/srv/irclogs.ubuntu.com/2005/07/10/#ubuntu-kernel.txt

=== Seveaz [~seveas@seveas.demon.nl] has joined #ubuntu-kernel
fabbione	morning	05:23
=== chmj [~chmj@196.36.161.235] has joined #ubuntu-kernel
=== swarm [~swarm@151.97.253.245] has joined #ubuntu-kernel
=== karlheg [~karlheg@host-250-237.resnet.pdx.edu] has joined #ubuntu-kernel
=== ogra [~ogra@p5089EC57.dip.t-dialin.net] has joined #ubuntu-kernel
ogra	fabbione, ping	12:11
fabbione	ogra: pong?	12:11
ogra	looks like i have to run a firewall on the ltsp server for edubuntu :-/ do we have any uml capable kernel image ?	12:12
fabbione	no	12:12
ogra	or do you think xen will be alternatively ready for breezy	12:12
fabbione	probably...	12:13
ogra	i thought about a chroot jail, but that wont help for a firewall	12:13
fabbione	xen is up for google atm	12:13
ogra	s i'll need a extra vm...	12:13
ogra	s/s/so	12:13
fabbione	and how do you think xen/uml will help you?	12:13
fabbione	what is exactly the problem	12:13
ogra	dont i run a independent kernel instance with them ?	12:13
fabbione	yes, but what is the problem you need to address exactly	12:14
ogra	i dont want to run the FW on the server directly.... if i set netfilter option in a chroot they will affect the host too, or am i wrong ?	12:14
fabbione	wrong	12:14
fabbione	xen or uml won't help you at all	12:15
ogra	oh... i though it would...	12:15
fabbione	i don't understand why do you want to run netfilter in a chroot...	12:16
fabbione	netfilter or iptables is kernel stuff	12:16
fabbione	you want to run it as soon as possible	12:16
ogra	to have it separated from the server.... its a school environment.. so if someone hacks the FW he shouldnt have any access to the server processes....	12:16
fabbione	does need to run on the same machine?	12:16
ogra	but mark requires me to run both on one machine	12:17
ogra	yes	12:17
ogra	:/	12:17
fabbione	amen	12:17
fabbione	let me think one second	12:17
fabbione	how many network cards do you have?	12:18
ogra	two i guess	12:18
ogra	i could make 3 a requirement if that helps...	12:18
fabbione	i am thinking :)	12:18
ogra	:)	12:19
fabbione	2 are enough....	12:19
fabbione	and you can use xen	12:19
ogra	great :)	12:19
fabbione	but the setup is NOT tricky	12:19
ogra	you mentor it, right ?	12:19
fabbione	i am mentoring xen, but only for the packaging	12:20
fabbione	not for these kind of weird setups :)	12:20
ogra	i have to make only one default setup... its unlikely that anybody will touch it... the firts edubuntu shall be a out of the box solution	12:20
ogra	but additional HW is a "no go" :/	12:21
fabbione	i am not 100% sure 2 cards are enough tho	12:21
ogra	can you use aliases across the kernel/xen envionments ?	12:22
ogra	(alias interfaces that is)	12:22
fabbione	the problem i think is:	12:22
fabbione	(or are)	12:22
fabbione	- FW needs 2 interfaces	12:23
ogra	yep	12:23
fabbione	- Server needs one interface	12:23
=== fabbione attempts to think...
=== Seveas [~seveas@seveas.demon.nl] has joined #ubuntu-kernel
fabbione	are there any users allowed to login on the server other than the admin?	12:24
ogra	nope...	12:24
fabbione	probably.. what you can do is:	12:24
ogra	all users are locked in the ltsp envionment... only the NFS roots are accessible	12:24
fabbione	btw.. do you know how xen works?	12:25
ogra	nope	12:25
fabbione	or do i need to explain?	12:25
fabbione	ok	12:25
fabbione	basically it works this way..	12:25
ogra	its a additional VM as far as i understood it	12:25
fabbione	- you boot the real machine with a kernel called dom0	12:25
fabbione	such a kernel is the one that access the real hw	12:25
fabbione	and it exports it via an internal backplane to the guests	12:26
fabbione	- each guest boots its own kernel called domU	12:26
fabbione	that access virtual disks/net interfaces via the backplane	12:26
ogra	ok, so i'll need two guests then.. 1. ltsp server 2. firewall...	12:26
fabbione	yes.. but the problem is how to share the hw	12:27
fabbione	because a FW needs 2 interfaces	12:27
ogra	i'm fine with a 3 netcard requirement...	12:27
fabbione	the server needs one (real to run dhcp)	12:27
fabbione	the FW needs at least one real	12:27
fabbione	probably...	12:27
fabbione	what you can do is:	12:27
fabbione	run the host without real cards	12:28
fabbione	configure the guests to run a dom0 kernel and use one virtual interface towards the host and one real card towards the world	12:28
fabbione	at that point...	12:28
fabbione	the FW real card goes towards internet	12:28
fabbione	the FW virtual interface towards the host	12:29
fabbione	the host will bridge with the Server	12:29
fabbione	(they will feel like on the same LAN	12:29
fabbione	s/feel/look)	12:29
fabbione	the Server uses the virtual interface towards the host to talk with the firewall	12:29
ogra	hmm, so i could even build a little DMZ ? sounds cool	12:29
fabbione	ogra: exactly	12:30
ogra	wow, xen is cool	12:30
fabbione	the DMZ will be a virtual lan running inside the host	12:30
fabbione	the real interface of the server will go towards the internal lan	12:30
fabbione	now what i am afraid of is:	12:30
fabbione	- how to partition the hw so that iface X is associate with xen guest X	12:30
fabbione	(i know it can be done, but i never tried it)	12:31
fabbione	- you will need a spectacular amount of netfilters running on FW, host and Server	12:31
ogra	its my job to find hat out... :)	12:31
fabbione	- access to the host for admin purpose might be a problem if server goes down	12:33
fabbione	ogra: in any case.. do you realize that with this setup:	12:33
fabbione	a) you are going to lose performance on each single "machine"	12:33
fabbione	b) you triplicate the amount of maintainance (if not more)	12:33
ogra	hum.... thats not good	12:34
fabbione	c) you will still need to run netfilter/iptables on all 3 the machines?	12:34
ogra	thats no problem	12:34
fabbione	xen adds overhead.. in many directions	12:34
fabbione	i can't think of anything simpler with that requirements	12:35
ogra	performance loss is very bad for ltsp....	12:35
fabbione	but imho... if you just use something like:	12:35
fabbione	iptables -t filter -F INPUT	12:35
fabbione	iptables -t filter -P INPUT DROP	12:35
fabbione	iptables -t filter -A INPUT -j ACCEPT -d 192.168.2.6 -m state --state ESTABLISHE	12:36
fabbione	D,RELATED	12:36
fabbione	you basically closed the machine from the outside	12:36
fabbione	and you can still navigate from the inside	12:36
fabbione	that rule (or a similar one) will just close *	12:36
ogra	yep	12:36
fabbione	imho all the xen mess is not worth...	12:37
fabbione	but well...	12:37
ogra	my main concern is to run both on one HW... since the FW has to do transparent proxying....	12:38
fabbione	you will also need to test the above setup...	12:38
fabbione	yeah but transparent proxy is not an issue	12:38
fabbione	you still don't need to listen with services on the outside interface	12:38
ogra	yep...	12:38
ogra	but from the inside i need a GW to put the content filter on... having both on one machine hurts my stomach	12:39
fabbione	ok.. but my question is.. is it only your stomach or a specific requirement for the specs?	12:40
ogra	but your explanation shows that xen/uml seems not to be a good way around if i loose performance	12:40
fabbione	you lose performance..	12:40
fabbione	you are adding:	12:41
ogra	the requirement is to have transparent proxing for parental control without having additional HW	12:41
fabbione	- vm overhead	12:41
fabbione	- 2 extra hops in the network	12:41
ogra	i dont care about extra hops	12:41
fabbione	- removing memory (due to partitioning) from one server	12:41
ogra	thats the worst	12:41
fabbione	- using the internal backplane to share hw	12:41
fabbione	i mean.. the backplane is fast	12:41
fabbione	but it is still overhead	12:42
fabbione	and the main issue is the RAM really	12:42
ogra	loosing memory in a ltsp environment is a vry bad thing	12:42
ogra	every byte is speed there	12:42
fabbione	the issue is that xen needs to know how much ram you assign to each domain	12:42
fabbione	(including the host)	12:42
fabbione	the host doesn't need much	12:42
ogra	a FW probably doesnt need mor the 64MB either	12:43
ogra	more then	12:43
fabbione	like 256MB would do	12:43
fabbione	the FW at least 128MB	12:43
fabbione	the Server all the rest	12:43
ogra	heh... the server will be somewhere in the GB area..... 4GB are common	12:43
fabbione	+ an extra 64Mb hidden by xen management	12:44
ogra	(for a 20-30 client setup)	12:44
fabbione	you know that our kernel needs to be recompiled on x86 machines with more than 4GB?	12:44
fabbione	anyway..	12:45
fabbione	you will still need to test that all the above will ever work	12:45
ogra	i think we dont have mainboards yet that support moe then 4GB on single x86, do we ?	12:45
fabbione	probably not on home pc	12:45
ogra	yes, i know ...	12:45
fabbione	i am pretty sure they do on servers	12:45
ogra	hmm, 32bit on a single CPU can handle more then 4GB ?	12:46
ogra	i didnt know that	12:46
fabbione	in terms of disk space.. the FW/HOST don't need more than 1G each	12:46
fabbione	the rest can go to server	12:46
ogra	disk space is cheap and not an issue	12:46
fabbione	ogra: there is an option to extend that to 64GB	12:46
ogra	woah...	12:46
fabbione	but it's disabled because it adds overhead	12:46
fabbione	the limit for a single process is still 4GB	12:47
ogra	might becoman an option for edubuntu....	12:47
ogra	become an	12:47
fabbione	yes, that means an extra edubuntu kernel :)	12:47
fabbione	( i need a smoke.. brb )	12:47
ogra	it could be that i need a own kernel anyway... finally you got me in the kernel usiness then :)	12:47
fabbione	ahah welcome to pleasure of pain	12:48
ogra	heh	12:48
chmj	and suffering	12:49
=== ogra [~ogra@p5089EB75.dip.t-dialin.net] has joined #ubuntu-kernel
zul	hola	02:07
chmj	fabbione: do you know if concordia is down ?	02:24
fabbione	chmj: nope.. i didn't login since yesterday	02:24
fabbione	hey zul	02:24
chmj	seems to be	02:24
fabbione	concordia.ubuntu.com [82.211.81.168] 22 (ssh) : No route to host	02:24
fabbione	it is	02:24
=== doko [~doko___@dsl-084-059-087-027.arcor-ip.net] has joined #ubuntu-kernel
=== jbailey [~jbailey@modemcable014.133-131-66.mc.videotron.ca] has joined #ubuntu-kernel
=== JaneW [~JaneW@146.232.64.52] has joined #ubuntu-kernel
fabbione	hey jbailey	03:24
fabbione	hey JaneW	03:24
JaneW	hi fabbione	03:25
jbailey	Heya Fabio	03:25
jbailey	I guess this means the move was successful.	03:25
jbailey	'net just got installed.	03:25
jbailey	Now I just need to buy a fridge and stove..	03:25
fabbione	cool	03:26
fabbione	congratulation	03:26
fabbione	see i have an extra fridge here....	03:26
fabbione	and an extra stove	03:26
fabbione	jbailey: you moved to the wrong place	03:26
=== ogra sees JaneW around... does this meen we get a new nutty kernel again ?
ogra	mean even	03:26
JaneW	ogra: hi - I am at a conf, but just found wireless access, so I couldn;t resist hopping on...	03:31
ogra	hehe	03:31
ogra	addicted	03:31
zul	welcome to waa...wirleess addicts annoymous	03:31
ogra	heh	03:34
JaneW	zul: thanks ;)	03:35
fabbione	ehhe	03:36
jbailey	fabbione: Well, whether it's right or it's wrong, I'm sure as hell not doing that again soon.	03:37
fabbione	ahhaha	03:38
fabbione	jbailey: i did it so many times that i don't even want to think to move	03:38
fabbione	if not for the tax rates :)	03:38
jbailey	This is the first time that I've moved a whole house to another province.	03:39
jbailey	When we moved to Toronto we got rid of all of our stuff first.	03:39
fabbione	eh...	03:39
fabbione	i still have some stuff in italy	03:39
fabbione	sooner or later i will need to rent a little truck and do the ride again	03:39
fabbione	2400KM brrrr....	03:40
fabbione	actually a bit more..	03:40
fabbione	but well	03:40
jbailey	Ouch.	03:40
fabbione	around that line	03:40
jbailey	This was at least only like 600-700km	03:40
fabbione	jbailey: when i moved to dk, i loaded my father's car and drove alone for 2 days....	03:41
jbailey	And sais hi. =)	03:41
fabbione	jbailey: basically the passenger seat had 4 bags with all the normal life stuff	03:41
jbailey	Angie, rather.	03:41
fabbione	the rest was computer equipment :)	03:41
fabbione	hi Angie!	03:41
jbailey	lol	03:42
fabbione	it took me around 24 hours of pure driving	03:43
jbailey	I have to go back to Toronto this month to pick up my SGI, my Alpha and my Itanium.	03:43
jbailey	There just wasn't room.	03:43
fabbione	+ i got lost on the german motorway	03:43
fabbione	that added another good hour	03:43
=== jbailey blinks
jbailey	Is Germany between Italy and Denmark?	03:44
fabbione	yeah as well as swiss/austria	03:44
fabbione	italy -> {swiss,austria} -> germany -> dk	03:44
fabbione	i got lost after the austria's border line	03:44
fabbione	because the indication sucked	03:45
fabbione	and ended up in the wrong direction	03:45
ogra	fabbione, you cant get lost on german motorways, thats a rumor ;)	03:45
ogra	g	03:45
fabbione	ogra: not when you pretend to have a city called "Aschufart" that's not on any of the maps	03:46
ogra	lol	03:46
=== ogra wipes the laughing tears from his eyes....
fabbione	ogra: only in germany you write "exit" at the motorway exit, instead of the name of the place it takes you	03:47
ogra	Ausfahrt is german for exit.... :)	03:47
fabbione	so it took me a little while to realize that there can't be a city called "exit" longer than 50km	03:47
ogra	heh	03:47
ogra	but at least you saw something of germany despite the motorway :)	03:48
fabbione	yeah an extra gas station	03:48
=== chmj [~chmj@196.36.161.235] has joined #ubuntu-kernel
chmj	fabbione: ping	03:49
fabbione	chmj: yes?	03:50
chmj	problems	03:51
chmj	hold on, I'm uploading dmesg output	03:52
chmj	fabbione: ipw2100 failed after I dist-upgraded	03:53
chmj	http://people.ubuntu.com/~charles/dmesglog	03:54
chmj	erm, I can't execute anything from bash, just hangs the kernel	03:54
fabbione	chmj: known bug..	03:54
fabbione	fix upstream.. kthxbye	03:54
chmj	hmmm	03:55
zul	jbailey: if you want you can leave your SGI, Alpha, and Itanium in ottawa ;)	03:55
fabbione	but given that you have an ipw2100, you can test a kernel for me	03:55
fabbione	when i will have the time to do a test build :)	03:55
chmj	ok, for some reason, every process ends with this : Killed by signal 1.	03:56
chmj	on this kernel : Linux darklord 2.6.10-5-386 #1 Tue Apr 5 12:12:40 UTC 2005 i686 GNU/Linux	03:56
chmj	this is all after dist-upgrade	03:56
fabbione	that's only ssh	03:57
fabbione	not every process	03:57
fabbione	known bug that one too	03:57
fabbione	oh	03:57
fabbione	no	03:57
fabbione	hmmmm	03:57
fabbione	i am not sure you can actually use .10 in breezy anymore	03:57
chmj	oh yes, scp + ssh	03:58
fabbione	are you sure it's all processes?	03:58
fabbione	ah ok	03:58
fabbione	tsk	03:58
fabbione	as above.. ssh problem	03:58
chmj	I use .10 on breezy, works better than .12 :(	03:58
chmj	.12 just hangs :(	03:59
fabbione	chmj: you are part of the kernel-team.. testing/patches/bugfixes are welcome ;)	03:59
fabbione	chmj: it hangs only on ipw2100...	03:59
fabbione	that is yet another piece of external crap that apparently lusers can't live without	03:59
fabbione	thansk god it's going upstream	03:59
fabbione	so it will break less	03:59
fabbione	and be more obsoleted faster	03:59
fabbione	but at least i have an excuse for not updating it	04:00
chmj	hmm, problem with tesing/patching is that I have very limited resources	04:00
chmj	will do some triage though	04:01
fabbione	chmj: we know what the problem is	04:01
fabbione	and if upstream doesn't fix it, i can only workaround it	04:01
fabbione	basically the ipw2100 and ipw2200 drivers share a set of common modules	04:01
fabbione	the ieee8something	04:02
fabbione	and the code is maintained duplicated! in both repos	04:02
fabbione	with the last upgrade of the drivers they went out of sync	04:02
fabbione	so the ieee code that's from the ipw2200 works for the latter	04:02
fabbione	but not for the ipw2100	04:02
zul	muhahaha	04:02
fabbione	if i take the code from the ipw2100 it will break ipw2200	04:02
fabbione	so there is only one untested solution	04:03
chmj	oh my	04:03
fabbione	remove this common code	04:03
fabbione	and compile it all static into the respective ipw2x00 modules	04:03
fabbione	in the hope that it works	04:03
fabbione	and you will test that kernel for me :)	04:03
chmj	ok :)	04:04
chmj	eta ?	04:04
fabbione	but it's not very high priority...	04:04
fabbione	probably one or two days	04:04
fabbione	i have userland work to finish	04:04
chmj	noted	04:07
=== svenl_ [~luther@AStrasbourg-251-1-20-215.w82-126.abo.wanadoo.fr] has joined #ubuntu-kernel
chmj	http://bugzilla.ubuntu.com/show_bug.cgi?id=12417 this just came in	04:35
fabbione	tought luck... it's still the same ieee layer causing problems	04:44
fabbione	i am off for today	04:45
fabbione	cya tomorrow guys	04:46
chmj	enjoy	04:51
zul	arrgh!!!	07:43
=== lamont__ [~lamont@15.238.6.251] has joined #ubuntu-kernel
fabbione	hey lamont	08:12
lamont__	howdy	08:13
zul	meh...dont know what to do	08:19
fabbione	zul: are you bored?	08:20
fabbione	fix some more bugs :)	08:20
zul	still debating	08:20
zul	fabbione: ill fix some tonight	08:23
fabbione	don't trash too much :P	08:23
zul	ill try not to :P	08:24
fabbione	so lamont__ how is going with the new job?	08:33
fabbione	you almost disappeared.. so i guess it keeps you busy ;)	08:34
lamont__	a bt	08:35
lamont__	a bit, even	08:35
jbailey	He's working at a site with a better 'net connection now, he can go back to surfing pr0n.	08:35
zul	they are suppose to be getting fiber here at work	08:37
lamont__	jbailey: feh	08:37
lamont__	besides - they monitor.	08:37
lamont__	which is a great waste of time and money, truthfully	08:37
lamont__	and a significant liability in the making.	08:38
fabbione	+ nobody really checks the logs..	08:38
jbailey	Yeah. I spent ages arguing at my last job that as long as someone was consistantly performing, who cares what they did, and if they weren't, then to deal with them directly and solve the issue without the over application of technology.	08:38
lamont__	HP lives in fear of RIAA	08:40
lamont__	hence BT is disallowed, unless you have a business need for a particular IP to be allowed to participate.	08:40
lamont__	as a client only, of course.	08:40
lamont__	since everyone knows that the only use for BT is to exchange copyrighted material in violation of copyright	08:40
fabbione	BT?	08:42
zul	british telecom? :)	08:42
lamont__	bittorrent	08:43
fabbione	ahh	08:43
zul	ooooh..	08:43
lamont__	I mean, who would use it to release large tarballs/isos of free stuff???	08:43
fabbione	http://dva.gbrit.com/~dougadams/Jokes/index.php?s=3.jpg	08:44
fabbione	AHHA	08:44
fabbione	(the rest of the site is NOT safe)	08:44
fabbione	so don't go one dir up :)	08:44
=== lamont__ has seen that one before
lamont__	iz good	08:45
fabbione	the joke or the site?	08:45
lamont__	fabbione: is that a gtk bug, I wonder???	08:45
lamont__	joke	08:45
fabbione	ahah	08:45
lamont__	will have to see what other jokes are there tonight	08:45
fabbione	lamont__: mostlikely	08:45
fabbione	nah the others aren't that funny	08:46
lamont__	ah, ok. thanks	08:46
fabbione	mostlikely naked stuff	08:46
lamont__	feh	08:46
jbailey	Yeah, I'll read the BDSM stuff some time when my mother in law isn't wandering around my house. =)	08:46
fabbione	jbailey: exactly :) my wife is wathing TV.. i need to entertrain myself somehow :)	08:47
zul	why dont you watch tv with her...	08:49
fabbione	because there is a special about bush visiting dk	08:49
fabbione	and houneslty i can't care less	08:49
zul	heh...you said bush	08:49
fabbione	american people did pay his nice AirForce one travel	08:50
jbailey	Right, instead you can read about tying her up and spanking her instead.	08:50
fabbione	on a 3 day visit, one was half drunk	08:50
jbailey	"It's research, dear."	08:50
fabbione	the ohter has been playing golf	08:50
fabbione	and of 5 things he said on danish tv one was: "... you swallow. LISTEN TO YOUR MOTHER!"	08:50
fabbione	now.. i wonder .. what job did this porro mother do?!	08:51
fabbione	s/porro/poor	08:51
fabbione	jbailey: ahhaa	08:51
fabbione	jbailey: i am not reading all of it yet.. but it seems a pretty hounest author	08:52
jbailey	Cool	08:53
=== Seveaz [~seveas@seveas.demon.nl] has joined #ubuntu-kernel

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!