#staff | Logs for 2014-03-27

« return
[00:05:33] <xlefay> morning
[00:06:07] <xlefay> NCommander: am now
[00:08:24] <NCommander> Need to get 762 MB of archives.
[00:08:24] <NCommander> After this operation, 1309 MB of additional disk space will be used.
[00:08:31] <NCommander> ^- ubuntu kernel build dependencies
[00:08:34] <NCommander> .... WTF kernel team
[00:09:02] <MrBluze> lol
[00:09:06] <MrBluze> thats more than it used to be
[00:09:11] <MrBluze> i used to compile my kernels all the time
[00:09:46] <NCommander> MrBluze, I'm trying to get my copy of TianoCore to start GRUB (works), then start a kernel (failing)
[00:10:33] <MrBluze> hmm
[00:10:41] <MrBluze> where is it failing?
[00:16:21] <NCommander> MrBluze, the compiled kernel Ubuntu ships is in the wrong binary format
[00:16:24] <NCommander> I need the EFI Stub
[00:16:29] <NCommander> We ship a vmlinuz file
[00:17:44] <MrBluze> ah ok .. that's fair enough
[00:18:10] <MrBluze> and the UEFI doesnt have a bios compatibility mode
[00:18:14] <MrBluze> like refit
[00:19:23] <MrBluze> https://help.ubuntu.com
[00:19:50] <NCommander> MrBluze, it does (in the form of CSMs) but this is ARM 64, not Intel
[00:20:19] <MrBluze> oh.. what poota u got doing this?
[00:20:33] <MrBluze> an ipad or something?
[00:23:42] <MrBluze> oh i see.. yes, u need to recompile - but a gb of source is a lot
[00:24:09] <xlefay> NCommander: can you forward my reply to audioguy? I'm not in his whitelist ;-)
[00:24:11] <MrBluze> kernel 3.3.0 +
[00:26:19] -!- Cyprus [Cyprus!~Cyprus@q-10-08-393-259.hsd3.tn.comcast.net] has joined #staff
[00:27:54] <audioguy> What?
[00:28:08] <audioguy> you got a bounce xlefay?
[00:28:14] <audioguy> Moringing ;-)
[00:28:19] <audioguy> morning.
[00:28:19] <xlefay> Yes, it bounces me around :P
[00:28:24] <xlefay> Morning :)
[00:28:29] <MrBluze> morgign
[00:29:06] <audioguy> I thought I whitelisted you but the system has changed so I amy need to do that again, hold on a sec...
[00:29:11] <NCommander> ugh
[00:29:16] <NCommander> kernel still compiling
[00:29:19] <xlefay> tl;dr version: you assumed soylentnews.org. is used internally, while it's not, boron.soylentnews.org. doesn't resolv, boron.li694-22. however does, also, 'ssh boron', 'ssh beryllium' etc.. it all works because /etc/resolv.conf has that "domain entry" :)
[00:29:29] <xlefay> NCommander: ignore the forward, tl;dr version suffices ;)
[00:29:41] <xlefay> ugh kernels, always hate compiling those ;-)
[00:29:53] <MrBluze> on an ARM64 it takes forever
[00:30:10] <MrBluze> on my raspberry pi it takes for-ever
[00:30:16] <MrBluze> ++
[00:30:50] <xlefay> http://raspberrycolocation.com
[00:30:53] <xlefay> ^^^^^^^^^^^^ =awesome;
[00:31:22] <MrBluze> so, for the price of 2 raspberry pi's
[00:31:31] <MrBluze> u can let someone else look at everything you do on your raspberry pi
[00:31:59] <xlefay> lol, no you get it in a DC, with a nice connection ;-)
[00:32:10] <xlefay> Which is useful, if you've got a high priority VPN, etc.
[00:32:16] <NCommander> xlefay, pfft, didn't I announce our plans to put everything on ARM as soon as someone ships hardware :-)
[00:32:17] * NCommander ducks
[00:32:30] <MrBluze> beowulf cluster etc
[00:32:42] <xlefay> LOL! Now, that I would fine absolutely awesome, let's do it!
[00:33:01] <NCommander> xlefay, I'd be absolutely stroked if someone offered non-x86 hosted server
[00:33:06] <audioguy> xlefay, where were you sending from, so far I see nothing today except one from clients.yourserver.de that might be a candidate
[00:33:09] <MrBluze> this website is powered by recycled electrons, raspberries and pie
[00:33:13] <xlefay> audioguy: correct.
[00:33:25] <xlefay> MrBluze: pies*
[00:33:29] <NCommander> pis don't have enough RAM for slash w/ our loadcount
[00:33:33] <xlefay> pie's*?
[00:33:35] <audioguy> that is where your mail is coming from?
[00:33:39] <xlefay> audioguy: correct.
[00:33:47] * NCommander notes we could theorically just put a LOT of pies in a datacentre but ...
[00:33:47] <MrBluze> not pi's
[00:33:54] <audioguy> I thought you were in .nl?
[00:33:58] <xlefay> audioguy: correct.
[00:34:09] <MrBluze> but u could have a beowulf cluster of rooted samsung s4's
[00:34:15] <xlefay> Just because I'm NL, doesn't mean I can't have a server in DE ;-)
[00:34:17] <MrBluze> or the like
[00:34:40] <audioguy> yes, of course, just a little surprising ;-)
[00:34:57] <xlefay> :-)
[00:34:57] <MrBluze> ill have a look
[00:36:19] <MrBluze> beagleboard has 512mb ram
[00:36:48] -!- pbnjoe [pbnjoe!~pbnjoe@Soylent/Users/313/pbnjoe] has joined #staff
[00:37:20] <MrBluze> hackberry has 1gb
[00:37:38] * NCommander strongly debates install Ubuntu Phone on his Nexus 5
[00:37:56] <MrBluze> marsboard 8gb
[00:38:40] <MrBluze> $60USD
[00:39:00] <audioguy> xlefax is that a server you have control of? or is this using the providers general outgoing mail?
[00:39:03] <MrBluze> .. it has 1gb and 4gb on-board flash .. sorry
[00:39:14] <xlefay> audioguy: it's this IRC server actually. I control it, yes.
[00:39:25] <audioguy> (trying to figure out how widely I need to allow mail in)
[00:39:54] <audioguy> address
[00:40:02] <audioguy> Correct?
[00:40:34] <xlefay> Correct.
[00:41:41] <MrBluze> does ubuntu phone install on a samsung s4?
[00:41:55] <NCommander> MrBluze, can't speak for marsboard, but the problem is the Corterx A9 process is for cell phones, it kinda sucks with server workloads
[00:42:21] <audioguy> OK, both that servers ip and your xander email address whitelisted, please try a send again.
[00:42:42] <audioguy> Hopefully this shoulod fix that problem for good. ;-)
[00:42:56] <NCommander> MrBluze, holy crap, marsboards website is fucking bonkers
[00:43:35] * MrBluze laughs, yes it is
[00:44:34] <MrBluze> hackberry is A10
[00:44:57] <NCommander> xlefay, I'm thinking about setting up a staff etherpad to replace gdocs
[00:44:58] <MrBluze> wtf.. 1.0GHz Allwinner A10 ARM Cortex A8
[00:45:06] <NCommander> xlefay, we can use mod_auth_krb5 for single signon :-)
[00:45:07] <xlefay> NCommander: fuck yes!!!!!!!!!
[00:45:08] <MrBluze> so which is it.. A10 or A8
[00:45:13] <xlefay> etherpad = awesome!
[00:45:25] <NCommander> kerberosed etherpad == more awesome
[00:45:34] <xlefay> dang, I bet!
[00:46:07] <audioguy> Is there a nominal mail admin here?
[00:47:25] <xlefay> Meaning?
[00:47:26] <NCommander> audioguy, mechaniacjay
[00:47:32] <NCommander> xlefay, the guy that fiddles with postfix
[00:47:53] <audioguy> Meaning who is the expert on postfix ;-)
[00:47:53] <xlefay> "nominal" means 'by name only', doesn't that imply "but isn't really a mail admin"?
[00:48:04] <xlefay> ah, I thought I misunderstood nominal
[00:48:23] <audioguy> There is not specific mail admin listed on wiki
[00:48:46] <xlefay> ah ok
[00:49:02] <NCommander> xlefay, audioguy: BTW, here's a decent way we can do system to system kerberos auth http://www.faqs.org
[00:49:07] <audioguy> I had a quick look at postfix confix, and found a way to let single addresses go to user folders in about 3 minutes. ;-) So it is not impossible ;-)
[00:49:21] <audioguy> Do not want to step on anyones toes.
[00:49:46] <xlefay> audioguy: it isn't hard, but unless you do it correctly it's going to mess things up.
[00:50:29] <audioguy> Which is why I want whoever is most expert in postfix to do it. ;-)
[00:50:47] <audioguy> I'm a sendmail guy.
[00:51:24] * NCommander notes he likes sendmail in some respects
[00:51:29] <NCommander> Its very much set it and forget it
[00:51:48] <NCommander> But asking mere mortals to admin it is asking a lot
[00:52:07] <audioguy> There is actually a better way to resolve this problem though, which is to simply set up this mail system like 99.99 percent of the ones used by busineses who need to do web interface stuff
[00:52:34] <xlefay> Which is, exactly what MJ did
[00:52:57] <audioguy> NCommander: that was once thru. But after looking at postfix, they have added so many features siunce I last looked at it that I actually think sendmailmight be the easier one at this point.
[00:53:01] <audioguy> true
[00:53:20] <NCommander> audioguy, eh, we could just use qmail
[00:53:21] * NCommander ducks
[00:53:29] <audioguy> bleh
[00:53:48] <NCommander> audioguy, actually if/when we redo the mail system, I rather it just drop a normal spool and all staff have unix accounts attached to them
[00:53:50] * xlefay throws a pitchfork towards NCommander
[00:54:18] <xlefay> (of course, it was a rubber one)
[00:54:41] <audioguy> put a mail server on staff, that uses the main server as a hub. All incoming and outgoring mail from the internet goes throug the hub. Any mail for specific machine staff that is tagged to certain addresses goes there.
[00:54:47] <NCommander> xlefay, so, for oxygen getting on other machines, I think the sanist solution is just to give it a keytab to do its magic via the cron unattended feature
[00:55:06] <xlefay> Anyone else want an inflatible pitchfork?
[00:55:07] <NCommander> audioguy, I have no problems with that. I'd love to be able to SSH in, type alpine, and get my mail
[00:55:18] <NCommander> audioguy, (or mutt, or mail, or even elm if you feel nogastic)
[00:55:27] <audioguy> Exactly.
[00:55:52] <audioguy> So lets do it. If you used senmail I coullddo that iend in five minutes. ;-)
[00:55:53] <NCommander> audioguy, just remember our entire backend is spit and duct tape at this point. We're getting better but slow work :-/
[00:55:57] <audioguy> end
[00:56:04] <NCommander> audioguy, we need MILTER support
[00:56:12] * NCommander checks to see if Ubuntu ships milter ut of the box
[00:56:33] <audioguy> That woulod completely solve my problem and not reqwuire any wondy ssh access that you do not want.
[00:56:35] <xlefay> hm, let's not change the mail config at this time. Might I add, a lot of people don't even have unix accounts
[00:56:40] <audioguy> wonky
[00:56:45] <NCommander> Fortunately, simple thing can be done easily, and complex things
[00:56:45] <NCommander> are possible, even if not easily understood ;) Sendmail is the *ONLY*
[00:56:45] <NCommander> MTA with a Turing complete language to control *ALL* aspects of delivery!
[00:56:59] * NCommander notes apt-cache makes that sound like a good thing
[00:57:07] <audioguy> Yes, correct about sendmail.
[00:57:23] <NCommander> audioguy, actually, and you might want to smack me for this
[00:57:35] <NCommander> audioguy, for transporting mail from the MTA to boron (if that's where we put it)
[00:57:40] <NCommander> This sounds like a job for UUCP :-)
[00:57:47] <xlefay> NCommander: actually... configuring postfix on boron right now
[00:57:55] <xlefay> so it can send alerts and all... for nagios
[00:57:58] <audioguy> No, it is too slow.
[00:58:13] <NCommander> xlefay, er ... ssmtp probably simpiler
[00:58:17] <NCommander> smarthost and shit
[00:58:31] <xlefay> NCommander: that won't do us any good if SVC is down and it's trying to alert us about it
[00:58:41] <xlefay> I was going to do ssmtp... but it doesn't make sense
[00:58:55] <NCommander> xlefay, <smartass>but we won't get email responses if boron is down then </smartass>
[00:59:09] <audioguy> No Nc, it must be able to reciece mail from the main machine, (and only from the main main server)
[00:59:13] <audioguy> receive
[00:59:13] <xlefay> Well, I don't expect us to be using @soylentnews.org e-mail addresses
[00:59:23] <xlefay> for nagios alerts, and such
[00:59:28] <audioguy> We are alrready.
[00:59:35] <audioguy> ah.
[00:59:42] <NCommander> THat's a fair expectation
[00:59:47] <NCommander> Less single point of failure++
[01:00:32] <NCommander> xlefay, I *really* like this kerberos cron/keytab mechanism
[01:00:37] <audioguy> the server on staff relays allits outgoing through the main server, and gets mail ONLY from the main server
[01:00:48] <audioguy> Tha is how it is done.
[01:00:49] <NCommander> Means we can always see what can access what via ACLs and revocation is trivial
[01:01:09] <xlefay> NCommander: sounds good
[01:01:16] <NCommander> audioguy, I think xlefay intends boron to send mail directly so if svc takes a shit, we'll get an email about it
[01:01:32] <audioguy> OK.
[01:01:50] <xlefay> Correct
[01:01:52] <audioguy> Under the circumstances, a good idea.
[01:01:54] <NCommander> No critical infrastructure should be on boron exclusively; it can eat its own HDD and we have lost nothing that isn't easily replacable
[01:01:58] <MrBluze> we could install IIS and exchange?
[01:02:03] * MrBluze ducks
[01:02:17] <xlefay> Actually, zimbra isn't bad at all
[01:02:20] <NCommander> MrBluze, ... if we went that route, we'd have trivial LDAP and kerberos up already
[01:02:27] * NCommander stabs MrBluze for good measure
[01:02:43] <xlefay> Ha, finally someone who uses the inflatible pitchfork!
[01:02:48] <MrBluze> lol
[01:02:50] <audioguy> xlefasy please use normal user dirs for mail on staff, and use procmail for delivery agent
[01:02:51] <MrBluze> that tickled
[01:02:56] <audioguy> xlefay:
[01:03:09] <NCommander> xlefay, what audioguy said
[01:03:11] <xlefay> audioguy: I'm not going to do anything unnormal, all I care about is that it can send, it'll do regular maildirs and stuff
[01:03:18] <NCommander> xlefay, use the spool, not maildir
[01:03:26] <NCommander> With procmail, we can set individual forwards in .forward
[01:03:37] <NCommander> But keep a copy of mail locally, so we can always SSH in and mutt it
[01:03:44] <NCommander> audioguy, approve?
[01:03:48] * xlefay mutters that suggestions
[01:03:51] <xlefay> -s
[01:03:53] <audioguy> If you use procmail for delivery, it is easy to have most users on spool, and seletc maildir for apps like mine.
[01:04:05] <xlefay> OK, but this isn't intended to replace SVC's mail eh
[01:04:10] <NCommander> audioguy, and for people who want it to go elsewhere, .forward is an option
[01:04:13] <NCommander> God, I feel retro
[01:04:19] <audioguy> yes,
[01:04:21] <NCommander> We should setup kerberosized finger, so I can have a .plan
[01:04:37] <NCommander> actually ...
[01:04:40] <NCommander> That's probably a good idea
[01:04:45] <audioguy> And the old days treated users as actual intelligent people who should have some control over their own stuff.
[01:05:01] <NCommander> audioguy, Since then we can put staff information on LDAP in-case-of-emergency, anyone can finger it out of the DB
[01:05:02] <xlefay> audioguy: and we're still paying for that mistake today
[01:05:29] <audioguy> ?
[01:05:52] <paulej72> I don’t want anyone fingering me unless they wash their hands.
[01:05:56] <xlefay> !grab paulej72
[01:05:56] <DashComma> Added quote 92
[01:06:17] <audioguy> paulej72: If she is pretty enough, you wan't even notice.
[01:06:19] * xlefay ponders moments to take that out of context... ;-)
[01:06:25] * MrBluze gets B to wash his hands
[01:06:29] <xlefay> LOL!!
[01:06:34] <NCommander> No wonder I felt dirty
[01:06:55] <MrBluze> that was priceless, paulej72 :)
[01:07:04] <MrBluze> even i couldnt come up with something like that
[01:07:09] <paulej72> made me laugh too
[01:07:24] <NCommander> oooh
[01:07:25] <NCommander> finger-ldap
[01:07:31] <NCommander> Ubuntu: there's a package for that
[01:08:17] <paulej72> I need to leave work and go home be back soon
[01:08:26] <MrBluze> don't forget to wash your hands
[01:08:33] * NCommander notes we need tighter permissions on LDAP if we're going to setup finger services
[01:08:39] <NCommander> So only staff can finger each other
[01:08:41] <xlefay> ........ LOL
[01:08:44] <xlefay> !grab NCommander
[01:08:44] <DashComma> Added quote 93
[01:08:53] <NCommander> !quote NCommander
[01:08:53] <DashComma> Quote 0 - <NCommander> mattie_p, I dunno, are you going to mail me an explosive device if I have you edit ANOTHER 3k novel?
[01:08:55] <xlefay> Honestly, what were they thinking when they made up that name?!
[01:08:57] <DashComma> Also in quotes: 2, 5, 6, 7, 8, 9, 10, 11, 12, 13, 15, 17, 18, 19, 21, 22, 23, 25, 27, 28, 29, 30, 31, 32, 33, 35, 37, 42, 43, 46, 52, 53, 54, 55, 58, 61, 62, 66, 79, 80, 81, 82, 83, 84, 85, 86, 87, 89, 90, 91, 93
[01:09:12] <MrBluze> gtg theatre
[01:09:19] <MrBluze> cyas
[01:09:21] <NCommander> At the rate I'm going, I'm going to be declared an illegal monopoly on the quotes db
[01:09:32] <xlefay> MrBluze: just be careful with people who washed their hands ;)
[01:09:39] <xlefay> s/with/around/
[01:09:42] <MrBluze> ;)
[01:09:51] <xlefay> NCommander: you didn't already? :)
[01:10:18] <xlefay> uh... I just hope nothing is breaking in Apache ... ;)
[01:10:33] MrBluze is now known as MrBluze|afk
[01:10:41] <xlefay> apt-get seems to be messing with it a bit
[01:10:57] * NCommander gets indigestion
[01:10:57] <NCommander> http://left.subtree.org
[01:10:57] <NCommander> We probably want this
[01:10:57] <NCommander> So staff can manage themselves in LDAP
[01:11:03] <NCommander> But that means playing with the ACLs in slapd
[01:11:03] <audioguy> I haven't tried to run it yet. I am pretty sure it needs to be able all the names it serves, which it cannot at the moment dues to the dns setup.
[01:11:15] <NCommander> BUT
[01:11:15] <xlefay> heh...
[01:11:17] <NCommander> What I want is
[01:11:18] <audioguy> able to resolve
[01:11:18] <xlefay> the DNS works just fine
[01:11:24] <NCommander> the ability for staff to update their own SSH keys
[01:11:27] <audioguy> No it does not.
[01:11:29] <xlefay> Your assumptions, however were wrong.
[01:11:32] <NCommander> And put in important contact information
[01:11:44] <NCommander> Which can then be retrieved via finger
[01:11:46] <NCommander> on boron
[01:12:07] <NCommander> LDAP supports kerberosized authetication
[01:12:10] <NCommander> So that's easy
[01:12:15] <audioguy> It cannot resolve its own address boron.soylentnews.org
[01:12:21] <xlefay> because that's not it's hostname!!!
[01:12:29] <xlefay> hostname -f
[01:12:32] <audioguy> IT is ONE of its hostnames
[01:12:32] <NCommander> what xlefay said
[01:12:38] <xlefay> No, it's not
[01:12:38] <NCommander> audioguy, no, its not
[01:12:47] <NCommander> its FQDN is boron.li694-22
[01:12:52] FoobarBazbot|afk is now known as FoobarBazbot
[01:12:59] <audioguy> Only on the internal network
[01:13:12] <NCommander> audioguy, right, and?
[01:13:34] <audioguy> It needs to be able to resolve its internet facing names as well?
[01:13:49] <xlefay> What needs to be able to resolve internet facing names?
[01:13:59] <audioguy> Its internal resolver.
[01:13:59] <NCommander> audioguy, boron.soylentnews.org isn't defined in DNS
[01:13:59] <NCommander> staff.soylentnews.org is, and that resolves properly
[01:14:06] <NCommander> audioguy, it does
[01:14:18] <xlefay> It does, just not the names you thought about
[01:14:37] <NCommander> mcasadevall@boron:~$ ping staff.soylentnews.org
[01:14:37] <NCommander> PING staff.soylentnews.org ( 56(84) bytes of data.
[01:14:37] <NCommander> 64 bytes from li204-21.members.linode.com ( icmp_req=1 ttl=64 time=0.034 ms
[01:14:38] <audioguy> dig staff - no name
[01:14:53] <xlefay> ;; ANSWER SECTION:
[01:14:55] <xlefay> staff.soylentnews.org. 276 IN A
[01:15:01] <NCommander> xlefay, no, he means it raw
[01:15:09] <NCommander> xlefay, its not in domains which causes it not to autolookup
[01:15:18] <xlefay> NCommander: actually, it's because he uses dig
[01:15:23] <NCommander> and we don't have that alias in the local zone file
[01:15:32] <xlefay> nslookup staff
[01:15:33] <xlefay> staff.li694-22 canonical name = boron.li694-22.
[01:15:52] <xlefay> works fine.. dig just doesn't get the /etc/resolv.conf domain name (nor should it)
[01:16:05] <audioguy> Dig ids what is SUPPOSED to be used. nslookup is incompete and binf has been trying to get ride of it for years.
[01:16:11] <audioguy> bind
[01:16:17] <NCommander> Dig works fine if you do staff.li694-22
[01:16:21] <xlefay> Then: dig staff.li694-22.
[01:16:22] <audioguy> but too many low level isp people use it.
[01:16:29] <xlefay> dig pub.staff.li694-22.
[01:16:37] <audioguy> staff is one of the machines names.
[01:16:52] <audioguy> This is the most ridicouls dns setup I have ever seen.
[01:17:14] <audioguy> What do you thingk you are accompishing by not having these names resolve?
[01:17:34] <audioguy> The resolution is ONLY internal, it is not like you are leaking shit
[01:17:38] <NCommander> audioguy, that I don't want to do the infrastructure twice, and that kerberos requires rdns to work properly so having a TLD we control with a meanless name was a good thing?
[01:18:32] <audioguy> I am not saying the internal name shouldnot be used, just that all the external names need to resolve internally.
[01:18:45] <NCommander> audioguy, which they do. We don't define machine names in the public DNS
[01:18:49] <audioguy> What is the cannonical name of boron?
[01:19:07] <NCommander> audioguy, boron.li694-22
[01:19:19] <xlefay> boron.li694-22. if we're going to be exact.
[01:19:20] <NCommander> which is what hostname -f reports
[01:19:24] <NCommander> and reserve dns responses
[01:19:31] <audioguy> That does not work on the internet, it is an internal name only.
[01:19:48] <audioguy> Whay is its cannonical name fopr internet purposes?
[01:19:58] <NCommander> audioguy, staff.soylentnews.org
[01:19:59] <xlefay> if you really, really want this so badly. I can set up the A records if you like for soylentnews.org...
[01:20:02] <NCommander> audioguy, which also resolved to the right place
[01:20:08] <NCommander> *resolves
[01:20:21] * NCommander notes status.soylentnews.org also goes to the same palce
[01:20:28] <audioguy> Then lets stop pretending its name is boron.
[01:21:08] <NCommander> audioguy, so should I call it status or staff?
[01:21:19] <NCommander> As they're both the same machine, but use vhosts for different pages
[01:21:33] <audioguy> Whatever its cannonical name is, for outside dns.
[01:21:58] <audioguy> The one listyed in the dns file as its root name
[01:22:02] * NCommander disconencted the machine name from the public names because machines get replaced or recycled, and having a unique name per machine is a good thing
[01:22:34] <audioguy> IThat is what dns is for: to be able to easily change them.
[01:22:43] <NCommander> audioguy, there are multiple names in the DNS for it
[01:22:43] <NCommander> staff and status
[01:22:58] <xlefay> Why do we even care about the public DNS name for it
[01:23:06] * NCommander thinks what audioguy wants is the machine to be boron.soylentnews.org, then have CNAMEs
[01:23:11] <audioguy> But it has a canonical name, and the canonical name is the one dns uses, and mail.
[01:23:48] <audioguy> A machine has a canonical name, it is the one in /etc.hostname
[01:23:51] <xlefay> NCommander: it doesn't really matter, I have to create boron.soylentnews.org anyway and set the PTR correctly
[01:24:05] <audioguy> It is the one that dns lists in the first line of the zone file.
[01:24:09] <NCommander> xlefay, ... should we just add all the machine names to the public zone?
[01:24:12] <NCommander> and CNAME them?
[01:24:21] * NCommander notes that will break if we ever round-robin DNS something
[01:24:26] <xlefay> NCommander: I don't give a rats ass about the public zone at this point, it all works perfectly fine.
[01:24:42] <audioguy> It will fail if youput a mail server on it.
[01:25:13] <xlefay> That isn't true... it all depends on how you configure the darn thing in the first place
[01:25:16] <NCommander> audioguy, ... how? beryllium, the mail server has the same exact setup, and its sending and receiving mail just fine
[01:25:37] <xlefay> NCommander: because nowadays, we can define the mail hostname in the mail config ;)
[01:25:47] <NCommander> sendmail has issues with FQDNs, I remember that distinctly, and you need serious M4 foo to make it work in that configuration, but I still feel that was sendmail being barroque
[01:26:03] <audioguy> If it must send mail to the internet, you use it canonical name, read the RFCs. And if it cannot resolve that it will not work right.
[01:26:32] <audioguy> Sendmail has no issue with that which I am aware of.
[01:26:37] <NCommander> audioguy, so for email, the record is pointed at to MX. So for soylentnews.org, we have an MX pointing to beryllium
[01:26:50] <xlefay> We aren't going to have an MX pointing to boron btw...
[01:26:59] <NCommander> audioguy, beryllium is set to receive mail for beryllium, beryllium.li694-22, and soylentnews.org
[01:27:15] <audioguy> You want to be able to send from that machine to the internet though. What happens if a mailyou sends bounces?
[01:27:41] <NCommander> audioguy, we'll set the mail server to staff.soylentnews.org and have a MX for that
[01:27:55] <xlefay> NCommander: whatever@staff.soylentnews.org can work for me.
[01:27:56] <NCommander> And then boron accepts mail for boron, boron.li694-22, and staff.soylentnews.org
[01:28:14] <audioguy> THAT would be sensible
[01:28:14] <NCommander> xlefay, might be more approiate as status vs. staff actually, but the point stands
[01:28:16] <xlefay> Splitting e-mail in namespaces is fine, then beryllium can just handle "official" e-mails
[01:28:28] <NCommander> audioguy, that's what I thought we were doing!
[01:28:38] <NCommander> What we have here is a problem to communicate!
[01:28:53] * NCommander notes we need a way to mindread each other
[01:29:03] <NCommander> telepathy++
[01:29:03] <DashComma> karma - telepathy: 1
[01:29:55] <NCommander> audioguy, for stuff that never sees or touches the outside world, we can have MTAs for li694-22 (this probably is most useful for crontabs and shit), else that machine will have public TLD, and work the way we expect it
[01:30:33] <audioguy> The problem with using names like boron is that it is confusing outside the system
[01:30:58] <audioguy> And we actually, really, do not have a local network, right? There is no protect inner space.
[01:31:00] <NCommander> audioguy, I'm not sure how, but I guess this conversation is proof otherwise
[01:31:05] <NCommander> audioguy, we do actually
[01:31:10] <NCommander> audioguy, all the nodes are LANed together
[01:31:20] <NCommander> audioguy, (check ifconfig)
[01:31:34] <audioguy> Will all other nodes at linode, though, right?
[01:31:35] <NCommander> *.li694-22 has the internal LAN ips
[01:31:51] <NCommander> audioguy, yeah. on a 192.168.x.x network AFAIK
[01:31:53] <audioguy> I am talking physical connections
[01:32:18] <NCommander> audioguy, essentially yes. I'm not sure specifically how the physical wiring is done
[01:32:31] <xlefay> crossover cables ;')
[01:32:46] <audioguy> So what are the 192.168 addresses in resolv conf? Do we or they control thoise nameservers?
[01:32:52] <NCommander> audioguy, we control those
[01:33:19] <NCommander> We're running our own BIND instance which publishes the internal IPs to everything else (with the exception of oxygen which is a special panda)
[01:33:26] <audioguy> So on those we can run name service for 192.168...?
[01:33:52] <NCommander> audioguy, we do. the li694-22 is an internal domain of our internal IP addresses
[01:34:04] <xlefay> And yes, we also run the internal zone.
[01:34:06] <NCommander> Which allows kerberos to work properly
[01:34:16] <xlefay> s/internal/reverse/
[01:34:35] <audioguy> So you have setup two internal nameservers? Just for 192.168?
[01:34:48] <NCommander> audioguy, boron is a backup
[01:34:51] <audioguy> actually I see three listed
[01:34:56] <NCommander> audioguy, public DNS.
[01:34:56] <xlefay> "three"?
[01:35:07] <audioguy> in resolv.conf
[01:35:14] <xlefay> The third on is in case our DNS servers fail, it'll just use Linode's default internal DNS.
[01:35:17] <xlefay> "just in case"
[01:35:31] <NCommander> The advantage of this setup is we can specificy which interfaces traffic goes over
[01:35:32] <audioguy> I don't think it works that way.
[01:35:47] <audioguy> The dns are round robined normally.
[01:35:48] <NCommander> if I do scp helium, it goes over the private interface
[01:35:53] <NCommander> audioguy, only if option rotate is set
[01:36:00] <xlefay> Correct
[01:36:20] <xlefay> did anyone notice how much of those Beryllium had?
[01:36:30] <NCommander> xlefay, CentOS can suck my balls?
[01:36:33] <xlefay> It was rotation madness on that box ;')
[01:36:41] <xlefay> NCommander: least it'll rotate ;)
[01:36:45] * NCommander is happy we fixed its IPv6 madness
[01:36:57] <NCommander> I want to know who set the damn hosts file to have soylentnews.org be ::1
[01:36:57] <audioguy> Yes, 'normally' round robined.
[01:37:02] <NCommander> That's wrong in 20 different ways
[01:37:08] <NCommander> audioguy, option rotate isn't the default.
[01:37:09] <xlefay> LOL!
[01:37:15] <xlefay> It was set to ::1? That's odd
[01:37:24] <NCommander> xlefay, yeah. That's why postfix was having an IPv6 hardon
[01:37:51] <xlefay> People should stop feeding beryllium viagra, it isn't performing any better that way
[01:38:08] <NCommander> xlefay, no, its had an erection lasting more than four hours and needs medical attention
[01:38:52] <xlefay> I see, well I heard you look great in a nurse outfit
[01:39:31] <NCommander> !grab xlefay
[01:39:31] <DashComma> Added quote 94
[01:41:33] <audioguy> The descriptions of the machines on the wiki should use the canonical names, since all of us are really coming from out side.
[01:43:27] <NCommander> audioguy, er, no, we all go into boron, then go elsewhere
[01:43:33] <NCommander> audioguy, that's how ProxyCommand works
[01:43:59] <NCommander> boron and oxygen are the only two systems that allow world-access port 22 traffic
[01:44:05] <NCommander> and Oxygen is special because its outside our network
[01:44:12] <audioguy> No, we log into staff, then go elsewhere. From outside. I cannot ssh to boron.soylentnews.org
[01:44:25] <NCommander> audioguy, its the same box!
[01:44:50] <paulej72> NCommander: I have just sent in new pull request for low sumbission message. this version uses sitename var and keeps everything else in the template. no new database entries
[01:45:04] * NCommander hugs paulej72
[01:45:15] <audioguy> My point is that the outside name should be used on the wiki, since we are all on the outside network, and that is what we must use.
[01:45:21] <paulej72> Is someone fingering beryllium?
[01:45:27] <NCommander> I think mail went down
[01:45:33] <NCommander> Oh, irony
[01:45:35] <xlefay> ?
[01:45:58] <NCommander> xlefay, thunderbird is taking its sweet time to get mail
[01:46:37] <NCommander> paulej72, .... I hate to do this to you, but maybe the subs value should be a variable? (I'll merge as is, but this seems obvious)
[01:47:32] <audioguy> exit
[01:47:42] <xlefay> NCommander: it's on your side
[01:47:49] <xlefay> tailing mail logs, and I can connect just fine
[01:47:57] <paulej72> NCommander: either way it needs to be touched in the admin interface and then then apache and slashd need restarted
[01:47:58] <NCommander> paulej72, merged. See comment
[01:48:16] * NCommander likes to think he's a reasonable dev :-)
[01:48:57] <NCommander> paulej72, on the prefs thing, you deleted /my/comments
[01:49:00] <paulej72> NCommander: set sub level to zero and it would be off
[01:49:02] <NCommander> paulej72, oversite?
[01:49:12] <NCommander> paulej72, ah, good point. Disregard that note then
[01:49:46] <NCommander> paulej72,
[01:49:46] <NCommander> - <a href="[% gSkin.rootdir %]/my/comments">Comments</a>
[01:49:46] <NCommander> + <a href="[% gSkin.rootdir %]/my/info">Preferences</a>
[01:49:53] <NCommander> That looks wrong
[01:53:16] <paulej72> NCommander: look at slascott.org. I have the code running there. You can see that all of the preferences are grouped togeter with a tabbed menu. the my/info one is the default preference page. homepage, comments. messages and password are all tabbed menus from these pages.
[01:54:01] <NCommander> paulej72, need to make an account, stand by
[01:54:08] <paulej72> NCommander: this makes the prefs all one spot so people know they are preferences not something else
[01:54:58] <NCommander> hrm
[01:55:54] <NCommander> paulej72, want to see how it looks with fangs
[01:56:23] <NCommander> paulej72, looks good with a screen reader
[01:56:39] <NCommander> paulej72, I dislike the hover changes the color
[01:56:44] <paulej72> NCommander: I would like to change the url for the my/info, but I am not sure where that is set. I think it is in one of the pms
[01:57:34] <NCommander> paulej72, Apache rewrite rules
[01:57:38] <NCommander> actually
[01:58:00] <paulej72> NCommander: I am not a designeer, so the hover colors are my best compromise based on the site colors
[01:58:08] <NCommander> paulej72, I'd loose the hover color
[01:58:38] <NCommander> paulej72, otherwise, its an improvement
[01:58:40] <NCommander> paulej72, merging
[01:58:42] <paulej72> NCommander: what would you suggest instead
[01:59:00] <audioguy> paulej72: that is set in the Apache module we found before.
[01:59:36] <NCommander> paulej72, just loose the hover, don't replace it; the cursor change is enough
[01:59:45] <paulej72> audioguy: I was not sure if that one was set there, I cant remember
[02:00:07] <NCommander> paulej72, merged.
[02:00:41] <audioguy> It's weird but because modperl takes over all the apache rewrite rules, it is set in the apache perl module.
[02:00:52] <NCommander> audioguy, icky
[02:01:35] <audioguy> NCommander: apache does not work at all when modperl is used for the rewrites, as in slsh. PITA
[02:02:02] <audioguy> I mean apache rerwrites are completely overriden.
[02:02:46] <NCommander> audioguy, well fuck
[02:02:56] * NCommander dislikes mod_perl even more
[02:03:08] <NCommander> audioguy, if you want ot rewrite it in shell scripts, I'd be happy :-)
[02:03:12] <audioguy> It also completely takes over apache access, which is why .htaccess files do not work
[02:03:23] * NCommander feels like its a cancer on Apache
[02:03:27] <NCommander> Apache == kill me plz
[02:03:29] <paulej72> NCommander: it could be slash taking over and not letting go
[02:03:41] <audioguy> Not really possible, or I would. I hate perl.
[02:03:52] <NCommander> audioguy, I don't think any of us like perl
[02:04:02] <NCommander> audioguy, lets just hope that perl6 never ships or we might have to look at porting
[02:04:59] <audioguy> mod perl is evil. It can also comlete rewrite your apache config. So you have to look all other the place just to figure out what your apache config REALLY is
[02:05:27] <xlefay> Isn't it just, slash who's being evil by misusing mod_perl?
[02:06:11] -!- mechanicjay [mechanicjay!~jhowe@Soylent/Staff/Developer/mechanicjay] has joined #staff
[02:06:11] -!- mode/#staff [+v mechanicjay] by SkyNet
[02:06:12] <audioguy> Yeah, but mod perl makes it possible. It's like putting AK-47s in the hand of 8 year olds.
[02:06:22] <xlefay> Hi mechanicjay ;)
[02:06:34] <xlefay> Unfortunately, that still happens a lot. :/
[02:06:35] <mechanicjay> audioguy: that was a hell of a line to walk into :)
[02:06:38] <mechanicjay> hey xlefay
[02:06:49] <audioguy> :-)
[02:06:57] <xlefay> How are you?
[02:07:08] <mechanicjay> Not bad, you?
[02:07:15] <xlefay> Not bad ;)
[02:07:45] <mechanicjay> Actually, since the bunch of us are here...
[02:08:25] <mechanicjay> do we have a head of sys? NCommander mentioned "head of sys" and "mechanicjay" in the same sentance the other day.
[02:08:39] <xlefay> mechanicjay: as far as I know it's you.
[02:08:40] <mechanicjay> I honestly don't feel that I have the time to commit to that right now
[02:08:52] <xlefay> Then someone else should be chosen hmm.
[02:08:59] <mechanicjay> I nominate xlefay
[02:09:36] <mechanicjay> There's a lot to be done, and TBH I can only afford a few hours / week to Soylent Project stuff.
[02:09:41] <xlefay> I do have the time available
[02:09:44] <mechanicjay> :)
[02:10:07] <mechanicjay> and you've been quite active and getting shit done.
[02:10:24] <xlefay> Well, let's make this clear, for everyone though, most of the shit that was done, was done by NC
[02:10:35] <xlefay> I've done so very little compared to him. I'm just getting started ;)
[02:10:59] <audioguy> He has to buy my vote by making the host names more rational. ;-)
[02:11:02] <xlefay> I've done the DNS, been busy with the IRC services, working on the backups (first nagios though), that's what I've/I'm done/doing so far
[02:11:13] <xlefay> As far as LDAP, Kerberos, etc.. that's all NC :P
[02:11:35] <audioguy> No - xlefay - bear with me for about four lines, ok?
[02:11:52] <xlefay> Go right ahead ;)
[02:12:10] <audioguy> The canonical name of 'boron' should be staff, in its hostname file.
[02:12:22] <audioguy> It should be listed that way on the wiki.
[02:12:39] <audioguy> The external name for dns should be staff.soylentnews.org
[02:13:15] <audioguy> Theinternal name for internal dns should ne staff, which is fully staff.45645
[02:13:23] <audioguy> (whatever those number are ;-))
[02:13:31] <xlefay> li694-22 (it's easy to remember after a while)
[02:13:43] <audioguy> Then, consider that the name now works everywhere.
[02:14:19] <audioguy> I can from ouside, set the ip in my hosts file to be staff.soylentnews.org staff
[02:14:24] <audioguy> and ssh to staff
[02:14:55] <audioguy> On the inside, I can ssh to staff, and rthe resolver adds the .li694-22
[02:15:03] <xlefay> mechanicjay: I've setted up Postfix on Boron for nagios so it can send mails even if SVC is down, now there's another idea by audioguy & NCommander to have staff e-mails @staff.soylentnews.org.
[02:15:07] <audioguy> Same name. Consistent. Easy to remember.
[02:15:26] <xlefay> audioguy: if we do, use staff.soylentnews.org for mail, then it has to be an A-record and we could cname, boron to it. Would that be an acceptable compromise?
[02:15:46] <xlefay> (we would need to A-record staff since CNAME's aren't allowed for MX records)
[02:16:16] <audioguy> Yes, can have as many cnames as you like. I am just looking for consitency in the canonical name.
[02:16:27] <xlefay> and yes, we could add staff @ /etc/hosts files but still retain the server name itself.
[02:17:15] <audioguy> I shold be able toping staf from inside, outside, type hostaname and get staff, etc. Like a normal system ;-)
[02:17:21] <xlefay> Would this be an acceptable compromise?
[02:17:40] <xlefay> You get what you want and our original set up for hostnames and stuff stays intact as well :)
[02:17:50] <audioguy> There is not need to retain that other than as an alias
[02:17:58] <audioguy> But overall, yes.
[02:18:25] <xlefay> I would have preferred staff as an alias to be honest, but DNS doesn't accept CNAMEs for MX records.
[02:18:32] <xlefay> mechanicjay: any thoughts about the staff e-mails?
[02:18:33] <audioguy> What I just desribed is how every systemI have ever been on has been set up, except this one. ;-)
[02:18:36] -!- mode/#staff [+v Cyprus] by SkyNet
[02:18:38] <mechanicjay> xlefay: so what's the difference then between mechanicjay@soylentnews.org and mechanicay@staff.soylentnews.org?
[02:18:53] <xlefay> mechanicjay: I suppose only the target server
[02:19:08] <audioguy> the second is your accont on staff.
[02:19:27] <audioguy> Rememebr thaty email addresses are normally to a specific machine
[02:20:01] <audioguy> The only reason mechanicjay@soylentnews.org works is because the mail server is masquerading.
[02:21:41] <mechanicjay> Yes, that was sort of the point. From the standpoint of a coporate email domain, the mail is not really to a specific domain.
[02:21:46] <Cyprus> mail flow doesn't require using "true" names, it just makes things easy on simple setups. I use the same setup internally regarding internal domain names / external domain. Works fine
[02:21:48] <mechanicjay> gah, specific server that is
[02:22:12] <xlefay> Cyprus: correct
[02:22:33] <audioguy> RFC sayes SHOULD
[02:22:42] <audioguy> be the cononical name.
[02:22:48] <audioguy> canonical
[02:22:52] <Cyprus> more specifically, the rfc says you should use a single cannocial name
[02:23:00] <audioguy> yes
[02:23:02] <Cyprus> it doesn't mean it has to be the one true name for the box
[02:23:35] <Cyprus> although things are happier if you do use a forward reverse pair
[02:23:51] <audioguy> yes, MUST and SHOULD are different ;-)
[02:23:52] <xlefay> ooh btw, mechanicjay I added a PTR for the mail server (to be mail.soylentnews.org)
[02:24:01] <xlefay> Comcast and others weren't happy the reverse weren't set properly!
[02:24:11] <mechanicjay> xlefay: that makes sense!
[02:24:15] <xlefay> wasn't*
[02:24:16] <Cyprus> the main thing is, the from address doesn't have to match the cannocial name, and the cannocial name of the mail server only matters to it's direct peer via smtp
[02:24:44] <Cyprus> that is where the cannocial name should be used
[02:24:56] <audioguy> yes
[02:25:33] <Cyprus> but that is still only a should, mostly because of people wanting to map ip -> ptr -> a -> ip
[02:26:20] <audioguy> So xlefayyou have a way to set your own reverse on inaddre.arpa ? Seems unlikely for ther outside address
[02:26:25] <Cyprus> either way, as long as ip -> ptr -> a -> ip maps in the smtp conversation, everything else is cool, even if the box is using a different name
[02:26:31] <audioguy> yes
[02:26:51] <xlefay> audioguy: sure.. I can just go into the linode panel and assign a reverse hostname
[02:26:54] <audioguy> besty practice vs required
[02:26:59] <Cyprus> internally and externally can even use different names, it doesn't have to be the identifier in like the HELO
[02:27:32] <audioguy> I am surprise they allow that, most don't so dig -x ipaddress should show me the soylent name?
[02:27:36] <Cyprus> but you do want both the internal name / private ip to map properly, as well as it's external
[02:28:16] <xlefay> (which does defeat it's purpose on virtual mail system, granted staff.soylentnews.org doesn't do that with mail)
[02:28:17] <Cyprus> well, it doesn't matter as long as you run your own name servers and serve up the reverse zone to yourself
[02:29:13] <audioguy> Of course internally the reverse should be set, but for internet, most isps do not let you do that unless you are very large
[02:29:21] <Cyprus> virtual mail systems still use 1 name per ip
[02:29:44] <xlefay> ehm, every virtual server & dedicated server & colocation I've ever been with, allow you to set reverses for IPs.
[02:29:59] <xlefay> Cyprus: exactly.
[02:30:14] <Cyprus> clearly, in the real root you want to set the proper reverse ips for the public ips you will conenct from to send mail to the world
[02:30:35] <Cyprus> the internal stuff doesn't matter though as long as you have it in your internal 192.168 or whatever inaddr zone
[02:30:36] <xlefay> Indeed
[02:30:42] <xlefay> Yep, we've got that too
[02:32:03] <audioguy> dig -x
[02:32:24] <audioguy> PTR li204-21.members.linode.com.
[02:32:50] <audioguy> So you can set that to be PTR staff.soylentnews.org?
[02:33:19] <xlefay> Yes, or boron.soylentnews.org which would be my preference.
[02:33:36] <audioguy> boron is not a valid name on he internet.
[02:33:48] <audioguy> above was done from my machine here
[02:34:25] <audioguy> Of course you can do that on the internal net which you control. I am questioning the ability to do it on the internet side.
[02:34:46] <xlefay> do a dig -x <mailserver-ip>
[02:35:20] <xlefay> It should be changed to beryllium to match our setup. Unless we're changing that now..
[02:35:27] <mechanicjay> xlefay: where were you able to set that PTR record?
[02:35:49] <xlefay> mechanicjay: linode, select a server > remote control > Reverse DNS (next to IP Swap, next to the first IP column)
[02:36:01] <xlefay> s/control/access/
[02:36:13] <xlefay> Took me a bit to find it
[02:36:17] <audioguy> beryllium is the same as wiki.soylentnews.org correct?
[02:36:23] <mechanicjay> yeah, just found it in the Linode Docs
[02:36:25] <xlefay> Correct.
[02:36:29] <mechanicjay> ...which by the way are excellent
[02:36:35] <xlefay> They are ;-)
[02:36:41] <NCommander> Back
[02:36:47] <NCommander> mmm, tasty
[02:36:53] * NCommander ate a calzone and a soda
[02:36:57] <paulej72> bacon++ ?
[02:36:57] <DashComma> karma - bacon: 27
[02:37:00] <audioguy>
[02:37:04] <xlefay> nice! ;-)
[02:37:12] <NCommander> Chicken actually
[02:37:33] <NCommander> xlefay, audioguy: so, thinking about it over smokes and food
[02:37:57] <xlefay> smokes & food, best combination
[02:37:59] <audioguy> You live in a civilized place. That machineis not on linode though, correct?
[02:38:02] <NCommander> xlefay, audioguy : backend communication should be pure IPv6 as Linode doesn't ding us for bandwidth for IPv6 within data center
[02:38:19] <NCommander> xlefay, audioguy : we can enforce taht by making the internal DNS only have AAAA records
[02:38:36] <xlefay> NCommander: I know, I'm already planning on implementing it before finishing nagios
[02:38:55] <xlefay> Get that stuff done. We're talking mostly about names it seems....
[02:38:59] <NCommander> xlefay, audioguy: for the frontend, we'll publish the machines as IPv6 records in the domain, then open the KDC to the world, which will mean *.soylentnews.org resembles reality, and every machine can resolve itself
[02:39:15] <NCommander> (aka, how IPv4 theorically was supposed to work before NAT became a thing)
[02:39:15] <audioguy> audioguy$ dig -x
[02:39:36] <audioguy> PTR mail.soylentnews.org.
[02:39:36] <NCommander> This also means oxygen stops being a special panda
[02:39:49] <xlefay> ^ I love how you refer to servers as panda's ;-)
[02:39:53] <NCommander> And means we *don't* need the VPN
[02:40:27] <NCommander> and we (staff) don't need to SSH proxy if we're IPv6 enabled
[02:40:36] <NCommander> (the proxy will remain up for the unfortunate few still on XP)
[02:40:39] <audioguy> So xlefay, you think you can do the same as above for the machines on linodes?
[02:40:49] <xlefay> audioguy: set PTR records? Sure.
[02:41:10] <audioguy> Please do it.
[02:41:15] * NCommander is debating if we have any security concerns with the KDC being world-reachable beside the obvious
[02:41:26] <audioguy> This is suprising to me. Here, in this country. ;-)
[02:42:02] <NCommander> audioguy, does this sound sane?
[02:42:05] <audioguy> ptr records for the outside ips, not just ptr records. ;-)
[02:42:21] <NCommander> audioguy, the only sight GOTCHA here is the internal DNS won't have the IPv4 records, but thats a bit of a necessary evil.
[02:43:01] <xlefay> NCommander: I'll just set them to 'pri.name' just in case some oddball service doesn't support IPv6 yet
[02:43:07] <xlefay> Just in case, for now.
[02:43:10] <NCommander> xlefay, ipv4. :-P
[02:43:11] <audioguy> NCommander: what sound sane? Just using ip6 internally? No, I would gues soewhere, somethime, it will break something. Too much nonstanded stuff around. ;-)
[02:43:25] <NCommander> audioguy, we're testing the future!
[02:43:42] <xlefay> I can't wait till IPv4 finally stops being used
[02:43:44] <audioguy> lots of places do not supoort ipv6 yet.
[02:43:54] <xlefay> We're talking internally
[02:43:56] <NCommander> audioguy, this is just for our backend stuff.
[02:44:09] <xlefay> Pro: We won't have to remove all that crap in the future ;-)
[02:44:10] <audioguy> I like to let the others get the arrows in thri backs. ;-)
[02:44:23] <NCommander> audioguy, the only reason we can't put IPv4 records (or if we do, they have the internal records) is because we get dinged on bandwidth
[02:44:35] <NCommander> node-to-node IPv6 doesn't charge us bandwidth
[02:44:42] <NCommander> node-to-node IPv4 by public IP does
[02:44:47] <Cyprus> don't trust AAAA dominance i take it?
[02:44:48] <audioguy> Might work, sometimes weird dependencies happen though, hard tosay. Try it and see what breaks. ;-)
[02:44:51] <NCommander> Cyprus, no.
[02:44:53] <xlefay> NCommander: then we should definitely use pull from oxygen
[02:45:13] <NCommander> xlefay, right, its just a matter if determining if there's a security implementaton of letting the KDC be open to the world
[02:45:31] <NCommander> The biggest one I have is that might weaken our security from SSH -> KDC password
[02:45:40] <NCommander> Which IMHO, isn't horrible
[02:45:42] <audioguy> So you are asyomg they charge you for internal bandwidth for ipv4 but not ipv6. Weird.
[02:45:43] <xlefay> Correct, we should look into that.
[02:45:52] <NCommander> audioguy, linode quirk
[02:46:22] <NCommander> audioguy, they've got a ton of \24s, even nodes in the same datacenter freuently are in different class Bs
[02:46:24] <audioguy> I guess they are trying to promote ipv6, I'm all for that.
[02:46:46] * NCommander makes one slight change to protection and chucks the IP out of the config in favor of a hostname
[02:46:59] <xlefay> NCommander: mechanicjay mentioned he doesn't have the time to be the head of sys and nominated me instead (because I've got tons of time and I wouldn't mind, unless you got objections), any input?
[02:47:04] <audioguy> would think te pipes would be the same for both though.
[02:47:22] * NCommander gets his staplegun
[02:47:29] <NCommander> audioguy, probably due to how they're routing tables work
[02:47:43] <NCommander> audioguy, they have a \64 for Linode, which means that node-to-node routes across their internal switch
[02:47:57] <NCommander> You COULD make it work witha bunch of \24s, but the RIP configuration would be HORRIFIC
[02:48:15] <NCommander> and most people would just be satisified by using internal IPv4
[02:48:16] <xlefay> s/\\/\//
[02:48:21] <NCommander> Most people aren't pendatic :-)
[02:48:29] <NCommander> pendatic++
[02:48:29] <DashComma> karma - pendatic: 1
[02:49:14] * xlefay secretly replaces the staplegun with a shiny gold one before NC can get it
[02:49:22] <xlefay> Least, I'll have a golden staple! :P
[02:49:37] <xlefay> " • Reverse DNS changed. Please allow up to 24 hours for changes to take effect."
[02:49:56] <NCommander> Huh?
[02:50:05] <xlefay> For boron
[02:50:05] <NCommander> How the fuck are we resolving soylent-db as a hostname?
[02:50:13] <xlefay> /etc/hosts probably?
[02:50:20] <xlefay> although soylent-db is a cname
[02:50:23] <NCommander> Oh
[02:50:27] <NCommander> WTF?
[02:50:31] <NCommander> WHy can't I ping6 it then
[02:50:45] <NCommander> ... because we're not publishing AAAA records
[02:50:46] <NCommander> d'oh
[02:50:51] <xlefay> ;)
[02:50:54] <NCommander> paulej72, BTW, I'm going to publish an AAAA record for dev
[02:50:57] <xlefay> pub.soylent-db would work thoug
[02:50:59] <xlefay> though*
[02:51:04] <NCommander> I want to see what horrid things happens to slash if we try it
[02:51:30] <audioguy> I think you need to do a lot of very careful checking before killing ipv4 internally, who knows what is on certain machines. ;-)
[02:51:31] <paulej72> slash will not care, people on the ip6 end might
[02:51:55] <NCommander> audioguy, the only thing that was setup pre-DNS was beryllium, and slash
[02:52:03] <NCommander> beryllium is a self-contained hot mess
[02:52:10] <xlefay> NCommander: just to verify, the staplegun means you're fine with it?
[02:52:15] <audioguy> Right. Like I said . ;-)
[02:52:16] <NCommander> xlefay, yeah
[02:52:18] <NCommander> 2600:3c00::f03c:91ff:fe6e:d0a3/64
[02:52:19] <xlefay> Ok :)
[02:52:21] <NCommander> weird
[02:52:26] <NCommander> Do we get that entire /64 per node?
[02:52:33] <xlefay> Yes, it appears so
[02:52:59] <xlefay> (which isn't odd though, most providers give a /64 per node)
[02:53:01] * NCommander looks at the IP configuration
[02:53:05] <audioguy> We can now give everyones frikkin telephones internalips ;-)
[02:53:26] <paulej72> why have so many bits for ip6 if we just throw them away by giving everyone and thing a /64
[02:53:36] <NCommander> audioguy, pfft, I'll give every atom of your body an IPv6 address
[02:53:55] <NCommander> Odd ...
[02:54:17] * NCommander can ping 2600:3c00::f03c:91ff:fe6e:d0a3, but not 2600:3c00::f03c:91ff:fe6e:d0a3::1
[02:54:18] <xlefay> What's odd?
[02:54:35] <xlefay> Oh.. that's because it's not configured ;)
[02:54:49] * NCommander wonders how we can abuse the /64
[02:54:56] <audioguy> Just don't break slash site.
[02:55:10] <xlefay> NCommander: by using the entire /64 to apache bench or whatever
[02:55:16] <NCommander> audioguy, pfft, slash is durable, it can take it. And I managed to keep a straight face while saying that
[02:55:30] <xlefay> Mind you... Varnish will be a fallback if things do go wrong
[02:55:34] <audioguy> slash <> database, crefully check for ipv6 goodness.
[02:55:37] <xlefay> least, it should if apache 500's, right?
[02:57:00] <xlefay> NCommander: when you're done with this little thing, can you check into that keytab for me? It seems pretty straight forward though.
[02:57:09] <NCommander> xlefay, oh sure
[02:57:22] <NCommander> audioguy, I'll set dev to use ::1
[02:57:25] -!- bytram [bytram!~pc@Soylent/Staff/Developer/martyb] has joined #staff
[02:57:25] -!- mode/#staff [+v bytram] by SkyNet
[02:57:25] <audioguy> xlefay: what is the current state in staff in regards to mail server ?
[02:57:29] <NCommander> which will force an IPv6 connection
[02:57:37] <xlefay> lol, that it would
[02:58:09] <NCommander> xlefay, mcasadevall@lithium:~$ sudo -u slash -i
[02:58:09] <NCommander> [sudo] password for mcasadevall:
[02:58:13] <NCommander> xlefay, YOU BROKE IT!
[02:58:14] * NCommander ducks
[02:58:28] * NCommander digs out the root password
[02:58:32] * bytram quacks
[02:58:37] <xlefay> audioguy: I'm not going to overcomplicate things, we'll do the IPv6 stuff, we'll keep the boron name, and the PTR; I'll still have to add the MX record
[02:58:39] <bytram> hi all! what's up?
[02:58:42] <xlefay> NCommander: I haven't even done anything yet ;-)
[02:58:52] <NCommander> xlefay, you did the sudoers file :-P
[02:58:55] <xlefay> and I'll ensure the staff stuff gets done
[02:59:02] <xlefay> NCommander: sudo su slash
[02:59:06] <xlefay> don't be difficult now
[02:59:13] <NCommander> paulej72, wikipedia publishes AAAA records
[02:59:14] <audioguy> and mailin the userdirs, and procmail?
[02:59:35] <NCommander> xlefay, I like it to keep my environment but FINE
[03:00:04] <NCommander> Huh
[03:00:05] <xlefay> audioguy: you'll get all that, I'm still not convinced we should move that stuff from Slash but I don't have a problem with it for people who prefer the @staff.soylentnews.org e-mail addresses
[03:00:08] <NCommander> dev was using the mysql socket
[03:00:20] <NCommander> oh well
[03:00:22] <xlefay> NCommander: makes sense
[03:00:31] <NCommander> 'host' => '::1',
[03:00:34] <NCommander> LET THERE BE BREAKAGE
[03:00:41] * NCommander also resets mysql to only bind to ::1
[03:01:42] <audioguy> From my position, I just want mail to staffvote@soyelentnews.org to go to staff.soylentnews.org. I don;t see any reason to have normal staff mail go there, just script mail and special purposes.
[03:02:21] <NCommander> LET THERE BE IPV6
[03:02:37] <xlefay> audioguy: then, you'll just have to use staffvote@staff.soylentnews.org instead
[03:02:46] <xlefay> mechanicjay: who's all in sysops?
[03:02:54] <xlefay> You, robin, NC, me, who else?
[03:02:55] <audioguy> Yes, that is the idea.
[03:02:56] <NCommander> slash@lithium:/etc/mysql$ netstat -an | grep 3306
[03:02:56] <NCommander> tcp6 0 0 ::1:3306 :::* LISTEN
[03:02:59] <NCommander> BUHUHUUHUH
[03:03:03] <NCommander> xlefay, getent group
[03:03:23] <xlefay> woa
[03:03:43] <xlefay> NC, MJ, me, robin, corusgi(should be cosurgi), janek, audioguy & martyb
[03:03:48] <audioguy> people are always just responding to an email sent them from the program, so it will be set as the repy address.
[03:03:50] <NCommander> http://dev.soylentnews.org
[03:03:52] <NCommander> ^- works
[03:03:52] <xlefay> are you sure this is correct?
[03:04:05] <NCommander> xlefay, I gave everyone sysops permissions :-P
[03:04:18] <xlefay> I figured ;-)
[03:04:18] <NCommander> xlefay, since the sudoers weren't perfect
[03:04:29] <NCommander> I think we're safe going IPv6
[03:04:38] <mechanicjay> xlefay: this is the problem with being head of sys for some weeks without really knowing it. I don't know.
[03:04:47] <audioguy> Looks good so far.
[03:04:48] <NCommander> Let's put our head between our legs, and kick this thing into the future!
[03:04:53] <NCommander> er
[03:04:59] <xlefay> NCommander sudoers is exactly how it should be as it stands, so I'd like to take the permissions from those who don't need it.
[03:05:01] <audioguy> What about the db connection?
[03:05:01] <NCommander> Let's put our head between our legs, kiss our ass goodbye and kick this thing into the future!
[03:05:12] <xlefay> cosurgi: bytram: audioguy: are you all in sysops?
[03:05:15] <bytram> !grab NCommander
[03:05:15] <DashComma> Added quote 95
[03:05:18] <NCommander> audioguy, I set mysql to only listen on IPv6, and then tested to make sure Slash works correctly like that
[03:05:28] <xlefay> NCommander: checked webserver logs?
[03:05:31] <audioguy> Ok.
[03:05:32] <xlefay> Just to be thorough?
[03:05:35] <NCommander> xlefay, I posted a comment on the dev site :-)
[03:05:42] <mechanicjay> xlefay: Definitely, you, me, NC robin, audioguy. Not sure about the others. FunPika had rights on wiki so he could do wiki stuff.
[03:05:42] <NCommander> If it wasn't talking to the database, it won't work
[03:05:45] <xlefay> Yes, saw that.
[03:06:10] <xlefay> mechanicjay: I gave FunPika access in the svcadmin group, he can sudo to root @ SVC.
[03:06:23] <mechanicjay> xlefay: awesome
[03:06:25] <NCommander> text-lb.eqiad.wikimedia.org. 2392 IN AAAA 2620:0:861:ed1a::1
[03:06:27] <NCommander> I love wikipedia
[03:06:58] <paulej72> I want to apply the new merged code to dev any objections?
[03:07:06] <xlefay> bytram: are you a sysop?
[03:07:09] <NCommander> paulej72, go for it
[03:07:22] <bytram> xlefay, for emergency purposes
[03:07:28] <NCommander> so ... *ahem* ... I'm not sure we're actually salting MD5SUM hashs
[03:07:37] * NCommander just noticed Slash/Apache/Salt
[03:07:39] <xlefay> You're kidding, right..?
[03:07:47] <NCommander> xlefay, no, appears that has to be configured
[03:08:02] * NCommander noticed it yesterday and forgot to look more
[03:08:11] <Cyprus> well, that's awesome
[03:08:14] <xlefay> bytram: we've currently got 5 sysops, do you think having sysops privileges should really be required for you? And if so, what access do you need? (please be specific)
[03:08:31] <xlefay> NCommander: well.. best to make something that salts people's password once they login
[03:08:47] <NCommander> # To make your Slash installation more secure, create a file at
[03:08:47] <NCommander> # /usr/local/slash/slash.salts which contains password salt for
[03:08:47] <NCommander> # each of your Slash site virtual users. A site only needs one
[03:08:47] <NCommander> # salt, so your initial setup should contain one scalar value.
[03:08:47] <NCommander> # Later, if there is a security issue such as a vulnerability
[03:08:48] <NCommander> # that allows user password MD5's to be read from your database,
[03:08:49] <xlefay> or better yet, just start replacing people's passwords that way - or send a general password reset.
[03:08:50] <NCommander> # or a no-longer-trusted employee being dismissed, you should
[03:08:52] <NCommander> # append another scalar onto the list.
[03:08:56] <NCommander> xlefay, appears slash does that for us automatically
[03:09:03] <xlefay> Good.
[03:09:08] <xlefay> :)
[03:09:15] <paulej72> Dev is updated with the latest code base
[03:09:16] <NCommander> SHould I just say fuck it and create the salt file?
[03:09:19] <bytram> xlefay, on occasion I've been at the helm when, for example, slashd neded to be restarted. nobody who had access was available. we had to wait for over an hour to be able to fix the problem.
[03:09:25] <bytram> xlefay, that's just one exxample.
[03:09:51] <NCommander> Meh
[03:09:52] <NCommander> fuck it
[03:09:56] <NCommander> TO THE SALT
[03:09:59] <xlefay> bytram: that issue is going to be fixed by either nagios or a script ran by cron, anything else?
[03:10:33] <NCommander> xlefay, audioguy: how much salt do we need to add?
[03:10:41] <bytram> xlefay, like I said, that's an *example* of *a* problem. the issue is that there are times when sysops were not available.
[03:11:01] <xlefay> NCommander: let's go with a kilo
[03:11:02] <bytram> NCommander, two teaspoons.
[03:11:11] <paulej72> lookls like varnish ignores the ?T_2_5_0_272.4da31fb appended to the css files, or at lease Safari does
[03:11:27] <NCommander> xlefay, you guys are useful :-P
[03:11:32] <paulej72> Had to do a command R to reload the css
[03:11:43] <NCommander> That's irritating
[03:12:21] <xlefay> NCommander: I generally do grc.com/password.html and add a few of those ;-)
[03:12:33] <bytram> xlefay, so, I know that it could be dangerous. I am cautious to a fault, and would only attempt something when there is a *clear* indeication of what needs to be done, and no potentially adverse consequences.
[03:13:11] <NCommander> xlefay, these are what's added to the end of the password automatically to salt them
[03:13:14] <paulej72> xlefay: I vote for 10 pounds :)
[03:13:18] <xlefay> bytram: correct, I'll leave the permission stand for now; but in the future if there are more sysops staff, I might remove it, I'll let you know before I do that though.
[03:13:20] * NCommander guesses there's no hard in a 64 char salt
[03:13:26] <NCommander> *harm
[03:13:31] <NCommander> Except the salt file will eat kittens
[03:13:41] <xlefay> o.O
[03:13:53] <xlefay> paulej72: that works too! ;-)
[03:14:16] <bytram> NCommander, what happens to the existing, unsalted passwords?
[03:14:21] <paulej72> Salt kitty loves salt
[03:14:26] <xlefay> !grab paulej72
[03:14:26] <DashComma> Added quote 96
[03:14:35] <xlefay> ONE DAY, we'll need that quote for something
[03:14:45] <audioguy> U related to much of anything, but for those who objected to my use of the word nominal earlier, this was the intened mening, from mirriam-webster:
[03:14:47] <bytram> !grab xlefay
[03:14:47] <DashComma> Added quote 97
[03:14:50] <audioguy> 2
[03:14:51] <audioguy> a : of, relating to, or constituting a name
[03:14:51] <audioguy> b : bearing the name of a person
[03:15:09] <NCommander> Ok
[03:15:19] <NCommander> bytram, they're auto upgraded on next login
[03:15:22] <bytram> audioguy, nom, nom, nom =)
[03:15:23] <NCommander> bytram, I'm testing that now
[03:15:29] <audioguy> Just meant 'named' not 'in name only'
[03:15:38] <bytram> NCommander, oh? oh! great!
[03:15:48] <NCommander> hrm
[03:15:49] <NCommander> Nope
[03:15:50] <xlefay> audioguy: yea, I misunderstood that - that's why I asked you to confirm :)
[03:15:53] * NCommander looks closer
[03:15:54] <NCommander> Oh
[03:15:57] <NCommander> I need to restart apache
[03:15:58] <NCommander> d'oh
[03:16:13] <bytram> audioguy, you'd love http://etymonline.com
[03:16:26] <audioguy> I looked it because I thought I MIGHT have been wrong. ;-)
[03:16:29] <paulej72> always restart apache when touching slash
[03:17:40] <NCommander> Salts not updating
[03:17:41] <NCommander> Hrm
[03:17:47] <mechanicjay> oh hey -- I never set the max-age headers for prod yesterday.
[03:18:02] <mechanicjay> Do we have a consensus on a resonable cache age for static resources?
[03:18:38] <mechanicjay> 1 day?
[03:18:46] <paulej72> I would vote for something on the order of a day or so
[03:18:47] <bytram> mechanicjay, Ahhh! That explains it! I was wondering why, when I returned back to SN after something like 4/5 hours, I still got the same page I'd left.
[03:18:47] <xlefay> Are we sending e-tags and stuff alone?
[03:19:10] <xlefay> bytram: it's static cache, e.g. assets such as css, images
[03:19:16] <bytram> wht are the pros/cons?
[03:19:18] <bytram> what are the pros/cons?
[03:19:36] <NCommander> Huh
[03:19:48] <paulej72> If we have the cache set too high people will not get new items when we update them
[03:19:49] <xlefay> mechanicjay: I would prefer something absurdly long but it really depends, we send out "last modified" and such don't we?
[03:19:51] <NCommander> Modifying slash to use SHA1 is trivial
[03:19:51] <mechanicjay> currently there are no cache headers on any resources, every time your client goes back and ask for it.
[03:20:01] <bytram> what benefit is there to make it, say 1day instead of 1hr?
[03:20:04] <xlefay> NCommander: how about (s|b)crypt?
[03:20:24] <mechanicjay> png,gif,jpg,swf,css,js
[03:20:52] <mechanicjay> are the resources, that stuff just doesn't change much. The most volitile one would be css
[03:20:57] <paulej72> xlefay: I am not sure if that addition does anything. I had to do a force reload to get the new css on dev and it has updated last modified code
[03:21:19] <xlefay> mechanicjay: not really.
[03:21:27] <paulej72> yes css would be very volitile right now
[03:21:30] <xlefay> Request URL: http://soylentnews.org/images/jquery/ui.draggable.js?T_2_5_0_272
[03:21:30] <NCommander> xlefay, not a problem, but we need to make this transparent
[03:21:31] <xlefay> Request Method: GET
[03:21:32] <xlefay> Status Code: HTTP/1.1 304 Not Modified
[03:21:59] <paulej72> xlefay: check dev
[03:22:01] <xlefay> a HEAD request is so small, I would leave it as is
[03:22:12] <mechanicjay> dev has static resources set to 1 month currently.
[03:22:49] <mechanicjay> xlefay: it's also about speed for clients. If 99% of the page can be served right out browser cache, you're not eating the network round trip on all that stuff just to be told not to worry about it
[03:22:54] <xlefay> paulej72: first page load I got some new stuff, second one - not modified
[03:23:00] <paulej72> dev has an updated ?T_2_5_0_272.4da31fb line at the end of js anccss files
[03:23:13] <xlefay> mechanicjay: that's true, hmm, I'd set it to something insanely long to be honest
[03:23:19] <xlefay> We use ?T_whatever anyway
[03:23:19] <bytram> mechanicjay, I agree. And it's far more than ONE request.
[03:23:52] <xlefay> If stuff does update, the ?T_whatever does too, so setting to insanely long doesn't hurt (we would need to add ?T_whatever to images and such too.
[03:24:10] <mechanicjay> Like, I can set this stuff per resource time. images can be insane, and we could keep css to a day or whatever...
[03:24:15] <xlefay> but that could get annoying)
[03:24:22] <NCommander> ugh
[03:24:29] <NCommander> hrm
[03:24:30] <bytram> I just did a reload on SN; I have JS disabled...
[03:24:51] <bytram> There were 25 *separate* requests from SN.
[03:24:52] <xlefay> mechanicjay: because of the ?T_whatever, you can set CSS insanely high, just cache it once - if there's an update ?T_whatever will change and gets recached, or am I missing something?
[03:25:03] <paulej72> xlefay: I am not sure if browsers all check the ?T part as being a different file.
[03:25:32] <xlefay> hmm
[03:25:40] <xlefay> paulej72: can we test that?
[03:25:51] <paulej72> Not sure how
[03:25:51] <xlefay> or better yet, find a better way
[03:26:00] <bytram> paulej72, wouldn't it end up with a different e-tag?
[03:26:15] <xlefay> domain/css/T-revision/stuff?
[03:26:15] <bytram> s/e-tag/etag/
[03:26:22] <xlefay> bytram: would still require a HTTP request
[03:26:45] <xlefay> oh fuck.. we can't mod_rewrite because of slash can we?
[03:26:52] <mechanicjay> the / of the site doesn't cache, that's always a fresh load, the includes to the specific css and js versions are in there, so yeah, it may be okay to just set everything really hihg.
[03:27:05] <NCommander> God, slash is a mess
[03:27:22] <NCommander> xlefay, paulej72: symlink
[03:27:24] <xlefay> Honestly.. we should host the assets on a subdomain that doesn't have slash
[03:27:34] <NCommander> xlefay, VHOST!
[03:27:36] <xlefay> Then you can just mod_rewrite that crap into a "virtual directory"
[03:28:12] <xlefay> paulej72: then, you'll have: assets.soylentnews.org/css/style-timestamp.css which is actually just /css/style.css
[03:28:39] <paulej72> the issue is the ?T line is considered a get style string and the file downloaded is just the same file. I do not think the the browsers stores the file with the ?T stuff on it
[03:28:42] <xlefay> /style-timestamp.css would be a different filename thus always, refreshes client side cache and will allow us to set cache insanely high
[03:28:59] <xlefay> paulej72: which this method would bypass by rewriting it
[03:29:12] <xlefay> and ensuring, it'd work everywhere
[03:29:36] <mechanicjay> xlefay: I think we should be able to accomplish that with varnish
[03:29:36] <xlefay> mechanicjay: thoughts?
[03:30:02] <Cyprus> my understanding is ? is a special case in most cache algorithims anyway and it disables caching for the most part due to assumed dynamic response
[03:30:06] <NCommander> xlefay, the tricky bit: seperating static assets from the rest of slash
[03:30:08] <paulej72> xlefay: then we would have to rewite the code that saves the assetes and that puts them in the the html files
[03:30:44] <NCommander> paulej72, I'm not hugely in love with the nagger the way it is but ...
[03:30:46] * NCommander hrms
[03:30:47] <mechanicjay> actually, thinking through slow/tired brain, that's *completely* doable with a varnish directive -- splitting subdomains to different backends, that is.
[03:30:55] <xlefay> paulej72: correct but that wouldn't be so terrible
[03:31:23] <xlefay> Cyprus: depends on the config, yes
[03:31:30] <NCommander> mechanicjay, I just wish we had a better way to expire out the cache
[03:31:49] <xlefay> NCommander: paulej72: does slash has a /assets/ directory?
[03:31:55] <paulej72> NCommander: I have had people who complined that they did not like when the nagging items made the center column change position. I was in aggremment
[03:31:56] <NCommander> xlefay, nope
[03:32:10] <mechanicjay> NCommander: how have you been purging?
[03:32:22] <NCommander> paulej72, er, no, more that it just looks like a static bit of the page ... I was thinking something more obxinous or at least tells you the queue
[03:32:34] <paulej72> NCommander: slash uses /images or just the htdocs folder
[03:32:39] <xlefay> I think the focus should be moving things into a /assets/ directory, serving that up as a vhost with varnish on the front, or just bypass the vhost entirely and use varnish to rewrite it directly.
[03:32:48] <NCommander> xlefay, hrm
[03:32:50] <xlefay> I'm in favor of having it on a seperate vhost though.
[03:32:55] * NCommander checks if there is a varnish rewrite directive
[03:33:24] <NCommander> https://www.varnish-cache.org
[03:33:27] <audioguy> images was on another machine in the original config, I think that is why the css is there
[03:33:36] <paulej72> NCommander: I could chage it to put the number of items in the queue. Let me know what you wnat it to say and I can make it happen
[03:33:39] <xlefay> If we have a seperate vhost we can always decide later on to have a CDN serve it up or whatever and save this mess (if that's something we would want in the future, etc)
[03:34:02] <xlefay> NCommander: that would work yea ;-)
[03:34:21] <mechanicjay> if this works: curl -X PURGE
[03:34:31] <xlefay> mechanicjay: only purges the main page
[03:34:38] <mechanicjay> hab
[03:34:39] <mechanicjay> *bah
[03:34:45] <xlefay> you'll need to BAN, and it'll "invalidate" all other cache when new cache gets made
[03:35:00] <xlefay> least.. that's how I understand it (haven't dived into varnish that much)
[03:35:29] <paulej72> the head of sys should know these things :)
[03:35:35] <NCommander> paulej72, Maybe the current message, plus there are only X stories in the queue
[03:35:52] <xlefay> paulej72: ha, I only started today! :p
[03:35:55] <mechanicjay> xlefay: I think you're right, seems the above worked in Varnish 2, varnish 3 not so much.
[03:36:16] <paulej72> xlefay: no excuse ;)
[03:36:26] <xlefay> Not sure why they changed it, probably to many people who accidently purged everything
[03:36:34] <NCommander> Hrm
[03:36:39] * NCommander just learned Slashdot uses CentOS
[03:36:42] <NCommander> Bleck
[03:36:45] <xlefay> NCommander: you didn't know that?
[03:36:53] <xlefay> Also, they use 2.2.3 iirc
[03:36:57] <NCommander> xlefay, I probably cache purged it
[03:37:00] <NCommander> I knew they used 2.2.3
[03:37:10] <xlefay> but I'm guessing those are just reverse proxy
[03:37:17] <NCommander> xlefay, they varnish
[03:37:19] <xlefay> e.g. to prevent Apache 1.3 exploits from directly affecting them
[03:37:26] <NCommander> xlefay, you occassionally get the X-Fry headers + Apache 2.x
[03:37:33] <xlefay> NCommander: yeah but I don't know why they send out the Apache headers :/
[03:37:49] <NCommander> I'd liek to think DICE threw money at it to get it to 2.x
[03:38:01] * NCommander notes that if no one does it, once we're set on incorperation or DEPWAITING
[03:38:09] <NCommander> My first priorty to mod_perl 2.x us
[03:38:13] <xlefay> Yeah but it should say Varnish unless they explicitely told Varnish to say Apache 2.x
[03:38:23] <xlefay> (which you can do with Varnish quite easily iirc)
[03:38:32] * NCommander isn't hugely concerned
[03:38:40] <NCommander> We've got Apache in a straight jacket
[03:38:48] <NCommander> And there are no known CVEs that are making me OH SHIT
[03:38:54] <xlefay> You mean, flat jacker ;-)
[03:38:57] <xlefay> err, jacket*
[03:39:15] <NCommander> Its not an ideal situation
[03:39:23] <NCommander> But its one we can live with until someone here decided to deal with it
[03:39:29] <NCommander> I'd love to put a bullet in 1.3
[03:39:30] <xlefay> No it's not, but we'll get there eventually
[03:39:42] * NCommander nominates audioguy to port us to Apache 2.x
[03:39:49] <mechanicjay> xlefay: https://gist.github.com
[03:39:51] * NCommander steps back in line
[03:39:52] <xlefay> Ehm, don't mean to be a nag, but apache, kerberos, keytab? :)
[03:40:02] <NCommander> xlefay, ah yes. SO we need to create a principle for it
[03:40:16] <xlefay> NCommander: that's what I thought too
[03:40:18] <NCommander> xlefay, probably *service name*/*host* is the correct way to do this
[03:40:44] <NCommander> so we can see at a glance what has kerberos access with list principles
[03:40:51] <NCommander> xlefay, just don't write it to the root keytab, that won't work
[03:41:11] <xlefay> Agreed
[03:41:23] <NCommander> OOH GUYS
[03:41:31] <NCommander> YAY
[03:41:48] <NCommander> 92 GiB used
[03:41:49] <bytram> !current-uid
[03:41:49] <DashComma> The current maximum UID is 3944, owned by LazyBoot
[03:42:03] <xlefay> $ sudo kadmin.local I've never seen that sudo notation, heh ;-)
[03:42:06] <xlefay> bytram: it's still broken
[03:42:06] * bytram notices that it is *still* at 3944.
[03:42:13] <bytram> xlefay, yup.
[03:42:24] <NCommander> xlefay, registration or the script
[03:42:24] <mechanicjay> bytram: no good
[03:42:30] <xlefay> NCommander: !current-uid script
[03:42:33] <bytram> xlefay, more like "it's borken"
[03:42:35] <NCommander> *phew*
[03:42:38] <xlefay> I think it got banned or something :P
[03:43:07] <NCommander> xlefay, it might be hitting the cache :-)
[03:43:09] <xlefay> Registration works fine, I tested it after I got worried it may be broken
[03:43:17] <NCommander> Where the fuck is our bandwidth going ...
[03:43:20] <xlefay> NCommander: I doubt it.
[03:43:42] <xlefay> Otherwise, a manual to zoo.pl would also hit cache
[03:43:44] -!- mattiep has quit [Quit: Leaving]
[03:44:11] <NCommander> WTF
[03:44:25] <NCommander> Lithium has sent 30 GiB worth of crap
[03:44:36] <bytram> NCommander, is that just for SN, or for all the linodes?
[03:45:02] <xlefay> NCommander: interesting: 'sudo kadmin.local' bypasses the admin pass
[03:45:02] <NCommander> bytram, its pooled
[03:45:07] <NCommander> xlefay, not exactly
[03:45:13] <mechanicjay> bytram: the database says that the max uid is 3982 -- Bogsnoticus
[03:45:17] <xlefay> "kadmin" requires auth first, "kadmin.local" doesn't?
[03:45:20] <NCommander> xlefay, it access the kerberos db directly
[03:45:22] <bytram> so what about all that load we tossed at dev.sn?
[03:45:29] <NCommander> xlefay, it only works on helium
[03:45:34] <NCommander> I'm thinking that's it
[03:45:36] <xlefay> so it does, bypass the password but only on Helium ;)
[03:45:48] <NCommander> xlefay, yeah, because it's editing the database directly
[03:46:11] <xlefay> btw: https://help.ubuntu.com
[03:46:16] <NCommander> Yesh, we peaked 16 MiB per second when we loadtested it
[03:46:18] <xlefay> is exactly what you meant ;-) service/host
[03:46:18] <NCommander> Holy shit
[03:46:32] <bytram> apache ab testing, as well as the link spidering I did, as well as search engines, as well as users, as well as exporting the DB, and creating VMs
[03:46:45] <NCommander> bytram, probably
[03:46:56] <xlefay> apache ab = redundant :P
[03:47:02] <NCommander> Ok, at least we're not eing actiely attacked, and we know we don't blow up anymore under heavy load
[03:47:21] <bytram> xlefay, just making sure =)
[03:47:52] <bytram> .me notices something attacked NCommander's "b" and "v" keys.
[03:47:55] <mechanicjay> Alright, I've got to drop off for the night. I'll talk to you guys tomorrow.
[03:48:00] <NCommander> We have 16 TiB of bandwidth
[03:48:05] <NCommander> I'm not hugely concerned at this point
[03:48:11] <NCommander> It would take one hell of an attack to exhaust that
[03:48:11] <bytram> mechanicjay, thanks! have a great night!
[03:48:31] <mechanicjay> bytram: thanks you too!
[03:49:09] <bytram> NCommander, OOhhhhh! Now i see what you're doing. I thought you were just trying to lighten the load on the SN server.
[03:49:11] -!- mechanicjay has quit [Quit: Leaving.]
[03:49:25] <bytram> I must have just missed that part of the conversation.
[03:49:31] <NCommander> Honestly, with the way things are
[03:49:37] <xlefay> heh NCommander ;-)
[03:49:41] <NCommander> I just want a second DB node, and web node for reducency
[03:49:44] <NCommander> Not for load
[03:49:44] <xlefay> kadmin @ boron as root: Authenticating as principal mcasadevall/admin@LI694-22 with password.
[03:49:48] <NCommander> We're good for a long ass time
[03:50:02] <NCommander> xlefay, I have a kerberos admin account
[03:50:09] <NCommander> xlefay, kinit krb/admin
[03:50:18] <xlefay> aah
[03:50:20] <NCommander> xlefay, what did you create the principle as
[03:50:30] <bytram> So, if we're under attack, the only thing that we really need to serve is the root SN page; the rest of the assetts can persist in user's cache.
[03:50:37] <NCommander> bytram, bingo
[03:50:38] <xlefay> HTTP/boron.li694-22.
[03:50:42] <NCommander> xlefay, ACK, CAPS
[03:50:44] * NCommander dies
[03:50:54] <xlefay> is it really that bad? :P
[03:51:10] <NCommander> no, kerberos like caps
[03:51:37] <xlefay> good
[03:52:31] <bytram> NCommander, likes caps? Berets? or Panama?
[03:52:47] * NCommander beats bytram
[03:53:00] * bytram smiles
[03:53:15] <xlefay> FML
[03:53:17] <xlefay> it actually worked
[03:53:26] * xlefay is having a holy shit moment.
[03:53:47] <bytram> two thirds of a pun is: p u
[03:53:48] <xlefay> <-- not used to docs, actually working as you expect it
[03:54:13] <bytram> xlefay, FML?
[03:54:36] <NCommander> AAAA record published
[03:54:46] <xlefay> bytram: fuck my life
[03:54:51] <NCommander> xlefay, Ubuntu's docs are decent, though there are a couple of landmines
[03:54:53] <bytram> no thanks.
[03:55:00] <bytram> =)
[03:55:07] <NCommander> (the kerberos setup one is technically correct, but written by someone who only theorically setup kerberos)
[03:55:14] <NCommander> (w.r.t. to replication)
[03:55:47] * NCommander waits for dev's AAAA record to publish
[03:56:07] <xlefay> Linode's DNS is a bit slow tho ;[
[03:56:11] <paulej72> NCommander: updted low sub message with your additions. Pull request has been made
[03:56:15] <xlefay> stupid quarterly update
[03:56:37] -!- Cyprus has quit []
[03:57:17] <NCommander> xlefay, meh, its not like we edit it constantly
[03:58:09] <xlefay> That's true, I just don't like having to wait a bit before setting the reverses :P
[03:58:12] <xlefay> but nagios first ;-)
[03:58:22] <NCommander> xlefay, NP. kerberos authetication remains sexy
[03:58:34] * NCommander notes we can probably whitelist IDs for it if we want
[03:58:59] <xlefay> Yes, I was wondering about that.
[03:59:09] <xlefay> Currently, everyone who can do kinit, can sign in - not a big issue though
[03:59:42] <NCommander> xlefay, hrm, I like the idea that you have to kinit locally to get into it :-)
[03:59:43] * NCommander ducks
[04:00:09] <xlefay> ha
[04:01:06] <xlefay> What surprises me is that the Nagios's package installed php for apache. (least, that's what I got from the log output)
[04:01:21] <NCommander> xlefay, aptitude why php
[04:02:38] <xlefay> i A nagios3-cgi Depends libapache2-mod-php5 | php5 | php5-cgi
[04:02:43] <xlefay> and here I thought nagios used Perl
[04:03:44] <NCommander> xlefay, why is that lovely command to know why one package brings in 10 million others
[04:04:59] <xlefay> That's useful ;-)
[04:05:21] <NCommander> xlefay, we try to be that :-)
[04:05:37] <NCommander> audioguy, beside finger, are there any services from days of UNIX-lore we don't have that we should?
[04:05:46] * NCommander notes we could deploy rlogin if we wanted, we have kerberos!
[04:06:36] <audioguy> thinking...we all have web dirs, finger, procmail, ...
[04:06:57] <audioguy> we have nano
[04:07:03] <NCommander> emacs?
[04:07:04] <audioguy> emacs
[04:07:04] * NCommander ducks
[04:07:24] <bytram> audioguy, YAY!
[04:07:36] <NCommander> audioguy, I feel like I should set your shell to csh and make you suffer
[04:07:41] * bytram has been thinking of getting a new smart-phone, but where is the escape key?
[04:07:41] <audioguy> ls
[04:07:46] <paulej72> NCommander: I just put the new low submission queue message on dev. Have a look and let me know what you thing
[04:08:13] <xlefay> NCommander: echo "alias emacs='vim' >> /etc/bash.bashrc" ? ;-)
[04:08:26] <paulej72> we need a good MOTD prog
[04:08:29] <NCommander> paulej72, we got that
[04:08:29] <audioguy> nah never used csh say that probem coming.
[04:08:30] <xlefay> err, that " was misplaced
[04:08:39] <audioguy> saw
[04:08:40] <NCommander> paulej72, I can just have it run fortune :-P
[04:08:54] <audioguy> yes! fortune~
[04:09:01] <NCommander> paulej72, there's a nice frontend to the motd generator, thats how we get nice system stats when you are on !beryllium
[04:09:02] <audioguy> how could I have forgotten
[04:09:02] <xlefay> I second that
[04:09:10] <NCommander> hold on a second
[04:09:33] <bytram> NCommander, time's up. =)
[04:10:04] <NCommander> What type of fortunes do we want?
[04:10:05] <paulej72> NCommander: the current MOTD only runs once a day, I would not mind it fit ran at each login.
[04:10:13] <NCommander> paulej72, it actually runs each login via PAM
[04:10:20] <xlefay> NCommander: how about we just do quotes out of Bender?
[04:10:44] <NCommander> mcasadevall@boron:/etc/update-motd.d$ fortune -a
[04:10:44] <NCommander> I do desire we may be better strangers.
[04:10:44] <NCommander> -- William Shakespeare, "As You Like It"
[04:10:48] <audioguy> fortune you can use for many other things
[04:10:53] <NCommander> xlefay, just load it into the fortune file
[04:10:55] <xlefay> cowsay fortune?!
[04:11:03] <xlefay> as the motd? What could possibly be nicer?
[04:11:24] <NCommander> xlefay, write a script to push Bender's quote database as as a fortunate database to everything expect hydrogen
[04:11:34] <NCommander> (if they're on hydrogen, they'll show up on the main index)
[04:11:34] <paulej72> NCommander: if l login to a node from boron, i get the stats, but if i log out and log in agian it does not show up. this is using kinit and ssh
[04:11:41] <xlefay> NCommander: LOL
[04:11:57] <xlefay> NCommander: btw, use fortune with cowsay ;-)
[04:12:02] <audioguy> XYZZY
[04:12:05] <NCommander> k
[04:12:22] <NCommander> paulej72, I'll investigate in a minute
[04:12:25] <audioguy> 'you can't use that - yet'
[04:12:58] <xlefay> # /usr/games/cowsay `/usr/games/fortune`
[04:13:00] <xlefay> ^ awesomeness
[04:13:11] <paulej72> NCommander: it was doing that the other day, now it seems fine
[04:13:12] <NCommander> mcasadevall@boron:/etc/update-motd.d$ fortune -a | cowsay -W 78
[04:13:13] <NCommander> ______________________________
[04:13:13] <NCommander> < There is a fly on your nose. >
[04:13:13] <NCommander> ------------------------------
[04:13:18] <NCommander> There we go
[04:13:38] <audioguy> Colossal Cave Adventure
[04:13:43] <xlefay> / Q: How does a hacker fix a function \
[04:13:44] <xlefay> | which doesn't work for all of the |
[04:13:46] <xlefay> | elements in its domain? A: He changes |
[04:13:47] <xlefay> \ the domain. /
[04:13:49] <xlefay> hah, that's awesome.
[04:13:56] <audioguy> and Eliza ;-)
[04:14:56] <bytram> audioguy, Ever make it to the end of Colossal Cave? (350 pt)
[04:15:41] <audioguy> Nope. At that time, I had a life. ;-)
[04:16:26] <bytram> audioguy, LOL! At that time, I was a freshman in college. Had neither time nor a life ;^) but I was not to be denied!
[04:16:41] <audioguy> Not much of a gamer, but at that time, Adventure was pretty amazing.
[04:16:49] <bytram> this was back in '82-'83, I think.
[04:17:01] <bytram> audioguy, It really *was* magic at the time.
[04:17:18] <NCommander> hrm
[04:17:22] <NCommander> xlefay, it works?
[04:17:29] <xlefay> NCommander: the motd?
[04:17:32] <NCommander> Yeah
[04:17:40] <audioguy> And so was eliza, who ordianry people that was artificial intelligence. Was fun to hack it
[04:17:42] <xlefay> where you put it?
[04:17:47] <audioguy> thought
[04:17:57] <xlefay> @ boron? I'm still seeing the default
[04:18:09] <NCommander> xlefay, I threw it in hrm
[04:18:44] <xlefay> hmm doesn't /etc/motd auto generate by cron?
[04:18:45] <audioguy> Oh, yeah there chat/talk. But that stuff pretty insecure.
[04:19:16] <audioguy> irc is better.
[04:20:12] <NCommander> audioguy, chat/talk kinda handy if you need to get someone on a system
[04:20:43] <NCommander> audioguy, I believe talk and chat can be kerberosized
[04:20:58] <bytram> hey all, time for some shuteye. it's been fun!
[04:21:02] <audioguy> Nah, just echo "your message" > /dev/theirterminal ;-)
[04:21:35] <NCommander> audioguy, I prefer to wall preferrably
[04:21:40] <xlefay> write user ;]
[04:21:42] <NCommander> xlefay, its not a crontab AFAIK
[04:22:00] <xlefay> can't find it either...
[04:22:11] <audioguy> You guys and your fancy programs.
[04:22:38] bytram is now known as bytram|zzz
[04:24:21] <NCommander> xlefay, audioguy blamo
[04:24:24] <NCommander> Works now
[04:24:35] <NCommander> /usr/games isn't in the PATH for pam_motd
[04:25:03] <audioguy> blamo? Got me there? ;-)
[04:25:09] <paulej72> ______________________________________________________________
[04:25:10] <paulej72> < Q: Why do WASPs play golf ? A: So they can dress like pimps. >
[04:25:12] <paulej72> --------------------------------------------------------------
[04:25:13] <paulej72> \ ^__^
[04:25:15] <paulej72> \ (oo)\_______
[04:25:16] <paulej72> (__)\ )\/\
[04:25:17] <paulej72> ||----w |
[04:25:18] <paulej72> || ||
[04:25:30] <xlefay> ah you did -a?
[04:25:46] * xlefay reads up *seems so:P*
[04:25:55] <xlefay> hahaha, this is awesome tho!
[04:26:14] <NCommander> xlefay, I did
[04:26:29] <NCommander> We need a package to install this script
[04:26:37] * NCommander actually thinks though I should put some useful info in the motd
[04:27:06] <audioguy> You can just type fortune now
[04:28:21] <NCommander> audioguy, this is starting to feel like an old fashion UNIX system
[04:28:26] -!- bytram|zzz has quit [Ping timeout: 246 seconds]
[04:28:40] <NCommander> just need more UUCP and we're pretty much there
[04:28:56] <audioguy> yeah, freedom.
[04:29:15] <NCommander> audioguy, the FSF would have you believe that we need to run gnewsense to get that
[04:29:26] <audioguy> BASIC for the newbies.
[04:29:32] <NCommander> I on the other hand
[04:29:33] <NCommander> mcasadevall@boron:/etc/update-motd.d$ vrms
[04:29:33] <NCommander> No non-free or contrib packages installed on boron! rms would be proud.
[04:29:51] <NCommander> audioguy, I can install a COBOL compiler
[04:30:11] <audioguy> pass on that
[04:31:07] <audioguy> 'pong' for the staff lounge, of course
[04:31:43] * NCommander notes aside from talk, we've basically got everything once we have proper mail account on beryllium
[04:32:20] <xlefay> failed to verify krb5 credentials: Server not found in Kerberos database: -_-'
[04:32:34] <NCommander> xlefay, check auth.log, see what it tried to look for
[04:32:59] <NCommander> xlefay, BTW, did you know on Ubutnu and Debian you can get full IPv6 functionality with a single command
[04:33:01] <xlefay> nothing in auth.log
[04:33:06] <NCommander> sudo apt-get install miredo
[04:33:07] <xlefay> (this is via apache tho eh)
[04:33:10] <NCommander> Looking
[04:33:18] <xlefay> Isn't tht the tunnelling stuff?
[04:33:19] <audioguy> Gentoo too
[04:33:52] <NCommander> xlefay, Mar 27 03:32:57 soylent-db krb5kdc[18393]: TGS_REQ (4 etypes {18 17 16 23}) UNKNOWN_SERVER: authtime 0, xlefay@LI694-22 for HTTP/li204-21.members.linode.com@LI694-22, Server not found in Kerberos database
[04:33:52] <audioguy> I mostly can't use it. Too much ancient crap in businesses.
[04:34:04] <NCommander> why the fuck is it sending THAT
[04:34:04] <xlefay> ooh...
[04:34:28] <xlefay> hostname is wrong
[04:34:35] <NCommander> In several ways
[04:34:51] <NCommander> xlefay, server hostname correctly, then vhost!
[04:35:15] <NCommander> dev.soylentnews.org. 300 IN AAAA 2600:3c00::f03c:91ff:fe6e:d0a3
[04:35:19] <xlefay> I added it as boron.li694-22 anyway
[04:35:19] <NCommander> WOOOOOOO
[04:36:00] <xlefay> So, it should use /etc/krb5.conf, right?
[04:36:21] <NCommander> xlefay, no, this is apache itself saying its li204-22* to kerberos
[04:36:27] <NCommander> Kerberos will rdns to verify that
[04:36:31] <xlefay> oh
[04:36:46] <NCommander> xlefay, set the server name to boron.li694-22, then add vhosts
[04:36:55] -!- mrcoolbp [mrcoolbp!~mrcoolbp@Soylent/Staff/mrcoolbp] has joined #staff
[04:36:55] -!- mode/#staff [+v mrcoolbp] by SkyNet
[04:36:58] <NCommander> hrm
[04:37:05] * NCommander is getting an IPv4 dev.*
[04:37:16] <audioguy> set it to staff.li694-22
[04:37:34] <audioguy> less confusing.
[04:38:20] <NCommander> http://askubuntu.com
[04:38:23] <NCommander> Well, fuck you Ubuntu
[04:38:32] <NCommander> audioguy, he has to change the principle in kerberos
[04:38:38] <xlefay> NCommander: which server name are you referring to?
[04:39:43] <xlefay> What doesn't make sense is: how the fuck does it resolv that to linode?
[04:40:01] <xlefay> (assuming is the client which it is)
[04:40:24] <xlefay> So it's apache sending li204-21.members.linode.com then?
[04:40:48] <xlefay> (which makes no sense..)
[04:40:49] <audioguy> apche using some default to hostname or something.
[04:41:15] <NCommander> xlefay, it uses the ServerName field to determine its hostname, if it can't get it, it rdnses its public IP address
[04:41:19] <xlefay> ooh
[04:42:00] <NCommander> hrm
[04:42:32] <NCommander> Looks like I need to reboot to make this effective
[04:43:46] <audioguy> I se Ubunto to HAD to fuck with the apache config.
[04:44:01] <audioguy> just HAD to mess with it.
[04:44:52] <xlefay> doesn't change anything *sighs* I knew this was too easy ;-)
[04:47:07] <NCommander> audioguy, ???
[04:47:11] <NCommander> xlefay, give me a second
[04:47:42] <xlefay> I get it already ;-)
[04:47:46] <xlefay> I think :p
[04:48:09] <paulej72> which node are we messing with right now? can’t seem to follow the conversation
[04:48:29] <paulej72> bacon++
[04:48:29] <DashComma> karma - bacon: 28
[04:50:32] <NCommander> http://fossies.org
[04:50:38] <NCommander> paulej72, boron
[04:51:59] <audioguy> I generally just want the organization of the apache folder to be what -Apache- provides, because it is consistent and doesn't change to match every distros different idea.
[04:53:22] <audioguy> 'staff'
[04:53:41] <xlefay> If I recall, it was actually Debian who changed it
[04:53:50] <NCommander> audioguy, eh, strictly speaking, its upstrema now
[04:53:51] <NCommander> ./configure --enable-layout=Debian
[04:54:09] <audioguy> So becauses Johnny jumped of a cliff... ;-)
[04:54:15] <NCommander> And I believe the reason for the change is because the traditional layout violates teh FHS
[04:54:36] <NCommander> audioguy, this isn't something introduced by Ubuntu or our layout
[04:54:44] <audioguy> FHS?
[04:56:02] <NCommander> audioguy, filesystem heirarchy system
[04:56:11] <NCommander> Basically the standard guide used to define what goes where
[04:56:20] <audioguy> Whose standard is that?
[04:56:26] <NCommander> Linux Foundation
[04:56:54] <audioguy> I thinof of that as the Linux Filesystem Standard LFS. Maybe old term
[04:57:03] <NCommander> audioguy, you're thinking of the old FSTD
[04:57:29] <audioguy> Yeah.
[04:59:17] <xlefay> (see e-text)?
[04:59:17] <audioguy> For a while there it seemd like thei was chanign every year or teo on Gentoo, all COMPLETELY different, and different from Debian, to the poin anymore I just instantly replace it with my own or the stock apache on.
[05:00:08] <NCommander> xlefay, on boron, what does the public facing IPv4 IP resolve as?
[05:00:20] <NCommander> if you RDNS
[05:00:29] * NCommander is betting thats the problem
[05:00:40] <xlefay> ah, sec.
[05:00:55] <xlefay> It's preauth failing though :/
[05:01:04] <xlefay> I fixed the initial error of no client found
[05:01:56] <NCommander> mcasadevall@boron:~$ host
[05:01:56] <NCommander> domain name pointer boron.soylentnews.org.
[05:02:01] <NCommander> xlefay, preauth?
[05:02:04] <NCommander> Ugh
[05:02:07] <NCommander> Strand by
[05:02:19] <NCommander> That seems to be kerberos's default error message
[05:03:20] <audioguy> unixguy:~/.ssh audioguy$ dig -x
[05:03:23] <audioguy> PTR li204-21.members.linode.com.
[05:03:29] <audioguy> cacheing
[05:03:41] <NCommander> audioguy, from boron, it points to the right place
[05:03:44] <NCommander> xlefay, Mar 27 04:03:01 soylent-db krb5kdc[18393]: TGS_REQ (4 etypes {18 17 16 23}) UNKNOWN_SERVER: authtime 0, xlefay@LI694-22 for HTTP/sentinel.soylentnews.org@LI694-22, Server not found in Kerberos database
[05:03:54] <NCommander> "sentinel"
[05:03:56] <NCommander> WTF?
[05:03:58] <xlefay> NCommander: ignore that, I changed that back to boron
[05:04:08] <xlefay> I was testing with the servername and all that crap
[05:04:16] <xlefay> <-- wanted to be thorough
[05:04:17] <NCommander> Mar 27 04:03:40 soylent-db krb5kdc[18393]: TGS_REQ (4 etypes {18 17 16 23}) NO PREAUTH: authtime 0, xlefay@LI694-22 for HTTP/boron.soylentnews.org@LI694-22, Generic error (see e-text)
[05:04:21] <NCommander> "generic error"
[05:04:23] <NCommander> That's awesome
[05:04:31] <NCommander> xlefay, try generating a ticket by hand
[05:04:32] <NCommander> hold on
[05:04:47] <paulej72> OK I am off to bed. tomorrow all.
[05:04:51] <NCommander> Mar 27 04:04:42 soylent-db krb5kdc[18393]: AS_REQ (4 etypes {18 17 16 23}) CLIENT_NOT_FOUND: NOUSER@LI694-22 for krbtgt/LI694-22@LI694-22, Client not found in Kerberos database
[05:05:27] * NCommander pokes
[05:05:35] <xlefay> ^ that probably happens when login times out
[05:05:49] <NCommander> Oh, we probably need to put it in the KDC's keytab
[05:05:50] <NCommander> maybe
[05:05:59] <xlefay> hmm
[05:06:32] * xlefay ups the priority of learning kerberos on his todo list
[05:06:34] <NCommander> xlefay, where did you put the keytab?
[05:06:40] * NCommander wants to check something
[05:06:41] <xlefay> /etc/apache2/auth/
[05:07:06] <xlefay> Don't tell me I put it on the wrong server..
[05:07:45] <xlefay> preauth (encrypted_timestamp) verify failure: Decrypt integrity check failed
[05:07:47] <xlefay> like WTF
[05:08:00] <NCommander> xlefay, $ kinit -t apache2.keytab -k HTTP/boron.soylentnews.org
[05:08:00] <NCommander> $ klist
[05:08:00] <NCommander> Ticket cache: FILE:/tmp/krb5cc_33
[05:08:00] <NCommander> Default principal: HTTP/boron.soylentnews.org@LI694-22
[05:08:00] <NCommander> Valid starting Expires Service principal
[05:08:01] <NCommander> 27/03/2014 04:07 27/03/2014 14:07 krbtgt/LI694-22@LI694-22
[05:08:03] <NCommander> renew until 28/03/2014 04:07
[05:08:10] <xlefay> So that works
[05:08:13] <NCommander> xlefay, decrypt integrity check == wrong password
[05:08:16] <xlefay> ah
[05:08:28] <NCommander> xlefay, where's the test page?
[05:08:32] <xlefay> So the error is on our side
[05:08:37] <audioguy> boron.soylentnews.org
[05:08:38] <xlefay> http://sentinel.soylentnews.org
[05:08:45] <audioguy> not in dns ?
[05:08:47] <xlefay> https*
[05:08:48] <NCommander> xlefay, i just get the status page
[05:08:57] <xlefay> I need to fix that vhost madness
[05:09:00] <xlefay> https://sentinel.soylentnews.org
[05:09:13] <NCommander> Forbidden
[05:09:13] <NCommander> You don't have permission to access / on this server.
[05:09:15] <NCommander> Hrm
[05:09:18] <xlefay> The default takes precedence over all the others, so I'll need to fix that
[05:09:28] <xlefay> NCommander: that's ehm, good...
[05:09:31] <NCommander> xlefay, Mar 27 04:09:07 soylent-db krb5kdc[18393]: AS_REQ (4 etypes {18 17 16 23}) ISSUE: authtime 1395893347, etypes {rep=18 tkt=18 ses=18}, mcasadevall@LI694-22 for krbtgt/LI694-22@LI694-22
[05:09:31] <NCommander> Mar 27 04:09:07 soylent-db krb5kdc[18393]: TGS_REQ (4 etypes {18 17 16 23}) ISSUE: authtime 1395893347, etypes {rep=18 tkt=18 ses=18}, mcasadevall@LI694-22 for HTTP/boron.soylentnews.org@LI694-22
[05:09:35] <NCommander> Likes me just fine :-)
[05:09:39] <xlefay> NCommander: if you got "Authorization required" it'd be bad
[05:09:42] <xlefay> ehm
[05:09:48] <xlefay> so why the fuck isn't it accepting me lol
[05:09:49] <NCommander> xlefay, I did, I put in my user and pass
[05:09:56] <NCommander> xlefay, try "xlefay@LI694-22"
[05:10:03] <NCommander> You probably forgot to set the default realm in the plugin
[05:10:09] <xlefay> nope
[05:10:25] <xlefay> & realm is set correctly.
[05:10:29] <xlefay> audioguy: can you try to sign in?
[05:10:35] <NCommander> Mar 27 04:09:07 soylent-db krb5kdc[18393]: AS_REQ (4 etypes {18 17 16 23}) ISSUE: authtime 1395893347, etypes {rep=18 tkt=18 ses=18}, mcasadevall@LI694-22 for krbtgt/LI694-22@LI694-22
[05:10:35] <NCommander> Mar 27 04:09:07 soylent-db krb5kdc[18393]: TGS_REQ (4 etypes {18 17 16 23}) ISSUE: authtime 1395893347, etypes {rep=18 tkt=18 ses=18}, mcasadevall@LI694-22 for HTTP/boron.soylentnews.org@LI694-22
[05:10:35] <NCommander> Mar 27 04:10:06 soylent-db krb5kdc[18393]: AS_REQ (4 etypes {18 17 16 23}) ISSUE: authtime 1395893406, etypes {rep=18 tkt=18 ses=18}, xlefay@LI694-22 for krbtgt/LI694-22@LI694-22
[05:10:35] <NCommander> Mar 27 04:10:06 soylent-db krb5kdc[18393]: TGS_REQ (4 etypes {18 17 16 23}) NO PREAUTH: authtime 0, xlefay@LI694-22 for HTTP/boron.soylentnews.org@LI694-22, Generic error (see e-text)
[05:10:38] <NCommander> Mar 27 04:10:06 soylent-db krb5kdc[18393]: TGS_REQ (4 etypes {18 17 16 23}) NO PREAUTH: authtime 0, xlefay@LI694-22 for HTTP/boron.soylentnews.org@LI694-22, Generic error (see e-text)
[05:10:38] <audioguy> to what?
[05:10:41] <NCommander> Yeah, it really doesn't love you
[05:10:46] <xlefay> https://sentinel.soylentnews.org
[05:10:51] <xlefay> just use your kerberos auth..
[05:11:02] <audioguy> xinit?
[05:11:04] <xlefay> NCommander: it's like "FUUUUUUUUUUUUUUUUU You're not getting in"
[05:11:22] <NCommander> xlefay, hrm, you DO get issued a krbtgt
[05:11:27] <NCommander> It then says fuck you
[05:11:32] <NCommander> let me look a bit deeper
[05:12:00] <xlefay> audioguy: just use your kerberos username & pass
[05:12:02] <xlefay> from kinit, yes
[05:12:25] <xlefay> oh comeon
[05:12:36] <audioguy> it works for me.
[05:12:48] <NCommander> xlefay, oh WTF?
[05:12:51] <NCommander> xlefay, my account requires PREAUTH
[05:12:54] <NCommander> audioguys does
[05:12:57] <NCommander> yours ... doesn't
[05:12:59] <NCommander> WTF?
[05:13:14] <xlefay> because yours is an admin?
[05:13:23] <audioguy> xinit works for me too ;-)
[05:13:31] <NCommander> kadmin: modify_principal +requires_preauth xlefay
[05:13:31] <NCommander> Principal "xlefay@LI694-22" modified.
[05:13:36] <NCommander> xlefay, no this is my normal kerberos account
[05:13:40] <NCommander> xlefay, try it now
[05:13:55] <xlefay> Works now...
[05:13:57] <xlefay> like WTF
[05:14:00] <NCommander> Yeah
[05:14:07] <NCommander> I think a check in mod_auth_kerb is fipped
[05:14:14] <xlefay> Thank you, least we got this figured out
[05:14:27] <NCommander> xlefay, talk about arcane voodoo
[05:14:30] <xlefay> /etc/apache2/sites-enabled/nagios.conf
[05:14:37] <audioguy> It just doen't like europeans. ;-)
[05:14:47] <NCommander> Shifty fellows those Europeans
[05:15:08] <audioguy> You bet, almost as bad a Canadians
[05:15:18] <xlefay> Hey, least our government doesn't spy on it's citizens oh wait, ...
[05:17:19] <NCommander> xlefay, :-)
[05:17:35] <xlefay> I just nullified my point as well ;)
[05:18:08] <NCommander> xlefay, that being said, single signon remains sexy
[05:18:17] <xlefay> Yes, it does
[05:18:26] <audioguy> You r gov doesn't have to spy on its citizens. Ours does it for you. We have to do EVRRYTHING for you slackers.
[05:18:37] <xlefay> audioguy: actually, you're absolutely right
[05:18:46] <audioguy> :-)
[05:18:50] <xlefay> My gov't only does a little bit of spying, most info they get from others ;-)
[05:18:54] <NCommander> pfft, when you guys get invaded, we have to come bail you out :-P
[05:19:17] <audioguy> Right now I wish someone would invade US
[05:19:18] <NCommander> xlefay, do you have native IPv6 functionality?
[05:19:24] <xlefay> NCommander: no tunnel only :/
[05:19:25] <audioguy> 'liberate'
[05:19:41] <xlefay> Also, technically, it was a joint effort in WW2 for instance
[05:19:42] <NCommander> xlefay, ugh, I have my gai.conf modified to prefer IPv6 through the tunnel, but ...
[05:19:59] <xlefay> Sure allies did a lot but you got a lot of help from the resistance
[05:20:27] <xlefay> iirc, many nations supplied resistance fighters with weaponry and such also
[05:20:28] <audioguy> Of course.
[05:20:35] <xlefay> gai.conf, for IPv6 preference?
[05:20:59] <NCommander> xlefay, yeah, I need to reboot
[05:21:08] <xlefay> wait though
[05:21:21] <NCommander> ?
[05:21:39] <xlefay> my system seems to be prefer IPv6 by default, but I don't seem to have a gai.conf..
[05:21:56] <xlefay> /usr/share/doc/glibc-common/gai.conf | /usr/share/man/man5/gai.conf.5.gz
[05:22:16] <xlefay> ain't there a sysctl switch for? x'D
[05:22:20] <NCommander> xlefay, no
[05:22:36] <NCommander> xlefay, hrm ... there's no good way to see if it will connect to dev.soylentnews.org on IPv4 or 6
[05:22:49] <NCommander> mcasadevall@tranquility:~/src/slashcode$ telnet dev.soylentnews.org 80
[05:22:49] <NCommander> Trying 2600:3c00::f03c:91ff:fe6e:d0a3...
[05:22:49] <NCommander> Er
[05:22:51] <audioguy> are you going reboot staff?
[05:22:51] <NCommander> Then again
[05:22:59] <NCommander> No, I need to reboot ::1
[05:23:05] <audioguy> ok
[05:23:15] <audioguy> wanted get out if so. ;-)
[05:23:16] <xlefay> sudo init 6
[05:23:17] <xlefay> ;')
[05:23:32] <xlefay> it's 6 iirc
[05:24:18] * NCommander notes we could set runlevels for the services we want!
[05:24:26] * NCommander isn't sure how thats useful but never mind that
[05:24:37] <xlefay> ha! ;)
[05:25:34] <NCommander> xlefay, BTW, this keytab stuff is how we can do node-to-node SSH != authorized key voodoo
[05:25:46] <audioguy> Gentoos system for run levels is pretty cool - you just make up your own, use any name.
[05:26:08] <xlefay> NCommander: it's reasonably simple
[05:27:08] <NCommander> xlefay, pity its not used more
[05:27:19] * NCommander wonders if I should inflict S/KEY on your guys
[05:28:14] <NCommander> ugh
[05:28:21] * NCommander swears angerly at dev
[05:28:24] <NCommander> and IPv6 setups
[05:28:59] <NCommander> BTW
[05:29:03] <NCommander> cookies being bound to IPs
[05:29:10] * NCommander thinks its a feature that probably should be dumped
[05:29:46] <xlefay> Probably against session hijacking?
[05:30:21] <NCommander> IT WORKS
[05:30:23] <NCommander> xlefay, yeah
[05:30:31] <NCommander> Slash didn't explode when I got it to connect via IPv6
[05:30:55] <NCommander> Well
[05:30:56] <NCommander> ...
[05:30:59] <NCommander> Its not perfect
[05:31:04] <NCommander> SUBID didn't split out properly
[05:31:08] <NCommander> SO we can't ban on subnets
[05:31:14] <NCommander> I'm not sure thats useful for IPv6 though
[05:31:43] <xlefay> the pidl crap?
[05:32:04] <NCommander> xlefay, yeah
[05:33:08] <xlefay> Logged in as xlefay@LI694-22 <--- haha I love that
[05:33:18] <NCommander> xlefay,
[05:33:23] <NCommander> where is that?
[05:34:07] <NCommander> Logged in as mcasadevall@LI694-22
[05:34:07] <xlefay> @ nagios
[05:34:09] <NCommander> HAH
[05:34:16] <NCommander> That's extremely sexy
[05:34:22] <NCommander> kerberos++
[05:34:22] <DashComma> karma - kerberos: 1
[05:35:06] <xlefay> just fixed some url references ;P
[05:35:12] <xlefay> Now it looks more complete
[05:36:10] <xlefay> MrBluze|afk++ for 'sentinel' name suggestion ;-)
[05:36:14] <NCommander>
[05:36:14] <NCommander> Debian GNU/Linux
[05:36:14] <NCommander> ( Debian GNU/Linux )
[05:36:15] <NCommander> WRONG
[05:36:59] <NCommander> That being said
[05:37:00] <xlefay> It does actually have an ubuntu logo
[05:37:00] <NCommander> sexy++
[05:37:01] <DashComma> karma - sexy: 1
[05:37:44] <NCommander> xlefay, I'm going to smoke, then more sexiness
[05:38:18] <audioguy> well, it wants credentials. Other than that, it worked in lynx. ;-)
[05:38:37] <NCommander> audioguy, credentials should work fine in Lynx
[05:38:53] <NCommander> So
[05:38:59] <NCommander> .... pushing AAAA records on the main site
[05:39:05] * NCommander guesses thats a question for the mailing list
[05:39:15] <xlefay> NCommander: restart ;-)
[05:39:25] <xlefay> s/start/fresh/
[05:39:30] <xlefay> sed -i 's/debian/ubuntu/i' * # ;')
[05:40:32] <audioguy> well, mine did not work
[05:41:01] <audioguy> same as my kinit?
[05:42:05] <xlefay> yes
[05:42:57] <audioguy> did not work
[05:43:48] <xlefay> I didn't even see an auth attempt
[05:44:03] <audioguy> maybe want different host?
[05:44:13] <xlefay> We're talking about Nagios, right?
[05:44:17] <audioguy> I am using lynx from boron itself
[05:44:22] <audioguy> yes
[05:44:35] <xlefay> Well, username is just 'audioguy' and your password
[05:44:49] <xlefay> (when prompted at https://sentinel.soylentnews.org)
[05:44:49] <audioguy> not audioguy@blah ?
[05:45:04] <audioguy> yeah that is what I used.
[05:45:12] <xlefay> I didn't do that iirc, but you can audioguy@LI694-22 to test
[05:45:17] <audioguy> let me try again...
[05:47:00] <audioguy> That got me in. Its becasue the dns does not know boron, maybe.
[05:47:11] <xlefay> no, that's irrelevant
[05:47:15] <xlefay> Apache sends the stuff
[05:47:25] <audioguy> well, same with @boron did not work
[05:47:27] <xlefay> Guess it's just required, although I did set up the realm in apache
[05:47:36] <xlefay> anyway, it doesn't matter, it works.
[05:47:39] <audioguy> but with LI694-22 did
[05:47:54] <xlefay> although, I just used 'xlefay' and it worked
[05:47:58] <xlefay> (I just tested again)
[05:48:03] <audioguy> I tried that too.
[05:48:15] <audioguy> Truy from boron itself using lynx
[05:48:18] <audioguy> try
[05:48:24] <audioguy> Like I did
[05:50:38] <xlefay> how did you auth?
[05:50:59] <audioguy> what worked? Waited til it asked name
[05:51:00] <NCommander> Hrm
[05:51:07] * NCommander checks
[05:51:12] <xlefay> it doesn't ask a name here heh
[05:51:36] <audioguy> I does it you don't hit any key and wait a bit.
[05:51:39] <xlefay> does now, works without @li694-22
[05:52:03] <NCommander> Note: These pages require a browser which supports frames
[05:52:07] <audioguy> try with boron
[05:52:13] <xlefay> I did from boron
[05:52:17] <NCommander> Works from boron
[05:52:20] * NCommander just tried it
[05:52:25] <audioguy> yeah no frames in lynx ;-)
[05:52:26] <NCommander> audioguy, make sure you https://
[05:52:37] <audioguy> I did, got in...
[05:52:44] <NCommander> Bah, so a small bit of administration is not ADA complient :-/
[05:53:28] <audioguy> xlefay: I memat not justy from boron, but using your name @ boron
[05:53:48] <audioguy> meant
[05:55:07] <xlefay> you mean, xlefay@boron?
[05:55:32] <audioguy> yeah
[05:55:43] <xlefay> Well that makes sense, since boron isn't the realm, LI694-22 is
[05:56:03] <audioguy> just my name still does not work, must use LI694-22 to work
[05:56:09] <NCommander> audioguy, thats odd ...
[05:56:33] <audioguy> how did you log in to boron? If you used the hack, is different than normal ssh
[05:56:43] <audioguy> I used normal ssh
[05:56:45] <NCommander> Key: vno 1, des-cbc-crc, no salt
[05:56:51] * NCommander notes that smells insecure
[05:58:01] <audioguy> So *I* logged into staff.soylent... where using the proxy would have logged in to the li694-22 domain. May be the difference
[05:59:00] -!- mattie_p [mattie_p!~mattie_p@Soylent/Staff/Editor/mattiep] has joined #staff
[05:59:00] -!- mode/#staff [+v mattie_p] by SkyNet
[05:59:50] <NCommander> audioguy, it shouldn't. lynx doesn't support KRB5 authorzation
[06:00:00] <NCommander> What's happening here is that Apache wants a krb5 ticket
[06:00:07] <NCommander> if it doesn't get one, it asks for the krb5 username and password
[06:00:35] <audioguy> Well, if it doesn't how did i log in. ;-)
[06:01:18] <NCommander> audioguy, if lynx or your web browser is asking for a username/password, then it didn't get a ticket
[06:01:25] <NCommander> and Apache is doing kinit for you essentially
[06:01:26] <audioguy> yes, that is what it did ask for the auth
[06:01:42] <NCommander> audioguy, BUT, if you had a valid kerberos ticket on
[06:01:44] <NCommander> It would just work
[06:01:59] <xlefay> and lynx supported krb5, you could have opened lynx without having to ID ;-)
[06:02:06] <xlefay> @ sentinel, that is
[06:02:08] <NCommander> xlefay, it does? Docs say otherwise
[06:02:08] <audioguy> well, I thought I was logged in, let me make sure
[06:02:09] <xlefay> Right?
[06:02:36] <xlefay> NCommander: I dunno, that's what I'm getting from what your saying, it seems it needing Auth initially is always required
[06:02:53] <NCommander> xlefay, HTTP supports kerberosization
[06:03:01] <xlefay> audioguy, it shouldn't. lynx doesn't support KRB5 authorzation <-- doesn't matter whether lynx supports it or not, it all goes through Apache
[06:03:03] <NCommander> xlefay, as does most webbrowsers
[06:03:08] <NCommander> xlefay, you're misunderstanding me
[06:03:14] <xlefay> NCommander: exactly :)
[06:03:16] <NCommander> Its possible to autheticate via kerberos directly
[06:03:31] <NCommander> If, on my laptop, I had kinit-ed for mcasadevall@LI694-22
[06:03:33] <xlefay> OOH
[06:03:34] <NCommander> And had a local ticket
[06:03:45] <NCommander> It would allow me to access nagios sans username/password
[06:04:08] <xlefay> Yes, exactly.
[06:04:55] <xlefay> So if lynx supported that stuff, you could have 'kinit'd and opened Lynx, and it'd would have worked, or am I still misunderstanding?
[06:05:12] <xlefay> oh fml ;)
[06:05:23] <xlefay> <xlefay> and lynx supported <-- "and if lynx had supported" ;-)
[06:06:06] <audioguy> well, made sure i was authed on staff, then tried. This time it let me in with just my name, but still wanted pass
[06:06:52] <xlefay> NCommander: it seems I was missing a few words which led to the misunderstand :P Sorry about that, focused on Nagios, shouldn't be talking here!
[06:07:07] <NCommander> xlefay, bingo
[06:10:25] <NCommander> huh
[06:10:30] <NCommander> I didn't get a stats email tonight
[06:10:32] <NCommander> Where'd it go?
[06:10:41] <xlefay> hmm
[06:10:45] <xlefay> weird
[06:12:00] <xlefay> HOLY FUCK
[06:12:06] <xlefay> "mailq" @ hydrogen
[06:12:22] <xlefay> oh...
[06:12:27] <xlefay> wasn't as bad as I thought ;-)
[06:13:17] * NCommander just had a fucking brilliant idea on how to make edge be a thing
[06:13:26] <NCommander> xlefay, set a local cookie, then have varnish look for said cookie
[06:13:35] <NCommander> And change the backend server on the fly
[06:15:12] <xlefay> I see, we should discuss that matter on the mailing list methinks
[06:15:17] <xlefay> How we want to do the edge and all
[06:15:41] <audioguy> just get me a mailserver for my mail ;-)
[06:15:44] <NCommander> xlefay, https://www.varnish-cache.org
[06:17:48] <xlefay> btw https://www.varnish-cache.org
[06:17:57] <audioguy> before you get toop fr into new and shiny land.
[06:18:02] <audioguy> too far
[06:18:54] <xlefay> audioguy: don't worry, I haven't forgotten you
[06:19:14] <audioguy> ok, just being a pest. ;-)
[06:19:30] <NCommander> xlefay, we already do that
[06:19:49] <NCommander> xlefay, varnish holds its cache for 1 hour if the backend bites it
[06:21:04] <xlefay> Interesting
[06:21:20] <xlefay> btw, we should firewall hydrogen at some point
[06:21:29] <xlefay> but.. boron should be able to access apache directly @ 2600
[06:22:39] <xlefay> Can boron poll hydrogen:2600, NCommander?
[06:22:54] <NCommander> xlefay, no, binded
[06:23:01] <NCommander> xlefay, we can open it up if you firewall it
[06:23:20] <xlefay> I'll put that on my todo list ;)
[06:23:47] <xlefay> oh.. firewalling already is on there *hightens the priority*
[06:30:58] * xlefay wishes our nodes just had ONE /64
[06:31:35] <xlefay> e.g. all combined, that is
[06:33:59] <NCommander> xlefay, maybe poke Linode support and see if they can do that for us?
[06:34:55] <xlefay> We could, but the only advantage here would be that we can just set our SPF record to a /64
[06:35:02] <NCommander> xlefay, https://forum.linode.com
[06:35:05] <xlefay> besides that, there's not really an advantage except having all our servers in one net
[06:35:12] <NCommander> xlefay, simple firewalling
[06:35:55] <xlefay> SPF is a DNS thing for mail
[06:36:27] <xlefay> which says an IP(-range) is authorized send mails on behalf of a domain
[06:36:52] <xlefay> also audioguy, off you go
[06:37:03] <xlefay> "/var/mail/xlefay": 1 message 1 new
[06:37:05] <xlefay> >N 1 xander@xandev.nl Thu Mar 27 05:32 34/1846 Test
[06:37:10] <audioguy> ?
[06:37:56] <xlefay> you can send & receive mail
[06:38:39] <audioguy> can staffvote recieve mail and have it go into /home/staffvote/.maildir though procmail. ?
[06:39:47] <xlefay> Perhaps you can make that modification to the config yourself?
[06:40:06] <xlefay> Currently, it only does a mailfile which isn't what you want
[06:41:06] <NCommander> xlefay, ah, fuck
[06:41:08] <NCommander> *fun
[06:41:17] <xlefay> ?
[06:41:21] <audioguy> I probably can, cannot guarantee nor errors first time since I am new to this mail program. ;-) But I can also guantee it will be fixed....
[06:41:38] <xlefay> audioguy: let's not go with sendmail. I'll fix it for you.
[06:42:33] <audioguy> I actually found some instructions for doing exactly that. No I wasn't suggesting sendmail, can do it on postfix.
[06:43:01] <xlefay> audioguy: ah alright ;-)
[06:43:04] <audioguy> Do you hve procmail as an option?
[06:43:14] <xlefay> and don't worry about errors, we all make them :)
[06:43:22] <audioguy> (yet) If not I will add that as well.
[06:43:22] <xlefay> I haven't installed it yet or even fiddled with it
[06:43:43] <audioguy> Ok, will do that.
[06:43:44] * NCommander thinks audioguy is enjoying having relatively sane UNIX like backends
[06:43:54] <NCommander> audioguy, maybe I should put HP-UX or Solaris on a server for you :-)
[06:43:55] <xlefay> NCommander: s/relatively //
[06:43:56] <audioguy> yes. ;-)
[06:44:02] <xlefay> :P
[06:44:10] <audioguy> Solaris was really really cool once.
[06:44:21] <NCommander> <NerdRPG> NCommander cracked Miguel de Icaza's password. This wondrous godsend has accelerated them 0 days, 00:28:03 toward level 45.
[06:44:28] * NCommander had to deal with miguel once
[06:44:34] * NCommander has the scars to prove it
[06:44:44] <NCommander> So, in other words, KARMA BITCH!
[06:45:35] <audioguy> Won't hurt me to learn a littel postfix anyway.
[06:45:52] <xlefay> nope
[06:46:01] <xlefay> heads up: it seems Ubuntu installs rather small default configs...
[06:46:39] <audioguy> I gotta tell you though, I was surprised at how comlex it had become. An 'easier alternative to sendmail' no more, I think.
[06:46:42] <xlefay> /usr/share/postfix/main.cf.dist <-- full config
[06:46:54] <audioguy> right
[06:47:54] <audioguy> what is wrong with /etc/postfix?
[06:48:22] <xlefay> There's nothing wrong there, I'm just letting you know, that's a bare minimal config, if you need more, check /usr/share/postfix/main.cf.dist ;-)
[06:48:37] <audioguy> ok
[06:49:04] <audioguy> odd to split a config, to me.
[06:49:16] <NCommander> audioguy, the config is autogenerated by a wizard
[06:49:22] <NCommander> audioguy, most people just need smarthost setups
[06:49:40] <xlefay> I'm not really a fan of the bare minimal config though, but it doesn't matter, as long as it works
[06:50:44] <audioguy> Right. Distro config for the ignorant stuff. ;-)
[06:52:27] <xlefay> Meh, I can live with that
[06:52:58] <xlefay> Also quite frankly, I'm rather pleased with how Debian/Ubuntu does the webserver config stuff.
[06:53:19] <xlefay> Apache, Lighttpd and I'm sure Nginx and others all use a similar format, regarding the directory tree.
[06:53:24] <xlefay> It's easy ;)
[06:54:32] <audioguy> from the looks of /usr/share/postfix, the stuff in /etc is more complete
[06:54:50] <audioguy> Is it looking at bot or just one.
[06:55:02] <xlefay> er, stuff in /etc is always more complete I'd say
[06:55:06] <xlefay> you mean /etc/postfix?
[06:55:10] <audioguy> yes
[06:55:22] <xlefay> Yes, I'm just referring to main.cf
[06:55:28] <xlefay> {,.dist}
[06:55:54] <audioguy> the .dist stuff look lik etemplates or defaults
[06:56:10] <xlefay> It is the defaults, which is installed in pretty much every other distro ;-)
[06:56:22] <xlefay> advantage of Ubuntu's method: Simpler
[06:56:38] <xlefay> s/Ubuntu/Ubuntu and Debian/
[06:57:53] <audioguy> The hostname is boron.soylentnews.org, not visible on the internet.
[06:58:30] <audioguy> would be safer to use staff.soylentnews.org
[06:58:43] <audioguy> Don't you think? Since this wil send mail?
[06:59:14] <audioguy> where would a bounce from boron.soylentnews.org go?
[06:59:26] <xlefay> You wanted a reverse, so I set up the DNS
[06:59:36] <xlefay> set it up at the DNS*
[06:59:45] <audioguy> ok, as long as that is there.
[06:59:52] <xlefay> yep ;-)
[07:00:00] <audioguy> Just double check...
[07:01:24] * NCommander is writing an email, brace yourselves
[07:01:46] <xlefay> uh oh
[07:02:43] * xlefay braces himself & hides in the bunker
[07:03:22] <xlefay> "What bunker?" you ask, the "LI694-22 bunker, of course!"
[07:06:39] <audioguy> ok, added procmail as an option. Probably should check to see if procmail is actually on the system ;-)
[07:07:01] <NCommander> audioguy, its a pity procmail is dead upstream :-/
[07:07:58] <NCommander> audioguy, you'll be interested in the email I just fired out, basically opening the discussion for release and QA proceedures
[07:08:40] <audioguy> Hmmm
[07:09:54] * NCommander is a fan of the idea that a webapp is an app, none of this constant upgrading shit
[07:10:54] <audioguy> I have source for procmail, of course.
[07:11:48] <xlefay> Well procmail is in the repos
[07:12:12] * NCommander is sorely tempted to uninstall GCC
[07:12:19] <NCommander> audioguy, learn to love the binary damn it
[07:12:19] <xlefay> ^
[07:12:32] <audioguy> What do you mean 'dead'. They have a web site, recent release, etc.
[07:12:46] <NCommander> audioguy, look more closely at "recent"
[07:12:48] <NCommander> audioguy, it was in 2001
[07:13:07] <audioguy> I do know that the author of it feels it is basicaly finished, not much need for constabnt updates.
[07:13:16] <NCommander> audioguy, http://www.procmail.org - last entry
[07:13:26] <xlefay> Well... I would say, it's dead.
[07:13:57] * NCommander doens't mind software that's very stable like Tex
[07:14:07] <NCommander> But TeX has been around 40+ years, its pretty damn bug free at this point
[07:15:29] <audioguy> It is a simple program, and works. What would you have the author do? Write bugs in it to fix later? The fact s the page is still up, and does not sy anything like 'this is over'
[07:15:53] <audioguy> Someone is keeping the page up.
[07:16:30] <NCommander> audioguy, there are a fair number of known bugs in procmail. Just saying
[07:17:03] <audioguy> Perhaps, but none that has ever affected me. Or probably much of anyone else.
[07:17:22] <audioguy> So recommend something that does what it does and is current.
[07:17:58] <audioguy> Spamassassin is based on it, isn't it?
[07:18:20] <audioguy> And that is maintained.
[07:20:14] <NCommander> audioguy, actually, it works on MILTER these days, procmailing to spamc is not officially supported these days
[07:21:46] <audioguy> Well, I just apt-get it, so itsin the repo.
[07:21:52] <audioguy> :-)
[07:22:13] <xlefay> If it wasn't, I wouldn't have minded if you had compiled it though
[07:22:21] <audioguy> If it is in the repo it is not completely dead, just 'mostly dead' ;-)
[07:22:22] <xlefay> Of course, with dpkg's assistance ;-)
[07:23:00] <audioguy> http://mirrors.linode.com precise/main procmail
[07:23:10] <audioguy> In current release of Ubuntu.
[07:23:27] <xlefay> apt-cache search procmail # might be easier when looking for something
[07:23:44] <audioguy> Well, this did the job. ;-)
[07:24:02] <audioguy> But thankls for the tip. ;-)
[07:24:20] <xlefay> no worries, it might save you some in the future ;)
[07:25:00] <audioguy> Anyway, Its a great flexible program I would like to use, unless you can come up with something better.
[07:26:25] <audioguy> (hears nothing)
[07:26:34] <audioguy> Continuing on...
[07:27:21] <NCommander> audioguy, sorry, wasn't paying attention
[07:27:38] <NCommander> audioguy, I have no issue with procmail being used, and Canonical at the very release does patch security holes in it if any are found
[07:28:04] <xlefay> "spamoracle" ..... !!
[07:28:37] <xlefay> Agreed though, procmail is fine
[07:31:07] -!- mrcoolbp has quit []
[07:34:20] <audioguy> And if this setup works, it really just means there is a choice of procmail or whatever else you already have in use. This is supposed to just allow me say 'for these users, use procmail'
[07:34:42] <NCommander> audioguy, BTW, since I think it might tickle your fancy
[07:34:48] <NCommander> audioguy, run finger mcasadevall on boron
[07:39:09] <audioguy> VERY FUNNY asshole. ;-)
[07:39:14] <audioguy> mesg off
[07:39:18] <xlefay> LOL
[07:40:16] <audioguy> Plan:
[07:40:16] <audioguy> Incorperation Librenews
[07:40:27] <audioguy> and learn to spell incorporation ;-)
[07:41:07] <NCommander> audioguy, fixed
[07:41:20] <audioguy> Now he is asserting root privs to be a joker.
[07:41:46] <NCommander> audioguy, be good to your sysadmins or he might spam you to death
[07:42:27] <audioguy> I am more worried about xlefay making me argue with him for hours to do some simple thing. ;-)
[07:42:34] <xlefay> NCommander: considering audioguy is a sysadmin, we'll simply request he spams himself to said death. :)
[07:43:07] <xlefay> audioguy: if you were to use a regular normal way, for say, fetching mail instead of ssh, you wouldn't have to argue!
[07:43:10] <audioguy> lsts see, use netcat to reflect everything BACK to sender....
[07:43:18] <NCommander> uh oh
[07:43:28] <NCommander> We've pissed off the whiten beard UNIX guru
[07:43:44] <xlefay> !grab NCommander
[07:43:44] <DashComma> Added quote 98
[07:43:56] <NCommander> I'm far too quotable
[07:44:01] <audioguy> Hey, this is unux! I KNOW
[07:44:05] <audioguy> THIS'
[07:44:23] <audioguy> I liked that in jurassic partk.
[07:44:35] <NCommander> audioguy, I feel like I should ask you to write a novel and typeformat it with troff
[07:44:52] <audioguy> No THANKS on that one.
[07:44:53] <NCommander> and read newsgroups with trn
[07:45:10] <audioguy> edit with 'ed'
[07:45:26] <audioguy> or tha fancy 'edline'
[07:46:01] <audioguy> I STILL think nn is the best newsreader.
[07:46:11] <audioguy> It has attitude.
[07:46:59] <NCommander> audioguy, I never liked any of the console newsreaders TBH
[07:47:13] <NCommander> tin was alright, but if I had to read news on a console, I'd prefer pine
[07:47:59] * NCommander notes he kinda wishes newsgroups would make a return
[07:48:55] <audioguy> postfix does not seem to want tabes in its tables and such...
[07:49:00] <audioguy> tabs
[07:49:25] <NCommander> audioguy, though actually, if I ever beat the frontend out of slash, I won't mind a slash-to-NNTP gateway
[07:49:27] <audioguy> slrn is what I use now
[07:49:30] <NCommander> Which we could spool onto usenet
[07:49:45] <audioguy> That would be great.
[07:50:17] <NCommander> audioguy, the biggest headache is INN sucks, and NNTP is a crappy protocol
[07:50:44] <NCommander> That being said, if we were clever (or mad), we could connect slash user accounts to NNTP authetication, or allow for AC
[07:51:04] <audioguy> It is a bit wonky, I wrote a parser for it on the Amiga years ago.
[07:51:40] <NCommander> audioguy, well, I know back in the UUCP days, netnews essentially existed as one message per file
[07:51:42] <audioguy> Can't trust its byte counts at ALL
[07:51:50] <NCommander> audioguy, that might be an easy way to feed data INTO INN
[07:52:24] <audioguy> Maybe.
[07:52:51] * NCommander would rather use an existing news server than roll our own
[07:53:28] <NCommander> audioguy, the nice bit is if we can figure out how to get it to spool like that, we can feed stuff into INN via slashd cronjobs
[07:53:32] <NCommander> hrm
[07:53:35] <NCommander> *actually*
[07:53:38] <NCommander> I might be overthinking this
[07:53:55] <NCommander> Just run INN, and then script trn or something
[07:54:59] * NCommander notes we can set the list as moderated, and do some script foo to prevent top level posting
[07:55:03] <NCommander> *group
[07:55:46] <audioguy> xlefax still here?
[07:55:55] <xlefay> Yes
[07:56:47] <audioguy> If I send mail to stafflist@soylentnews.org, where does it go? Do I need to send to stafflist@staff.soylentnews.org to get it to the staff machine?
[07:57:13] <xlefay> @soylentnews.org > beryllium; @staff.soylentnews.org > boron
[07:57:24] <audioguy> Ok, so that is in place.
[07:57:34] <xlefay> So the first would be denied, and the second would work if the unix account exists.
[07:57:46] <xlefay> I'm a bit worried about the homedir set up though.
[07:57:59] <xlefay> What happens if an user is in ldap, but has never signed in via SSH? They won't have a homedir.
[07:58:00] <audioguy> Ok, need to do some test in a few, just wanted to be sure.
[08:00:32] <audioguy> So as far as I can see you are just using whatever is the defaul transport?
[08:00:38] <audioguy> default
[08:00:53] <audioguy> I se no entry for transport.
[08:01:04] <xlefay> 'master.cf'
[08:03:36] <audioguy> I'm looking for something like: virtual_transport = virtual
[08:04:09] <NCommander> xlefay, just su *username*
[08:04:13] <audioguy> I see entried commented out. Nothing live.
[08:04:14] <NCommander> it will make the homedir
[08:04:22] <audioguy> entries
[08:04:35] <NCommander> xlefay, but staffvote should be a local user account, not LDAPed
[08:04:55] <xlefay> NCommander: what I mean is, what if a message arrives for an user that doesn't have a homedir yet and postfix tries to save it to the homedir, obviously, postfix will error but will it bounce the message?
[08:05:17] <NCommander> xlefay, I ... have absolutely no idea
[08:07:22] <audioguy> I am trying to figure out what the current delivery nechanism is and where it is specified.
[08:07:32] <audioguy> any idea?
[08:07:57] <xlefay> master.cf?
[08:08:22] <xlefay> That takes care of delivery shit, as for maildir and stuff that's main.cf, did you check the original config?
[08:08:27] <audioguy> Did you set up a a transport, or maybe just used the default?
[08:08:43] <xlefay> it's using the default
[08:09:04] <audioguy> OK, looks like man page to see what that is ;-)
[08:09:53] <NCommander> xlefay, w.r.t. to homedirs, eh, if we're storing as mbox in the spool, shouldn't it "ust work"
[08:10:27] <xlefay> NCommander: iirc, audioguy wants maildirs in home, no?
[08:11:42] <NCommander> xlefay, get procmail to do it: https://wiki.debian.org
[08:11:53] <xlefay> audioguy: what NCommander said
[08:12:05] <xlefay> NCommander: this is audioguy's project now, I was just curious wha would happen
[08:12:16] <NCommander> xlefay, eat babies :-)
[08:12:35] * NCommander might die of old age waiting for this kernel
[08:12:48] <audioguy> well, I se mail to xlefay in /var/spool/mail so must be there. ;-)
[08:13:17] <audioguy> I will do it for staffvote with procmail, yes, that is the plan
[08:13:34] <audioguy> rest will remain as is unless change desired.
[08:14:36] <NCommander> audioguy, awesome!
[08:17:24] <audioguy> OK, unless I screwed up this should be it, but I believe postfic resquire some kind of make thing to run on the transport file i crerated.
[08:17:40] <audioguy> How to tell it I updated a file...
[08:17:49] <xlefay> ehm, you just reload postfix?
[08:18:34] <audioguy> Isn't there some kind of thing to make a db out of the file? I thought I saw a reference to that somehwere...
[08:19:37] <xlefay> Only if you updated local aliases afaik
[08:21:02] <audioguy> Execute the command "postmap /etc/postfix/transport" to rebuild an indexed file after changing
[08:21:02] <audioguy> the corresponding transport table.
[08:21:17] <audioguy> Man pages, a wonderful thing. ;-)
[08:21:20] <xlefay> aah, yes, there's that. Haven't done that in ages ;-)
[08:21:59] <audioguy> What do you do?
[08:22:23] <xlefay> I use exim
[08:23:05] <audioguy> That will definitely fix ANY Postfix problem. ;-)
[08:23:19] <audioguy> I have a similar fix: sendmail
[08:23:34] <xlefay> Postfix is the best out of all though, imo
[08:23:37] <xlefay> It's simple & neat
[08:23:58] <audioguy> ok. assumimng /etc/ini.d/postfix start/stop will work as usual
[08:24:14] <xlefay> just use 'service postfix reload|restart|stop|start'
[08:24:26] <xlefay> with /etc/init.d it'll start jammering
[08:25:23] <audioguy> xx /usr/sbin/postconf: warning: /etc/postfix/master.cf: unused parameter: flags=RO
[08:25:23] <audioguy> ...done.
[08:25:34] <audioguy> when stopped
[08:25:38] <audioguy> hmmm
[08:30:10] <audioguy> Is this running as root?
[08:33:50] <NCommander> audioguy, you know, with your obsession with sendmail, I'd think you'd love perl and awk :-P
[08:38:18] <NCommander> Huh
[08:38:19] <NCommander> hrm
[08:38:29] * NCommander notes he should have native IPv6 functionality from TWC
[08:39:30] -!- pbnjoe has quit [Quit: Leaving]
[08:39:56] <audioguy> I like awk
[08:40:07] <NCommander> w00t
[08:40:13] * NCommander has native IPv6
[08:40:49] * xlefay envies NCommander's native IPv6
[08:40:50] <audioguy> Ok, well, I am getting errors, so commented that out. Need to rerad some docs, it looks like. IT doesn't like a paramater, and I don't know what that parameter means - yet... :-)
[08:40:56] <NCommander> xlefay, I'm testing it now
[08:41:06] <NCommander> xlefay, it works!
[08:41:19] <NCommander> I just had to turn it on at the router
[08:41:21] <audioguy> what works
[08:41:23] <xlefay> nice!
[08:41:38] <audioguy> Oh, your ipv6
[08:42:11] <NCommander> audioguy, native IPv6 is sexy
[08:43:58] <NCommander> xlefay, so where are we on internal DNS IPv6 only :-)
[08:44:33] <xlefay> nowhere
[08:44:36] <xlefay> <-- eating
[08:47:26] <audioguy> shit, it came up. MAYBE even working. ;-)
[08:55:54] MrBluze|afk is now known as MrBluze
[08:59:55] * NCommander would love to get some feedback on his emails :-/
[09:00:57] <MrBluze> oh
[09:01:04] <MrBluze> i better go read them
[09:01:20] <MrBluze> although i get the digest which is usually late
[09:02:05] <xlefay> (which is why it's a digest) ;-)
[09:02:36] <MrBluze> yeah..
[09:05:48] <MrBluze> so if they are recent emails i'll give u feedback when i see them
[09:16:06] * NCommander swears at himself
[09:16:11] -!- Mattiep [Mattiep!~mattie_p@Soylent/Staff/Editor/mattiep] has joined #staff
[09:16:11] -!- mode/#staff [+v Mattiep] by SkyNet
[09:16:27] <xlefay> what did you do?
[09:17:32] -!- mattie_p has quit [Ping timeout: 246 seconds]
[09:18:49] <xlefay> btw, you'll have a reply from me, after I get all this stuff done
[09:18:51] * xlefay ends his break
[09:57:23] <NCommander> fuck this
[09:57:58] * NCommander should try and do somehing productive but is failing miserably
[10:01:37] <xlefay> Shouldn't ubuntu show colors on the prompt?
[10:01:42] <xlefay> e.g. as root, by default?
[10:02:20] <xlefay> e.g. "ls" and crap
[10:03:46] <audioguy> Wow, you two still up? Madmen
[10:03:55] <xlefay> you too it seems ;-)
[10:03:56] <audioguy> I got the basic working
[10:04:17] <xlefay> I was slacking earlier though, was distracted. Actually working now.
[10:04:36] * xlefay is happy he could write "fish" and have his colors back
[10:04:42] <audioguy> I still have sme things to fix, I need to read some docs to find out what a switch I removed actually was supposed to do ;-)
[10:04:54] <audioguy> And I need to find a vriable.
[10:05:09] <xlefay> Well, everything seems to be going well ;)
[10:05:42] <audioguy> But - right now you can mail xlefax and it goes to /var/spoolo/mail/xlefay
[10:06:02] <audioguy> MAil staffvote, and it goes to /home/staffvote/.maildir/new
[10:06:35] <audioguy> So the basic idea works.
[10:06:47] <xlefay> Yeah, that's awesome..
[10:07:04] <xlefay> s/.././
[10:07:10] <audioguy> Right now I need sleep and
[10:07:29] <audioguy> not to be looking at that mail program. ;-
[10:07:31] <audioguy> )
[10:08:14] <audioguy> So til tomorrow...
[10:08:33] audioguy is now known as audioguyzzz
[10:09:11] <xlefay> ciao :)
[10:16:39] <NCommander> xlefay, it does
[10:16:57] <NCommander> xlefay, unless profile got boned
[10:17:16] <xlefay> "ls" doesn't do anything colorish
[10:17:45] <xlefay> ls --color=auto does
[10:18:34] <xlefay> oh..
[10:18:42] <xlefay> it seems /root/.bashrc doesn't get sourced
[11:21:33] <xlefay> Fuck it, nagios is being an ass with IPv6
[11:21:41] <xlefay> Icinga (nagios fork), here we come.
[12:13:29] <MrBluze> bbs
[12:14:19] MrBluze is now known as MrBluze|afk
[12:33:56] <xlefay> NCommander: you around?
[12:35:35] -!- bytram [bytram!~pc@Soylent/Staff/Developer/martyb] has joined #staff
[12:35:35] -!- mode/#staff [+v bytram] by SkyNet
[12:37:28] <bytram> !current-uid
[12:37:28] <DashComma> The current maximum UID is 3944, owned by LazyBoot
[13:46:35] bytram is now known as bytram|afk
[14:31:25] -!- SoyCow5656 [SoyCow5656!~d05b7b22@208.91.vnl.zo] has joined #staff
[14:32:25] bytram|afk is now known as bytram
[14:39:34] -!- SoyCow5656 has quit [Quit: Web client closed]
[15:11:38] -!- Cyprus [Cyprus!~Cyprus@68.63.ljr.ppx] has joined #staff
[16:03:18] -!- mechanicjay [mechanicjay!~jhowe@Soylent/Staff/Developer/mechanicjay] has joined #staff
[16:03:18] -!- mode/#staff [+v mechanicjay] by SkyNet
[16:22:52] -!- mechanicjay has quit [Quit: Leaving.]
[16:23:18] -!- mechanicjay [mechanicjay!~jhowe@Soylent/Staff/Developer/mechanicjay] has joined #staff
[16:23:18] -!- mode/#staff [+v mechanicjay] by SkyNet
[17:56:50] bytram is now known as bytram|afk
[18:00:59] -!- n1 [n1!~nick@37.48.zv.ls] has joined #staff
[18:24:12] audioguyzzz is now known as audioguy
[18:45:14] -!- bytram|afk has quit [Ping timeout: 246 seconds]
[19:31:24] -!- janrinok [janrinok!~janrinok@Soylent/Staff/Editor/janrinok] has joined #staff
[19:31:24] -!- mode/#staff [+v janrinok] by SkyNet
[19:32:48] <janrinok> hi all
[19:53:34] -!- mechanicjay has quit [Quit: Leaving.]
[19:55:58] -!- mechanicjay [mechanicjay!~jhowe@Soylent/Staff/Developer/mechanicjay] has joined #staff
[19:55:58] -!- mode/#staff [+v mechanicjay] by SkyNet
[20:10:44] -!- mattie_p [mattie_p!~mattie_p@Soylent/Staff/Editor/mattiep] has joined #staff
[20:10:44] -!- mode/#staff [+v mattie_p] by SkyNet
[20:14:08] -!- Mattiep has quit [Ping timeout: 246 seconds]
[20:37:49] -!- bytram [bytram!~pc@Soylent/Staff/Developer/martyb] has joined #staff
[20:37:49] -!- mode/#staff [+v bytram] by SkyNet
[21:05:10] <NCommander> .voice n1
[21:05:10] -!- mode/#staff [+v n1] by SkyNet
[21:05:19] <n1> ty
[21:10:49] -!- pbnjoe [pbnjoe!~pbnjoe@Soylent/Users/313/pbnjoe] has joined #staff
[22:02:42] -!- janrinok has quit [Quit: leaving]
[22:05:47] -!- pbnjoe has quit [Ping timeout: 246 seconds]
[22:06:40] <bytram> !current-uid
[22:06:40] <DashComma> The current maximum UID is 3944, owned by LazyBoot
[22:25:42] <NCommander> bytram, still busted
[22:25:51] <NCommander> xlefay, I'm going to setup tripwire and debsums on our nodes
[22:26:15] <bytram> NCommander, yes, I see that. :/
[22:26:51] <bytram> NCommander, btw, in naming nodes, we skipped an element: Nitrogen
[22:27:06] <NCommander> bytram, that was intentional
[22:27:17] <NCommander> bytram, we have a old service box which is going to be renamed nitrogen
[22:27:33] <bytram> oh? oh! ok.
[22:30:34] -!- LaminatorX [LaminatorX!~18d900fb@Soylent/Staff/Editor/LaminatorX] has joined #staff
[22:30:34] -!- mode/#staff [+v LaminatorX] by SkyNet
[22:31:00] <bytram> LaminatorX, greetings! How's things?
[22:31:10] <LaminatorX> n1 seems to ba a nameless editor. Can someone give his perms a poke? That seems to happen to everyone as the get brought on.
[22:31:50] <LaminatorX> Pretty good, thanks. I'm just popping in before I cross-cummute to job 2.
[22:32:40] <bytram> LaminatorX, janrinok suggested I tell you that I wouldn't mind popping in to push a few stories along.
[22:33:16] <bytram> sometimes I have just an hour or so, and it would be nice to help a bit here and there.
[22:34:19] <paulej72> LaminatorX: it is not a premission thing. THere is a slashd job that runs at 0807 UTC that updates the autor_cache table/
[22:35:25] <LaminatorX> Is it problematic to run it sooner? It's not the end of the world to wait, if so.
[22:37:07] <paulej72> I can be process intensive as it crawls the db looking for editors and autor bits.
[22:37:56] <bytram> wish there was a way to manually push the info into the DB.
[22:37:58] <LaminatorX> OK, no need to lag the db. Thanks.
[22:38:51] <LaminatorX> bytram, we could use more hands, even lightly. I've got to jet just now, but let's talk more soon.
[22:39:56] <bytram> LaminatorX, that's fine. I've pushed a couple stories through on slashcott and one on dev.soylentnews.com so that swhould help.
[22:40:18] <bytram> s/swhould/should/
[22:40:34] -!- pbnjoe [pbnjoe!~pbnjoe@Soylent/Users/313/pbnjoe] has joined #staff
[22:40:51] <bytram> LaminatorX, just set the flags and let me know when I'm good to go.
[22:41:03] <bytram> speaking of which... I need to go soon. will be back later.
[22:41:30] <NCommander> LaminatorX, bytram he won't show up on authors until he pushed an article
[22:41:54] <LaminatorX> Or the next day, as it were. I get it now.
[22:42:07] <bytram> NCommander, thanks... paulej72 just filled us in.
[22:42:12] <NCommander> */lag*
[22:42:18] <bytram> better once too many, than once too few!
[22:42:19] <LaminatorX> Gatta run. I'll check in in a few hours.
[22:42:23] <bytram> k
[22:42:29] -!- LaminatorX has quit [Quit: Web client closed]
[22:44:15] <paulej72> NCommander: I ran the update on dev and it seemed snappy. Should I run it on production?
[22:44:54] <NCommander> paulej72, yeah, thats fine
[22:45:43] <paulej72> NCommander: I am getting an sudo password prompt on hydrogen
[22:46:35] <NCommander> paulej72, sudoers isn't right, do sudo su slash
[22:46:36] <NCommander> That works
[22:46:44] * NCommander isn't happy about that either, but hasn't had a moment to check it
[22:47:00] <NCommander> You can sudo to root, but you can't sudo directly to another user -_-;
[22:48:11] <paulej72> sudo su or sudo su slash both ask for my password. I should have sudo access correct
[22:51:39] <NCommander> paulej72, looking
[22:52:21] <NCommander> paulej72, uid=2501(paulej72) gid=2500(firefighters) groups=2500(firefighters),2503(dev_team),2504(prod_access)
[22:52:23] <NCommander> hrm
[22:52:47] <paulej72> hrm is right
[22:53:00] <paulej72> !grab NCommander
[22:53:00] <DashComma> Added quote 99
[22:53:05] <NCommander> paulej72, paulej72@hydrogen:/etc$ sudo -u slash -i
[22:53:05] <NCommander> slash@hydrogen:~$
[22:53:18] -!- Cyprus has quit []
[22:53:33] <paulej72> OK that worked
[22:54:05] <NCommander> paulej72, unfortunately, you can't bounce slashd with sudoer the way it is
[22:54:09] <NCommander> GIve me a sec, I'll fix this
[22:56:47] <NCommander> paulej72, fixed. slash can run "service" to restart services
[22:57:12] <NCommander> paulej72, that probably needs to be tightened
[22:57:15] <NCommander> But good enough now
[22:58:32] <paulej72> NCommander: should we change the way slash is started so it runs under slash instead of root with sudo?
[23:06:40] <NCommander> paulej72, it does that, but init scripts are run as root
[23:06:46] <NCommander> paulej72, it sudo's to slash to start slashd
[23:08:26] <paulej72> NCommander: but the job lists as a root sudo job. we should be able to have the script run the job as slash so it shows up correctly in ps.
[23:09:24] <NCommander> paulej72, it has to be converted to a proper upstart job to do that
[23:27:32] bytram is now known as bytram|away
[23:28:19] <bytram|away> need to take off; will try and make it back later.
[23:33:17] -!- bytram|away has quit [Ping timeout: 246 seconds]
[23:36:12] -!- mechanicjay has quit [Quit: Leaving.]
[23:43:18] -!- FunPika [FunPika!~FunPika@Soylent/Staff/Wiki/FunPika] has joined #staff
[23:43:18] -!- mode/#staff [+v FunPika] by SkyNet
[23:45:32] <NCommander> xlefay, ... I hate to say this, but I'm tempted to unplug clamav from beryllium
[23:53:31] <paulej72> too much resources?