[05:23] <fabbione> morning
[12:11] <ogra> fabbione, ping
[12:11] <fabbione> ogra: pong?
[12:12] <ogra> looks like i have to run a firewall on the ltsp server for edubuntu :-/ do we have any uml capable kernel image ?
[12:12] <fabbione> no
[12:12] <ogra> or do you think xen will be alternatively ready for breezy 
[12:13] <fabbione> probably...
[12:13] <ogra> i thought about a chroot jail, but that wont help for a firewall
[12:13] <fabbione> xen is up for google atm
[12:13] <ogra> s i'll need a extra vm...
[12:13] <ogra> s/s/so
[12:13] <fabbione> and how do you think xen/uml will help you?
[12:13] <fabbione> what is exactly the problem
[12:13] <ogra> dont i run a independent kernel instance with them ?
[12:14] <fabbione> yes, but what is the problem you need to address exactly
[12:14] <ogra> i dont want to run the FW on the server directly.... if i set netfilter option in a chroot they will affect the host too, or am i wrong ?
[12:14] <fabbione> wrong
[12:15] <fabbione> xen or uml won't help you at all
[12:15] <ogra> oh... i though it would...
[12:16] <fabbione> i don't understand why do you want to run netfilter in a chroot...
[12:16] <fabbione> netfilter or iptables is kernel stuff
[12:16] <fabbione> you want to run it as soon as possible
[12:16] <ogra> to have it separated from the server.... its a school environment.. so if someone hacks the FW he shouldnt have any access to the server processes....
[12:16] <fabbione> does need to run on the same machine?
[12:17] <ogra> but mark requires me to run both on one machine
[12:17] <ogra> yes
[12:17] <ogra> :/
[12:17] <fabbione> amen
[12:17] <fabbione> let me think one second
[12:18] <fabbione> how many network cards do you have?
[12:18] <ogra> two i guess
[12:18] <ogra> i could make 3 a requirement if that helps...
[12:18] <fabbione> i am thinking :)
[12:19] <ogra> :)
[12:19] <fabbione> 2 are enough....
[12:19] <fabbione> and you can use xen
[12:19] <ogra> great :) 
[12:19] <fabbione> but the setup is NOT tricky
[12:19] <ogra> you mentor it, right ? 
[12:20] <fabbione> i am mentoring xen, but only for the packaging
[12:20] <fabbione> not for these kind of weird setups :)
[12:20] <ogra> i have to make only one default setup... its unlikely that anybody will touch it... the firts edubuntu shall be a out of the box solution
[12:21] <ogra> but additional HW is a "no go" :/
[12:21] <fabbione> i am not 100% sure 2 cards are enough tho
[12:22] <ogra> can you use aliases across the kernel/xen envionments ?
[12:22] <ogra> (alias interfaces that is)
[12:22] <fabbione> the problem i think is:
[12:22] <fabbione> (or are)
[12:23] <fabbione> - FW needs 2 interfaces
[12:23] <ogra> yep
[12:23] <fabbione> - Server needs one interface
[12:24] <fabbione> are there any users allowed to login on the server other than the admin?
[12:24] <ogra> nope...
[12:24] <fabbione> probably.. what you can do is:
[12:24] <ogra> all users are locked in the ltsp envionment... only the NFS roots are accessible
[12:25] <fabbione> btw.. do you know how xen works?
[12:25] <ogra> nope
[12:25] <fabbione> or do i need to explain?
[12:25] <fabbione> ok
[12:25] <fabbione> basically it works this way..
[12:25] <ogra> its a additional VM as far as i understood it
[12:25] <fabbione> - you boot the real machine with a kernel called dom0
[12:25] <fabbione> such a kernel is the one that access the real hw
[12:26] <fabbione> and it exports it via an internal backplane to the guests
[12:26] <fabbione> - each guest boots its own kernel called domU
[12:26] <fabbione> that access virtual disks/net interfaces via the backplane
[12:26] <ogra> ok, so i'll need two guests then.. 1. ltsp server 2. firewall...
[12:27] <fabbione> yes.. but the problem is how to share the hw
[12:27] <fabbione> because a FW needs 2 interfaces
[12:27] <ogra> i'm fine with a 3 netcard requirement...
[12:27] <fabbione> the server needs one (real to run dhcp)
[12:27] <fabbione> the FW needs at least one real
[12:27] <fabbione> probably...
[12:27] <fabbione> what you can do is:
[12:28] <fabbione> run the host without real cards
[12:28] <fabbione> configure the guests to run a dom0 kernel and use one virtual interface towards the host and one real card towards the world
[12:28] <fabbione> at that point...
[12:28] <fabbione> the FW real card goes towards internet
[12:29] <fabbione> the FW virtual interface towards the host
[12:29] <fabbione> the host will bridge with the Server 
[12:29] <fabbione> (they will feel like on the same LAN
[12:29] <fabbione> s/feel/look)
[12:29] <fabbione> the Server uses the virtual interface towards the host to talk with the firewall
[12:29] <ogra> hmm, so i could even build a little DMZ ? sounds cool
[12:30] <fabbione> ogra: exactly
[12:30] <ogra> wow, xen is cool
[12:30] <fabbione> the DMZ will be a virtual lan running inside the host
[12:30] <fabbione> the real interface of the server will go towards the internal lan
[12:30] <fabbione> now what i am afraid of is:
[12:30] <fabbione> - how to partition the hw so that iface X is associate with xen guest X
[12:31] <fabbione> (i know it can be done, but i never tried it)
[12:31] <fabbione> - you will need a spectacular amount of netfilters running on FW, host and Server
[12:31] <ogra> its my job to find hat out... :)
[12:33] <fabbione> - access to the host for admin purpose might be a problem if server goes down
[12:33] <fabbione> ogra: in any case.. do you realize that with this setup:
[12:33] <fabbione> a) you are going to lose performance on each single "machine"
[12:33] <fabbione> b) you triplicate the amount of maintainance (if not more)
[12:34] <ogra> hum.... thats not good
[12:34] <fabbione> c) you will still need to run netfilter/iptables on all 3 the machines?
[12:34] <ogra> thats no problem
[12:34] <fabbione> xen adds overhead.. in many directions
[12:35] <fabbione> i can't think of anything simpler with that requirements
[12:35] <ogra> performance loss is very bad for ltsp....
[12:35] <fabbione> but imho... if you just use something like:
[12:35] <fabbione> iptables -t filter -F INPUT
[12:35] <fabbione> iptables -t filter -P INPUT DROP
[12:36] <fabbione> iptables -t filter -A INPUT -j ACCEPT -d 192.168.2.6 -m state --state ESTABLISHE
[12:36] <fabbione> D,RELATED
[12:36] <fabbione> you basically closed the machine from the outside
[12:36] <fabbione> and you can still navigate from the inside
[12:36] <fabbione> that rule (or a similar one) will just close *
[12:36] <ogra> yep
[12:37] <fabbione> imho all the xen mess is not worth...
[12:37] <fabbione> but well...
[12:38] <ogra> my main concern is to run both on one HW... since the FW has to do transparent proxying....
[12:38] <fabbione> you will also need to test the above setup...
[12:38] <fabbione> yeah but transparent proxy is not an issue
[12:38] <fabbione> you still don't need to listen with services on the outside interface
[12:38] <ogra> yep...
[12:39] <ogra> but from the inside i need a GW to put the content filter on... having both on one machine hurts my stomach
[12:40] <fabbione> ok.. but my question is.. is it only your stomach or a specific requirement for the specs?
[12:40] <ogra> but your explanation shows that xen/uml seems not to be a good way around if i loose performance
[12:40] <fabbione> you lose performance..
[12:41] <fabbione> you are adding:
[12:41] <ogra> the requirement is to have transparent proxing for parental control without having additional HW
[12:41] <fabbione> - vm overhead
[12:41] <fabbione> - 2 extra hops in the network
[12:41] <ogra> i dont care about extra hops
[12:41] <fabbione> - removing memory (due to partitioning) from one server
[12:41] <ogra> thats the worst
[12:41] <fabbione> - using the internal backplane to share hw
[12:41] <fabbione> i mean.. the backplane is fast
[12:42] <fabbione> but it is still overhead
[12:42] <fabbione> and the main issue is the RAM really
[12:42] <ogra> loosing memory in a ltsp environment is a vry bad thing
[12:42] <ogra> every byte is speed there
[12:42] <fabbione> the issue is that xen needs to know how much ram you assign to each domain
[12:42] <fabbione> (including the host)
[12:42] <fabbione> the host doesn't need much
[12:43] <ogra> a FW probably doesnt need mor the 64MB either
[12:43] <ogra> more then
[12:43] <fabbione> like 256MB would do
[12:43] <fabbione> the FW at least 128MB
[12:43] <fabbione> the Server all the rest
[12:43] <ogra> heh... the server will be somewhere in the GB area..... 4GB are common
[12:44] <fabbione> + an extra 64Mb hidden by xen management
[12:44] <ogra> (for a 20-30 client setup)
[12:44] <fabbione> you know that our kernel needs to be recompiled on x86 machines with more than 4GB?
[12:45] <fabbione> anyway..
[12:45] <fabbione> you will still need to test that all the above will ever work
[12:45] <ogra> i think we dont have mainboards yet that support moe then 4GB on single x86, do we ?
[12:45] <fabbione> probably not on home pc
[12:45] <ogra> yes, i know ...
[12:45] <fabbione> i am pretty sure they do on servers
[12:46] <ogra> hmm, 32bit on a single CPU can handle more then 4GB ?
[12:46] <ogra> i didnt know that
[12:46] <fabbione> in terms of disk space.. the FW/HOST don't need more than 1G each
[12:46] <fabbione> the rest can go to server
[12:46] <ogra> disk space is cheap and not an issue 
[12:46] <fabbione> ogra: there is an option to extend that to 64GB
[12:46] <ogra> woah...
[12:46] <fabbione> but it's disabled because it adds overhead
[12:47] <fabbione> the limit for a single process is still 4GB
[12:47] <ogra> might becoman an option for edubuntu.... 
[12:47] <ogra> become an
[12:47] <fabbione> yes, that means an extra edubuntu kernel :)
[12:47] <fabbione> ( i need a smoke.. brb )
[12:47] <ogra> it could be that i need a own kernel anyway... finally you got me in the kernel usiness then :)
[12:48] <fabbione> ahah welcome to pleasure of pain
[12:48] <ogra> heh
[12:49] <chmj> and suffering 
[02:07] <zul> hola
[02:24] <chmj> fabbione: do you know if concordia is down ?
[02:24] <fabbione> chmj: nope.. i didn't login since yesterday
[02:24] <fabbione> hey zul
[02:24] <chmj> seems to be 
[02:24] <fabbione> concordia.ubuntu.com [82.211.81.168]  22 (ssh) : No route to host
[02:24] <fabbione> it is
[03:24] <fabbione> hey jbailey 
[03:24] <fabbione> hey JaneW 
[03:25] <JaneW> hi fabbione
[03:25] <jbailey> Heya Fabio
[03:25] <jbailey> I guess this means the move was successful.
[03:25] <jbailey> 'net just got installed.
[03:25] <jbailey> Now I just need to buy a fridge and stove..
[03:26] <fabbione> cool
[03:26] <fabbione> congratulation
[03:26] <fabbione> see i have an extra fridge here....
[03:26] <fabbione> and an extra stove
[03:26] <fabbione> jbailey: you moved to the wrong place
[03:26] <ogra> mean even
[03:31] <JaneW> ogra: hi - I am at a conf, but just found wireless access, so I couldn;t resist hopping on...
[03:31] <ogra> hehe
[03:31] <ogra> addicted
[03:31] <zul> welcome to waa...wirleess addicts annoymous
[03:34] <ogra> heh
[03:35] <JaneW> zul: thanks ;)
[03:36] <fabbione> ehhe
[03:37] <jbailey> fabbione: Well, whether it's right or it's wrong, I'm sure as hell not doing that again soon.
[03:38] <fabbione> ahhaha
[03:38] <fabbione> jbailey: i did it so many times that i don't even want to think to move
[03:38] <fabbione> if not for the tax rates :)
[03:39] <jbailey> This is the first time that I've moved a whole house to another province.
[03:39] <jbailey> When we moved to Toronto we got rid of all of our stuff first.
[03:39] <fabbione> eh...
[03:39] <fabbione> i still have some stuff in italy
[03:39] <fabbione> sooner or later i will need to rent a little truck and do the ride again
[03:40] <fabbione> 2400KM brrrr....
[03:40] <fabbione> actually a bit more..
[03:40] <fabbione> but well
[03:40] <jbailey> Ouch.
[03:40] <fabbione> around that line
[03:40] <jbailey> This was at least only like 600-700km
[03:41] <fabbione> jbailey: when i moved to dk, i loaded my father's car and drove alone for 2 days....
[03:41] <jbailey> And sais hi. =)
[03:41] <fabbione> jbailey: basically the passenger seat had 4 bags with all the normal life stuff
[03:41] <jbailey> Angie, rather.
[03:41] <fabbione> the rest was computer equipment :)
[03:41] <fabbione> hi Angie!
[03:42] <jbailey> *lol*
[03:43] <fabbione> it took me around 24 hours of pure driving
[03:43] <jbailey> I have to go back to Toronto this month to pick up my SGI, my Alpha and my Itanium.
[03:43] <jbailey> There just wasn't room.
[03:43] <fabbione> + i got lost on the german motorway
[03:43] <fabbione> that added another good hour
[03:44] <jbailey> Is Germany between Italy and Denmark?
[03:44] <fabbione> yeah as well as swiss/austria
[03:44] <fabbione> italy -> {swiss,austria} -> germany -> dk
[03:44] <fabbione> i got lost after the austria's border line
[03:45] <fabbione> because the indication sucked
[03:45] <fabbione> and ended up in the wrong direction
[03:45] <ogra> fabbione, you cant get lost on german motorways, thats a rumor ;)
[03:45] <ogra> *g*
[03:46] <fabbione> ogra: not when you pretend to have a city called "Aschufart" that's not on any of the maps
[03:46] <ogra> lol
[03:47] <fabbione> ogra: only in germany you write "exit" at the motorway exit, instead of the name of the place it takes you
[03:47] <ogra> Ausfahrt is german for exit.... :)
[03:47] <fabbione> so it took me a little while to realize that there can't be a city called "exit" longer than 50km
[03:47] <ogra> heh
[03:48] <ogra> but at least you saw something of germany despite the motorway :)
[03:48] <fabbione> yeah an extra gas station
[03:49] <chmj> fabbione: ping 
[03:50] <fabbione> chmj: yes?
[03:51] <chmj> problems 
[03:52] <chmj> hold on, I'm uploading dmesg output
[03:53] <chmj> fabbione: ipw2100 failed after I dist-upgraded 
[03:54] <chmj> http://people.ubuntu.com/~charles/dmesglog
[03:54] <chmj> erm, I can't execute anything from bash, just hangs the kernel 
[03:54] <fabbione> chmj: known bug..
[03:54] <fabbione> fix upstream.. kthxbye
[03:55] <chmj> hmmm 
[03:55] <zul> jbailey: if you want you can leave your SGI, Alpha, and Itanium in ottawa ;)
[03:55] <fabbione> but given that you have an ipw2100, you can test a kernel for me
[03:55] <fabbione> when i will have the time to do a test build :)
[03:56] <chmj> ok, for some reason, every process ends with this : Killed by signal 1.
[03:56] <chmj> on this kernel : Linux darklord 2.6.10-5-386 #1 Tue Apr 5 12:12:40 UTC 2005 i686 GNU/Linux
[03:56] <chmj> this is all after dist-upgrade 
[03:57] <fabbione> that's only ssh
[03:57] <fabbione> not every process
[03:57] <fabbione> known bug that one too
[03:57] <fabbione> oh
[03:57] <fabbione> no
[03:57] <fabbione> hmmmm
[03:57] <fabbione> i am not sure you can actually use .10 in breezy anymore
[03:58] <chmj> oh yes, scp + ssh 
[03:58] <fabbione> are you sure it's all processes?
[03:58] <fabbione> ah ok
[03:58] <fabbione> tsk
[03:58] <fabbione> as above.. ssh problem
[03:58] <chmj> I use .10 on breezy, works better than .12 :( 
[03:59] <chmj> .12 just hangs :( 
[03:59] <fabbione> chmj: you are part of the kernel-team.. testing/patches/bugfixes are welcome ;)
[03:59] <fabbione> chmj: it hangs only on ipw2100...
[03:59] <fabbione> that is yet another piece of external crap that apparently lusers can't live without
[03:59] <fabbione> thansk god it's going upstream
[03:59] <fabbione> so it will break less
[03:59] <fabbione> and be more obsoleted faster
[04:00] <fabbione> but at least i have an excuse for not updating it
[04:00] <chmj> hmm, problem with tesing/patching is that I have very limited resources 
[04:01] <chmj> will do some triage though 
[04:01] <fabbione> chmj: we know what the problem is
[04:01] <fabbione> and if upstream doesn't fix it, i can only workaround it
[04:01] <fabbione> basically the ipw2100 and ipw2200 drivers share a set of common modules
[04:02] <fabbione> the ieee8something
[04:02] <fabbione> and the code is maintained duplicated! in both repos
[04:02] <fabbione> with the last upgrade of the drivers they went out of sync
[04:02] <fabbione> so the ieee code that's from the ipw2200 works for the latter
[04:02] <fabbione> but not for the ipw2100
[04:02] <zul> muhahaha
[04:02] <fabbione> if i take the code from the ipw2100 it will break ipw2200
[04:03] <fabbione> so there is only one untested solution
[04:03] <chmj> oh my 
[04:03] <fabbione> remove this common code
[04:03] <fabbione> and compile it all static into the respective ipw2x00 modules
[04:03] <fabbione> in the hope that it works
[04:03] <fabbione> and you will test that kernel for me :)
[04:04] <chmj> ok :) 
[04:04] <chmj> eta ?
[04:04] <fabbione> but it's not very high priority...
[04:04] <fabbione> probably one or two days
[04:04] <fabbione> i have userland work to finish
[04:07] <chmj> noted 
[04:35] <chmj> http://bugzilla.ubuntu.com/show_bug.cgi?id=12417 this just came in 
[04:44] <fabbione> tought luck... it's still the same ieee layer causing problems
[04:45] <fabbione> i am off for today
[04:46] <fabbione> cya tomorrow guys
[04:51] <chmj> enjoy 
[07:43] <zul> arrgh!!!
[08:12] <fabbione> hey lamont
[08:13] <lamont__> howdy
[08:19] <zul> meh...dont know what to do
[08:20] <fabbione> zul: are you bored?
[08:20] <fabbione> fix some more bugs :)
[08:20] <zul> still debating
[08:23] <zul> fabbione: ill fix some tonight
[08:23] <fabbione> don't trash too much :P
[08:24] <zul> ill try not to :P
[08:33] <fabbione> so lamont__ how is going with the new job?
[08:34] <fabbione> you almost disappeared.. so i guess it keeps you busy ;)
[08:35] <lamont__> a bt
[08:35] <lamont__> a bit, even
[08:35] <jbailey> He's working at a site with a better 'net connection now, he can go back to surfing pr0n.
[08:37] <zul> they are suppose to be getting fiber here at work
[08:37] <lamont__> jbailey: feh
[08:37] <lamont__> besides - they monitor.
[08:37] <lamont__> which is a great waste of time and money, truthfully
[08:38] <lamont__> and a significant liability in the making.
[08:38] <fabbione> + nobody really checks the logs..
[08:38] <jbailey> Yeah.  I spent ages arguing at my last job that as long as someone was consistantly performing, who cares what they did, and if they weren't, then to deal with them directly and solve the issue without the over application of technology.
[08:40] <lamont__> HP lives in fear of RIAA
[08:40] <lamont__> hence BT is disallowed, unless you have a business need for a particular IP to be allowed to participate.
[08:40] <lamont__> as a client only, of course.
[08:40] <lamont__> since everyone knows that the only use for BT is to exchange copyrighted material in violation of copyright
[08:42] <fabbione> BT?
[08:42] <zul> british telecom? :)
[08:43] <lamont__> bittorrent
[08:43] <fabbione> ahh
[08:43] <zul> ooooh..
[08:43] <lamont__> I mean, who would use it to release large tarballs/isos of free stuff???
[08:44] <fabbione> http://dva.gbrit.com/~dougadams/Jokes/index.php?s=3.jpg
[08:44] <fabbione> AHHA
[08:44] <fabbione> (the rest of the site is NOT safe)
[08:44] <fabbione> so don't go one dir up :)
[08:45] <lamont__> iz good
[08:45] <fabbione> the joke or the site?
[08:45] <lamont__> fabbione: is that a gtk bug, I wonder???
[08:45] <lamont__> joke
[08:45] <fabbione> ahah
[08:45] <lamont__> will have to see what other jokes are there tonight
[08:45] <fabbione> lamont__: mostlikely
[08:46] <fabbione> nah the others aren't that funny
[08:46] <lamont__> ah, ok.  thanks
[08:46] <fabbione> mostlikely naked stuff
[08:46] <lamont__> feh
[08:46] <jbailey> Yeah, I'll read the BDSM stuff some time when my mother in law isn't wandering around my house. =)
[08:47] <fabbione> jbailey: exactly :) my wife is wathing TV.. i need to entertrain myself somehow :)
[08:49] <zul> why dont you watch tv with her...
[08:49] <fabbione> because there is a special about bush visiting dk
[08:49] <fabbione> and houneslty i can't care less
[08:49] <zul> heh...you said bush
[08:50] <fabbione> american people did pay his nice AirForce one travel
[08:50] <jbailey> Right, instead you can read about tying her up and spanking her instead.
[08:50] <fabbione> on a 3 day visit, one was half drunk
[08:50] <jbailey> "It's research, dear."
[08:50] <fabbione> the ohter has been playing golf
[08:50] <fabbione> and of 5 things he said on danish tv one was: "... you swallow. LISTEN TO YOUR MOTHER!"
[08:51] <fabbione> now.. i wonder .. what job did this porro mother do?!
[08:51] <fabbione> s/porro/poor
[08:51] <fabbione> jbailey: ahhaa
[08:52] <fabbione> jbailey: i am not reading all of it yet.. but it seems a pretty hounest author
[08:53] <jbailey> Cool