*** petefoth_ [~petefoth@host-92-11-21-246.as43234.net] has joined #baserock | 01:26 | |
petefoth_ is now known as petefoth | 01:26 | |
*** zoli__ [~zoli_@0x5e91887a.adsl.cybercity.dk] has quit [Remote host closed the connection] | 03:36 | |
*** zoli__ [~zoli_@0x5e91887a.adsl.cybercity.dk] has joined #baserock | 03:37 | |
*** rdale__ [~quassel@210.Red-2-138-185.dynamicIP.rima-tde.net] has quit [Ping timeout: 240 seconds] | 05:31 | |
*** zoli__ [~zoli_@0x5e91887a.adsl.cybercity.dk] has quit [Remote host closed the connection] | 06:43 | |
*** zoli__ [~zoli_@0x5e91887a.adsl.cybercity.dk] has joined #baserock | 06:43 | |
*** petefoth_ [~petefoth@host-92-11-21-246.as43234.net] has joined #baserock | 07:33 | |
*** petefoth [~petefoth@host-92-11-21-246.as43234.net] has quit [Ping timeout: 264 seconds] | 07:34 | |
petefoth_ is now known as petefoth | 07:34 | |
*** petefoth [~petefoth@host-92-11-21-246.as43234.net] has quit [Quit: petefoth] | 08:00 | |
*** petefoth [~petefoth@host-92-11-21-246.as43234.net] has joined #baserock | 08:02 | |
*** petefoth [~petefoth@host-92-11-21-246.as43234.net] has quit [Client Quit] | 08:06 | |
*** grahamfinney_ [~grahamfin@cpc14-know11-2-0-cust234.know.cable.virginm.net] has joined #baserock | 08:06 | |
*** grahamfinney [~grahamfin@cpc14-know11-2-0-cust234.know.cable.virginm.net] has joined #baserock | 08:06 | |
*** grahamfinney [~grahamfin@cpc14-know11-2-0-cust234.know.cable.virginm.net] has quit [Client Quit] | 08:07 | |
*** petefoth [~petefoth@host-92-11-21-246.as43234.net] has joined #baserock | 08:07 | |
*** grahamfinney_ [~grahamfin@cpc14-know11-2-0-cust234.know.cable.virginm.net] has quit [Client Quit] | 08:08 | |
*** grahamfinney [~grahamfin@cpc14-know11-2-0-cust234.know.cable.virginm.net] has joined #baserock | 08:08 | |
*** grahamfinney_ [~grahamfin@cpc14-know11-2-0-cust234.know.cable.virginm.net] has joined #baserock | 08:08 | |
*** mariaderidder [~maria@82-70-136-246.dsl.in-addr.zen.co.uk] has joined #baserock | 08:46 | |
*** franred [~franred@82-70-136-246.dsl.in-addr.zen.co.uk] has joined #baserock | 08:59 | |
*** bashrc [~motters@82-70-136-246.dsl.in-addr.zen.co.uk] has joined #baserock | 09:02 | |
*** ssam2 [~ssam2@82-70-136-246.dsl.in-addr.zen.co.uk] has joined #baserock | 09:45 | |
Mode #baserock +v ssam2 by ChanServ | 09:45 | |
*** Krin [~mikesmith@82-70-136-246.dsl.in-addr.zen.co.uk] has joined #baserock | 10:34 | |
ssam2 | having announced openid.baserock.org on the mailing list, I now get a 500 error when trying to use my baserock.org openid on wiki.baserock.org | 10:43 |
---|---|---|
ssam2 | there's nothing like announcing something when you need to find new bugs | 10:44 |
persia | heh | 10:44 |
franred | ssam2, you clearly don't need anyone which breaking powers then | 10:44 |
franred | :) | 10:44 |
persia | I suspect it still involves folk with breaking powers, but mailing lists can reach lots of those folk. | 10:45 |
* paulsherwood has breaking powers | 10:50 | |
radiofree | i signed up, but didn't get any type of e-mail confirmation | 11:34 |
ssam2 | there isn't one | 11:43 |
ssam2 | it can send email, 'forgot password' should work | 11:43 |
ssam2 | but it uses 'django registration redux' 'simple' backend, because I didn't see any reason for requiring users to authenticate. I can change it though | 11:44 |
radiofree | yep e-mail from reset | 11:45 |
persia | I'm a fan of validating control of email. Otherwise it is too easy to impersonate someone. | 11:46 |
persia | But that might be lots more complicated. | 11:46 |
*** grahamfinney_ [~grahamfin@cpc14-know11-2-0-cust234.know.cable.virginm.net] has quit [Quit: Ex-Chat] | 11:47 | |
ssam2 | It's not too hard, django-registration supports it. But I don't see how it would stop people impersonating other people | 11:47 |
radiofree | persia: i could still sign up as you, but with an e-mail i control | 11:47 |
ssam2 | the only reason you have to supply an email is in case you forget your password | 11:47 |
ssam2 | although I think if the openid request asks for the user's email, the openid provider will tell it | 11:47 |
ssam2 | so I guess you kind of have a point | 11:48 |
persia | That's the problem. | 11:48 |
persia | Right now, I can get an OpenID that claims I'm torvalds@kernel.org, which is just wrong. | 11:48 |
ssam2 | OK. I'll see if I can get two-step authentication working. | 11:49 |
ssam2 | or rather, one-step. whatever it is. more steps than now. | 11:49 |
persia | radiofree: I'm less worried about that class of impersonation. I have a few email addresses that I publish as mine, and claim as part of my identity. I take pains to ensure that you can't control them. | 11:50 |
persia | So while you can easily claim to be "Emmet Hikory", it is harder for you to claim to be "Emmet Hikory <persia@shipstone.jp>" | 11:50 |
persia | And since there are lots of people in the world with the same name (not as mine, but as each other), not keeping the name as a primary key is a feature. | 11:51 |
nowster | I am not a former Canadian prime minister. | 12:02 |
nowster | ...or a comedian known for quick improv skills. | 12:03 |
nowster | ...or a TV presenter of an afternoon antiques programme. | 12:03 |
nowster | or any of these: https://en.wikipedia.org/wiki/Paul_Martin_%28disambiguation%29 | 12:04 |
persia | Right, which is why your identity needs to be name+email. | 12:05 |
persia | And that is harder to impersonate if there is a email-confirmation step. | 12:05 |
petefoth | PMFBI, but now that we've got a function OpenID provider, it might be a good idea to work out exactly what functionality we require from it, particularly in the area of authentication. I appreciate that discussion here is part of that, but when we get to the point where we have agreement (or as close as we can expect to get) we should record, somewhere persistent, what we have agreed, so that we can test that our implementaion meets | 12:12 |
petefoth | whatever requirments we decide are appropriate | 12:12 |
persia | Feel free to track the consensus, document it, and write the test cases for that, | 12:12 |
persia | If you do, I think we should integrate them into a Mason test for an OpenID provider appliance. | 12:13 |
nowster | eg. It's commonplace protocol to email signed PGP keys to the recipient, in encrypted form. The recipient then has to upload the signature to a keyserver. | 12:15 |
nowster | If the recipient email address can't receive or decrypt the email, the signature does not propagate. | 12:15 |
persia | It's not that commonplace anymore, sadly. | 12:15 |
persia | It's still best practice, but lots of tools automate uploading of one's own signatures on foreign keys, rather than providing a mechanism to send them. | 12:16 |
persia | And these tools also provide less painful interfaces to the signing process, so have increasing adoption. | 12:16 |
petefoth | persia: at the moment I am fully occupied on another project. I'm happy to do rthe sort of stuff you suggest when I get some time to spend on Baserock, but unfortunately that wont be any time soon. I mentioned it in the hope that someone who does have time will share my view that it is important and find the time to do something about it. "They also serve who stand around commenting from the sidelines" :) | 12:17 |
persia | Oh certainly. | 12:17 |
persia | But given that almost everyone seems to have no time for infrastructure currently, I mostly think it won't happen. | 12:18 |
persia | But if it does, I'd like Mason to validate it. In my ideal world, we have Mason validating every system used in infrastructure for every commit, so we can easily and reliably push infrastructure updates with confidence. | 12:18 |
ssam2 | for me, this discussion log is a good enough record | 12:19 |
ssam2 | now it sends activation emails, but it send me one for the account I already had, instead of the new one I tried to register. :( | 12:21 |
*** petefoth [~petefoth@host-92-11-21-246.as43234.net] has quit [Quit: petefoth] | 12:25 | |
*** petefoth [~petefoth@host-92-11-21-246.as43234.net] has joined #baserock | 12:26 | |
ssam2 | ok, it activated the right account but sent me to the wrong page. I guess it's just cookie confusion | 12:28 |
persia | That makes sense. If you're signed in at the time you register, some irregularites are to be expected. | 12:28 |
persia | I think it's worth a bug upstream, but don't rush for a patch unless you're bored :) | 12:29 |
ssam2 | I think it's done, then. That wasn't so bad :) Existing accounts are already activated and don't need to do anything, but new accounts will need to validate their emails | 12:29 |
persia | Excellent. And we know *when* registrations happen, so if someone complains that their identity was hijacked, we can see if they are on the (short) list of identities that predate now. | 12:30 |
nowster | persia: have we any identities of predators now? ;) | 12:31 |
persia | I have no idea. I don't have access to the database for the system. | 12:32 |
persia | And I don't really care: until/unless someone complains, we're probably fine. | 12:33 |
nowster | Do we, for example, employ an Allosaurus? | 12:33 |
ssam2 | we have me, fran, pedro and James | 12:33 |
ssam2 | and a fake accounts whose names is a long strings of chinese characters that I created as a test | 12:34 |
persia | So the pool of people who may have been compromised is 3, which is small enough that manual review of their email is likely sufficient. | 12:34 |
*** mariaderidder [~maria@82-70-136-246.dsl.in-addr.zen.co.uk] has quit [Quit: Ex-Chat] | 12:38 | |
*** gary_perkins [~gary_perk@188.29.165.26.threembb.co.uk] has joined #baserock | 12:57 | |
*** gary_perkins [~gary_perk@188.29.165.26.threembb.co.uk] has quit [Remote host closed the connection] | 13:03 | |
*** gary_perkins [~gary_perk@188.29.165.26.threembb.co.uk] has joined #baserock | 13:06 | |
*** gary_perkins [~gary_perk@188.29.165.26.threembb.co.uk] has quit [Ping timeout: 245 seconds] | 13:40 | |
ssam2 | it turns out you can't run a Trove with 512MB of RAM. | 14:53 |
ssam2 | not that I seriously expected it to work. But it doesn't even manage to complete trove-setup.service before the OOM killer kicks in and messes stuff up. | 14:53 |
nowster | remote: [ct-mcr-1] Notifying Mason of changes... | 14:53 |
nowster | remote: [ct-mcr-1] Notification failed somehow | 14:54 |
nowster | Is that worrying? | 14:54 |
SotK | nowster: nope | 14:55 |
nowster | ok | 14:55 |
franred | nowster, no, it is normal. we should stop or fix that message | 14:55 |
SotK | thats a leftover from the original Mason implementation IIRC | 14:55 |
nowster | I was going to ask if it needed a special handshake. :) | 14:55 |
SotK | :) | 14:55 |
ssam2 | that message is dead code from years ago! we should definitely remove it | 14:56 |
ssam2 | I wonder where it lives... | 14:56 |
ssam2 | ah, it's in trove-setup.git | 14:57 |
*** grahamfinney_ [~grahamfin@cpc14-know11-2-0-cust234.know.cable.virginm.net] has joined #baserock | 15:04 | |
*** grahamfinney__ [~grahamfin@cpc14-know11-2-0-cust234.know.cable.virginm.net] has joined #baserock | 15:04 | |
pedroalvarez | ssam2: so the code is still alive? | 15:08 |
ssam2 | in zombie form | 15:09 |
*** zoli__ [~zoli_@0x5e91887a.adsl.cybercity.dk] has quit [Remote host closed the connection] | 15:24 | |
ssam2 | working with Morph and OpenStack is becoming a not too painful experience! | 15:57 |
ssam2 | it hinges on having a devel machine in the cloud though, otherwise it's unusable | 15:57 |
persia | What about having high-speed networing between the cloud and the workstation? | 16:03 |
*** petefoth [~petefoth@host-92-11-21-246.as43234.net] has quit [Quit: petefoth] | 16:04 | |
ssam2 | if only | 16:05 |
ssam2 | i'll believe it if I ever have it :) | 16:05 |
persia | Fair. I've only tried devel-in-cloud and devel-on-laptop-to-cloud-on-laptop, neither of which are quite the same. | 16:08 |
*** petefoth [~petefoth@host-92-11-21-246.as43234.net] has joined #baserock | 16:10 | |
*** grahamfinney [~grahamfin@cpc14-know11-2-0-cust234.know.cable.virginm.net] has quit [Quit: Ex-Chat] | 16:11 | |
*** bashrc [~motters@82-70-136-246.dsl.in-addr.zen.co.uk] has quit [Quit: leaving] | 16:40 | |
*** bashrc [~motters@82-70-136-246.dsl.in-addr.zen.co.uk] has joined #baserock | 16:40 | |
*** grahamfinney__ [~grahamfin@cpc14-know11-2-0-cust234.know.cable.virginm.net] has quit [Quit: Ex-Chat] | 16:45 | |
*** Krin [~mikesmith@82-70-136-246.dsl.in-addr.zen.co.uk] has quit [Remote host closed the connection] | 16:49 | |
*** franred [~franred@82-70-136-246.dsl.in-addr.zen.co.uk] has quit [Quit: Leaving] | 16:51 | |
*** nowster [~pm@82-70-136-246.dsl.in-addr.zen.co.uk] has quit [Read error: Connection reset by peer] | 16:57 | |
jjardon | to lorry a xz tarball, what should I put in the "compression" field? would "xz" work? | 16:57 |
*** nowster [~pm@82-70-136-246.dsl.in-addr.zen.co.uk] has joined #baserock | 16:57 | |
*** bashrc__ [~motters@82-70-136-246.dsl.in-addr.zen.co.uk] has joined #baserock | 16:57 | |
*** bashrc [~motters@82-70-136-246.dsl.in-addr.zen.co.uk] has quit [Read error: Connection reset by peer] | 16:57 | |
*** ssam2 [~ssam2@82-70-136-246.dsl.in-addr.zen.co.uk] has quit [Read error: Connection reset by peer] | 16:57 | |
*** flatmush [~flatmush@82-70-136-246.dsl.in-addr.zen.co.uk] has quit [Ping timeout: 245 seconds] | 16:57 | |
*** mdunford [~marcdunfo@82-70-136-246.dsl.in-addr.zen.co.uk] has quit [Read error: Connection reset by peer] | 16:57 | |
*** sambishop [~sambishop@82-70-136-246.dsl.in-addr.zen.co.uk] has quit [Read error: Connection reset by peer] | 16:57 | |
*** fay__ [~fay@82-70-136-246.dsl.in-addr.zen.co.uk] has quit [Read error: Connection reset by peer] | 16:58 | |
*** mdunford [~marcdunfo@82-70-136-246.dsl.in-addr.zen.co.uk] has joined #baserock | 16:58 | |
*** fay__ [~fay@82-70-136-246.dsl.in-addr.zen.co.uk] has joined #baserock | 16:58 | |
jjardon | http://paste.baserock.org/okiwekabol | 16:58 |
*** sambishop [~sambishop@82-70-136-246.dsl.in-addr.zen.co.uk] has joined #baserock | 16:58 | |
*** ssam2 [~ssam2@82-70-136-246.dsl.in-addr.zen.co.uk] has joined #baserock | 16:59 | |
Mode #baserock +v ssam2 by ChanServ | 16:59 | |
*** franred [~franred@82-70-136-246.dsl.in-addr.zen.co.uk] has joined #baserock | 16:59 | |
*** flatmush [~flatmush@82-70-136-246.dsl.in-addr.zen.co.uk] has joined #baserock | 17:00 | |
nowster | Anyone help with this: http://paste.baserock.org/katoqumunu ? | 17:05 |
nowster | Odd... PATH wasn't on the xport list. | 17:06 |
nowster | stand down ! :) | 17:07 |
ssam2 | ugh! still a bit of a bug that Morph crashes if there's no PATH variable set. | 17:07 |
* nowster waits for binutils to start compiling before he goes home. | 17:08 | |
persia | Also a bug that the cross-bootstrap procedure doesn't force setting it. | 17:08 |
persia | Or is this an initial build once the bootstrap is done? | 17:09 |
persia | (or an entirely different thing than was being done before?) | 17:09 |
nowster | this is the devel build once bootstrap is done | 17:09 |
nowster | ... ie. booting with init=/tools/bin/sh | 17:09 |
persia | Ah, right. We probably ought to have a script that sets up the environment in the way morph expects | 17:10 |
persia | (morph shouldn't crash, but the script is still useful) | 17:10 |
nowster | at least document it... | 17:10 |
paulsherwood | ssam2: i wonder how morph can get to that state | 17:10 |
persia | So that the cross-bootstrapper can set things properly to be able to build the first devel system. | 17:10 |
nowster | I think it's right in the ./native-bootstrap script | 17:11 |
paulsherwood | it goes through elaborate magic to create environment | 17:11 |
nowster | 2015-01-30 17:08:22 [Build 1/187] [stage1-binutils] changed environment variable MAKEFLAGS = "-j2" | 17:11 |
nowster | I *think* this will take all weekend. | 17:11 |
nowster | TTFN | 17:11 |
bashrc__ | bye nowster | 17:13 |
ssam2 | paulsherwood: yeah, for chunks in 'bootstrap' mode it needs to know the host's PATH, so that the host's tools can be used | 17:13 |
bashrc__ is now known as bashrc | 17:13 | |
persia | In a build or devel environment, the host values are set sensibly, but for bootstrap, the host could be anything, so we need to replicate some of the magic. | 17:14 |
*** bashrc [~motters@82-70-136-246.dsl.in-addr.zen.co.uk] has quit [Quit: Lost terminal] | 17:32 | |
paulsherwood | ssam2: right. that doesn't explain how it could ever get into a state of PATH not being set, though | 17:47 |
ssam2 | I think PATH was unset in nowster's environment | 18:07 |
ssam2 | so it's nothing to do with Morph | 18:07 |
*** inara` [~inara@192.241.198.49] has quit [Ping timeout: 252 seconds] | 18:07 | |
paulsherwood | fair enough. i'm happy to +2 a lorry for your test-infrastructure repo.. maybe rename it at github first? | 18:08 |
*** jmacs [~jimmacart@access.ducie-dc1.codethink.co.uk] has quit [Ping timeout: 252 seconds] | 18:08 | |
*** doffm [~mdoff@23.226.235.108] has quit [Ping timeout: 252 seconds] | 18:08 | |
paulsherwood | ssam2: ^^ | 18:08 |
*** rjek [~rjek@gateway/shell/pepperfish/x-cbtroxypvinilxdo] has quit [Ping timeout: 252 seconds] | 18:09 | |
*** br_logger [~ubuntu@185.43.218.176] has quit [Ping timeout: 252 seconds] | 18:09 | |
*** doffm [~mdoff@23.226.235.108] has joined #baserock | 18:09 | |
*** jmacs [~jimmacart@access.ducie-dc1.codethink.co.uk] has joined #baserock | 18:09 | |
paulsherwood | are you planning that upstream becomes gbo, or stays as github? | 18:09 |
*** rjek [~rjek@gateway/shell/pepperfish/x-idgdtshfogfvafmi] has joined #baserock | 18:09 | |
*** br_logger [~ubuntu@185.43.218.176] has joined #baserock | 18:10 | |
ssam2 | I was thinking upstream should become git.baserock.org | 18:14 |
ssam2 | sorry, I guess I wasn't clear in the email | 18:14 |
ssam2 | if it's on g.b.o we might be able to move some infrastructure stuff out of definitions | 18:15 |
ssam2 | anyway, friday night beckons! | 18:15 |
*** ssam2 [~ssam2@82-70-136-246.dsl.in-addr.zen.co.uk] has quit [Quit: Leaving] | 18:15 | |
paulsherwood | yup. I'll reply on list | 18:15 |
*** inara [~inara@192.241.198.49] has joined #baserock | 18:16 | |
*** grahamfinney_ [~grahamfin@cpc14-know11-2-0-cust234.know.cable.virginm.net] has quit [Ping timeout: 264 seconds] | 18:17 | |
*** franred [~franred@82-70-136-246.dsl.in-addr.zen.co.uk] has quit [Read error: Connection reset by peer] | 18:18 | |
* paulsherwood concludes ssam's email was clear enough, he just didn't read it carefully enough | 18:23 | |
*** petefoth [~petefoth@host-92-11-21-246.as43234.net] has quit [Quit: petefoth] | 19:01 | |
*** petefoth [~petefoth@host-92-11-21-246.as43234.net] has joined #baserock | 19:02 | |
*** zoli__ [~zoli_@0x5e91887a.adsl.cybercity.dk] has joined #baserock | 21:29 | |
*** zoli__ [~zoli_@0x5e91887a.adsl.cybercity.dk] has quit [Remote host closed the connection] | 22:59 |
Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!