:16:20] <xlefay> Does our slash already allow open id auths?
[07:16:54] <NCommander> xlefay, its a consumer
[07:16:57] <NCommander> Hrm
[07:17:11] <xlefay> PostgreSQL?
[07:17:35] <xlefay> 9.3 runs nicely on my box
[07:17:40] <NCommander> <3 postgres
[07:17:52] <NCommander> So the trick to making openid not look stupid
[07:17:55] <xlefay> Anyone who knows their DB stuff, generally does
[07:18:14] <NCommander> Redirect right to a OpenID landing page when you click login
[07:18:33] <NCommander> xlefay, Launchpad, the Ubuntu wiki, and REVU all use openid to login.ubuntu.com, but doesn't ask for a openid URL
[07:18:41] <NCommander> You'd never know it was openid without checking the code
[07:19:00] <xlefay> interesting ;D
[07:19:11] <NCommander> Huh
[07:19:16] <NCommander> We have a SOAP API
[07:19:27] <xlefay> didn't I mention that the other day, it 500'ing?
[07:19:51] * NCommander looks at this
[07:19:52] <NCommander> xlefay, yeah
[07:19:55] <NCommander> Actually
[07:19:59] <NCommander> OpenID looks stupid trivia
[07:20:00] <NCommander> Like
[07:20:02] <NCommander> Five minutes of perl
[07:20:58] <NCommander> xlefay, http://search.cpan.org
[07:21:12] <NCommander> OpenID is almost idiot proof
[07:21:21] <xlefay> "You will need PHP 4.3.0 or greater to use this library." <- whenever I read specifically '4.*' I ain't using that library ever.
[07:21:34] <xlefay> Yeah, that looks pretty simple
[07:22:56] * NCommander pokes around a bit in slash
[07:24:23] <NCommander> If we get a perl guy then it will be relatively easy
[07:25:46] <xlefay> Yea :P
[07:25:49] <xlefay> +h
[07:32:42] MrBluze|afk is now known as MrBluze
[07:33:34] * xlefay notes this one apparmor repo @ LP is handy
[07:33:45] <xlefay> http://bazaar.launchpad.net
[07:34:04] <NCommander> Less pain than SELinux
[07:35:47] * xlefay downloads the postgresql's one
[07:36:48] <xlefay> hmm question
[07:37:18] <xlefay> usr.lib.postgresql.bin.postgres => /usr/lib/postgresql/bin/postgresql _BUT_ I've got /usr/lib/postgresql/9.3/bin/
[07:37:28] <xlefay> would that mean 9_3 in the apparmor file name?
[07:37:37] <xlefay> I'm guessing 9.3 in the file name would resolve to 9/3/?
[07:41:10] <NCommander> xlefay,
[07:41:11] <NCommander> Your Linode, helium, has exceeded the notification threshold (1000) for disk io rate by averaging 1108.00 for the last 2 hours. The dashboard for this specific Linode is located at: <https://manager.linode.com/linodes/dashboard/helium>
[07:41:15] <NCommander> you been doing something on helium?
[07:41:17] <xlefay> nope
[07:41:19] <xlefay> nothing
[07:41:29] <xlefay> not even connected
[07:41:44] <NCommander> odd
[07:41:56] <xlefay> so would I name it 9_3?
[07:42:56] <NCommander> xlefay, no, its a .
[07:43:05] <NCommander> xlefay, apache has a . in its path
[07:43:17] <xlefay> I mean about my example
[07:43:20] <NCommander> (see /etc/apparmor.d on lithium)
[07:43:32] <xlefay> /usr/lib/postgresql/9.3/bin/ => usr.lib.postgresql.??.bin
[07:43:47] <NCommander> I'm not sure
[07:43:56] <xlefay> I'm first testing with apparmor a bit before I go onto apache/lithium
[07:43:56] * NCommander notes apparmor is a bit weird in this regard, as is selinux
[08:06:16] -!- LaminatorX has quit [Quit: Web client closed]
[09:08:26] * xlefay notes NCommander is going to like this
[09:08:31] <xlefay> http://50.116.18.95
[09:09:13] <NCommander> xlefay, yay
[09:17:36] <xlefay> honestly... I hate the firefox copy 'n paste of URLs
[09:18:38] <xlefay> "NOTE: Changes made to a master zone will take effect in our nameservers every quarter hour. "
[09:18:40] * xlefay segfaults
[10:04:43] <xlefay> mechanicjay|afk: ping, can we clean up the soylentnews.org zone file some time and document it?
[10:04:58] <xlefay> (although, most of it is self explanatory, some things aren't for the non-dns trained eye)
[10:05:22] <xlefay> e.g. "_autodiscover._tcp" could mean anything to anyone, but some know it's for auto discovery of mailservers ;-)
[10:26:43] <xlefay> !quote NCommander
[10:26:43] <Bender> Quote 0 - <NCommander> mattie_p, I dunno, are you going to mail me an explosive device if I have you edit ANOTHER 3k novel?
[10:26:47] <Bender> Also in quotes: 2, 5, 6, 7, 8, 9, 10, 11, 12, 13, 15, 17, 18, 19, 21, 22, 23, 25, 27, 28, 29, 30, 31, 32, 33, 35, 37, 42, 43, 46, 52, 53, 54, 55, 58, 61, 62, 66, 79, 80, 81, 82, 83, 84
[10:26:57] <xlefay> Bender: s/mattie/MrBluze/
[10:27:12] <xlefay> also, holy shit./
[10:27:28] <xlefay> Don't you think, that's just a LITTLE bit excessive?
[10:35:35] <NCommander> xlefay, not my fault that I was combined with the unfortunate qualities of quotability and verboness
[10:35:44] <xlefay> !quote NCommander
[10:35:45] <Bender> Quote 0 - <NCommander> mattie_p, I dunno, are you going to mail me an explosive device if I have you edit ANOTHER 3k novel?
[10:35:49] <Bender> Also in quotes: 2, 5, 6, 7, 8, 9, 10, 11, 12, 13, 15, 17, 18, 19, 21, 22, 23, 25, 27, 28, 29, 30, 31, 32, 33, 35, 37, 42, 43, 46, 52, 53, 54, 55, 58, 61, 62, 66, 79, 80, 81, 82, 83, 84
[10:35:50] <xlefay> !grab NCommander
[10:35:50] <Bender> Added quote 85
[10:35:52] <xlefay> dammit
[10:36:24] <NCommander> xlefay, :-)
[10:36:31] <xlefay> :P\
[10:37:49] <MrBluze> s/verbodeness/verbosity
[10:38:06] <NCommander> xlefay, frankly, if you're sick of seeing me in the quotes database, stop grabbing my quotes. They don't add themselves you know.
[10:38:23] <xlefay> quite frankly, I don't mind seeing them either
[10:38:34] * xlefay giggles like a little girl every time he sees them ;-)
[10:38:40] <xlefay> and see, that was a /me, you can't quote me on that
[10:38:43] * NCommander meant that as !grab bait :-P
[10:38:52] <NCommander> * xlefay giggles like a little girl every time he sees them ;-)
[10:38:52] <NCommander> !grab NCommander
[10:38:52] <Bender> Added quote 86
[10:38:58] <xlefay> !quote 86
[10:38:58] <Bender> Quote 86 - <NCommander> !grab NCommander
[10:39:00] <xlefay> ;')
[10:39:07] <NCommander> <NCommander> * xlefay giggles like a little girl every time he sees them ;-)
[10:39:12] NCommander is now known as NotCommander
[10:39:15] <NotCommander> !grab NCommander
[10:39:15] <Bender> Added quote 87
[10:39:18] <NotCommander> !grab 87
[10:39:18] <Bender> I don't know what 87 said, so I can't quote them!
[10:39:19] <xlefay> !quote 87
[10:39:19] <Bender> Quote 87 - <NCommander> <NCommander> * xlefay giggles like a little girl every time he sees them ;-)
[10:39:21] <xlefay> :O
[10:39:27] NotCommander is now known as NCommander
[10:39:33] <xlefay> NCommander: so how much did that cost you in idlerpg?
[10:39:45] <NCommander> xlefay,
[10:39:45] <NCommander> -NerdRPG- Penalty of 0 days, 02:39:30 added to your timer for nick change.
[10:39:45] <NCommander> * You are now known as NCommander
[10:39:45] <NCommander> -NerdRPG- Penalty of 0 days, 02:39:30 added to your timer for nick change.
[10:39:49] <NCommander> WORTH IT
[10:39:54] <xlefay> dammit :P
[10:40:08] <NCommander> I rather have a funny file then idle my way into the top spot
[10:40:26] <xlefay> hah :p
[10:40:37] <NCommander> !quote
[10:40:37] <Bender> quote <ID/search string>
[10:40:40] <NCommander> !quote NCommander
[10:40:40] <Bender> Quote 0 - <NCommander> mattie_p, I dunno, are you going to mail me an explosive device if I have you edit ANOTHER 3k novel?
[10:40:44] <Bender> Also in quotes: 2, 5, 6, 7, 8, 9, 10, 11, 12, 13, 15, 17, 18, 19, 21, 22, 23, 25, 27, 28, 29, 30, 31, 32, 33, 35, 37, 42, 43, 46, 52, 53, 54, 55, 58, 61, 62, 66, 79, 80, 81, 82, 83, 84, 85, 86, 87
[10:40:56] <NCommander> At this rate, I'm going to have a monopoly on the 80 block
[10:41:18] <NCommander> !quote 66
[10:41:18] <Bender> Quote 66 - <NCommander> xlefay, if this Soylent shit doesn't work out, I'm just going to post a million NCommanderisms
[10:41:24] <NCommander> :-)
[10:41:25] <xlefay> I'm just glad IP addresses aren't assigned every time someone !qgrab's you
[10:41:51] <xlefay> We could have ran out IPv4 a whole lot sooner ;-)
[10:42:17] <NCommander> Exhausting an IP namespace is hardwork don't you know. Pfft, you slackers aren't doing anything to help!
[10:42:50] <xlefay> So torrent is up; Landon should replace all wiki redirects to remove 'index.php/' and after my shower, I'll be continue doing stuff ;-)
[10:42:51] <xlefay> LOL
[10:43:26] * xlefay notes NC didn't get 69
[10:43:28] <xlefay> !quote 69
[10:43:28] <Bender> Quote 69 - <xlefay> <-- wishful thinker
[10:43:32] <xlefay> oh my.. I got that one
[10:43:44] * xlefay feels rather proud now.
[10:44:05] <xlefay> k, bbs forreal now ;-)
[10:44:16] <NCommander> Yeash, I constitute more than half the quotes file. That's more protein that in most stakes, or more truth than you get from most politicians in a daily allotment
[10:49:14] <MrBluze> or in a term of government
[10:59:56] <NCommander> !todo replace mysql SSL certifcates/change soylent password for DB access
[10:59:56] <Bender> todo item 10 added
[11:04:45] -!- FunPika [FunPika!~FunPika@Soylent/Staff/Wiki/FunPika] has joined #staff
[11:04:45] -!- mode/#staff [+v FunPika] by SkyNet
[11:11:55] <xlefay> back ;)
[11:14:02] <NCommander> Ugh, almost done
[11:14:03] <xlefay> FunPika: aah, just the one we paged earlier
[11:14:05] <NCommander> xlefay, are you admin on slash?
[11:14:10] <xlefay> No sir, I am not
[11:14:19] <NCommander> darn
[11:14:23] * NCommander wanted feedback
[11:14:48] <xlefay> well I can ssh into it and probably give myself subits
[11:14:55] <NCommander> xlefay, http://soylentnews.org
[11:14:58] <NCommander> xlefay, enjoy your admin bits
[11:15:12] <xlefay> Thanks, reading ;)
[11:15:31] * NCommander just has to add a closing
[11:15:36] <xlefay> "who we are and what we will. "
[11:15:42] <xlefay> should be "will be."?
[11:16:20] <FunPika> xlefay: ?
[11:16:35] <NCommander> xlefay, thanks
[11:17:00] <xlefay> NCommander: linode's alerts are wankers omg... just got an alert for carbon, all it's doing is serving as a tracker atm
[11:17:21] <NCommander> xlefay, yup :-/
[11:17:23] <xlefay> FunPika: does wiki support postgresql backend? if so, is it wise to migrate? etc.. brb, reading this piece of art
[11:17:35] <NCommander> MrBluze, you awake yet?
[11:18:40] <FunPika> MediaWiki supports PostgreSQL in theory, however it is not perfect. MediaWiki development focuses on MySQL (or now more likely MariaDB) since that is what Wikimedia is using
[11:18:59] -!- SirFinkus has quit [Quit: Textual IRC Client: www.textualapp.com]
[11:19:08] <MrBluze> im here
[11:19:11] <MrBluze> sup
[11:19:30] -!- SirFinkus [SirFinkus!~textual@l-64-313-06-125.hsd0.wa.comcast.net] has joined #staff
[11:19:50] <MrBluze> just getting a little rugrat to bed .. he keeps running off like a fizzpopper
[11:20:12] <NCommander> MrBluze, NP
[11:20:24] <MrBluze> :)_
[11:24:07] <xlefay> I'm at: The Community Voting System and Voting For Our New Name
[11:24:52] <xlefay> FunPika: can you elaborate on "theory"? Has it failed in the past? What are the concerns?
[11:25:08] <NCommander> xlefay, can you look at production's MTA setup. I got a local piece of mail to mcasadevall
[11:25:16] <NCommander> xlefay, vmcasadevall@hydrogen:~$ mail
[11:25:16] <NCommander> "/var/mail/mcasadevall": 1 message 1 new
[11:25:16] <NCommander> >N 1 noreply@soylentnew Mon Mar 24 06:49 21/893 SoylentNews user email change for NCommander
[11:25:49] <xlefay> NCommander: production as in the webserver?
[11:25:54] <FunPika> Basically it is maintained, but MySQL has the priority and PostgreSQL is only being maintained by volunteers contributing to MediaWiki's git repository, not by the Wikimedia Foundation's paid developers.
[11:26:14] <xlefay> (MD5SUM salted hast)
[11:26:19] <xlefay> s/hast/hash/?
[11:26:59] <xlefay> FunPika: so technically, we're pretty much required to keep using MySQL unless we care to maintain the PostgreSQL side ourselves in case the volunteers stop?
[11:27:07] <xlefay> NCommander: ^
[11:27:37] <NCommander> xlefay, yeah
[11:27:39] <NCommander> xlefay, and yeah
[11:27:41] <NCommander> xlefay, fixed
[11:28:16] <NCommander> MrBluze, can you read it over when you get back, and edit?
[11:28:25] <MrBluze> yes
[11:28:33] <MrBluze> im working on it right now
[11:28:52] <xlefay> NCommander: it's well written, kudos! :)
[11:29:07] <FunPika> xlefay: That's what I'm assuming based on https://www.mediawiki.org
[11:29:15] <FunPika> "Wikipedia uses MySQL so MediaWiki gets more testing on MySQL than PostgreSQL. While support for PostgreSQL is maintained by volunteers, most core functionality is working."
[11:29:30] <NCommander> xlefay, thanks. I set it in the hopper to go live at 13:00 UTC
[11:30:00] * xlefay sighs these people have never heard of writing valid, proper SQL have they?
[11:30:05] <xlefay> NCommander: sounds good ;-)
[11:30:35] <NCommander> xlefay, MySQL supports stored proceedures these days
[11:30:44] <xlefay> Wow, they do?!
[11:30:49] <xlefay> Nah kidding I know
[11:31:15] <xlefay> but honestly.... if you write proper generic SQL, it'll mostly just work, stored procedures and stuff make it somewhere more difficult, but that's another story
[11:32:01] <NCommander> xlefay, MySQL SQL is not generic :-P
[11:32:03] <NCommander> xlefay, Hitrate avg: 0.8705 0.8705 0.8705
[11:32:08] <xlefay> e.g. if you write the general statements properly, it'll just work, just ensure that the stored procedures work the same from the outside... and it'll just work
[11:32:09] <NCommander> Thats a stupid sexy cache hit
[11:32:14] <xlefay> That is id ;D
[11:32:23] <xlefay> That it is* :D
[11:32:33] <xlefay> <-- even starts writing badly out of excitement ;-)
[11:33:08] <xlefay> I really just wish MySQL and derivatives would just die a cold and hard dead *sighs* Oh well, least I don't have to touch it
[11:35:10] <NCommander> xlefay, speaking of which, mind replacing the MySQL SSL certs for me?
[11:35:13] * NCommander evil laughs
[11:36:17] <xlefay> Sorry, I'm not going anywhere near there
[11:37:10] <xlefay> anyway, the production MTA, you mean on hydrogen right?
[11:37:22] <xlefay> also, NCommander good luck! (you'll need it when dealing with MySQL :P)
[11:37:38] <NCommander> xlefay, yeah
[11:37:56] <NCommander> xlefay, don't change the config, I'm just curious why it accepted on behalf of @soylentnews.org
[11:38:17] <xlefay> curious
[11:39:13] <xlefay> myhostname = soylentnews.org
[11:39:14] <xlefay> mydestination = soylentnews.org, localhost.com, localhost
[11:39:16] <xlefay> That's why
[11:39:19] <NCommander> Greap
[11:39:20] <xlefay> and wth.. localhost.com?
[11:39:28] <NCommander> xlefay, ... blame zford?
[11:39:38] * NCommander notes that excuse is waning :-P
[11:39:39] * xlefay sighs
[11:39:44] <NCommander> I have no idea who setup the MTA
[11:40:03] <xlefay> Probably done via debconf?
[11:40:10] <xlefay> debconf.. is that what brings up the ncursus?
[11:40:24] <xlefay> (iirc, debian/ubuntu show ncursus stuff when installing postfix)
[11:40:58] <xlefay> might have been dpkg-config... I really have to learn all this stuff
[11:41:14] <xlefay> One downside about all this, there's dpkg-whatever, apt-whatever, etc... it's hard to keep track! :P
[11:44:26] <xlefay> btw, we should probably delegate "who manages which group" e.g. let's say we make "ircadmins" to replace the current "ircops" (so we can re-use that for regular /oper's later on), e.g. "ircops" & "ircadmins" can ssh into carbon, but only ircadmins (& sysops) should be able to sudo to root; in which case, I should be the one putting someone in ircadmins or not (as long as I'm the team leader of ircadmins that is)
[11:44:26] <NCommander> xlefay, dpkg-reconfigure postfix
[11:44:37] <xlefay> you sure you want to do that on production?
[11:44:44] <NCommander> xlefay, no ... bleh
[11:44:45] <xlefay> and if so, what new hostname do you want to give it?
[11:44:47] <NCommander> xlefay, not yet
[11:44:51] <xlefay> thought so
[11:44:53] * NCommander will look later
[11:45:06] <xlefay> also, simply replacing the value might be easier since it's all working atm
[11:45:54] <xlefay> I'll make a wiki page for Carbon, documenting it's set up - what it hosts, the configuration of what it hosts (only that which we want to reveal, naturally), etc.
[11:46:05] <xlefay> but later, first things first: breakfast
[11:46:24] <xlefay> actually, more like lunch at this point
[11:46:55] <xlefay> bbs
[11:47:17] * NCommander clocks out
[11:55:14] <xlefay> alright ;)
[11:55:16] <xlefay> good night NCommander
[11:58:35] -!- FunPika has quit [Quit: Leaving]
[11:59:19] <xlefay> Me too, for now. Going to watch some episodes of a random show for now ;-)
[12:01:43] MrBluze is now known as MrBluze|afk
[12:19:55] -!- bytram [bytram!~pc@Soylent/Staff/Developer/martyb] has joined #staff
[12:19:55] -!- mode/#staff [+v bytram] by SkyNet
[12:38:35] MrBluze|afk is now known as MrBluze
[12:49:08] <bytram> good morning MrBluze!
[12:54:12] <bytram> !current-uid
[12:54:12] <Bender> The current maximum UID is 3944, owned by LazyBoot
[12:58:00] -!- mechanicjay|afk has quit [Quit: Leaving.]
[13:05:23] <MrBluze> hi bytram how u doin
[13:05:27] <MrBluze> 6 more
[13:05:57] <bytram> MrBluze, doing well, thanks! Just catching up on e-mail and SN.
[13:06:08] <bytram> arg... and now I nee to stop and get ready for work. :/
[13:09:27] bytram is now known as bytram|away
[13:10:38] <MrBluze> same
[13:21:53] -!- weeds has quit [Ping timeout: 246 seconds]
[13:28:39] * NCommander can't sleep
[13:37:59] -!- bytram|away has quit [Ping timeout: 246 seconds]
[13:39:49] <MrBluze> editing
[13:42:04] <MrBluze> more than half done
[13:52:27] <MrBluze> it's good NCommander :)
[13:53:53] -!- matt_ [matt_!~4c76b3cf@t-59-991-957-035.hsd4.ma.comcast.net] has joined #staff
[13:53:53] -!- mode/#staff [+v matt_] by SkyNet
[13:55:39] <matt_> NCommander, just saw your email. Shall I post the journal entry and send you the link, then?
[14:03:17] -!- mechanicjay [mechanicjay!~jhowe@Soylent/Staff/Developer/mechanicjay] has joined #staff
[14:03:17] -!- mode/#staff [+v mechanicjay] by SkyNet
[14:03:21] <NCommander> matt_, I think I'm going to hold off until we see if someone volunteers to seriously go for international incorperation
[14:04:05] <matt_> NCommander, ok.
[14:08:15] <MrBluze> done editing
[14:14:06] -!- LaminatorX [LaminatorX!~18d900fb@Soylent/Staff/Editor/LaminatorX] has joined #staff
[14:14:06] -!- mode/#staff [+v LaminatorX] by SkyNet
[14:21:10] -!- matt_ has quit [Quit: Web client closed]
[14:22:26] -!- mechanicjay has quit [Ping timeout: 246 seconds]
[14:36:26] -!- mechanicjay [mechanicjay!~jhowe@Soylent/Staff/Developer/mechanicjay] has joined #staff
[14:36:26] -!- mode/#staff [+v mechanicjay] by SkyNet
[14:53:12] -!- mattp [mattp!~mattie_p@i-73-121-697-34.hsd8.co.comcast.net] has joined #staff
[14:56:02] -!- mattiep has quit [Ping timeout: 246 seconds]
[14:57:43] mattp is now known as mattie_p
[14:58:08] -!- mattie_p has quit [Changing host]
[14:58:08] -!- mattie_p [mattie_p!~mattie_p@Soylent/Staff/Editor/mattiep] has joined #staff
[14:58:08] -!- mode/#staff [+v mattie_p] by SkyNet
[15:22:28] -!- janrinok [janrinok!~janrinok@Soylent/Staff/Editor/janrinok] has joined #staff
[15:22:28] -!- mode/#staff [+v janrinok] by SkyNet
[15:38:29] -!- mechanicjay1 [mechanicjay1!~jhowe@167.206.pq.yln] has joined #staff
[15:38:44] -!- mechanicjay has quit [Ping timeout: 246 seconds]
[15:39:14] -!- mechanicjay1 has quit [Client Quit]
[15:39:49] -!- mechanicjay [mechanicjay!~jhowe@Soylent/Staff/Developer/mechanicjay] has joined #staff
[15:39:49] -!- mode/#staff [+v mechanicjay] by SkyNet
[15:41:51] -!- mrcoolbp [mrcoolbp!~mrcoolbp@Soylent/Staff/mrcoolbp] has joined #staff
[15:41:51] -!- mode/#staff [+v mrcoolbp] by SkyNet
[15:43:42] <mrcoolbp> wow, we have submissions again...
[15:44:16] <mattie_p> yeah, janrinok is on the case
[15:44:27] <mattie_p> he's working through them right now
[15:44:33] <mattie_p> by the way, good morning mrcoolbp
[15:44:46] <mrcoolbp> good morning to you sir
[15:44:51] <mattie_p> sorry I didn't link back up with you last night
[15:45:10] <mrcoolbp> no problem, I sent a user to you the other day, did you see the email?
[15:45:16] <mattie_p> I was on the phone for a while with my bro, and then I had to share some of the stories with my wife
[15:45:30] <mattie_p> yes, I saw it, but it looks like a wiki issue?
[15:46:10] <mattie_p> NowhereMan?
[15:46:12] <mrcoolbp> it's really weird
[15:46:28] <mrcoolbp> the UID he claims is tied to a different nick
[15:46:44] <mrcoolbp> and yes there's a wiki issue in there too
[15:47:16] -!- Cyprus [Cyprus!~Cyprus@q-10-08-393-259.hsd3.tn.comcast.net] has joined #staff
[15:47:27] <mrcoolbp> I could try a password reset on main I guess, but I think he is getting "no such user" attached to that email. it's hard to tell if his problem is on the wiki or main site from that email
[15:48:13] <mrcoolbp> (yes NowhereMan)
[15:48:24] <mattie_p> NowhereMan isn't a registered username on slash
[15:48:50] <mattie_p> http://soylentnews.org
[15:49:06] <mrcoolbp> right
[15:49:22] <mrcoolbp> and that UID has another nick attached to it (forget who)
[15:49:31] <mattie_p> yup
[15:49:33] paulej72_away is now known as paulej72
[15:49:35] <mrcoolbp> I need FunPika...
[15:49:46] <mattie_p> and the email he used doesn't match that uid
[15:49:55] <mattie_p> yeah, for wiki I'd go to FunPika
[15:50:00] <mrcoolbp> mattie_p: his link to the wiki page showing users didn't really work for me either
[15:50:27] <mrcoolbp> it's a strange case
[15:50:28] <mattie_p> try this: http://wiki.soylentnews.org
[15:50:48] <mattie_p> NowhereMan (Talk | contribs | block) (Created on 12 February 2014 at 09:24)
[15:51:16] <mrcoolbp> I see him
[15:51:22] <mattie_p> I don't know where to look at the user db on wiki though
[15:51:33] <mattie_p> like, how to edit it
[15:52:14] <mrcoolbp> I have admin, do you?
[15:52:18] <mattie_p> yes
[15:52:38] <mattie_p> Mattie p (Talk | contribs | block)‏‎ (administrator) (Created on 7 February 2014 at 20:26)
[15:53:14] <mrcoolbp> okay, I'm going to respond to him and try to clarify before I do anything else
[15:53:21] <mattie_p> sounds like a plan
[15:53:25] <mrcoolbp> thanks
[15:53:34] <mattie_p> sorry I couldn't help more
[15:53:52] <mrcoolbp> I think you did help actually.
[15:53:56] <mrcoolbp> BRB
[15:54:45] <mattie_p> alright, see you in a few
[15:59:35] <janrinok> hi guys - riches beyond my wildest dreams!
[16:02:25] <mrcoolbp> janrinok: saw that!
[16:02:28] <mrcoolbp> what happened?
[16:03:05] <janrinok> LaminatorX's plea has had an effect, at least for today. I just hope it continues. How are you by the way?
[16:03:17] <mrcoolbp> not bad, and yourself?
[16:04:44] <janrinok> OK. Still a little tired but that will pass. Had workmen here today repairing the last of the damage from the storm some weeks back. Now I have no excuse not to go into the garden and start straightening it out!
[16:05:58] * mrcoolbp is jealous of your garden
[16:06:06] <mrcoolbp> I have an apartment with no yard = (
[16:06:44] <janrinok> Come round sometime, I've got a spare spade! ;)
[16:06:59] <mrcoolbp> where are you located janrinok?
[16:07:14] * mrcoolbp searches around for his gardening gloves
[16:08:23] <mrcoolbp> mattie_p: did you see this yet?
[16:08:24] <mrcoolbp> https://intertwinkles.org
[16:08:27] <janrinok> NW France. When we moved here 7 years ago we were on the edge of a small village. Now there are houses being built around us, but we still have a good size plot of land for the garden. The front is a formal (but untidy) garden, and the rear is a veggie plot. We also have a small (and since the storm, smaller) copse of trees.
[16:09:13] <mrcoolbp> I'd love to visit france!
[16:09:17] <mattie_p> mrcoolbp first I've seen it
[16:09:38] <janrinok> mattie_p: I like the look of that
[16:10:42] <mrcoolbp> if only it didn't use JavaScript....
[16:10:59] <mrcoolbp> we *need* SOMETHING like that
[16:11:01] <mattie_p> I'd watch the youtube, but wife is typing next to me and doesn't like distractions when she is writing
[16:11:14] <mattie_p> but based on text looks very promising
[16:11:29] <mattie_p> FOSS software so we can self host
[16:11:38] <janrinok> mattie_p: Tell her she can hold her post here for a few minutes while you both watch YouTube together.....
[16:12:10] <mattie_p> nah, she's on a roll, and I know better then to interrupt when she is like this
[16:12:21] <mattie_p> she has her instrumental music on and everything
[16:12:21] <janrinok> lol OK you know best, I suppose
[16:12:41] <mattie_p> if the music even contains a human voice she gets upset
[16:15:37] <mrcoolbp> unfortunately the youtube video isn't showing as much of the software as I hoped
[16:15:45] <mrcoolbp> it's mostly talking about how they came up with it
[16:20:32] <janrinok> mrcoolbp: There are a few comments in NCommander's thread regarding voting and polling solutions. I suspect that you have looked at many but http://electoralreform.co.uk is mentioned in one of them. No idea of cost but user Open4D (371) has offered to find out if you want him to.
[16:21:09] <janrinok> brb
[16:33:07] <mrcoolbp> janrinok: thanks for the link, I'm collecting these on: http://wiki.soylentnews.org
[16:38:34] <mechanicjay> Hi all
[16:39:36] <janrinok> hi mechanicjay
[16:39:38] <mrcoolbp> hey mechanicjay
[16:40:11] <mrcoolbp> mechanicjay: how many people are using mailboxes (squirell mail)?
[16:40:53] <mrcoolbp> (xlefay said only one person responded to his email offering sn address)
[16:44:49] <mechanicjay> 5 w/ mailboxes
[16:46:31] <mechanicjay> Are NCommander, xlefay or audioguy in the house?
[16:46:42] <mrcoolbp> not that I've seen yet
[16:47:33] <mechanicjay> okay, I want to clean up DNS and remove unused/dead entries, but don't want to operate in a vacuum.
[16:52:48] <mrcoolbp> *BRB breakfast*
[17:27:03] LaminatorX is now known as LaminatorX|afk
[17:49:29] <mrcoolbp> A pattern I'm seeing is the suggestion that there are
[17:49:37] <mrcoolbp> "reasons" for rejected stories
[17:50:50] <mrcoolbp> I suggest the dev team to comment on implementing a system that would allow editors to reject a storry with a message that says "your story was rejected because x" (x= dupe, crappy, whatever)
[17:51:05] <mrcoolbp> I'll throw it in "Suggestions" for now
[17:53:47] <xlefay> mechanicjay: am now
[17:54:24] <xlefay> I gotta go eat though, bbs
[17:54:50] <xlefay> mechanicjay++ for the dns clean up ;-)
[17:54:51] <Bender> karma - mechanicjay: 9
[17:57:13] <mechanicjay> xlefay: okay, I'll go ahead and do it, just wanted a sanity check first.
[17:58:07] * mechanicjay notes that if he had known the tomatoes on his sandwhich were going to be so bland and flavorless, he would have gone without.
[18:06:53] <mechanicjay> alright, DNS entries cleaned up. only stuff not being used was removed, so there should be no impact.
[18:18:33] <mrcoolbp> anyone familliar with our RSS feed?
[18:26:40] <xlefay> back
[18:27:22] <mrcoolbp> hey xlefay
[18:27:36] <xlefay> mrcoolbp: thanks!
[18:27:38] <xlefay> mrcoolbp: hi :)
[18:27:48] <mrcoolbp> thanks for what?
[18:28:04] <mrcoolbp> saying "hey" ?
[18:28:42] <xlefay> err, mechanicjay: thanks! *
[18:29:07] <mrcoolbp> lol
[18:29:54] <mrcoolbp> paulej72: wrt to github tracker: would you rather a similar issue get posted as a comment to an issue or as a separate issue?
[18:30:45] <xlefay> mrcoolbp: we can reference issues, I'd say just create a new issue, we can reference issues whenever we see they are actually related
[18:30:55] <mrcoolbp> paulej72: example: bug #38 "RSS feed doesn't include summary" and I have "RSS feed should include more than 10 stories"
[18:31:09] <mrcoolbp> okay will do, thanks xlefay
[18:31:38] <xlefay> Two different things, two different issues, but "should include more than 10 stories" is more a request of sorts
[18:31:49] <paulej72> those two are different enough that I would want them seperate
[18:33:44] <mrcoolbp> understood
[18:33:50] <mrcoolbp> can I apply labels??
[18:33:55] <mrcoolbp> can't figure out how to do it...
[18:34:15] <mrcoolbp> https://github.com
[18:34:28] <paulej72> mrcoolbp: you may need greater access to apply labels
[18:34:39] * mrcoolbp notes he should have that
[18:34:44] <mrcoolbp> to help you out
[18:35:19] <mrcoolbp> unless you'd rather keep the organizing within your domain (I could understand that as well)
[18:35:47] <mrcoolbp> but I'm pretty decent at following established conventions
[18:37:24] <paulej72> mrcoolbp: the way we have the tracker setup, I would need to give you full access to the slashcode repo. I can do this if you want the responsibility
[18:37:54] <mrcoolbp> you'd have to define: responsibility, but I won't touch anything I'm not supposed to if that's what you mean
[18:40:30] <paulej72> Yes that is what I mean. You would have the ability to merge code with the repo. Currently we do not directly merge code to the repo, we publish code on our own repos and do pull requests to the main repo. Noone should merge their own code until it has been signed offed by someone else in dev.
[18:41:12] <paulej72> mrcoolbp: if you are willing to follow these rules I'll give you access.
[18:41:37] <mrcoolbp> not a problem at all.
[18:42:16] <mrcoolbp> I will only help organize bugs as per my admin@ contact responsibilities
[18:42:45] <paulej72> you now have access. I have been using Critical bug, non critical bug and feature request as my min identifiers
[18:42:56] <paulej72> main
[18:43:17] <mrcoolbp> got it, I'll mostly be adding and labeling feature requests
[18:43:40] <mrcoolbp> I would leave it to you to decide critical vs non-critical if I add bugs
[18:43:52] <mrcoolbp> thank you!
[18:44:11] <paulej72> can you add the one about rejection notices as a feature request
[18:44:17] <mrcoolbp> yessir
[18:44:22] <paulej72> thanks
[18:44:26] <mrcoolbp> o problem
[18:44:35] <mrcoolbp> er uh... you know what I mean
[18:53:10] <xlefay> Hey, we stopped feeding the troll, good ;-)
[18:53:35] <mrcoolbp> paulej72: https://github.com
[18:54:33] <xlefay> I would put that request as a priority though, it'll help the site in the long-term
[18:54:51] <mrcoolbp> sure
[18:56:08] <mrcoolbp> there's no "Priority" label xlefay
[18:56:16] <paulej72> we were troll feeding? I missed it,
[18:56:31] <mrcoolbp> xlefay: and It's not really a critical bug
[18:56:32] FoobarBazbot is now known as NerdRPG-Cheater
[18:56:34] <xlefay> yes, a 400TB one
[18:56:39] <mrcoolbp> lol
[18:56:47] NerdRPG-Cheater is now known as FoobarBazbot
[18:56:48] <mrcoolbp> xlefay: is he posting on SN still?
[18:56:56] <xlefay> mrcoolbp: I didn't say it was a bug. It's a feature request, obviously, but if we can give it a priority it'd be nice.
[18:57:12] <mrcoolbp> paulej72: any way to give priority to a bug on the tracker?
[18:57:19] <paulej72> Let me set up priority labels
[18:57:19] <xlefay> e.g. the sooner we start doing that, the happier people will be to submit new things, it'd be better for the site long-term ;-)
[18:58:10] <mrcoolbp> xlefay: yes, some others could be prioritized too
[18:58:44] <xlefay> In the end of course, it's up to the devs to decide whether they'll follow the recommendation of those who set the priorities.
[18:59:12] <mechanicjay> xlefay: I agree. I'll admit, I felt discouraged after a rejected story a week or so ago.
[18:59:13] <mrcoolbp> sure is, but with a list 100-long, it might help them take a step back
[19:00:21] <xlefay> mechanicjay: exactly, essentially, I think it would be easier if there are ready to use "reply templates" which can be inserted and edited to include the full/real reason and be sent as a PM instead of just a checkbox
[19:00:41] <xlefay> That would give more flexibility long-term + would allow the editors to still reply quickly.
[19:00:49] <mechanicjay> xlefay: completely agree
[19:01:01] <xlefay> let me just reply that on the request ;-)
[19:01:44] <paulej72> priority levels added
[19:02:57] <mrcoolbp> this is interesting: http://soylentnews.org
[19:03:33] <mrcoolbp> hopefully a lot of that will be resolved shorty, but we do need a cetral location people can goto that has a general idea of where we stand....
[19:04:25] <mrcoolbp> paulej72: any idea on a timeframe of when we can deploy code? From what I understand there are a lot of pull requests awaiting deployemtn
[19:06:04] <paulej72> A lot of shit is fixed already, it just needs to be applied to the site. Right now NCommander is the only one who has deployed code to production or dev. Without his involvement i am not sure when things will be updated.
[19:07:23] <mrcoolbp> paulej72: we should really have someone else that can do that (at least in the future) as he will always be busy setting up NFPs and such
[19:07:55] <mechanicjay> paulej72: Someone should corner NCommander and have him walk through the deployment. FWIW, the deployment process on slashcott is from some earlier version of his instructions, so it's probably similar. I just don't know what specifics the production server may have changed since then.
[19:08:25] <mechanicjay> Ideally, it's be nice to fire it off with a script the way we could on slashcott (is that still being used, btw?)
[19:08:56] <mrcoolbp> mechanicjay: I think dev.soylent is a replacement for slashcott no?
[19:09:03] <paulej72> Yes I agree mechanicjay. I also plan on using a scrip like the one for SC that you setup so it will be a simple deploy
[19:09:28] <mechanicjay> mrcoolbp: it is, but I don't want to nuke it until I know it's no longer needed
[19:09:40] <mrcoolbp> aye
[19:09:47] <paulej72> mechanicjay: I think there may be some content on SC that people may want to save.
[19:10:10] * mrcoolbp goes to check
[19:10:17] <mechanicjay> ...I mean, it's running as a virtualbox vm on my laptop, propped ontop of my server in the basement...just so you understand why I want to do something different with it.
[19:10:41] <mechanicjay> I'm happy to host a vm, but it needs to be done differently
[19:11:56] <mrcoolbp> mechanicjay: while you are talking about nukin it, mind if I make a story submission, edit, post in order to see the whole process? (can be deleted after)
[19:13:06] <mechanicjay> mrcoolbp: Please continue to use it, if we want to keep something like it around, I'll build another vm and import the db. I just kinda want there to be a sunset for my laptop being the slashcott server ;)
[19:13:22] <xlefay> Actually, I'm fairly sure we'll be using something like Gerrit.
[19:13:25] <mrcoolbp> thanks
[19:14:05] <mechanicjay> It's probably the worst (best?) example I can think of for the "Hey we need something up fast! I got it, here!"...and almost 2 months later it's still going ;)
[19:14:23] <xlefay> best of the worst?
[19:14:27] <xlefay> worst of the best?
[19:14:40] <xlefay> It's all the same, but it works still which is great ;-)
[19:14:53] Cyprus is now known as Cyprus|mountingswitches
[19:15:31] <mechanicjay> :) take your pick. I think the best worst though. As in it's a great example of a terrible way to do something.
[19:16:53] <paulej72> OK I found the slashcode git repo on dev
[19:16:56] <xlefay> I think we'll use git-hooks to auto deploy at some point in time, least, that is if we trust everyone who can bypass Gerrit in the future, which no-one should be able to imo ;-)
[19:17:22] <xlefay> I wonder how the workflow would be
[19:17:38] <xlefay> Github > Gerrit > Dev > ? > Production?
[19:17:53] <xlefay> Gerrit > Github > Dev > ? > Production?
[19:18:11] <mechanicjay> I would argue strongly against an auto deploy to prod. I'm a firm believer than a final go-live should involve a button push, so at least you know someone is paying attention.
[19:18:28] <xlefay> Agreed, I'm saying auto deploy @ dev
[19:19:05] <mechanicjay> ah, gotcha
[19:19:50] <xlefay> I'm fairly sure we can just forget Gerrit and use GitHub for doing QA and crap, auto-deploy on dev etc.
[19:20:21] <paulej72> yes we can auto deployy on dev
[19:20:29] <paulej72> cron can do it
[19:20:36] <xlefay> cron sucks for it
[19:20:40] <xlefay> Just use hooks
[19:21:02] <xlefay> auto-deploy when Github says there's something new merged in ;-)
[19:21:52] <xlefay> Who's Jake?
[19:22:21] <mechanicjay> ?
[19:22:35] <xlefay> @ github, he's in the SN team
[19:24:25] * mrcoolbp know of no Jake
[19:24:36] * mrcoolbp knows of no Jake
[19:25:47] <xlefay> paulej72: did you get notified about my comments?
[19:25:53] <xlefay> (in your commit, that is)
[19:27:18] <paulej72> yes I just saw that, I got those links from mrcoolbp I believe, but I could be wrong
[19:27:51] <mrcoolbp> moderation.shtml and about.shtml ?
[19:28:46] <paulej72> organization template
[19:29:11] <mrcoolbp> martyb was the big helper on those
[19:29:32] <xlefay> mechanicjay: https://github.com
[19:29:56] <xlefay> mrcoolbp: paulej72: it doesn't matter, you can also use http://chat.soylentnews.org for now, it'll just redirect to SSL soon
[19:30:39] <paulej72> xlefay: do we need to purge varnish on a slash rebuild?
[19:31:19] <xlefay> I would yea
[19:31:23] <paulej72> I am writing a slash deploy script for dev and that is the last thing i need.
[19:31:35] <mrcoolbp> paulej72: Laminator is hoping to have FAQ.shtml finished soon, should I throw in HTdocs and "pull request" when finished?
[19:32:03] <xlefay> https://github.com can be closed right?
[19:32:03] <paulej72> Do you have a command for that as I am not a varnish guy
[19:33:13] <paulej72> mrcoolbp: yes make sure to use the same formatting and divs as about.shtml, so that it will look nice on the page.
[19:33:45] <mrcoolbp> paulej72: absolutely, somehow I pulled out the "includes" last time. I won't make that mistake again
[19:34:29] <xlefay> paulej72: from what I understand, you'll have to make a specific HTTP "purge" request to varnish directly from the servers localhost
[19:34:31] <mechanicjay> paulej72: I think this guide should be helpful: http://mesmor.com Requires a stanza on the varnish side though
[19:34:37] <xlefay> https://www.varnish-cache.org
[19:34:38] <paulej72> xlefay: no 96 is still open
[19:34:47] <mechanicjay> not sure how varnish is setup on dev
[19:35:18] <xlefay> mechanicjay: paulej72: you probably don't want to use 'ban'
[19:35:42] <xlefay> Purge is probably better, no?
[19:35:46] <mechanicjay> xlefay: purge would be preferable
[19:36:00] <xlefay> Yeah, let me check the varnish config on dev
[19:36:07] <paulej72> yes, but what command do we need for a full purge
[19:37:04] <xlefay> *Probably* something like this: 'curl -X "PURGE /" varnish'
[19:38:09] <xlefay> Yes, PURGE from localhost @ dev would do it
[19:38:31] <xlefay> error 429 "Too many requests; 400 TB not accepted"; # hah, I love it ;-)
[19:39:22] <xlefay> Woa, that dev box is swapping like crazy
[19:39:41] <paulej72> why do we send commands to varnish through http? that seems silly. Can't I have a real command to purge.
[19:40:08] <xlefay> paulej72: because that's the way varnish is made, a varnish-cli would still send that HTTP request.
[19:40:09] <paulej72> yes I noticed the swap and high memory useagge
[19:40:39] <xlefay> and it really does make sense from Varnish's position, it already listens for HTTP requests, so why not just listen for another one instead of having a secondary interface ;-)
[19:43:16] <paulej72> mysqld has a bunch of children that are taking up a lot of memory each
[19:43:36] <xlefay> That's what you get for using MySQL; it having children just makes things even worse.
[19:44:22] <paulej72> 31 children
[19:44:41] <xlefay> That can probably be lowered considering Varnish & Memcache
[19:45:37] <paulej72> yes looking for the setting
[19:45:45] <NCommander> moning
[19:45:49] <NCommander> *morning
[19:45:50] <xlefay> Morning.
[19:45:56] * NCommander is reading the feedback
[19:46:45] <paulej72> NCommander: I am trying to get dev setup to do a slash update, but right now mysql is starting too many child processes.
[19:47:10] <NCommander> paulej72, fuck. Let me give you my two cents in a minunte
[19:47:21] <paulej72> OK
[19:47:21] <NCommander> mechanicjay, varnish is an identical setup to production
[19:55:04] <mechanicjay> NCommander: okay, I thought that was the case. And now that you're here....
[19:55:30] * mechanicjay smacks NCommander for nuking everyone's access over the weekend.
[19:55:57] * mechanicjay asks NCommander nicely if we get his keys setup.
[19:59:18] -!- FunPika [FunPika!~FunPika@Soylent/Staff/Wiki/FunPika] has joined #staff
[19:59:18] -!- mode/#staff [+v FunPika] by SkyNet
[20:00:41] <xlefay> mechanicjay: I can probably help you with that since NC isn't back yet
[20:01:13] <mrcoolbp> xlefay: he is back ^^
[20:01:50] <mechanicjay> oh, xlefay very good
[20:01:51] <xlefay> mrcoolbp: but he hasn't said anything in the past 15 minutes, that's why I'm offering so NC can focus on getting paulej info regarding the dev server ;-)
[20:02:02] <mrcoolbp> = (
[20:02:16] * mrcoolbp wonders if he should just shutup sometimes
[20:03:47] <xlefay> mechanicjay: can you send your pubkey to me?
[20:04:28] <xlefay> actualy, mechanicjay, your ssh key is already in, doesn't it work?
[20:04:40] <mechanicjay> oh
[20:04:51] <mechanicjay> which box?
[20:04:55] <mechanicjay> staff?
[20:04:58] <xlefay> it's in ldap, you can ssh into any
[20:05:07] <xlefay> but you ssh in via boron
[20:05:13] <paulej72> mechanicjay ssh to staff.soylentnews.org
[20:05:24] <mechanicjay> sob -- it works today!
[20:05:51] <paulej72> mechanicjay: can you kinit?
[20:06:01] <xlefay> paulej72: I'll have to give him a password for that ;-)
[20:12:58] <NCommander> is back
[20:13:09] <xlefay> NCommander: we can't access oxygen.
[20:13:18] <NCommander> mechanicjay, pfft, didn't you read the loads of shiny documentation I wrote?
[20:13:20] <NCommander> xlefay, fuck
[20:13:47] <mechanicjay> NCommander: I did read some of it, didn't realize you got my key setup already.
[20:14:15] <mechanicjay> NCommander: I'm all set now, xlefay filled in my gaps in knowledge.
[20:14:20] <NCommander> mechanicjay, I picked it out of your home folder
[20:14:39] <NCommander> xlefay, huh ... its there
[20:14:46] <NCommander> xlefay, kerberos authetication failing
[20:15:07] <xlefay> I was about to check the logs, just linking MJ to some ldap docs you wrote
[20:15:16] <paulej72> NCommander: two things I need, First we need to tune mysql on dev to not hog resources. Not sure what the best settings are for this.
[20:15:29] <NCommander> xlefay, you can get to it by SSH proxy, its failing kerberos authetication, checking
[20:15:39] <xlefay> aah of course
[20:15:53] <xlefay> ~ $ ssh oxygen.li694-22 <===== awesome
[20:15:57] <paulej72> Next I need to know if we should purge the varnish cache on updating slash and if so what is the best command to do this.
[20:16:10] <NCommander> paulej72, service varnish restart
[20:16:11] <NCommander> :-)
[20:16:34] <NCommander> paulej72, we might just disable caching on dev for SAN reasons. I used an identical varnish file to test it
[20:16:41] <NCommander> xlefay, rdns broke
[20:16:45] <NCommander> xlefay, which broke kerberos
[20:16:51] <xlefay> hmm
[20:16:54] <NCommander> xlefay, its resolving itself as pub.oxygen.li684-22
[20:17:07] <NCommander> (ping from boron)
[20:17:10] <xlefay> ooh...
[20:17:29] <NCommander> xlefay, yeah, kerberos is really picky about DNS
[20:17:38] <NCommander> xlefay, I can add pub.oxygen.li694-22 principle if need be
[20:17:46] <xlefay> actually, you have to do that or add it in /etc/hosts
[20:18:22] <xlefay> Unless I create the reverse 10.8.0 zone...
[20:18:34] <xlefay> are we planning on having a lot of off-site servers? Guess the answer is no?
[20:18:35] <NCommander> xlefay, it is in hosts
[20:18:41] * NCommander grumbles
[20:18:46] <NCommander> xlefay, I think I can make kerberos ignore rdns
[20:19:00] <NCommander> xlefay, http://web.mit.edu
[20:19:27] <NCommander> xlefay, that fixed it
[20:19:28] <xlefay> PING oxygen(2001:41d0:1:dfa9::1) 56 data bytes
[20:19:36] <xlefay> PING pub.oxygen.li694-22 (91.121.158.169) 56(84) bytes of data.
[20:19:38] <xlefay> that's fugly
[20:19:40] <NCommander> xlefay, we need to get slurp setup
[20:19:50] <xlefay> Yep
[20:19:51] <NCommander> maybe even kdc on oxygen
[20:20:02] <NCommander> (kerberos is a non-critical service, but its fucking awesome to have)
[20:20:04] <xlefay> So it can slurp its way throughout the nodes ;-)
[20:20:26] <NCommander> Honestly, we need a proper certificate authority for internal DNS
[20:20:37] <xlefay> Then let's make one.
[20:20:43] <NCommander> Instead the million of one self-signed certificates
[20:20:53] <NCommander> xlefay, one gotcha. slapd doesn't work with openssl certs
[20:21:00] <xlefay> li694-22 Certificate Authority, here we come!
[20:21:04] <NCommander> (I have no fucking clue why, but it didn't work until I redid it with gnutls)
[20:21:05] * xlefay sighs
[20:21:15] <xlefay> gnutls is fully compatible isn't it?
[20:21:24] <NCommander> "theorically fully compatible"
[20:21:38] <NCommander> I know why Ubuntu and Debian ship with slapd compiled gnutls vs. openssl
[20:21:43] <NCommander> (legal reasons actually)
[20:21:45] <xlefay> That's like MediaWiki being theoretically compatible with PostgreSQL, we all know it's bullshit
[20:21:56] <NCommander> But this might be a case where we just recompile it against openssl and stuff it in the PPA
[20:22:00] <xlefay> ^
[20:22:13] <NCommander> Yay for centralized package management :-)
[20:22:33] <xlefay> NCommander: now all you need to do is also make an RPM for the SVC machine ;-)
[20:22:34] * xlefay ducks
[20:23:14] <xlefay> I have to say tho mechanicjay, since most of our stuff is running Ubuntu now, it seems SVC is a bit left out :<
[20:23:25] * xlefay pats SVC
[20:23:30] <NCommander> svc is our walled in netware server. That machine gets no love
[20:23:44] <NCommander> I don't mind diversity
[20:23:48] <NCommander> And I don't mind if we leave it centos
[20:23:57] <NCommander> We just need to figure out how to connect it to LDAP/KRB
[20:24:12] <xlefay> I don't mind it either, but I prefer things to be standard ;-) that said, I don't care if it stays CentOS
[20:24:19] <NCommander> and backport openssh on it and ...
[20:24:22] <xlefay> e.g. one or two OS's in an environment is generally more than enough
[20:24:24] <NCommander> you know, BURN THE HERETIC MACHINE
[20:24:55] * NCommander bumps his article on the page queue
[20:25:06] <xlefay> so mechanicjay, next thing, integrating ldap with postgresql? :)
[20:25:12] * xlefay considers ducking
[20:25:27] <xlefay> err, ldap
[20:25:30] <xlefay> ._.
[20:26:01] <xlefay> To be honest, I don't think authing against ldap is a bad idea, but I am curious how it'd work with virtual domains, etc..
[20:26:07] <xlefay> (just a curiosity)
[20:26:35] <xlefay> Probably have to set up mappings, etc. *goes to look it up* ;-)
[20:28:20] <paulej72> NCommander: I have a deploy script set up on dev: /srv/soylentnews.org/src/deployshash.sh. Can you take a look and let me know if this looks sane for this system. I am deploying out of slashcode which I just did a fresh pull from master
[20:28:45] <NCommander> xlefay, ldap isn't picky abotu DNS. I wanted to put a hosts file in LDAP, but we discovered that just puts NSS in an infinite loop
[20:28:47] <NCommander> paulej72, looking
[20:29:56] <NCommander> paulej72, slash@lithium:~/src$ ls -lah deployslash.sh
[20:29:56] <NCommander> -rwx------ 1 root root 318 Mar 24 19:23 deployslash.sh
[20:30:04] <xlefay> xlefay: I understand that, I'm just looking into how that would work with postfix for instance, LDAP would do auth and such, but one can probably set up mappings between domains & ldap user groups
[20:30:06] <NCommander> paulej72, *dont* deploy as root, you will break stuff
[20:30:12] <NCommander> (slashd will explode due to permissions)
[20:30:15] <NCommander> er
[20:30:16] <NCommander> wait
[20:30:18] * NCommander shuts up
[20:31:06] <NCommander> paulej72, add "service slash restart" ,and I find its best to stop everything (slash last) thens tart.
[20:31:46] <mechanicjay> NCommander: xlefay: as everything else is currently Ubuntu, my little services box is feeling like the red-headed step child. As it's unlikely to convince everyone that SuSE or FreeBSD is the way forward, I concede that when that machine gets rebuilt, it should be....Ubuntu.
[20:32:16] <mechanicjay> I think though that for the near term getting it kerberized and ldapified should be fine -- also getting some of the config straitened out.
[20:32:44] <xlefay> mechanicjay: well fortunately she's a hottie ;-)
[20:32:44] <NCommander> mechanicjay, I never meant to be a nazi on distro :-/
[20:32:52] <paulej72> NCommander: Run the script as root or slash?
[20:32:53] <xlefay> Although, I second FreeBSD :P
[20:33:32] <NCommander> paulej72, as root
[20:33:33] <mechanicjay> NCommander: I know, it's okay.
[20:33:39] <xlefay> mechanicjay: honestly though, it doesn't matter much - as long as everything runs smoothly, it's all good :)
[20:33:42] <NCommander> xlefay, ... ports ... ick ...
[20:33:52] * NCommander doesn't *hate* pkgsrc, but compared to apt ...
[20:34:22] <xlefay> Did anyone try this Fish thingy ?
[20:34:35] * NCommander likes fish, they're extremely tasty
[20:35:11] <mechanicjay> Right, but there's no reason to be confusing for no reason, and so standardization on 1 distro is the way to go. Then you don't need remember which soylent boxes are which
[20:35:15] -!- pbnjoe [pbnjoe!~pbnjoe@Soylent/Users/313/pbnjoe] has joined #staff
[20:36:09] <NCommander> mechanicjay, that's what motd and drugs are for
[20:36:09] <xlefay> Agreed
[20:36:22] <NCommander> mechanicjay, that being said, I want to bring up a HURD node for april fools, and seup hurd.soylentnews.org
[20:36:39] <paulej72> If no one objects, I am about to pull the trigger on a new slash deploy on dev
[20:36:54] <xlefay> also, who's doing the frontend stuff?
[20:36:58] <NCommander> paulej72, pull it. Worst you do is commit horrible bloody death
[20:37:10] <xlefay> I'm still waiting for that ajax term interface to cat articles and stuff.
[20:37:24] <NCommander> xlefay, we have an AJAX interface
[20:37:35] <NCommander> xlefay, plugins/Ajax
[20:37:48] <xlefay> NCommander: I mean, like a terminal ;-)
[20:38:10] <xlefay> $ cat 'article' # plain text ftw.
[20:38:19] <NCommander> xlefay, I wanted our gopher interface to be that
[20:38:22] <xlefay> oooh
[20:38:24] * NCommander tries to picture an AJAX'ed lynx
[20:38:27] <xlefay> did you ever finish that?
[20:38:58] <NCommander> xlefay, with what free time :-P
[20:39:32] <NCommander> xlefay, I'm going the HURD route for april fools because frankly, I don't think I'm going to find free time between now and then
[20:41:25] <xlefay> ah k
[20:41:31] <xlefay> I never used Gopher to be honest...
[20:41:38] * xlefay definitely ducking *doesn't want to get smacked*
[20:41:46] <NCommander> mechanicjay, https://www.gnu.org - what I plan to do with the old services box :-)
[20:42:21] <mrcoolbp> interesting read: https://github.com
[20:42:31] <NCommander> mechanicjay, BTW, I know your head of sys/IS, so I hope you don't mind I stepped on your toes by going physco on the backend
[20:42:53] <mechanicjay> NCommander: I am?
[20:43:17] <xlefay> I didn't know that either in that case, mechanicjay, since I already joined Sys, I hope you don't have any objections ;)
[20:43:26] <xlefay> Guess I should have asked you technically :P
[20:43:27] <NCommander> mechanicjay, I thought you were
[20:43:36] * NCommander needs to write the org chart
[20:43:39] <xlefay> Thought no-one was re-elected after zford
[20:43:48] <NCommander> I think I mentally delgated and didn't tell anyone
[20:43:50] <NCommander> oops
[20:43:52] <mechanicjay> NCommander: IDK, since zford left, we'd all just kind of been one big happy family.
[20:43:52] <NCommander> !todo
[20:43:52] <Bender> todo for ncommander: 1) make sure install-slashsite installs proper schema 2) quit smoking 3) look at rewiring pollbooth for SERIOUS votes 4) write up YAFAP for nethack 5) find volunteer who may be willing to work on mod_perl rework effort 6) clean production database of unused vars/tables from Tags/FIrehose/Achievements 7) fix slashboxs 8) email to FSF/SPI w/ mattie_p - 1 more
[20:43:52] <FunPika> wait, wasn't sys merged with dev making paulej72 the leader of it
[20:43:58] <NCommander> !more
[20:43:59] <Bender> input 9) upstart job for apache 10) replace mysql SSL certifcates/change soylent password for DB access
[20:44:11] <NCommander> FunPika, no, its remained its own bubble with a lot of overlap
[20:44:23] <xlefay> To be honest, that merge is shitty
[20:44:37] <xlefay> There's technically still two functional teams
[20:44:42] <mattie_p> oh, I thought I was summoned
[20:44:49] <NCommander> mattie_p, I wrote another novel
[20:44:56] <mattie_p> NCommander, you want me to send that email or will you do it?
[20:45:02] <FunPika> http://wiki.soylentnews.org Right now the WhosWho has dev/sys all under one header...should it be split again?
[20:45:04] <NCommander> mattie_p, what's the latest draft version of it?
[20:45:08] <NCommander> FunPika, nah, fine as is
[20:45:16] <mattie_p> I haven't touched it since I sent it
[20:45:19] <paulej72> NCommander: I am getting these errors: Can't locate DBIx/Password.pm
[20:45:32] <NCommander> paulej72, with apache?
[20:45:34] <mattie_p> I can womp something up, but I'll be a couple hours doing it due to kids and stuff
[20:45:37] <NCommander> paulej72, that's a perl module
[20:45:50] <xlefay> mechanicjay: btw, one awesome thing about having one platform
[20:46:01] <paulej72> NCommander: when I do the make install on slash
[20:46:09] <NCommander> paulej72, oh, fuck, you are missing something
[20:46:12] <NCommander> paulej72, let me edit your script
[20:46:15] <xlefay> we've already got two of our own deb's for li694-22, so one OS will mean every sys can use our debs ;)
[20:46:31] <xlefay> That said, how about we both take a look at that ldap stuff for SVC?
[20:47:09] <FunPika> You guys are still going to try to get LDAP running on CentOS?
[20:47:14] <NCommander> FunPika, probably
[20:47:16] <xlefay> FunPika: we haven't really started
[20:47:20] <mattie_p> NCommander reading the novel now, somehow I missed it yesterday
[20:47:54] <NCommander> mattie_p, the editoral team ended our story drought shortly after it was posted so I bumped it on the main index
[20:48:14] <mrcoolbp> NCommander: if you have time I'd like to touch base on the voting system
[20:48:19] <NCommander> paulej72, I fixed it, running a test vote
[20:48:25] <NCommander> er
[20:48:27] <NCommander> test rollout
[20:48:36] <NCommander> mrcoolbp, damn it, stop destroying my trains of thought
[20:48:54] * mrcoolbp is just doing his job
[20:49:02] <NCommander> paulej72, ok, it works great now
[20:49:14] <xlefay> mrcoolbp: "destroying thought trains since 1884" ;)
[20:49:29] <mrcoolbp> actually I was born in 1984...
[20:49:32] <mrcoolbp> = )
[20:49:36] <xlefay> err, yeah 1984 :P
[20:49:43] <paulej72> NCommander: Yes it does and I have the new stuff up on dev
[20:49:52] <NCommander> paulej72, looks like it rolled out fine
[20:49:58] * NCommander is not a huge fan of the "Read More" bubbles
[20:50:01] <mattie_p> NCmomander: yeah, saw that.
[20:50:05] * mrcoolbp notes it's weird that xlefay knows what year he was born in
[20:50:31] <xlefay> mrcoolbp: I was guessing ;-)
[20:50:32] <mechanicjay> I need to go for a walk before I burn down my workstation, my laptop and the building I work in.
[20:50:34] <mrcoolbp> well you were only off by 100 years
[20:50:41] <xlefay> You once mentioned your age to me so ;-)
[20:50:42] <NCommander> mechanicjay, we'll be here
[20:50:43] * mechanicjay goes to freak out
[20:50:46] <xlefay> This is true ;-)
[20:50:52] <NCommander> mechanicjay, don't let the VMS bugs bite
[20:51:53] <paulej72> We need people to test on dev so we can get this out to production
[20:52:23] <paulej72> xlefay: do you want me to redo the IRC url?
[20:52:54] <xlefay> paulej72: Yes, make it http://chat.soylentnews.org for now (instead of https, just in case this gets deployed in advanced o prod, it'll still work)
[20:53:07] <xlefay> I'll set up a rewrite rule ones chat = https only so you don't have to change anything later on
[20:53:30] <xlefay> once*
[20:53:41] <paulej72> I will use // so it will pass http or https depending on the what the user is currently using
[20:55:06] <xlefay> paulej72: as long as that doesn't get deployed on prod till the webchat's been moved that's fine but the current webchat doesn't allow https
[20:56:00] <paulej72> xlefay: the website really does not work with https either
[20:56:23] <xlefay> well it does... slash just redirects you to http now, but you stay signed in on https
[20:56:46] <xlefay> That's the only issue with slash & SSL atm but besides that, it just works if you go back to https, you stay signed in, etc.
[21:01:11] <paulej72> dev can't sen email correct
[21:01:19] <paulej72> send
[21:01:41] <xlefay> paulej72: I'll install ssmpt on it so it can use the SVC's box to send e-mails ;-)
[21:02:08] <xlefay> (unless anyone has a better idea? that is)
[21:02:16] <paulej72> ok as I just locked out mrcollbp on dev as I sent a password reset emial to dev null
[21:02:46] <xlefay> icscard's website is weird...
[21:03:00] <xlefay> they have flash text headers -_-"
[21:03:28] <mrcoolbp> = (
[21:09:41] <mechanicjay> xlefay: postfix will need an account for ssmtp to auth against.
[21:10:20] <xlefay> I know
[21:10:39] <xlefay> I'm going to make it 'noreply-dev@soylentnews.org' to keep that separation
[21:10:59] <mechanicjay> ok
[21:17:29] <mrcoolbp> xlefay: let me know when you get it setup if you would
[21:22:50] <xlefay> mrcoolbp: paulej72: seems to be working
[21:22:55] <xlefay> sorry I was eating a sandwich first ;-)
[21:22:59] <mrcoolbp> heh
[21:23:30] <xlefay> just e-mail from whatever e-mail address is configured, as long as it comes from the slash user it'll originate from noreply-dev@soylentnews.org
[21:24:45] <paulej72> Just sent a password reset email from dev. lets see if it gets through
[21:25:11] <xlefay> not seeing anything in svc's logs yet
[21:26:09] <mrcoolbp> hrm
[21:26:13] LaminatorX|afk is now known as LaminatorX
[21:27:46] <mrcoolbp> hey LaminatorX
[21:28:02] <LaminatorX> Yes?
[21:28:08] <xlefay> paulej72: not even lithium shows it in it's logs
[21:28:22] <mrcoolbp> LaminatorX: just saying "hi"
[21:28:38] <LaminatorX> Hey.
[21:28:48] <paulej72> xlefay: adminmail var is set to admin@dev.soylentnews.org
[21:29:35] <xlefay> paulej72: doesn't matter, everything sent from the "slash" accounts gets re-written to noreply-dev@soylentnews.org, of course that still requires slash to use /usr/bin/mail
[21:29:54] MrBluze is now known as MrBluze|afk
[21:30:34] <xlefay> but I'm fairly sure it can't do that because of apparmor
[21:30:47] <xlefay> NCommander: ?
[21:31:17] <paulej72> xlefay: I am not sure if slash uses /usr/bin/mail. I think it has its own server possibly
[21:31:44] <xlefay> wait..
[21:31:45] <xlefay> https://github.com
[21:31:50] <NCommander> xlefay, sounds about right
[21:32:00] <NCommander> xlefay, you'll have to add it to the apparmor config
[21:32:08] <paulej72> xlefay: I have a variable for smtp_server and it is currently set to localhost
[21:32:09] <xlefay> That's just the mass mail plugin right?
[21:32:28] <xlefay> paulej72: aah, makes sense. NCommander after setting it into apache's config, service apache restart?
[21:32:36] <xlefay> nothing will get slashy and brak?
[21:32:38] <xlefay> break*
[21:33:05] <xlefay> paulej72: now I'm sure it just uses the local smtp
[21:33:28] <NCommander> xlefay, yeah
[21:33:42] <NCommander> Email is disabled on dev
[21:33:46] <NCommander> (the master switch is set to off)
[21:34:00] <NCommander> Don't re-enable it without blanking out the email database on dev (update users set email = '')
[21:34:06] <xlefay> NCommander: I just set up, ssmtp > SVC - so they can e-mail ;-)
[21:34:09] <NCommander> else you'll cause eeryone to get "daily story emails"
[21:34:20] <xlefay> was afraid of that, paulej72 you do the blanking?
[21:34:41] <xlefay> and just manually re-set back your own e-mails
[21:35:05] <paulej72> no can't blank users emails. need them for password resets
[21:35:32] <xlefay> paulej72: daily story emails? etc..
[21:35:58] <paulej72> should be able to set that to no email for all users
[21:36:09] <xlefay> And there aren't any other quirky email stuff going on?
[21:37:16] <paulej72> hell I don't know
[21:37:37] <paulej72> I guess if fuck up the db, we can always reimport
[21:37:50] <xlefay> I'm not worried about fucking up the db
[21:38:06] <paulej72> I'll kill the email addresses
[21:38:08] <xlefay> I'm worried about spamming all users in the DB and crippling the SVC server while doing so
[21:38:52] <xlefay> (don't forget to add that MySQL query in your deploy script, I'm guessing you also take a dump from the prod DB when deploying?
[21:40:42] <paulej72> xlefay: for now no we will not be taking on a new db dump for each deploy
[21:41:03] <xlefay> paulej72: let's just hope no-one forgets blanking out users e-mail addresses...
[21:41:11] <xlefay> when they do, that is
[21:42:16] <xlefay> paulej72: you set back mrcoolbp's e-mail?
[21:42:39] <paulej72> not yet seeing if the email setting took first
[21:43:56] <xlefay> Well, try to send a mail when you can (and highlight me, please); I just reloaded the apparmor profile, as described in the manual, I want to know if we can forget restarting the webserver itself or not
[21:44:19] * NCommander stops typing
[21:44:30] * NCommander wrote something like 15 commenst on the incorperation page
[21:44:45] <paulej72> OK emails seem to be blanked and I have set mine and mrcoolbp's back to mormal
[21:45:18] <xlefay> let's see if it works ;-)
[21:45:24] <xlefay> dang NC, time for a smoke ;-)
[21:45:42] <paulej72> xlefay: email sent
[21:45:59] <xlefay> aa-logprof IS AWESOME!!
[21:46:00] <xlefay> ok:
[21:46:02] <xlefay> Profile: /srv/soylentnews.org/apache/bin/httpd
[21:46:03] <xlefay> Execute: /bin/hostname
[21:46:10] <xlefay> why the hell does it want to execute hostname -.-
[21:46:44] <NCommander> xlefay, ahahahahah
[21:47:02] <paulej72> xlefay: I just did a restart and apache will get the hostname when setting up its config
[21:47:04] <NCommander> xlefay, you got aa-logprof to work with httpd?
[21:47:18] * NCommander couldn't get it to attach, I wrote the file from the entirity of the error log in syslog
[21:47:22] <xlefay> NCommander: I just started aa-logprof..
[21:47:25] <NCommander> ....
[21:47:28] * NCommander facepalms
[21:47:32] <NCommander> I fail obviously :-)
[21:47:51] <xlefay> actually, paulej72, I don't think it was related to apache directly
[21:48:12] <xlefay> This is how it works, right: Apache starts /usr/bin/mail, /usr/bin/mail wants /bin/hostname, right?
[21:48:24] <xlefay> So, do I make a profile for /usr/bin/mail or do I include those in Apache?
[21:48:38] <NCommander> xlefay, whatever Apache starts inherts its permissions
[21:48:38] <xlefay> Does Apache's profile allow Mail's profile to take affect?
[21:48:39] <NCommander> (ix)
[21:48:42] <paulej72> xlefay: before I sent the email I restarted apache
[21:48:58] <NCommander> xlefay, there's a way to get Apache to get it to look at its own profile
[21:49:03] <NCommander> for apps it executes
[21:49:10] <xlefay> also.. it seems aa-logprof only worked once for me
[21:49:29] <xlefay> probably only works if there's something to report
[21:50:03] <xlefay> paulej72: can you re-try emailing?
[21:50:29] <paulej72> xlefay: done
[21:51:18] * xlefay sighs
[21:51:31] <NCommander> xlefay, you might just want to set apparmor to complain mode, then suck on syslog
[21:52:00] <xlefay> https://help.ubuntu.com <-- good thing I've got that open
[21:52:28] <NCommander> Documentation: got to love it
[21:52:34] * NCommander has to do his day job today
[21:52:35] <NCommander> Ugh
[21:53:08] <xlefay> Good luck.
[21:53:22] <xlefay> paulej72: what's the URL to reset & what info's?
[21:54:37] <paulej72> http://dev.soylentnews.org if you are an admin you should see force user to verify account
[21:55:49] <xlefay> I'm only admin @ regular site, not @ dev
[21:56:57] <xlefay> "The password for mrcoolbp was emailed to its registered email address. It will remain valid for 3 days."
[21:56:59] <paulej72> [Mon Mar 24 20:54:42 2014] [error] /users.pl:Slash::Messages:/srv/soylentnews.org/local/lib/perl5/site_perl/5.10.1/Slash/Messages.pm:554:Not allowed to send mail; send_mail variable is false ;; Which was called by:Slash::Utility::System:/srv/soylentnews.org/local/lib/perl5/site_perl/5.10.1/x86_64-linux/Slash/Utility/System.pm:249
[21:57:02] <xlefay> I'll just use the good ol' pass reset
[21:57:16] <xlefay> paulej72: didn't NC say it was dissallowed?
[21:57:18] <cosurgi> janrinok: I think that you went too fast with posting more news.
[21:57:25] <xlefay> so you gotta change send_mail variable
[21:57:42] * cosurgi has problems catchin gup
[21:59:46] <cosurgi> !current-uid
[21:59:46] <Bender> The current maximum UID is 3944, owned by LazyBoot
[22:01:24] <paulej72> xlefay: [Mon Mar 24 21:00:27 2014] [error] /users.pl:Slash::Messages:/srv/soylentnews.org/local/lib/perl5/site_perl/5.10.1/Slash/Messages.pm:554:Error sending to 'mrcoolbp@gmail.com' for user 68: connect to localhost failed (Connection refused)\nconnect to localhost failed\nconnect to localhost failed (Connection refused) no (more) retries! ;; Which was called
[22:01:25] <paulej72> by:Slash::Utility::System:/srv/soylentnews.org/local/lib/perl5/site_perl/5.10.1/x86_64-linux/Slash/Utility/System.pm:249
[22:01:57] <janrinok> cosurgi: you'll have to learn to read faster.... ;)
[22:02:05] <mrcoolbp> paulej72: surely you have more important things to do then to reset my password on dev.soylent ....
[22:02:33] <cosurgi> janrinok: ;-) IMHO better give people a bit more time.
[22:02:34] <xlefay> paulej72: can you make it use /usr/bin/mail instead of connecting to localhost?
[22:02:54] <paulej72> mrcoolbp: yes I am trying to get mail forwarding working :)
[22:03:01] <mrcoolbp> = )
[22:03:11] <paulej72> xlefay: you are now admin on dev
[22:03:31] <janrinok> Don't worry, we are slowing down to 1 every 30-45 minutes now that we have cleared a chunk of the subs list
[22:03:41] <janrinok> cosurgi: ^
[22:05:13] <cosurgi> janrinok: I still think that's too often...
[22:05:37] <cosurgi> janrinok: maybe more like 50-70 minutes would be good... but that's just my humble opinion.
[22:05:43] <paulej72> xlefay: [Mon Mar 24 21:04:06 2014] [error] /users.pl:Slash::Messages:/srv/soylentnews.org/local/lib/perl5/site_perl/5.10.1/Slash/Messages.pm:554:Error sending to 'mrcoolbp@gmail.com' for user 68: /usr/bin/mail not found\nconnect to localhost failed (Connection refused)\nconnect to localhost failed\nconnect to localhost failed (Connection refused) no (more) retries! ;; Which was called
[22:05:44] <paulej72> by:Slash::Utility::System:/srv/soylentnews.org/local/lib/perl5/site_perl/5.10.1/x86_64-linux/Slash/Utility/System.pm:249
[22:05:47] <janrinok> Some want us to go faster, some want us to go slower. We just can't win ;)
[22:05:56] <janrinok> cosurgi: ^^^
[22:06:04] <xlefay> paulej72: can you make it use /usr/bin/mail instead of connecting to localhost?
[22:06:05] <mrcoolbp> janrinok: oh I definitely have seen that to be true
[22:06:14] <cosurgi> janrinok: who want to go faster? :)
[22:06:14] <janrinok> lol
[22:06:25] <xlefay> oh
[22:06:27] <xlefay> wait
[22:06:28] <paulej72> I did that and it does not seem to use that
[22:07:00] <paulej72> xlefay: can we set it to directly connect to the mail server?
[22:07:22] <xlefay> paulej72: sure but then it'd spoof the sender.. can you set a global sender for it?
[22:07:51] <janrinok> I can't give you a list of names cosurgi but we have had _lots_ of people saying that there weren't enough stories going out. We decided today that, with a full sub list, we would see what effort was involved and what users say. Your comment is noted - because I can't keep going at this speed either!
[22:09:11] <cosurgi> janrinok: yes, it was definitely too slow, before LaminatorX's call for submissions.
[22:10:32] <janrinok> cosurgi: You tell 'em why we are not printing their particular story then - they would sting me up after we've been asking for more submissions if all we did was let them die.
[22:10:46] <janrinok> string*
[22:11:40] <cosurgi> janrinok: I understand. But when people see that it was "accepted" they will just wait patiently until it shows up.
[22:12:32] <cosurgi> janrinok: OTOH it must be hard to decide about the order. Some mey be really urgent, some may be simply interesting but not urgent..
[22:12:39] <janrinok> But it doesn't show as accepted until I process it and put it in the release list - and that is something that many _did_ complain about. They had to wait many hours to see their story.
[22:13:17] <janrinok> We save some of the non-time critical for quiet periods - but people still complain.
[22:14:08] <janrinok> I'm just finishing 3.5 hours of full rate non-stop editing. I'm knackered!
[22:14:12] <SkyNet> you stopped posting?!
[22:14:12] <cosurgi> janrinok: hmm.. maybe we could modigy the engine a little bit. So that it shows "accepted" but allows for delay. Maybe giving info "accepted, delayed" ?
[22:14:29] <cosurgi> s/modigy/modify/
[22:15:12] <janrinok> Yes, but changes to the software are not top priority at the moment. Once everyone gets on top of their areas we should be able to move forward to the new ideas list.
[22:17:08] <janrinok> SkyNet: I'm leaving it LaminatorX's capable hands
[22:17:28] <LaminatorX> Some amount of queueing and delay is absolutely necessary. We don't have 24-hour on-shift editors.
[22:17:38] <cosurgi> .topic http://cosurgi.info
[22:18:10] <janrinok> cosurgi: nice graph!
[22:18:15] <cosurgi> .op
[22:18:15] -!- mode/#staff [+o cosurgi] by SkyNet
[22:18:18] cosurgi changed topic of #staff to: http://cosurgi.info
[22:18:20] <cosurgi> .deop
[22:18:20] -!- mode/#staff [-o cosurgi] by SkyNet
[22:18:38] <cosurgi> janrinok: thx. I did it while talking with you about posting stories :)
[22:19:05] <janrinok> at least it is still climbing!
[22:19:31] <cosurgi> unfortunately I have no earlier data. I guess that 2014.02.22 is when the command !current-uid was implemented (by Landon I suppose)
[22:20:00] <janrinok> LaminatorX: we managed to get 29 stories out for Monday - that is a very good effort!
[22:20:27] <LaminatorX> That's probably a record, and we didn't even start until well into the morning.
[22:20:50] <cosurgi> I wonder what happened about 2014.02.24, We had a huge jump from 2700 to 3200 users.
[22:21:14] <LaminatorX> It remains to be seen whether this pace is a good thing or not, but for the moment I'm happy to let the warm fuzzies flow.
[22:21:21] <janrinok> we opened it up to everyone - before that it was invite only I think cosurgi
[22:21:30] <NCommander> Holy cap
[22:21:35] <cosurgi> janrinok: maybe I should automate doing this graps. That should be a quite simple cronjob...
[22:21:37] <NCommander> We just got a slogan suggestion I love
[22:21:37] <NCommander> Changing the world, one geek at a time
[22:21:40] <janrinok> I will bask in the warm fuzzies for a while then
[22:21:58] <mrcoolbp> NCommander: saw that, I like it
[22:22:05] <janrinok> NCommander: I like it!
[22:22:14] <NCommander> I think we got our new slogan no matter what the name is
[22:22:36] <LaminatorX> NCommander, can we do a trial on dev for topics pages, main page split?
[22:22:50] <NCommander> LaminatorX, i.e., yro.slashdot.org?
[22:23:08] <LaminatorX> With that, we totally could do 40-50 stories a day without spamming main.
[22:23:09] <NCommander> LaminatorX, that requires creating new Nexuses. It should (theorically) work
[22:23:18] <LaminatorX> Right.
[22:23:23] <cosurgi> This graph actually greps the irclogs, so it relies on you to invoke !current-uid from time to time. Maybe we could ask Landon to set the bot to run it at least once per 24h. Then I could automate creating this graph with no missing points.
[22:23:27] <cosurgi> Landon: ^
[22:23:42] <NCommander> LaminatorX, that requires a fair bit of backend setup due to DNS and such. Write up a list of test nexuses, what topics go to what nexuses, and I'll look at getting dev changed this week to experiment
[22:24:11] <NCommander> xlefay, hrm, maybe we should add a wildcard, *.dev. should go to dev. That should get Apache vhosting to do the right thing
[22:24:24] <NCommander> LaminatorX, we probably should color code the various nexuses
[22:24:29] <LaminatorX> How about SoylentCloud and SoylentBI?
[22:24:32] * LaminatorX ducks.
[22:24:39] <xlefay> !grab LaminatorX
[22:24:39] <Bender> Added quote 88
[22:24:49] <NCommander> LaminatorX, I'm going to hurt you :-P
[22:25:04] <xlefay> NCommander: should work
[22:25:53] <xlefay> I think it's very likely this "boost" of submissions is only temporarily
[22:26:17] <xlefay> in a weeks time, most people will think "aah others are submitting enough, I can stop."
[22:26:18] <NCommander> xlefay, eh, slashdot used to pop automatic messages at the top about submissions and the site is powered by them
[22:26:29] <LaminatorX> There will surely be a honeymoon, but my hope is that when it's over our new equilibrium will be higher.
[22:26:38] <xlefay> NCommander: so there's where I stole that suggestion from ;-)
[22:26:57] * mrcoolbp watches as the submissions slowly dissapear...
[22:27:17] <NCommander> paulej72, can we get that put back into the theme or something?
[22:27:28] <NCommander> An occassional reminder to users that they should submit?
[22:27:45] <SkyNet> ^^
[22:28:28] <xlefay> NCommander: I would say, if there are less then X submissions show a highlight about it ;-)
[22:28:42] <paulej72> NCommander: this is a feature that we never had correct?
[22:29:04] <xlefay> e.g. show it to go off when there's 60 submissions left, that'll give you a nice safety net
[22:29:09] <paulej72> I just want to make sure that this is not something I broke :)
[22:29:21] <NCommander> paulej72, its possible there's something in slash already. There's a ton of notification code in places index.pl (i.e., nagging people to subscribe)
[22:29:30] <NCommander> paulej72, its something that never worked if we ever had it
[22:29:53] <NCommander> LaminatorX, if we do this, I want a new slashbox that gives you a list of articles on various nexuses
[22:29:55] <paulej72> OK a feature request then. Not a bug fix :)
[22:30:00] <NCommander> LaminatorX, similar to the current journal
[22:30:03] <NCommander> paulej72, so he's what I want to do
[22:30:06] <LaminatorX> It seems appropriate.
[22:30:17] <NCommander> paulej72, I want to get a plan for the next release of slashcode, and then go through a formal release process
[22:30:17] <mrcoolbp> !grab NCommander
[22:30:17] <Bender> Added quote 89
[22:30:25] <mrcoolbp> ah crap, missed it..
[22:30:28] <xlefay> mrcoolbp: damn you were _TOO_ late1
[22:30:42] * LaminatorX is a big fan of formal release processes.
[22:31:08] <NCommander> paulej72, what I want to do is get slashcode to the point we can do a formal MM.YY release, and then production goes from stable to stable
[22:31:23] <xlefay> paulej72: is the theme support good?
[22:31:28] <NCommander> xlefay, no.
[22:31:29] <paulej72> I am up for that, but I have never done this before
[22:31:35] <mrcoolbp> I'm off for now, guys, catch you all later
[22:31:41] <xlefay> NCommander: how so?
[22:31:43] <NCommander> paulej72, not a problem, I'll hold the release team hat and set the goals for each slashcode release
[22:31:43] <xlefay> mrcoolbp: ttyl ;)
[22:31:49] <NCommander> xlefay, you need a seperate vhost for each theme
[22:31:49] <mrcoolbp> = )
[22:31:52] -!- mrcoolbp has quit []
[22:31:56] * xlefay sighs
[22:31:58] <NCommander> .... I just realized we could do edge that way
[22:32:01] <NCommander> I'm a fucking moron
[22:32:06] <NCommander> NO GRAB
[22:32:20] <xlefay> That's fucking stupid btw
[22:32:20] <janrinok> that was a quick bit of typing NCommander
[22:32:32] <paulej72> xlefay: add that quote manualy please
[22:32:32] <NCommander> janrinok, some things I have ready made macros
[22:32:37] <janrinok> lol
[22:32:48] <NCommander> Actually, that's perfect
[22:33:05] <NCommander> shit, my todo list just got longer
[22:33:05] <xlefay> NCommander: stupid and perfect
[22:33:09] <xlefay> doesn't give me what I want tho
[22:33:13] <NCommander> xlefay, ?
[22:33:20] <NCommander> xlefay, I want skins fully dynamic
[22:33:27] <NCommander> There's now and then
[22:33:36] <NCommander> xlefay, I think we need to poof edge into existence
[22:33:57] <NCommander> !todo make edge a thing
[22:33:57] <Bender> todo item 11 added
[22:34:05] <xlefay> (That means, it's done tomorrow, maybe the day after)
[22:34:05] <NCommander> SHit
[22:34:20] <NCommander> xlefay, I actually need to my normal job
[22:34:29] <xlefay> That would seem wise, yes
[22:34:29] * NCommander seriously needs a paycheck from project ;-/
[22:35:37] <paulej72> NCommander: we should test the theme stuff on edge first with the dev db so we can see if it breaks anything there first
[22:35:48] <NCommander> paulej72, of course. I'm not a madman
[22:35:58] <xlefay> !grab NCommander
[22:35:58] <Bender> Added quote 90
[22:36:00] <NCommander> ... well, ok, I'm a madman, but I have a sense of sanity
[22:36:04] <xlefay> !grab NCommander
[22:36:04] <Bender> Added quote 91
[22:36:05] <xlefay> damn you
[22:36:15] <janrinok> OK guys I'm out of here. Have a good one!
[22:36:17] <NCommander> !quote
[22:36:17] <Bender> quote <ID/search string>
[22:36:17] <paulej72> NCommander: no you only play a madman on TV
[22:36:18] <xlefay> Quotational bait.
[22:36:20] <NCommander> !quote NCommander
[22:36:20] <Bender> Quote 0 - <NCommander> mattie_p, I dunno, are you going to mail me an explosive device if I have you edit ANOTHER 3k novel?
[22:36:24] <Bender> Also in quotes: 2, 5, 6, 7, 8, 9, 10, 11, 12, 13, 15, 17, 18, 19, 21, 22, 23, 25, 27, 28, 29, 30, 31, 32, 33, 35, 37, 42, 43, 46, 52, 53, 54, 55, 58, 61, 62, 66, 79, 80, 81, 82, 83, 84, 85, 86, 87, 89, 90, 91
[22:36:31] <NCommander> !quote Bender
[22:36:31] <Bender> No quotes found with the text 'Bender'
[22:36:34] <NCommander> !quote Bender
[22:36:35] <Bender> No quotes found with the text 'Bender'
[22:36:37] <NCommander> !quote NCommander
[22:36:37] <Bender> Quote 0 - <NCommander> mattie_p, I dunno, are you going to mail me an explosive device if I have you edit ANOTHER 3k novel?
[22:36:41] <Bender> Also in quotes: 2, 5, 6, 7, 8, 9, 10, 11, 12, 13, 15, 17, 18, 19, 21, 22, 23, 25, 27, 28, 29, 30, 31, 32, 33, 35, 37, 42, 43, 46, 52, 53, 54, 55, 58, 61, 62, 66, 79, 80, 81, 82, 83, 84, 85, 86, 87, 89, 90, 91
[22:36:42] <NCommander> !grab Bender
[22:36:42] <Bender> I don't know what Bender said, so I can't quote them!
[22:36:44] <NCommander> ...
[22:36:55] <xlefay> !nick test
[22:36:55] <Bender> changing nick to test
[22:36:58] <NCommander> The bot needs a sense of self
[22:36:59] Bender is now known as test
[22:36:59] <test> done - nick
[22:37:00] <xlefay> !quote Bender
[22:37:01] <test> No quotes found with the text 'Bender'
[22:37:04] <xlefay> oh well.. worth a shot
[22:37:12] * xlefay actually thought it would be that stupid.
[22:37:22] -!- LaminatorX has quit [Quit: Web client closed]
[22:37:31] <xlefay> SO ANYWAY
[22:37:35] <xlefay> edge, paycheck, what else?
[22:37:39] <NCommander> xlefay, wow, its awesome when our expectations meet reality. What a novelity
[22:37:53] <NCommander> xlefay, name dev to staging? I rather go back to the original plan on this
[22:38:04] <xlefay> Which was?
[22:38:22] <NCommander> edge is lastest slashcode running against production database
[22:38:29] <NCommander> staging is lastest slashcode against copy of the database
[22:38:43] <NCommander> dev is our sandbox (and I want to rename it dogfood :-)
[22:39:10] <paulej72> so now we need two more boxes?
[22:39:21] <NCommander> paulej72, we've got an unused one I'm going to repurpose
[22:39:38] <xlefay> staging, copy of which DB?
[22:39:43] <NCommander> Say hello to nitrogen
[22:39:49] -!- janrinok has quit [Quit: leaving]
[22:39:51] * NCommander knew he forgot an element when he setup oxygen
[22:40:02] <NCommander> So we get nitrogen and floride
[22:40:17] <NCommander> and neon can become our new DB backup (that box is one giant single point of failure)
[22:40:50] <NCommander> and sodium can be a reducent machine for web
[22:41:09] * NCommander likes essential machines being noble gases, and slash boxes named after highly reactive elements :-)
[22:41:14] <xlefay> NCommander: how much bandwidth on oxygen?
[22:41:16] <paulej72> sounds better than lithium as the backup
[22:41:37] <NCommander> xlefay, that was a happy mistake. lithium is an extremely apt name for the dev server
[22:41:45] <xlefay> err
[22:41:51] <xlefay> paulej72: what NCommander said
[22:41:54] <paulej72> si
[22:41:57] * NCommander notes he was told that we don't have enough machines to justify the headache of LDAP
[22:42:08] <NCommander> ^- hahah, bitches, I was right. See, I have VISION!
[22:42:11] <xlefay> NCommander: that's bullshit ;-)
[22:42:18] <xlefay> I think ldap already paid itself off
[22:42:26] <NCommander> No fucking kidding
[22:42:34] <NCommander> even kerberos is paying dividines
[22:42:41] <xlefay> So how much bw does oxygen has?
[22:43:00] <NCommander> xlefay, I ... don't know?
[22:43:03] <xlefay> control panel?
[22:43:05] <paulej72> I would like a backup for boron though, I could be included on another lightly used box
[22:43:12] <NCommander> xlefay, checking.
[22:43:40] <NCommander> xlefay, I dunno, we could just keep using it until it stops working. That's the usual case for oxygen. You don't notice it until it suddenly goes away.
[22:44:09] <xlefay> If we have enough; we could even consider oxygen as another frontend server (for production) between the US & EU ;-)
[22:44:13] * NCommander speaks from personal experience on that.
[22:44:27] <NCommander> Part of being a firefighter is learning to deal with having !air
[22:44:39] <xlefay> lol ;)
[22:45:46] <xlefay> Or even use oxygen as the edge or staging
[22:45:59] <xlefay> Then we'll have enough boxes without having to get another one ;-)
[22:46:20] <NCommander> xlefay, it doesn't say
[22:46:40] <xlefay> That's gay, there isn't an expert mode available either?
[22:46:53] * xlefay notes he used to log into ovh.com directly.. guess they made a new panel for kimsufi's
[22:47:08] <NCommander> xlefay, http://lowendtalk.com
[22:47:26] <NCommander> xlefay, I'm not in love with them. oxygen is our big hocking harddrive in the cloud
[22:47:28] <NCommander> Lets keep it that way
[22:47:33] <xlefay> NCommander: ignore that one...
[22:47:39] <xlefay> it says managerv3, which isn't what you have apparently
[22:48:19] <NCommander> Yeah
[22:48:21] <NCommander> This manager sucks
[22:48:38] <Landon> cosurgi: it's run every minute, even! just need to store the results
[22:48:50] <Landon> but I assumed the SN database would have account creation times, so I didn't bother making it too fleshed out
[22:48:53] <xlefay> https://www.ovh.com try signing in there NCommander
[22:48:53] <NCommander> xlefay, honestly, this is fine for backup, but we'd be nuts for a dedicated server w/ them
[22:49:01] <xlefay> How so?
[22:49:15] * xlefay notes OVH network set up is fucking bullshit btw
[22:49:28] <xlefay> least I remember it being trippy as hell
[22:49:42] <NCommander> ah
[22:49:44] <xlefay> gateways in different subnets, etc.. maybe they fixed that now
[22:49:47] <NCommander> I need my customer id
[22:50:36] <NCommander> and make an account
[22:50:40] <NCommander> xlefay, god, this is fucking balls
[22:50:42] <xlefay> ah forget about it then
[22:50:47] <NCommander> xlefay, I'll look into it later
[22:50:51] <xlefay> ovh used to be so much better tbh
[22:50:59] <NCommander> xlefay, to be honest, I rather just keep going the course with linode
[22:50:59] <xlefay> back when kimsufi still had the OVH panel and crap
[22:51:21] <NCommander> xlefay, they're expensive, but the super is stupid good, the bandwidth is great, and we can go to per-meter billing if we want
[22:51:22] <xlefay> Long term, I think hetzner or equilevant is best for us ;)
[22:51:31] <NCommander> xlefay, I'm thinking co-locating with a bunch of boxes
[22:51:39] <xlefay> That's possible, but costy isn't it?
[22:51:41] * NCommander actually wants everything that is a seperate node to be a seperate physical machine
[22:52:11] <xlefay> Then you'll have to get at least a rack
[22:52:19] <xlefay> but we could go overboard :P
[22:52:34] <xlefay> and setup raspberry pi clusters :P and one service per cluster :D
[22:52:34] <NCommander> xlefay, I'm not hugely thrilled with VPSing within ourselves
[22:52:46] <NCommander> Its OK for linode and dedicated providers
[22:52:50] <xlefay> NCommander: it brings a lot of simplicity for us though
[22:53:12] <xlefay> Need a new dev server to play with? Clone, bam, it's up
[22:53:13] <NCommander> We could probably colocate edge/staging on the same box
[22:53:17] <NCommander> xlefay, oh, tahts OK
[22:53:27] <NCommander> But production/user-facing should be dedicated HW
[22:53:30] <xlefay> Agreed
[22:53:31] <NCommander> (aka, critical shit)
[22:53:38] <NCommander> With the exception of lithium and oxygen, thats everything
[22:54:01] <NCommander> Which honestly means linode is roughly in the right market w.r.t. to pricing
[22:54:37] <NCommander> xlefay, since we also don't get CPU throttled
[22:54:50] <xlefay> I think linode is pretty pricey, but then again you probably pay some for support in the monthly fee too
[22:55:00] <NCommander> I rather have that then have shit break on the backend
[22:55:15] <NCommander> If we need to go larger than Linode 4096s, then its time to upgrade
[22:55:36] <NCommander> xlefay, the other nice feature is that bandwidth is pooled
[22:55:46] <NCommander> xlefay, when boron came up, another TB was added to our total bandwidth
[22:56:02] <xlefay> Which is nice till a server gets it's ass DDoS'd heavily
[22:56:10] <xlefay> depending of course how linode deals with that
[22:56:34] <NCommander> xlefay, eh, what would per node bandwidth get us
[22:56:42] <NCommander> They could just fire at each node round-robin
[22:57:10] <xlefay> That's true also, but they'd still need to know each node ;)
[22:57:26] <xlefay> iirc, not every node is publicly advertised (well, the IPs and shit)
[22:57:26] <NCommander> xlefay, do we just want to plug a loadbalancer in?
[22:57:39] <xlefay> Can Varnish handle it for now?
[22:57:42] <NCommander> Yeah
[22:57:48] <NCommander> We're fine. Round-robin DNS should do the trick
[22:57:49] <xlefay> And the load balancer, is it near plug 'n play?
[22:57:54] <NCommander> xlefay, as best I can tell
[22:58:07] <NCommander> $20 USD p month is chump change for load balancing
[22:58:11] <xlefay> Then I'd wait, if it took a shitload of configuring, I'd say better sooner than later
[22:58:43] <xlefay> (e.g. you don't want to get caught with your pants down configuring when you really need it [the load balancer, that is])
[22:58:47] <xlefay> btw Landon, you here?
[22:59:29] * xlefay just holy shit'd on stats.pl
[22:59:39] <NCommander> xlefay, oh, BTW
[22:59:46] <NCommander> xlefay, linode only charges outgoing bandwidth, not in
[22:59:54] <xlefay> Are they serious? Those graphs looks like they were drawn by a four year old
[23:00:00] <xlefay> NCommander: ooh that's nice!
[23:00:07] <NCommander> xlefay, so I think the point boot
[23:00:08] <NCommander> *moot
[23:00:14] <xlefay> Yeah, it is now hah
[23:00:16] <NCommander> As long as we're rate limiting, we aren't going to get killed
[23:00:23] <NCommander> Unless we host a 2 GiB file somewhere
[23:00:33] <NCommander> New Policy: stuff bigger than a meg gets bittorrented :-P
[23:00:50] <xlefay> So, effectively, our nodes don't even pay for communicating with each other except for oxygen but that's low traffic atm
[23:00:52] <xlefay> *atm*
[23:01:16] <NCommander> BIngo
[23:01:25] <NCommander> Linode actually justifies that damn price tag
[23:01:46] <NCommander> As long as our monthing expenses don't float to over 500 USD, I'm pretty happy just adding what we need
[23:02:01] <xlefay> cosurgi: http://www.imgdumper.nl
[23:02:14] <xlefay> NCommander: yeah makes sense
[23:02:39] <NCommander> xlefay, I do consider linode an internim solution, but we can wait six months to a year before seriously looking at migrating
[23:02:48] <NCommander> xlefay, I need to get linode to move my personal node off the account though
[23:02:53] <NCommander> (there's one you can't see called lighthouse)
[23:02:58] <xlefay> aah I see ;-)
[23:03:22] <xlefay> hah
[23:03:35] <xlefay> least linode checks access at each URL, that's good ;-)
[23:03:43] <xlefay> "Access denied" :P
[23:03:47] <NCommander> heh
[23:03:53] <cosurgi> xlefay: nice! :)
[23:03:58] <NCommander> As I said, they're pricy, but its a justified price tag
[23:04:14] <NCommander> I've heard Linode Managed is amazing, but I don't think we need it
[23:04:53] <xlefay> hehe, never used linode before but I can see the appeal
[23:05:26] <xlefay> It also explains why we haven't even used 100 GB bandwidth
[23:05:34] <paulej72> NCommander: when setting up slash how do you set which plugins to load?
[23:06:03] <cosurgi> [A
[23:06:06] <NCommander> paulej72, install-slashcode asks
[23:06:11] <cosurgi> oops :)
[23:06:14] <xlefay> mechanicjay: ping?
[23:06:19] <mechanicjay> xlefay: yo
[23:06:26] <cosurgi> time for me to sleep, goodnight
[23:06:27] <NCommander> paulej72, the Achievements and Firehouse plugins got disabled, but there files are still lingered
[23:06:31] <xlefay> in the dns file, 'rt'?
[23:06:33] <NCommander> And their crap is still in the database
[23:06:59] <mechanicjay> ah yeah, there's been this dream since the inception of altslash to have some sort of internal ticket tracking system....
[23:07:13] <mechanicjay> I had rt mostly configured at some point, but without ldap, it was kind of useless
[23:07:24] <mechanicjay> in the move between linodes boxes some perl stuff got lost.
[23:07:29] <xlefay> Ah I see
[23:07:57] <mechanicjay> I want to get it back together and hook it up with ldap so we can track some bigger initiatives withing in sys
[23:08:11] <NCommander> mechanicjay, we can put it on beryl- oh wait
[23:08:12] * NCommander ducks
[23:08:13] <xlefay> haha referring to this weekend? :P
[23:08:29] <mechanicjay> The dream is that for bigger stuff, if I have a few hours to beat on something I can, dump a status update in the ticket, then you can do the same the next day, etc.
[23:08:44] <xlefay> Yes, most definitely a good idea
[23:08:54] <NCommander> Honestly
[23:08:55] <xlefay> also, thoughts on some sort of version control for config files and such?
[23:08:56] <NCommander> If Launchpad had git
[23:09:07] <NCommander> I'd move us there for code management
[23:09:35] <mechanicjay> Yeah, I'd love some sort of repo for config files. I do that all the time here where we dont have any sort of config management or deployment automation.
[23:09:48] <mechanicjay> okay, so I just ran a really interesting report out of the database
[23:10:13] <xlefay> Yeah, but what would be the most logical set up for something like that?
[23:10:24] <mechanicjay> Story title, hits, comment count, hits/comments percentage
[23:10:34] <NCommander> mechanicjay, hits is skewed due to varnish
[23:10:41] <NCommander> logged in users get counted
[23:10:43] <NCommander> ACs don't
[23:10:45] <mechanicjay> I think that's clickthroughs, though isn't it?
[23:10:48] <NCommander> yeah
[23:10:52] <NCommander> THat comes on the stats email as well
[23:11:05] <NCommander> I accidently self-spammed us so the total hit count is off by ~approximately 10 M
[23:11:08] <mechanicjay> regardless, it's interesting to see at a whole, what stories generated the hits and comments
[23:11:20] <mechanicjay> excel link:
[23:11:26] <mechanicjay> archives.smbfc.net/uploads/soylentnews/stories.xlsx
[23:11:31] <xlefay> xlsx...
[23:12:08] <mechanicjay> libreOffce calc link:
[23:12:10] <mechanicjay> http://archives.smbfc.net
[23:12:46] <xlefay> mechanicjay: the xlsx works fine in libreoffice here ;-)
[23:12:55] <mechanicjay> xlefay: yes, but it's dirty
[23:13:02] <xlefay> it sure is!
[23:13:04] <mechanicjay> :)
[23:13:26] <xlefay> I notice that the first 10 are all related to SN
[23:13:38] <mechanicjay> anyway, would it be worth putting a git server on oxygen and using that as our origin server for server configs?
[23:13:40] <xlefay> So, obviously, drama works well for generating traffic and comments.
[23:14:29] <xlefay> mechanicjay: oxygen is primarily backup but I can see that happening. So, how would we deploy such a system?
[23:15:08] <mechanicjay> As it's backup, it's perfect. If we need to redeploy a system because it's completely owned, our configs are safe and sound.
[23:15:11] <NCommander> mechanicjay, I rather just package them up
[23:15:22] <NCommander> mechanicjay, then apt-get install li69422-config
[23:15:43] <NCommander> dpkg's conffiles mechanism allows us to write the ffiles and make sure they never get clobbered
[23:16:14] <mechanicjay> NCommander: you're the packaging expert
[23:16:38] <mechanicjay> do, when a config gets tweaked, do you need to repackage it?
[23:16:50] <NCommander> mechanicjay, just update the config, then run apt-get dist-upgrade
[23:16:58] <NCommander> Package updating is *easy*
[23:17:01] <NCommander> its three commands
[23:17:06] <xlefay> Can we add a commit message in there, for instance?
[23:17:07] <NCommander> dch -i (create new change)
[23:17:09] <NCommander> *make edits*
[23:17:13] <NCommander> dpkg-buildpackage -S
[23:17:15] <NCommander> dput
[23:17:17] <xlefay> oh
[23:17:19] <NCommander> (ok, four commands)
[23:17:20] <mechanicjay> xlefay: if you sort by percent_comments it's pretty interesting too.
[23:17:23] <xlefay> I see what you're doing now
[23:17:44] <NCommander> We can store the package on github
[23:17:54] <NCommander> And then use landscape or something similiar to fire to all nodes at once
[23:18:02] <NCommander> I need to get you guys landscape sub accounts
[23:18:09] <mechanicjay> NCommander: indeed!
[23:18:12] <xlefay> ^^^^^^^^^^^^^
[23:18:33] * mechanicjay is humbled by how much he's learning the last few weeks.
[23:18:45] <xlefay> ^ me too, but for me it's the past few days
[23:18:50] <xlefay> they've been crazy ;-)
[23:18:52] Cyprus|mountingswitches is now known as Cyprus|shootme
[23:18:58] * xlefay shoots Cyprus|shootme
[23:19:18] <NCommander> mechanicjay, xlefay alternatvely, we can go the juju route
[23:19:26] <NCommander> juju deploy li69422-configs
[23:20:09] <xlefay> I'm talking about minor config changes though, e.g. if we can see the changelog, see revisions, revert, etc.. something like that would be neat, does apt-get allow for that per machine basis?
[23:20:30] <NCommander> xlefay, yes, but we'd have to have a local package repo
[23:20:32] <xlefay> e.g. with documentation ready via such a mechanism, we can avoid a lot of crap in the future
[23:20:35] <NCommander> Launchpad deletes old packages
[23:20:49] <NCommander> But apt-get install li69422-configs=X lets you install specific versions
[23:20:57] <xlefay> and that could work per machine basis?
[23:21:00] <NCommander> Yeah
[23:21:02] <xlefay> just a diff packname?
[23:21:05] <NCommander> Yup
[23:21:28] <NCommander> We can pin configurations on specific machines
[23:21:39] <NCommander> If we don't want to upgrade the package on a given node
[23:21:44] <NCommander> (aptitude hold *pkg)
[23:21:49] <NCommander> Which prevents an auto-upgrade
[23:22:03] <xlefay> And where would we store those? e.g. configs that shouldn't be shared?
[23:22:41] <mechanicjay> xlefay: right, it's be nice to know why we needed to tune the apache config on node x. I value changelogs like that -- especially useful in troubleshooting -- ie. what changed in the last 2 weeks?
[23:23:07] <NCommander> mechanicjay, built right into the package
[23:23:13] <NCommander> mechanicjay, you have to physically create a new changelog entry to upload
[23:23:19] * xlefay was literally considering throwing some configs on git (our own private) but.. I would prefer APT if that's viable in the way we need it, which sounds like it does ;-)
[23:23:21] <mechanicjay> NCommander: ah
[23:23:37] <NCommander> I rather have the configs open
[23:23:42] <NCommander> Expect for SSL keys and such
[23:23:48] <NCommander> Debian does that
[23:24:02] <NCommander> Aside from their openssh SNAFU, it worked well
[23:24:43] <NCommander> mechanicjay, xlefay : aptitude changelog *pkg* is what you want
[23:24:44] <NCommander> hello (2.8-4) unstable; urgency=low
[23:24:44] <NCommander> * Added '-n' to all debian/rules gzip calls to help the build to be
[23:24:44] <NCommander> binary-reproducible. Closes: #719848.
[23:24:44] <NCommander> * Updated config.guess and config.sub.
[23:24:44] <NCommander> -- Santiago Vila <sanvila@debian.org> Fri, 16 Aug 2013 09:50:00 +0200
[23:24:45] <NCommander> hello (2.8-3) unstable; urgency=low
[23:24:47] <NCommander> * Quote prefix in make install to fix FTBFS when there are spaces
[23:24:49] <NCommander> in the working directory. Closes: #696855. Thanks to Dmitrijs Ledkovs.
[23:24:51] <NCommander> -- Santiago Vila <sanvila@debian.org> Wed, 13 Feb 2013 11:24:42 +0100
[23:25:00] <xlefay> naturally, we want configs open but I'm wondering what if there's a config we don't want shared but I'm coming up empty..
[23:25:24] <NCommander> ^- xlefay how's that look?
[23:26:12] <xlefay> Looks good; so, we'd need the package source/deb locally, and repackage that every time we update a config?
[23:26:13] <mechanicjay> Generally the only configs we don't open are things that have credentials in them, and that's easily enough done with some sort of exclude
[23:26:25] <NCommander> xlefay, yeah
[23:26:35] <NCommander> mechanicjay, we should migrate LDAP to auth against kerberos
[23:26:43] <NCommander> That's the only thing that requires a shared password off the top of my head
[23:26:52] <xlefay> To be honest, the repackaging does seem dreadful compared to a simple "git commit -m 'something';git push"
[23:26:53] <NCommander> If we do krb auth, then there are no passwords in our config files
[23:27:03] <NCommander> xlefay, dch -i is bad?
[23:27:09] <xlefay> NCommander: no it isn't
[23:27:14] <NCommander> THis is a native package
[23:27:16] <xlefay> ooh FML
[23:27:18] <NCommander> no original source to fuz with
[23:27:25] <xlefay> we don't need to recompile ;')
[23:27:26] <NCommander> It will generate a .tar.gz automatically when you dpkgpackage -S
[23:27:29] <xlefay> aah my mind was elsewhere
[23:27:35] <mechanicjay> right, I was also briefly thinking about various application configs.
[23:27:38] * NCommander apt-get installs mind on xlefay
[23:27:48] <NCommander> mechanicjay, yeah, LDAP the one place with a shared key
[23:27:58] <NCommander> If we change that to autheticate against kerberos using kerberos host keys
[23:27:59] <NCommander> That's fine
[23:28:05] <NCommander> It just means touching the slapd config file
[23:28:08] <NCommander> *WINNNNE*
[23:28:16] <xlefay> We would probably also include deploy/update scripts
[23:28:18] <NCommander> (also means ifkerberos shits itself, LDAP goes with it)
[23:28:27] <NCommander> xlefay, Depends line, we can pull in a common set of packages
[23:28:38] <xlefay> I'm talking about ssh config for instance
[23:28:47] <xlefay> e.g. so the listen gets set correctly, etc.
[23:28:53] <NCommander> xlefay, sed magic
[23:28:59] <xlefay> naturally
[23:29:00] <NCommander> put that in the postinst
[23:29:47] <mechanicjay> gentlemen: I must leave my place of employment and go home to my wife and children now.
[23:29:48] * NCommander notes we could also look at something like packet
[23:29:51] <xlefay> Sounds good, I'll test it some with charybdis ;-)
[23:29:53] <NCommander> *puppy
[23:29:57] <NCommander> *puppet
[23:29:58] <NCommander> just saying
[23:29:59] <xlefay> mechanicjay: ciao :)
[23:30:03] * NCommander knows Debian uses puppet
[23:30:10] <mechanicjay> later guys :)
[23:30:18] -!- mechanicjay has quit [Quit: Leaving.]
[23:30:22] <xlefay> Yeah, we should look at our options ;)
[23:30:36] <xlefay> So how about that landscaping? :)
[23:30:43] -!- pbnjoe has quit [Quit: Leaving]
[23:30:44] <xlefay> <---- wants to see it :P
[23:30:50] <NCommander> xlefay, I need to check with Canonical
[23:30:56] <NCommander> To make sure I can use landscape for this
[23:31:17] <xlefay> pbnjoe has a weird client. He first /part's all channels and then disconnect from the BNC...
[23:31:21] <xlefay> NCommander: ah I see :)
[23:31:34] <xlefay> in fact, he /quit's -.-
[23:31:59] <xlefay> scrap that.... he's only using his BNC for idlerpg ... ;')
[23:32:32] Cyprus|shootme is now known as Cyprus
[23:37:23] -!- mode/#staff [+v Cyprus] by SkyNet
[23:39:38] <NCommander> xlefay, actually
[23:39:41] <NCommander> In all seriousness
[23:39:54] <NCommander> I think I might write a book about our sys administration
[23:40:18] <NCommander> "Practical System Administration for Ubuntu"
[23:58:52] -!- Cyprus has quit []
[23:59:17] -!- Cyprus [Cyprus!~Bob@2001:470:e2cf:qw:tigt:gjhu:tphg:zlyr] has joined #staff