IRC logs for #baserock for Friday, 2015-01-30

*** petefoth_ [] has joined #baserock01:26
petefoth_ is now known as petefoth01:26
*** zoli__ [] has quit [Remote host closed the connection]03:36
*** zoli__ [] has joined #baserock03:37
*** rdale__ [] has quit [Ping timeout: 240 seconds]05:31
*** zoli__ [] has quit [Remote host closed the connection]06:43
*** zoli__ [] has joined #baserock06:43
*** petefoth_ [] has joined #baserock07:33
*** petefoth [] has quit [Ping timeout: 264 seconds]07:34
petefoth_ is now known as petefoth07:34
*** petefoth [] has quit [Quit: petefoth]08:00
*** petefoth [] has joined #baserock08:02
*** petefoth [] has quit [Client Quit]08:06
*** grahamfinney_ [] has joined #baserock08:06
*** grahamfinney [] has joined #baserock08:06
*** grahamfinney [] has quit [Client Quit]08:07
*** petefoth [] has joined #baserock08:07
*** grahamfinney_ [] has quit [Client Quit]08:08
*** grahamfinney [] has joined #baserock08:08
*** grahamfinney_ [] has joined #baserock08:08
*** mariaderidder [] has joined #baserock08:46
*** franred [] has joined #baserock08:59
*** bashrc [] has joined #baserock09:02
*** ssam2 [] has joined #baserock09:45
Mode #baserock +v ssam2 by ChanServ09:45
*** Krin [] has joined #baserock10:34
ssam2having announced on the mailing list, I now get a 500 error when trying to use my openid on wiki.baserock.org10:43
ssam2there's nothing like announcing something when you need to find new bugs10:44
franredssam2, you clearly don't need anyone which breaking powers then10:44
persiaI suspect it still involves folk with breaking powers, but mailing lists can reach lots of those folk.10:45
* paulsherwood has breaking powers10:50
radiofreei signed up, but didn't get any type of e-mail confirmation11:34
ssam2there isn't one11:43
ssam2it can send email, 'forgot password' should work11:43
ssam2but it uses 'django registration redux' 'simple' backend, because I didn't see any reason for requiring users to authenticate. I can change it though11:44
radiofreeyep e-mail from reset11:45
persiaI'm a fan of validating control of email.  Otherwise it is too easy to impersonate someone.11:46
persiaBut that might be lots more complicated.11:46
*** grahamfinney_ [] has quit [Quit: Ex-Chat]11:47
ssam2It's not too hard, django-registration supports it. But I don't see how it would stop people impersonating other people11:47
radiofreepersia: i could still sign up as you, but with an e-mail i control11:47
ssam2the only reason you have to supply an email is in case you forget your password11:47
ssam2although I think if the openid request asks for the user's email, the openid provider will tell it11:47
ssam2so I guess you kind of have a point11:48
persiaThat's the problem.11:48
persiaRight now, I can get an OpenID that claims I'm, which is just wrong.11:48
ssam2OK. I'll see if I can get two-step authentication working.11:49
ssam2or rather, one-step. whatever it is. more steps than now.11:49
persiaradiofree: I'm less worried about that class of impersonation.  I have a few email addresses that I publish as mine, and claim as part of my identity.  I take pains to ensure that you can't control them.11:50
persiaSo while you can easily claim to be "Emmet Hikory", it is harder for you to claim to be "Emmet Hikory <>"11:50
persiaAnd since there are lots of people in the world with the same name (not as mine, but as each other), not keeping the name as a primary key is a feature.11:51
nowsterI am not a former Canadian prime minister.12:02
nowster...or a comedian known for quick improv skills.12:03
nowster...or a TV presenter of an afternoon antiques programme.12:03
nowsteror any of these:
persiaRight, which is why your identity needs to be name+email.12:05
persiaAnd that is harder to impersonate if there is a email-confirmation step.12:05
petefothPMFBI, but now that we've got a function OpenID provider, it might be a good idea to work out exactly what functionality we require from it, particularly in the area of authentication. I appreciate that discussion here is part of that, but when we get to the point where we have agreement (or as close as we can expect to get) we should  record, somewhere persistent, what we have agreed, so that we can test that our implementaion meets 12:12
petefothwhatever requirments we decide are appropriate12:12
persiaFeel free to track the consensus, document it, and write the test cases for that,12:12
persiaIf you do, I think we should integrate them into a Mason test for an OpenID provider appliance.12:13
nowstereg. It's commonplace protocol to email signed PGP keys to the recipient, in encrypted form. The recipient then has to upload the signature to a keyserver.12:15
nowsterIf the recipient email address can't receive or decrypt the email, the signature does not propagate.12:15
persiaIt's not that commonplace anymore, sadly.12:15
persiaIt's still best practice, but lots of tools automate uploading of one's own signatures on foreign keys, rather than providing a mechanism to send them.12:16
persiaAnd these tools also provide less painful interfaces to the signing process, so have increasing adoption.12:16
petefothpersia: at the moment I am fully occupied on another project. I'm happy to do rthe sort of stuff you suggest when I get some time to spend on Baserock, but unfortunately that wont be any time soon. I mentioned it in the hope that someone who does have time will share my view that it is important and find the time to do something about it. "They also serve who stand around commenting from the sidelines" :)12:17
persiaOh certainly.12:17
persiaBut given that almost everyone seems to have no time for infrastructure currently, I mostly think it won't happen.12:18
persiaBut if it does, I'd like Mason to validate it.  In my ideal world, we have Mason validating every system used in infrastructure for every commit, so we can easily and reliably push infrastructure updates with confidence.12:18
ssam2for me, this discussion log is a good enough record12:19
ssam2now it sends activation emails, but it send me one for the account I already had, instead of the new one I tried to register. :(12:21
*** petefoth [] has quit [Quit: petefoth]12:25
*** petefoth [] has joined #baserock12:26
ssam2ok, it activated the right account but sent me to the wrong page. I guess it's just cookie confusion12:28
persiaThat makes sense.  If you're signed in at the time you register, some irregularites are to be expected.12:28
persiaI think it's worth a bug upstream, but don't rush for a patch unless you're bored :)12:29
ssam2I think it's done, then. That wasn't so bad :) Existing accounts are already activated and don't need to do anything, but new accounts will need to validate their emails12:29
persiaExcellent.  And we know *when* registrations happen, so if someone complains that their identity was hijacked, we can see if they are on the (short) list of identities that predate now.12:30
nowsterpersia: have we any identities of predators now? ;)12:31
persiaI have no idea.  I don't have access to the database for the system.12:32
persiaAnd I don't really care: until/unless someone complains, we're probably fine.12:33
nowsterDo we, for example, employ an Allosaurus?12:33
ssam2we have me, fran, pedro and James12:33
ssam2and a fake accounts whose names is a long strings of chinese characters that I created as a test12:34
persiaSo the pool of people who may have been compromised is 3, which is small enough that manual review of their email is likely sufficient.12:34
*** mariaderidder [] has quit [Quit: Ex-Chat]12:38
*** gary_perkins [] has joined #baserock12:57
*** gary_perkins [] has quit [Remote host closed the connection]13:03
*** gary_perkins [] has joined #baserock13:06
*** gary_perkins [] has quit [Ping timeout: 245 seconds]13:40
ssam2it turns out you can't run a Trove with 512MB of RAM.14:53
ssam2not that I seriously expected it to work. But it doesn't even manage to complete trove-setup.service before the OOM killer kicks in and messes stuff up.14:53
nowsterremote: [ct-mcr-1] Notifying Mason of changes...14:53
nowsterremote: [ct-mcr-1] Notification failed somehow14:54
nowsterIs that worrying?14:54
SotKnowster: nope14:55
franrednowster, no, it is normal. we should stop or fix that message14:55
SotKthats a leftover from the original Mason implementation IIRC14:55
nowsterI was going to ask if it needed a special handshake. :)14:55
ssam2that message is dead code from years ago! we should definitely remove it14:56
ssam2I wonder where it lives...14:56
ssam2ah, it's in trove-setup.git14:57
*** grahamfinney_ [] has joined #baserock15:04
*** grahamfinney__ [] has joined #baserock15:04
pedroalvarezssam2: so the code is still alive? 15:08
ssam2in zombie form15:09
*** zoli__ [] has quit [Remote host closed the connection]15:24
ssam2working with Morph and OpenStack is becoming a not too painful experience!15:57
ssam2it hinges on having a devel machine in the cloud though, otherwise it's unusable15:57
persiaWhat about having high-speed networing between the cloud and the workstation?16:03
*** petefoth [] has quit [Quit: petefoth]16:04
ssam2if only16:05
ssam2i'll believe it if I ever have it :)16:05
persiaFair.  I've only tried devel-in-cloud and devel-on-laptop-to-cloud-on-laptop, neither of which are quite the same.16:08
*** petefoth [] has joined #baserock16:10
*** grahamfinney [] has quit [Quit: Ex-Chat]16:11
*** bashrc [] has quit [Quit: leaving]16:40
*** bashrc [] has joined #baserock16:40
*** grahamfinney__ [] has quit [Quit: Ex-Chat]16:45
*** Krin [] has quit [Remote host closed the connection]16:49
*** franred [] has quit [Quit: Leaving]16:51
*** nowster [] has quit [Read error: Connection reset by peer]16:57
jjardonto lorry a xz tarball, what should I put in the "compression" field? would "xz" work?16:57
*** nowster [] has joined #baserock16:57
*** bashrc__ [] has joined #baserock16:57
*** bashrc [] has quit [Read error: Connection reset by peer]16:57
*** ssam2 [] has quit [Read error: Connection reset by peer]16:57
*** flatmush [] has quit [Ping timeout: 245 seconds]16:57
*** mdunford [] has quit [Read error: Connection reset by peer]16:57
*** sambishop [] has quit [Read error: Connection reset by peer]16:57
*** fay__ [] has quit [Read error: Connection reset by peer]16:58
*** mdunford [] has joined #baserock16:58
*** fay__ [] has joined #baserock16:58
*** sambishop [] has joined #baserock16:58
*** ssam2 [] has joined #baserock16:59
Mode #baserock +v ssam2 by ChanServ16:59
*** franred [] has joined #baserock16:59
*** flatmush [] has joined #baserock17:00
nowsterAnyone help with this:  ?17:05
nowsterOdd... PATH wasn't on the xport list.17:06
nowsterstand down ! :)17:07
ssam2ugh! still a bit of a bug that Morph crashes if there's no PATH variable set.17:07
* nowster waits for binutils to start compiling before he goes home.17:08
persiaAlso a bug that the cross-bootstrap procedure doesn't force setting it.17:08
persiaOr is this an initial build once the bootstrap is done?17:09
persia(or an entirely different thing than was being done before?)17:09
nowsterthis is the devel build once bootstrap is done17:09
nowster... ie. booting with init=/tools/bin/sh17:09
persiaAh, right.  We probably ought to have a script that sets up the environment in the way morph expects17:10
persia(morph shouldn't crash, but the script is still useful)17:10
nowsterat least document it...17:10
paulsherwoodssam2: i wonder how morph can get to that state17:10
persiaSo that the cross-bootstrapper can set things properly to be able to build the first devel system.17:10
nowsterI think it's right in the ./native-bootstrap script17:11
paulsherwoodit goes through elaborate magic to create environment17:11
nowster2015-01-30 17:08:22 [Build 1/187] [stage1-binutils] changed environment variable MAKEFLAGS = "-j2"17:11
nowsterI *think* this will take all weekend.17:11
bashrc__bye nowster17:13
ssam2paulsherwood: yeah, for chunks in 'bootstrap' mode it needs to know the host's PATH, so that the host's tools can be used17:13
bashrc__ is now known as bashrc17:13
persiaIn a build or devel environment, the host values are set sensibly, but for bootstrap, the host could be anything, so we need to replicate some of the magic.17:14
*** bashrc [] has quit [Quit: Lost terminal]17:32
paulsherwoodssam2: right. that doesn't explain how it could ever get into a state of PATH not being set, though17:47
ssam2I think PATH was unset in nowster's environment18:07
ssam2so it's nothing to do with Morph18:07
*** inara` [~inara@] has quit [Ping timeout: 252 seconds]18:07
paulsherwoodfair enough. i'm happy to +2 a lorry for your test-infrastructure repo.. maybe rename it at github first?18:08
*** jmacs [] has quit [Ping timeout: 252 seconds]18:08
*** doffm [~mdoff@] has quit [Ping timeout: 252 seconds]18:08
paulsherwoodssam2: ^^18:08
*** rjek [~rjek@gateway/shell/pepperfish/x-cbtroxypvinilxdo] has quit [Ping timeout: 252 seconds]18:09
*** br_logger [~ubuntu@] has quit [Ping timeout: 252 seconds]18:09
*** doffm [~mdoff@] has joined #baserock18:09
*** jmacs [] has joined #baserock18:09
paulsherwoodare you planning that upstream becomes gbo, or stays as github?18:09
*** rjek [~rjek@gateway/shell/pepperfish/x-idgdtshfogfvafmi] has joined #baserock18:09
*** br_logger [~ubuntu@] has joined #baserock18:10
ssam2I was thinking upstream should become git.baserock.org18:14
ssam2sorry, I guess I wasn't clear in the email18:14
ssam2if it's on g.b.o we might be able to move some infrastructure stuff out of definitions18:15
ssam2anyway, friday night beckons!18:15
*** ssam2 [] has quit [Quit: Leaving]18:15
paulsherwoodyup. I'll reply on list18:15
*** inara [~inara@] has joined #baserock18:16
*** grahamfinney_ [] has quit [Ping timeout: 264 seconds]18:17
*** franred [] has quit [Read error: Connection reset by peer]18:18
* paulsherwood concludes ssam's email was clear enough, he just didn't read it carefully enough18:23
*** petefoth [] has quit [Quit: petefoth]19:01
*** petefoth [] has joined #baserock19:02
*** zoli__ [] has joined #baserock21:29
*** zoli__ [] has quit [Remote host closed the connection]22:59

Generated by 2.15.3 by Marius Gedminas - find it at!