IRC Logs for #crux Friday, 2014-04-11

*** Workster has joined #crux00:36
*** Workster has quit IRC00:36
*** Workster has joined #crux00:36
*** Feigr2 has joined #crux00:38
*** Feigr has quit IRC00:39
cruxbot[opt.git/3.0]: nvidia: updated to version 331.6700:46
cruxbot[compat-32.git/3.0]: nvidia-32: updated to version 331.6700:46
*** jdolan_ has quit IRC00:58
BitPuffinis there any plans to switch to OpenRC or something eventually?01:00
BitPuffinSince Sysinit 5 is not really going anywhere is it?01:01
*** jdolan_ has joined #crux01:01
*** jdolan_ has quit IRC01:05
*** jdolan has joined #crux01:10
*** pitillo has quit IRC01:33
*** pitillo has joined #crux01:34
*** pitillo has quit IRC01:40
*** pitillo has joined #crux01:42
*** pitillo has quit IRC01:47
*** pitillo has joined #crux01:49
*** tilman has quit IRC02:03
*** tilman has joined #crux02:05
*** jdolan has quit IRC02:47
*** mavrick61 has quit IRC02:48
*** mavrick61 has joined #crux02:49
*** arjovr has quit IRC03:13
*** arjovr has joined #crux03:27
*** pitillo has quit IRC04:22
*** pitillo has joined #crux04:26
*** pitillo has quit IRC04:57
*** pitillo has joined #crux04:59
diverseBitPuffin: OpenRC uses sysvinit anyway. If we want to get away from sysvinit, we could use either runit or s6, since those can run in parallel and have supervision05:07
diversebut you can use either of those without having Crux officially using them05:08
*** pitillo has quit IRC05:31
*** Workster has quit IRC05:33
*** pitillo has joined #crux05:35
*** jdolan has joined #crux05:38
*** jdolan has quit IRC05:43
*** pitillo has quit IRC06:21
*** pitillo has joined #crux06:25
BitPuffindiverse: hm!06:31
*** pitillo has quit IRC06:32
nwegood morning06:32
diverseBitPuffin: you can talk to the developers about it, probably wont happen for 3.106:33
*** pitillo has joined #crux06:33
BitPuffindiverse: which is totally fine :)06:35
*** jdolan has joined #crux06:39
*** jdolan has quit IRC06:44
*** BitPuffin has quit IRC06:46
*** Workster has joined #crux07:05
*** Workster has quit IRC07:18
diversewhat are some good SSL/TLS implementations out there?07:36
*** pitillo has quit IRC07:42
frinnstopenssl07:45
teK__it recently decreased its bug count by one07:45
frinnstindeed07:46
*** pitillo has joined #crux07:46
frinnstthings are improving rapidly07:46
Romsterlol07:46
teK__rapidly? Depends on the total bug count which is unknown07:46
Romsterthe reviewer even missed it07:46
teK__-c07:48
diversegnutls looks pretty good07:50
teK__ http://www.gnutls.org/security.html#GNUTLS-SA-2014-207:51
diverseoh...07:52
Romsterbest security is not owning a computer07:54
diversebest security is not using any computer at all07:54
teK__best security is being in lieu with the government^WLEAs07:56
diversebut we are in what's called the "technology trap" since it's too unpractical to not use one07:56
diverseteK__: even being in the government, they can stab you in the back, or you are more likely to be target from foreign hackers, like in China or Russia.07:56
*** BitPuffin has joined #crux08:00
diverseteK__: sorry I took your joke to seriously, it's just I hate politics.08:02
diverse*too08:02
BitPuffino/08:02
diverse\o08:03
diversewhat do you guys think about mozilla's NSS?08:05
BitPuffinNSS?08:06
BitPuffinNational Security System?08:06
BitPuffinNextStepSucks?08:06
diverseBitPuffin: do: prt-get info nss08:07
BitPuffindiverse: I haven't installed crux yet and at work I use a mac :/08:07
BitPuffinwell08:07
BitPuffinguess I could install it in a vm08:07
BitPuffinjust when I need to get the fuzzies08:07
diverseDescription:  Mozilla Network Security Services (NSS08:07
BitPuffinhmm08:07
BitPuffinI recognize that08:07
BitPuffinwhat does it do?08:07
diverse"Network Security Services (NSS) is a set of libraries designed to support cross-platform development of security-enabled client and server applications. Applications built with NSS can support SSL v2 and v3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509 v3 certificates, and other security standards."08:08
BitPuffinthat's kinda cool08:09
diverseand that's what firefox uses by default08:09
teK__http://pbs.twimg.com/media/Bk0DY8XCEAAPpS7.png:large08:10
BitPuffinit is a good idea08:11
Romsternss probablyforked openssl in its codebase?08:12
diverse"NSS originated from the libraries developed when Netscape invented the SSL security protocol."08:14
diverseRomster: I think it would be the other way around :)08:15
diverseteK__: the ones in bold mean the opposite in the chart?08:16
teK__mean violating things I think08:19
diverseso what am I supposed to take out from the chart? The one with the most rejects is the best one?08:21
teK__we're fucked? :P08:22
*** pitillo has quit IRC08:22
diverseoh... ;/08:22
*** pitillo has joined #crux08:23
diverseteK__: you are saying none of these are trustworthy?08:24
diverse???08:28
diverseoh, you're joking again08:30
teK__:)08:41
diversenote to self: laugh at anything teK__ says ;)08:43
Romstertake stuff with a grain of salt08:44
teK__thanks guys08:48
diversenp08:48
Romsteri'm officially doing sweet f all, ugh what a week08:51
diverseI'm trying to come up with a woodchuck chuck joke but adapt it to Romster to make it funny.08:55
diverseRomster: alright I came up with one, but it's pretty bad :P08:58
diverseHow much lobster could a Romster muster, if a monster like Romster could muster lobster?09:02
diversenogagplz: ^09:03
diverse(go easy on me, this was tough to come up)09:09
Romsterthat hurt my mind...09:25
diverse:(09:26
Romsterbut then i've had a busy day and i have a headache09:27
diverseI was trying to be funny to help relieve the stress09:28
*** Pingax has joined #crux09:36
*** jdolan has joined #crux09:42
diverseBitPuffin: are you going to install Crux on your mac?09:43
diversez3bra: how does workspaces work in 2bwm?09:45
*** jdolan has quit IRC09:46
BitPuffindiverse: probably not09:47
BitPuffindon't wanna brick what I get paid for using :P09:48
*** pitillo has quit IRC09:52
*** pitillo has joined #crux09:54
diverseBitPuffin: technically, you paid for the hardware, the OS is the only thing owned (and controlled) by apple ;)09:54
diversejokes aside, where are you going to install Crux?09:57
BitPuffindiverse: yeah, well I didn't, the company I work for did :P10:05
BitPuffindiverse: On my personal laptop and my personal desktop10:06
BitPuffinI'd like to run it on my server as well10:06
BitPuffinbut I use DigitalOcean and they don't seem to support custom distros10:06
BitPuffingonna see if I can get crux if I contact support10:06
diversedigitalocean?10:06
BitPuffinhttps://www.digitalocean.com/10:07
BitPuffinI might switch provider tbh10:11
BitPuffineventually at least10:12
BitPuffinAmnesia: you scared me back in 201010:12
BitPuffinanyone here run crux on a vps somewhere? If so what vps provider do you use10:12
diverseoh man they were also affect by openssl. It's way too popular...10:12
diverse*affected10:13
BitPuffinssl is way too popular?10:15
diverseno, I mean openssl, the implementation. There isn't anything wrong with ssl in general :)10:16
BitPuffinah haha10:16
BitPuffinwell10:16
BitPuffinopenssl is good10:16
BitPuffinbut I guess there's been a recent vulnerability just like apple ssl and gnutls?10:17
diverseBitPuffin: pm10:19
*** nlightnfotis has joined #crux10:28
*** jdolan has joined #crux10:42
*** jdolan has quit IRC10:46
*** jdolan has joined #crux11:15
*** dkoby has joined #crux11:32
*** jdolan has quit IRC11:48
*** jdolan has joined #crux12:17
*** jdolan has quit IRC12:21
*** jaeger has joined #crux12:25
*** arjovr has quit IRC12:51
*** arjovr has joined #crux12:55
*** jdolan has joined #crux13:10
*** dkoby has quit IRC15:15
*** Pingax has quit IRC15:21
*** AlexKraken has joined #crux15:21
*** joacim- has joined #crux15:23
*** jdolan has quit IRC16:01
*** jdolan has joined #crux16:02
*** jdolan has quit IRC16:06
*** doomicide has joined #crux16:58
*** jdolan has joined #crux16:59
*** AlexKraken has quit IRC18:03
cruxbot[contrib.git/3.0]: crawl: 0.13.2 -> 0.14.018:14
cruxbot[contrib.git/3.0]: crawl-tiles: 0.13.2 -> 0.14.018:14
*** AlexKraken has joined #crux18:16
BitPuffinone of the main things that draws me to crux other than just the os itself is that the community is so small and non-elitist :)19:02
teK__I think the devs have to be seen above the community19:03
teK__otherwise you may be right19:03
BitPuffinhow do you mean?19:04
teK__I'm just messing with you :)19:04
BitPuffinlol19:05
BitPuffin:)19:05
BitPuffinah, you are a dev?19:05
teK__:P19:07
teK__nah19:07
BitPuffinah haha19:07
BitPuffinwell would've been even more funny if that was the case :)19:07
teK__I'm too lazy to contribute19:08
teK__tbh.19:08
BitPuffinanyone here tried ecryptfs with crux?19:28
BitPuffinwat there is crux con? :D19:32
BitPuffinwell okay last one was 9 years ago19:33
*** AlexKraken has quit IRC19:35
jaegerwe only had 2, it's kinda expensive to travel all over the world :)19:35
cruxbot[opt.git/3.0]: libpng: updated to 1.5.1819:40
BitPuffinhehe19:46
BitPuffinyeah19:46
joacimeveryone can crash at frinnst's house19:53
teK__+119:53
BitPuffin:P19:55
*** doomicide has quit IRC20:09
*** jdolan has quit IRC20:14
teK__=======> ERROR: Md5sum mismatch found:20:26
teK__MISSING   92b457d42c0c6ae4dd2bc8876be19488  libpng-1.5.18-apng.patch.gz20:26
teK__NEW       0d1959d9df8d32fce6d9864b76a89c47  libpng-1.5.18-apng.patch.gz20:26
teK__=======> ERROR: Building '/usr/ports/packages/libpng#1.5.18-1.pkg.tar.gz' failed.20:26
teK__frinnst!!120:26
teK__ah wait :}20:26
teK__mirror issue, fo' shizzle20:27
teK__indeed.20:27
*** BitPuffin has quit IRC20:53
*** nlightnfotis has quit IRC21:38
*** jdolan has joined #crux21:45
teK__jaeger_22:10
teK__?22:10
jaegerteK___22:22
jaeger?22:22
teK__I have some funkty problems with my md-raid-1 configuration22:26
teK__I use metadata v1.222:26
teK__(not on /boot)22:26
jaegerok22:27
teK__on startup the kernel will detect md{0,1} but another one won't come up22:27
teK__I moved mdadm.conf which made the assembly/scan succeed22:27
teK__so I did a simple reboot.. again it won't be found22:27
*** jdolan has quit IRC22:28
teK__mdadm --assemble -v /dev/md3 /dev/sdb4 /dev/sda4 will say: sd{a,b}4 is busy skipping22:28
teK__do you happen to know what I'm doing wrong?22:28
jaegerare sd[ab]4 referenced anywhere else? leftovers in fstab or the like?22:28
*** jdolan has joined #crux22:28
jaegermaybe lsof can tell you, also22:28
teK__fstab uses md[0-9] only22:29
teK__nothing turns up with lsof22:29
teK__--detail --scan lists 4 arrays which should be right22:30
teK__ /dev/md/{2_0,1_0}  and /dev/md/rescue:{0,3}22:31
jaegerhow about if you try to stop md3?22:31
teK__wow /dev/md/ exists, it didnt before.. wtf22:31
teK__wait a sec22:31
teK__that did the trick22:32
teK__ok seriously.. O_o22:32
teK__I called --stop /dev/md127 btw22:33
jaegerAt a guess it was partially assembled22:33
teK__how come?22:33
teK__omg22:34
teK__I just redid a --detail --scan .. adjusted the funky names and now it will just boot22:34
jaegeryay :)22:34
teK__fun fact: I only had to reboot because the machine hung after stopping/starting a qemu guest and the host just disappeared22:34
jaegerweird22:37
teK__I share this machine with a friend, he's blaming CRUX now22:37
teK__which would be odd.. we're running the current qemu and linux 3.1422:38
*** jdolan has quit IRC22:42
*** jdolan has joined #crux22:43
*** jdolan has quit IRC22:47
teK__thanks for the pointer.22:52
*** jdolan has joined #crux22:55
teK__haha.. a reboot looks like this:22:59
teK__64 bytes from 144.76.87.197: icmp_seq=20 ttl=52 time=23.4 ms22:59
teK__64 bytes from 144.76.87.197: icmp_seq=21 ttl=52 time=21.3 ms22:59
teK__-------------------------------------------------------------------------22:59
teK__64 bytes from 144.76.87.197: icmp_seq=71 ttl=52 time=36.2 ms22:59
teK__64 bytes from 144.76.87.197: icmp_seq=75 ttl=52 time=35.3 ms22:59
teK__then: silence22:59
teK__what a crap22:59
jaegeras if millions of packets suddenly cried out and were silenced23:02
diverseunless it's being DOS'd :P23:04
teK__afte rthe #21 I did reboot23:05
teK__I just don't get it23:05
teK__a HW reset just made it loose _many_ packets between ~5 replies then eternal sielnce :P23:06
jaegerIs this another problem unrelated to the mdadm issue?23:06
teK__I think so23:06
jaegerunplug all your USB devices, see if it works then :)23:06
teK__it's a server in some remote data center23:06
teK__so hopefully there's no USB devices23:07
jaegersorry, was half-joking... someone said 3.14 broke USB things23:07
teK__:o23:07
diversejaeger: frinnst did23:07
jaegerthough that does raise a question - does this happen on a different kernel version?23:07
teK__I use a bridged setup with qemu so maybe that's the cause23:07
teK__it happened on a 3.13.x kernel, too23:08
teK__that's why I switched23:08
teK__then I made the system work under a load of ~8 for four days straight23:08
teK__I modified the VM script so I stopped it and restarted the vm.. then the host disappeared and things got flaky23:08
diverseI guess I will stick with the 3.12.x lts kernels23:09
jaegervery weird23:09
teK__it's some intel NIC btw23:09
teK__I had to enter the MAC address of the first hop router in /etc/rc.local too23:10
teK__the whole thing is haunted..23:10
jaegerTake off and nuke it from orbit; it's the only way to be sure.23:11
diversehehehe23:11
*** jdolan has quit IRC23:12
diverseSounds like something got totally fubar'd in the kernel recently23:13
*** jdolan has joined #crux23:13
teK__problem is: the old server contract was terminated effective april 14th23:14
diverseapril 14 hasn't past yet, unless you mean last year?23:15
*** jdolan_ has joined #crux23:15
diverseor march 14?23:15
*** jdolan has quit IRC23:15
teK__next week.23:16
teK__i.e. I have until Monday to make this thing work23:16
diversehave you tried using an older kernel?23:17
teK__3.9.7 - 3.1423:17
diverse;o23:17
teK__I set the mac address of the first hop router in /etc/rc.d/net23:18
jaegerWhat are you trying to do? Set up a "new" server as a qemu instance?23:18
teK__move the old one into  a qemu instance23:18
teK__after rc.d/net  rc.local is called23:18
teK__whith:23:18
teK__screen + start qemu in it23:18
teK__again: set the darned MAC address of the gateway23:19
teK__maybe the qemu network setup screws the host's network23:19
jaegerare you using the helper or custom ifup/ifdown scripts?23:21
teK__script=no23:21
teK__i.e. I create br0 with [ tap{0,1} & eth0 ] during startup23:22
jaegertwo tap devices? are there two guests?23:23
teK__the guest is supposed to have two public IP addresses (for now)23:23
teK__i.e. br0 has one and tap0/1 two23:23
jaegerWhere does the MAC address enter? I think I missed why you do that23:24
teK__I modified the net script to only include one nic and rebooted the host.. now it came up and the VM started up successfully, too23:24
jaegerwhat does the ifup script look like?23:24
teK__if I don't set the mac address of the forst hop gateway it won't have connectivty23:24
teK__rc.d/net?23:25
jaegerthe one that sets up the tap/bridge devices23:25
teK__http://dpaste.com/1776916/23:25
diversehmm, the gateway, could it be the tcp-wrappers that are blocking you?23:25
diversenot that it should though...23:26
teK__nope23:26
teK__if I boot it with a KVM switch I cannot even ping a foreign host23:26
diverseoh...23:26
teK__i.e. outgoing connections wont work either23:26
diversekvms are a bitch23:26
jaegernet.ipv4.ip_forward?23:27
teK__funny that you're asking23:27
teK__I commented that out some 10 minutes ago23:27
teK__sysctl.conf looks/ed like this:23:27
teK__#net.ipv4.ip_forward = 123:27
teK__#net.ipv4.conf.all.proxy_arp = 123:27
teK__#net.ipv6.conf.all.forwarding=123:27
teK__with/out the leading #s23:27
diversesounds like you would want that ip forward....23:27
teK__really?23:28
teK__btw.. the provider specifies MAC addresses to use with the addtional IP addresses, I set them in the VM guest.23:28
teK__the VM guest is reachable without forwarding btw23:29
jaegerI wonder if it matters if you set the IP of the bridge before the physical devices are added23:29
teK__I have an unrelated script that does just the same (creat bridge; add devices; run dhcpcd br0) that works fine23:30
jaegerthe order is different there23:30
teK__you are right23:31
teK__so I put the ip address right before setting the dfault GW23:31
teK__.. remocing arp -s .. in rc.d/net and rc.local && rebooting :P23:32
jaegerdo you still have to specify a vlan for each NIc if you use multiple TAPs?23:32
teK__dunno as I simply did it (for one and two nics)23:33
teK__64 bytes from 144.76.87.197: icmp_seq=69 ttl=52 time=21.9 ms23:34
teK__64 bytes from 144.76.87.197: icmp_seq=70 ttl=52 time=22.1 ms23:34
teK__-------------------------------------------------------------------23:34
teK__64 bytes from 144.76.87.197: icmp_seq=113 ttl=52 time=24.2 ms23:34
teK__well... :P23:34
teK__? (144.76.87.193) at 3c:94:d5:4a:fe:29 [ether] on br023:34
teK__i.e. dynamic, not PERM23:34
jaegerI don't understand what you're trying to show with the pings. I thought the guest wasn't pingable at all23:34
teK__but I also disabled the automatic startup of the VM23:35
teK__the reboot and the reachability afterwards ;)23:35
jaegerAt this point I'm willing to admit I have no idea what the setup is23:36
teK__:|23:37
jaegerYou have a physical host running a qemu guest. You want the qemu guest to have 2 publicly-accessible IP addresses.23:37
jaegerIs that correct23:37
jaeger?23:38
teK__yes23:38
diverseI don't get how that could work, tbh23:38
diversehmm23:39
teK__two taps brdiged together with eth0 as br0? :)23:39
jaegercan you make it work with a single tap? In the interest of narrowing the issue23:40
teK__I think I will have to checkout qemu-{ifup,ifdown} as things cleary went down after I restarted the guest23:40
teK__I dont think so because of:23:40
teK__01:28 < teK__> btw.. the provider specifies MAC addresses to use with the addtional IP addresses, I set them in the VM guest.23:40
jaegerhow about just doing 1 of them to figure out the issue?23:40
teK__currently the guest is configured to use both address with it's single interface but only the ip fitting the set mac address will work23:41
diverseI'm thinking that the 2 taps are possibly conflicting with each in that bridge, but it's a guess I have23:41
teK__the problems were present with one nic earlier but it was my friend who encountered them so I cannot say much about the exact setup back then..23:41
teK__diverse: I have had similar setups working (in a complete different context though)23:42
teK__I have had much fun with ebtables in the past..23:43
jaegercan you use qemu-bridge-helper?23:45
jaegerIt might solve the issue for you23:45
teK__possibly23:46
teK__I'm happy that the ARP issue is resolved, that was rather creepy23:46
teK__and to puzzle you again: pinging .170 (which is set besides .169 in the guest) will even show up in tcpdump in the guest.. yet it won't send replies. But I won't fix that tonight. getting to BED now.23:58
teK__thanks again :)23:58
jaegernp, I guess :) heh23:59

Generated by irclog2html.py 2.11.0 by Marius Gedminas - find it at mg.pov.lt!