[12:03] <LaserJock> ok, so I can fix bug #576 #2066 by exporting LANG=C or using "xset fp rehash". Do you think that this is a problem that we need to fix?
[05:46] <james> anyone here know anything about the nvidia-legacy pakage?
[05:47] <james> my name is james, just installed breezy and have a bug with it
[05:47] <james> just don't know where to report it
[05:47] <james> lo?
[05:48] <bddebian> http://launchpad.ubuntu.com   File it on Malone please
[05:48] <James_Martinez> what is Malone?
[05:48] <bddebian> Just the name of the Bug-Tracker
[05:48] <James_Martinez> oh ok
[05:48] <James_Martinez> thanks
[05:48] <bddebian> NP
[05:50] <James_Martinez> maybe it isn't a bug, its just I updated from hoary to breezy, and the nvidia module wouldn't load, saying "device not found"
[05:50] <James_Martinez> I might have pu the wrong driver in my xorg.conf
[05:50] <James_Martinez> *put
[05:50] <James_Martinez> it was set to "nvidia"
[05:54] <James_Martinez> I'll just submit to Malone and see what happens.
[05:55] <James_Martinez> thanks again bddebian
[08:17] <Kyral> someone remind me to add a "Bugs Squished" section to my Wiki page
[08:33] <sivang> Morning all
[08:49] <zenrox> morn
[08:51] <zyga> morning
[09:01] <sivang> hey guys
[09:01] <sivang> nobody besides us alive here it seems
[09:22] <zenrox> nope
[09:44] <zyga> hmm :)
[09:44] <zyga> I've noticed an old bug that I've reported
[09:44] <zyga> and since it already contains a patch
[09:44] <zyga> anyone with cpu scaling support wants to test a one liner patch?
[09:44] <zyga> https://launchpad.net/distros/ubuntu/+sources/emifreq-applet/+bug/1883
[09:45] <zyga> just get the source and apply that one liner
[09:45] <zyga> it's a panel applet so debugging is ackward at best
[09:45] <zyga> but it just works for me
[09:48] <ajmitch> hi
[09:48] <ajmitch> no dholbach around?
[09:49] <ajmitch> zyga: having your team named 'ruby' might be confusing
[09:49] <ajmitch> since launchpad is designed for upstream & multiple distros, not just ubuntu
[09:50] <zyga> hmm
[09:50] <zyga> dholbah suggested that name
[09:50] <ajmitch> I know
[09:50] <zyga> and after all
[09:50] <ajmitch> that's why I wanted to talk to him
[09:50] <zyga> launchpad is borked with regargs to ruby already
[09:50] <ajmitch> hmm
[09:50] <zyga> someone nicknamed ruby already polluted the namespace
[09:50] <ajmitch> you *do* have teamname set as moturuby
[09:50] <ajmitch> so that should be ok
[09:51] <zyga> yes
[09:51] <zyga> but someone with a nickname 'ruby' is far worse than moturuby
[09:51] <ajmitch> I'll just tell dholbach for future suggestions :)
[09:51] <ajmitch> sure
[09:51] <zyga> ok
[09:51] <siretart> morning
[09:51] <ajmitch> morning siretart
[09:51] <ajmitch> yay for dialup
[09:53] <ajmitch> oh man
[09:53] <ajmitch> just reading ubuntu-devel threads
[09:54] <siretart> ajmitch: whats up with you?
[09:54] <sivang> ajmitch: dude , are you on the road?
[09:55] <ajmitch> no, visiting parents
[09:55] <ajmitch> reading jdub's idea of maintaing UVF for main
[09:55] <ajmitch> I don't think he knows how much pain that would cause MOTUs
[09:55] <ajmitch> since a lot of universe stuff could not be synced
[09:56] <sivang> ajmitch: the problem with the registered developser, is maybe the same problem of maintainer of the source pkgs being registered in launchpad as the package maintainers?
[09:56] <ajmitch> sivang: uh?
[09:57] <sivang> ajmitch: ah , yeah, notice Scott's comments :)
[09:57] <sivang> ajmitch: never mind, ENOCONTEXT
[10:07] <sivang> hehe
[10:14] <ajmitch> it would have been nice if bzrtools 0.1.1 was released in time for breezy
[10:15] <StrikeForce> ajmitch, do you know if anyone is building freenx?
[10:15] <ajmitch> StrikeForce: yes, probably :)
[10:15] <ajmitch> there are debian people working on it
[10:16] <StrikeForce> I've seen it in other debian based distro but its not in sid yet
[10:16] <StrikeForce> looks really really really nice actually
[10:16] <sivang> ajmitch: Mithrandir would proably know? I know his been related to that
[10:16] <ajmitch> yes, Mithrandir has been working on related code as well
[10:17] <crimsun> John Nilsson raises an interesting point regarding the users who will want "new" versions of/and packages
[10:25] <ajmitch> sigh, got to disconnect
[10:25] <ajmitch> see you tomorrow :)
[10:27] <siretart> bye ajmitch!
[11:27] <ivoks> mxrvt rulez :)
[11:27] <ivoks> mrxvt :)
[11:31] <crimsun> it's nice :-)
[11:31] <ivoks> quick and has tabs! :)
[11:32] <elvirolo> hi all
[11:34] <elvirolo> would it be possible to include a version of libtunepimp with mp3 support enabled in universe ? .... in order to have musicbrainz support for mp3's
[11:35] <crimsun> it's possible but not really high priority at this stage
[11:37] <elvirolo> ok, but is it *planned* ?
[11:37] <crimsun> it is not planned
[11:37] <ivoks> elvirolo: nothing is planned :)
[11:37] <ivoks> elvirolo: if you provide patch for package, we will consider it
[11:38] <elvirolo> ah i see :)
[11:38] <elvirolo> well, i don't know how do to patches
[11:38] <elvirolo> do*
[11:38] <ivoks> eh
[11:38] <ivoks> elvirolo: then bug people to help you
[11:38] <elvirolo> but i can recompile libtunepimp correctly
[11:39] <ivoks> libtunepimp won't change in breezy
[11:39] <ivoks> maybe in dapper
[11:39] <ivoks> elvirolo: requests/suggestions should be made before release, not after :)
[11:39] <elvirolo> well ... i suppose so
[11:40] <ivoks> anyway, i have to go...
[11:40] <elvirolo> but it's kind of obvious that people will need mp3 support for musicbrainz
[11:40] <ivoks> elvirolo: it is, but mp3 isn't free
[11:40] <elvirolo> yeah i know
[11:41] <ivoks> so you see...
[11:41] <elvirolo> that's why you could add a mp3 enabled version in universe
[11:41] <ivoks> if we enable support for mp3 in that lib
[11:41] <ivoks> elvirolo: on what mp3 lib does it depend?
[11:42] <elvirolo> libmad0 i think
[11:42] <crimsun> it'd be a NEW anyhow since the src is in main, and we'd have to have an override to punt that one binary package to universe
[11:42] <ivoks> you have to be sure :)
[11:43] <elvirolo> yeah i'm sure :)
[11:43] <crimsun> actually 2 packages, since there's a -dev
[11:43] <ivoks> lol
[11:43] <ivoks> tat lib is main :)
[11:43] <elvirolo> yeah
[11:43] <ivoks> i'm sure it won't get mp3 support... ever :)
[11:44] <ivoks> unless mp3 license holder changes license
[11:44] <ivoks> :)
[11:44] <elvirolo> i don't get it
[11:44] <elvirolo> mp3 can be enabled (since it was on my hoary box)
[11:45] <elvirolo> the only thing i did was recompiling libtunepimp
[11:46] <elvirolo> http://66.249.93.104/search?q=cache:6_O3B8Ncu98J:www.ubuntuforums.org/showthread.php%3Ft%3D29370+musicbrainz+breezy&hl=fr&ie=UTF-8
[11:46] <TMM> if we all head off to the mjpeggroup HQ armed with shotguns, you think they'll give ubuntu a non-revokable distribution license? :)
[11:46] <elvirolo> worth a try :)
[11:46] <TMM> I'd say
[11:47] <TMM> if it works we'll pay apple a visit too, and have a small discussion on freetype2 hinting
[11:48] <TMM> how many ubuntu users do you think there are? :)
[11:48] <TMM> it would be a pretty neat army :P
[11:54] <chx> hi. yakuake is horriby borken in Breezy. (at least with Kubuntu.)
[11:54] <chx> i apt-get installed, started and all keyboard input was lost
[12:02] <\sh> siretart: I hope u don't snore ,-)
[12:03] <Mez> \sh: you're in the same room as siretart?
[12:03] <\sh> Mez: yep
[12:03] <Mez> how do you know?
[12:04] <Mez> \sh: aka how did you find out?
[12:04] <\sh> Mez: claire send a mail out yesterday with the room list and the "this i don'T eat" list
[12:04] <Mez> oh, the odl file?
[12:04] <Mez> yeah
[12:04] <Mez> I cant seem to get that to open
[12:05] <\sh> Mez: the spreadsheet
[12:05] <Mez> yeah
[12:05] <Mez> OOo dont seem to work for me
[12:05] <\sh> .ods = openoffice 2
[12:05] <\sh> or this i'm using :)
[12:06] <Mez> so where are the room lists?
[12:06] <Mez> nvm
[12:07] <siretart> woah great
[12:07] <\sh> on the 2. worksheet in this document
[12:07] <siretart> the spreadsheet had several sheet inside :)
[12:07] <siretart> \sh: my girlfriend does sleep beside me, so it shouldn't be that loud ;)
[12:08] <\sh> siretart: this is fantastic :) we will have a lot of fun :)
[12:08] <\sh> siretart: hahaha
[12:08] <siretart> muhahaha! :)
[12:08] <siretart> Mez: chances are that you get the room besides us :)
[12:09] <siretart> \sh: do you already have a power adapter for canada?
[12:09] <\sh> siretart: yepp.
[12:09] <siretart> \sh: I fail to find one on reichelt.de or conrad.de. can you give me some hints what do I exactly search for?
[12:09] <\sh> siretart: i bought two sets
[12:09] <siretart> cool! :)
[12:09] <\sh> siretart: I bought them from mediamarkt...9.99 EUR...I'll bringt the two sets with me...one for you
[12:10] <Mez> the guy wo I'm meant to be sharing with hasnt confirmed
[12:10] <siretart> \sh: great! :) thank you, man!
[12:10] <\sh> siretart: np :) I'll have to make a list of things I promised to bring to ubz
[12:11] <\sh> "Under The Radar" from Robert F. Young for sivang
[12:11] <\sh> Dlink router for mvo
[12:11] <siretart> lol
[12:11] <\sh> red redhat fedora for fun
[12:11] <\sh> ms tshirt for annoying people
[12:11] <\sh> trolltech shirt for ogra
[12:12] <\sh> 2/3 six pack tin-beer to share ;)
[12:12] <\sh> and last but not least a lot of humanity and fun :)
[12:13] <Mez> and beer
[12:13] <\sh> 12:12 < \sh> 2/3 six pack tin-beer to share ;)
[12:13] <\sh> the / == or
[12:13] <Mez> do any of you people smoke?
[12:14] <\sh> Mez: smoke as in tobacco or smoke as in weed?
[12:15] <Mez> I meant tobacco
[12:16] <\sh> well...I smoke and ogra as well...but cigarettes are bought at the famous duty free shop at the airport
[12:16] <Mez> yes I know :D
[12:16] <Mez> was just wondering in case I was the only one
[12:16] <\sh> or tobacco....i have to have a look what they have
[12:17] <Mez> well it should be cool if the guy turns up
[12:17] <Mez> he's a GNOME-ite
[12:17] <Mez> so ... well... I'm a kde-ite :D
[12:17] <Mez> hehe
[12:17] <Mez> lots of late night arguments
[12:17] <Mez> :D
[12:17] <siretart> I didn't smoke for 2 or 3 years now, I think..
[12:19] <\sh> actually there will be only non-smokers rooms at holiday inn...or i think they booked only non-smokers room
[12:19] <Mez> so, the meeting outside for a snaky fag eg
[12:20] <Mez> hmm
[12:20] <Mez> I'm slightly worried
[12:20] <\sh> well...the wonderfull meetings at the hotel bar for a smoke and a after midnight drink
[12:20] <Mez> the gfuy I'm sharing with has an alter ego called "alison"
[12:20] <\sh> Mez: so what?
[12:21] <Mez> lol: nothing - just a bit... different
[12:22] <\sh> well..I hope montreal has a nice gay scene ... so I can report to my friend that he missed a better place then cologne ,-)
[12:23] <Mez> lol
[12:28] <\sh> hmmm..
[12:29] <\sh> my voice sounds like I was smoking too much last night and as I drank a lot of hard stuff...it was a good evening
[01:15] <siretart> \sh: a minute?
[01:16] <\sh> siretart: sure
[01:17] <siretart> \sh: if you have time, could you please have a look at https://wiki.ubuntu.com/NonpersistantUsers and tell me your opinion?
[01:18] <siretart> sivang: You submitted SetupSnapshots, right?
[01:20] <sivang> siretart: yep, and by sabdfl's advice I'm breaking it to moree small manageable chunks that could be spec'd independently to combine the resulting product.
[01:20] <\sh> siretart: sounds like a great idea :)
[01:20] <siretart> sivang: could you also look at NonpersitantUsers? I think we have some convergence
[01:21] <siretart> \sh: I've already implemented this for a internet cafe, but quite hackish and with some limitations
[01:21] <siretart> this Spec would be a sane rewrite for this, plus I have a production system to test this ;)
[01:21] <\sh> siretart: rock :)
[01:22] <siretart> sivang: which other parts are part of SetupSnapshots? and when did you talk to sabdfl?
[01:23] <TMM> siretart, if I might add my 2cts, I don't think this need gdm integration, but pam integration
[01:23] <siretart> TMM: I've also thought about pam integration
[01:23] <TMM> siretart, you could implement this pretty much 100% with pam script
[01:24] <siretart> TMM: the biggest problem is that there is no sane interface to the pam configuration
[01:24] <TMM> siretart, if you combine it with pam_mkhomedir or something :)
[01:24] <sivang> siretart: nice spec :)
[01:24] <sivang> siretart: I think it's in place for out of the box library installations, caffe and public access poiunts
[01:24] <sivang> siretart: some time go, why?
[01:24] <TMM> siretart, well, funny you should say that, because I am working on a spec for central authentication support, which would require a frontend for pam anyway
[01:25] <siretart> TMM: lets work together about this, because this would be one of my other specs for dapper!
[01:25] <siretart> sivang: just curious
[01:25] <sivang> siretart: :)
[01:25] <TMM> siretart, shall I fist finish my spec for the central auth, en then collaborate on the front-end part of it?
[01:25] <zyga> but 1) I don't know any pam stuff :)
[01:26] <zyga> 2) It's totally a hack
[01:26] <zyga> 3) it bypasses gdm
[01:26] <siretart> TMM: will you be at UBZ?
[01:26] <TMM> siretart, no
[01:26] <zyga> 4) only one profile to choose from
[01:26] <TMM> siretart, it's a bit too far away :)
[01:26] <siretart> ;) - sure
[01:26] <TMM> and I don't have $1500 laying about :P
[01:27] <siretart> TMM: do you already have a BOF page for your central auth spec?
[01:27] <TMM> BOF?
[01:27] <sivang> TMM: Birds Of Feather
[01:27] <siretart> I'm really interested in making this possible for dapper
[01:27] <TMM> I'm writing it up in gedit at tme moment anyway, I was told to use the spec template on the wiki
[01:28] <TMM> then I was supposed to point sabdfl to it
[01:28] <siretart> TMM: please ping me of you have uploaded your gedit notes to the wiki
[01:28] <zyga> siretart: I could help you with this
[01:28] <TMM> siretart, I will, I'll finish them as soon as this bloody DVD is done
[01:28] <siretart> I currently maintain 2 debian/ubuntu installations with central slapds as auth server
[01:28] <TMM> siretart, so far I've burned 3 coasters, this is becoming a bit expensive
[01:28] <siretart> and want to have this out of the box, because I'm already getting tired of setting them up again and again ;)
[01:29] <siretart> zyga: great! :)
[01:29] <TMM> siretart, I've got a couple of plans for dapper as well :)
[01:29] <zyga> siretart: I'm still reading setup snapshots
[01:29] <siretart> you all guys know, this was already an spec/idea/targeted for breezy. lets get it done for dapper!
[01:30] <zyga> users ~ and installed (as well as not installed) packages are easy and doable
[01:30] <zyga> but configuration varies from /etc to /var and is too tricky to do automatically
[01:30] <zyga> OTOH
[01:30] <siretart> why config diffs, lets hold them in bzr repos
[01:31] <zyga> ubuntu could provide an image snapshot installer
[01:31] <siretart> zyga: so you want spec ImageSnapshotInstaller? ;)
[01:31] <zyga> something like 1) make partition 2) unpack tarball over network 3) done
[01:31] <zyga> I need both actually
[01:31] <zyga> they are a separate issue IMHO
[01:32] <siretart> I have also another spec, which touches your request, still to be drafted
[01:32] <zyga> but I do see UserSetupSnapshots + ImageSnapshotInstaller to be really usefull in web caffes
[01:32] <siretart> but it doesn't use images, but preeseeded d-i
[01:32] <zyga> that's far worse performance wise
[01:33] <zyga> the only concern are ssh private keys
[01:33] <zyga> they shouldn't be just copied obviously
[01:33] <siretart> you get this with cfengine
[01:33] <zyga> what's that?
[01:33] <tseng> its evil
[01:33] <zyga> :-)
[01:33] <tseng> terribly complicated
[01:33] <zyga> tseng: what is evil?
[01:33] <tseng> cfengine
[01:33] <zyga> I still gooogle what that is
[01:34] <tseng> configuration engine
[01:34] <zyga> hmm
[01:34] <zyga> I still think that unpacking a tarball with -p over the network is usefull
[01:34] <zyga> it's like cloning but you get to choose your fs
[01:35] <siretart> tseng: well, it is intimidating at first, but if you understand how to use it, it is a very very powerful tool for clusters
[01:36] <tseng> i have a "cluster"
[01:36] <tseng> but no time to fight with strange tools
[01:37] <zyga> besides - a cluster of suns alphas and old pc's is hardly an useful cluster ;-)
[01:39] <zyga> what besides ssh keys shouldn't be just copied when cloning?
[01:39] <zyga> hostname
[01:40] <siretart> how do you update your clones?
[01:40] <siretart> nono, I prefer my cfengine setups :)
[01:41] <\sh> prost guys
[01:41] <\sh>  breakfast
[01:42] <TMM> cfengine... o dear god
[01:42] <TMM> that is horrible
[01:42] <tseng> exactly.
[01:42] <siretart> what alternatives do you use?
[01:42] <TMM> homebrew apt- wrappers
[01:43] <tseng> i was planning on writing my own as well
[01:43] <TMM> plus a little python script to look up package names from ldap
[01:43] <tseng> with expect
[01:43] <siretart> hm
[01:43] <siretart> and fiddling with /etc/pam.d/* using scp?
[01:43] <TMM> I should write a proposal for something like that as well :)
[01:43] <TMM> siretart, wget actually :)
[01:43] <siretart> omg
[01:44] <siretart> TMM: please spec this. but the authserver first, I need that anyway ;)
[01:44] <zyga> siretart: could you repeat what you've said
[01:45] <TMM> brb
[01:47] <sivang> zyga: just not caught on your comments re: setupsnapshots
[01:47] <sivang> zyga: why wouldn't they be realistic? (conffile diffs)
[01:47] <zyga> sivang: I fear that diffing whole /etc is just not enough
[01:47] <zyga> sivang: if we want to diff both /etc and /var then we get lots of junk too
[01:48] <zyga> sivang: example /var/named/zone
[01:48] <sivang> zyga: why does it store it's zone confs over /var ? :-) (excuse the ignorance)
[01:49] <zyga> sivang: ask bind
[01:50] <zyga> sivang: and stuff like deborphan keeps 'config' or 'state' files in /var too
[01:50] <zyga> I think that generally lots of stuff may be keeping something wortch having in /var
[01:50] <sivang> zyga: I am planninig to start small acutally, already providing the PSS, and basic ~ , bookmarks and gconf stuff should be easy, from there build up.
[01:51] <sivang> zyga: we can always rank conffile by importance, and store those diffs at first, then ask user "This are addtiive and appears to be non important. Would you like to store/ignore/whatever" ..
[01:52] <zyga_> darn, sorry my modem is really dying now
[01:52] <zyga_> siretart: what was the last message that has arrived?
[01:53] <sivang> zyga: I'll replay for you:
[01:53] <sivang> 13:50 < sivang> zyga: I am planninig to start small acutally, already providing the PSS, and basic ~ , bookmarks and gconf
[01:53] <siretart> he's gone
[01:53] <sivang>                 stuff should be easy, from there build up.
[01:53] <sivang> 13:51 < sivang> zyga: we can always rank conffile by importance, and store those diffs at first, then ask user "This are
[01:53] <sivang>                 addtiive and appears to be non important. Would you like to store/ignore/whatever" ..
[01:54] <zyga> hmm
[01:54] <zyga> starting small is a good idea
[01:54] <zyga> gconf is diffable allright
[01:55] <siretart> zyga: http://siretart.tauware.de/log is the log of today
[01:55] <zyga> slackware does, darn
[01:55] <sivang> hehe
[01:56] <zyga> just to paste stuff that's missing in the log
[01:56] <zyga> zyga but at the same time majority of stuff in var is useless for diff
[01:56] <zyga>  zyga all the caches and such
[01:57] <Yagisan> cool - amule is now dumping backtraces after installing Japanese input support
[01:59] <Yagisan> it seems to hate /usr/lib/libuim.so.0
[02:01] <TMM> siretart, you like the wget idea??
[02:01] <TMM> encoding a bunch of video while working sucks ass
[02:02] <siretart> TMM: wget is a tool to transfer files over http (or other method)
[02:03] <TMM> siretart, I am fully aware of that
[02:03] <siretart> TMM: you still need some infrastructure to manage your configs, espc when you have different target hardware and/or installation
[02:03] <TMM> siretart, you also don't have to muck about with host keys for all your workstations :)
[02:03] <siretart> TMM: so your wget idea does not match all my expectations. it will work in simple setups, but breaks when things get more complicated
[02:04] <TMM> siretart, you simply need a lot of self-configurability of the desktop os
[02:04] <TMM> such as ubuntu :)
[02:04] <siretart> TMM: 'simply' is an awfull word ;)
[02:04] <TMM> I don't want to worry about hardware, I've got ubuntu to do that for me
[02:04] <zyga> TMM: you can get cheap pc everywhere :)
[02:04] <TMM> ubuntu'll 'just work' on most of them
[02:05] <siretart> TMM: I see your point, but in real world installations, it is not always easy as that
[02:05] <tseng> sbackup is cool
[02:06] <TMM> siretart, as long as the system boots, and gets network it can work. the system will automagically look itself up in the central ldap server (by its mac address) and finds a list of packages there, that it will then apt-get install
[02:06] <Lathiat> sbackup?
[02:06] <TMM> siretart, you can do all your special things in there
[02:06] <tseng> "This is a user friendly backup solution for common desktop needs. The project was was sponsored by Google during Google Summer of Code 2005 and mentored by Ubuntu."
[02:06] <TMM> siretart, I've implemented this in 3 companies, one of them runs 200 workstations, all ubuntu
[02:07] <TMM> siretart, it works, you just need a local apt mirror and a slightly modified install image
[02:07] <TMM> siretart, you push all the specific changes through deb's :)
[02:07] <zyga> Lathiat: hi
[02:08] <zyga> Lathiat: did you get notification about MOTURuby
[02:08] <Lathiat> zyga: yes
[02:08] <Lathiat> i'll be looking at that stuff this week
[02:08] <Lathiat> just busy with uni atm
[02:08] <TMM> siretart, KISS :D
[02:08] <zyga> Lathiat: I was trying to get a pool for voting on a team leader but the pool system died :)
[02:08] <Lathiat> haha
[02:08] <tseng> poll
[02:08] <Lathiat> oh crap
[02:08] <zyga> ah
[02:08] <Lathiat> can we still vote for mjg59?
[02:08] <zyga> true :)
[02:09] <Yagisan> ok - japanese input breaks amule posted here https://launchpad.net/distros/ubuntu/+sources/amule/+bug/3187
[02:09] <zyga> Lathiat: is mjg59 a part of m-ruby?
[02:09] <Lathiat> zyga: nono
[02:09] <Lathiat> he was being proposed for the technical board
[02:10] <Lathiat> zyga: who needs a leader anyway
[02:10] <siretart> hm. I see we need a ConfigurationInfrastructure
[02:11] <\sh> guys....please do me all favour :)
[02:11] <siretart> ConfigurationInfrastructure shall setup LDAP Authentication and handle software updates.. hmm
[02:11] <siretart> \sh: ?
[02:11] <\sh> relax :) we need you all relaxed and refreshed for dapper ;)
[02:11] <siretart> ah. sure :)
[02:12] <zyga> \sh: too bad coding smells like fun
[02:13] <TMM> siretart, LDAP is only part of it really
[02:14] <siretart> TMM: yeah
[02:14] <\sh> zyga: well...ogra is testing amd64 edubuntu dvd now...and I'm heaving breakfast, means I'm drinking a beer ;) so ... actually this is what I call relaxing
[02:14] <TMM> siretart, we need SMB auth also, at least
[02:14] <TMM> siretart, and a way to switch authentication methods through GDM
[02:15] <siretart> TMM: I think I understand what you intend
[02:16] <Yagisan> zyga - how about giving me a hand in getting multi-client-arch working for ltsp
[02:16] <siretart> TMM: but for this, you'll need a quite sophisticated AuthenticationInfrastructure spec
[02:16] <TMM> zyga, I've had a crazy idea
[02:16] <TMM> siretart, which is what I am working on, I need to stop talking and continue writing soon
[02:16] <zyga> Yagisan: outline the issue
[02:16] <siretart> TMM: where you can define authentication methods and use a well defined interface to pam
[02:16] <Yagisan> zyga: First patch is here http://bugzilla.ubuntu.com/show_bug.cgi?id=17297
[02:16] <siretart> TMM: ok, I won't disturb you any longer ;)
[02:17] <TMM> siretart, AND It'll give me a change to horribly break dapper if I get upload permissions of my ideas :)
[02:17] <TMM> siretart, like the big debian sid pam outage of 3 years back
[02:17] <Yagisan> zyga - but qemu isn't playing nice, so I am having trouble building ppc clients on i386/amd64
[02:17] <TMM> that sucked :)
[02:18] <TMM> zyga, I have been thinking about thin clients a lot, and processing power being what it is, and network speeds being what it is... why not combine ltsp with mosix?
[02:18] <Yagisan> TMM: It's been done - but openmosix for 2.6.x is a bit behind
[02:18] <TMM> zyga, if you migrate to a thin-client network today, your workstations will be so idiotiaclly overpowererd for the job, they might as well chip in
[02:18] <zyga> Yagisan: ENOPPC but I'm still reading
[02:19] <TMM> Yagisan, it has been? :) cool... I knew I couldn't have been the only one that thought about all that processing power going to waste
[02:19] <Yagisan> TMM: I built it with 2.4.x, 2.6.x is only in sf.net cvs
[02:20] <Yagisan> zyga: I used binfmt-misc to register ppc binaries to be run by qemu-ppc on i386/amd64 - but qemu bombs out trying to run bash
[02:20] <TMM> siretart, shall I put you in as 'interested' in my authentication spec?
[02:21] <zyga> Yagisan, TMM: I'll be back in 20 minutes
[02:21] <Yagisan> TMM: 2.6.x also needs updated openmosix tools, iirc
[02:21] <TMM> cool :)
[02:21] <zyga> my dog looks like he could use a walk
[02:21] <siretart> TMM: let me see it first, I'll add my name in your spec, then
[02:21] <Yagisan> zyga - no worries - I'll be leaving for dinner soon
[02:21] <sivang> TMM: you've implemented user backup tool?
[02:21] <TMM> I never actually did it
[02:21] <TMM> with openmosix
[02:22] <TMM> but I REALLY wanted when I had 200 ubuntu systems at the tip of my fingers :) too bad it was a production environment :)
[02:22] <zyga> when working P2 350 are sold for 10$ who needs to support anything else :)
[02:22] <zyga> okay
[02:22] <zyga> bbl
[02:22] <Yagisan> zyga  - I NEED multi-client-arch
[02:22] <sivang> TMM: just trying to figure if my spec is obsolete
[02:22] <sivang> :)
[02:23] <Yagisan> zyga - I got enough working for my needs, I just want to enhance it further
[02:24] <TMM> sivang, nothing is 'obsolete' I do not carry *any* weight here :)
[02:24] <Yagisan> TMM: I did a 15 pc openmosix cluster - I used it for converting cd's to .oggs - took about 2 minutes a cd (300Mhz-1.6Ghz boxes)
[02:24] <TMM> sivang, I don't have access to anything but the wiki and a bunch of ideas and experience :)
[02:24] <TMM> Yagisan, nifty!!!! :)
[02:25] <TMM> Yagisan, I do have an distcc server running on all the systems here, but that's as far as I want to go for now
[02:25] <TMM> Yagisan, people use these things for other tasks as well :)
[02:25] <siretart> who is HeinPietervanbraam?
[02:25] <TMM> that's me
[02:25] <Yagisan> TMM: pity they weren't my machines :( but I got a good mark for networking practical
[02:25] <siretart> TMM: aah, you are specing ConfigurationInfrastructure. I just wanted to create such a spec ;)
[02:26] <TMM> siretart, no, I am not...
[02:26] <Yagisan> TMM: when local apps are working in ltsp - I'm sticking distcc on all my clients
[02:26] <TMM> siretart, I think something screwed up, I only visited that page
[02:26] <TMM> siretart, because you suggested it :)
[02:26] <TMM> I'm specing AuthenticationInfrastructure
[02:27] <siretart> great!
[02:27] <TMM> siretart, its saying here that it's an empty page
[02:27] <TMM> siretart, https://wiki.ubuntu.com/ConfigurationInfrastructure
[02:27] <siretart> TMM: you didn't press 'cancel' so you retained your lock
[02:28] <siretart> no problem.
[02:28] <TMM> siretart, sorry
[02:28] <TMM> siretart, it should be gone now
[02:28] <siretart> okay
[02:31] <\sh> hah
[02:31] <\sh> I'm insane
[02:33] <\sh> drinking beer as breakfast replacement....
[02:35] <\sh> EDUBUNTU RUNS!
[02:35] <\sh> from DVD
[02:45] <herve> hello
[02:46] <zyga> re
[02:47] <zyga> Yagisan: reading againg
[02:47] <zyga> s/g$/g/
[02:47] <zyga> Yagisan: what is the configuration you are running?
[02:48] <zyga> Yagisan: non-i386 + i386 or other way around?
[02:48] <TMM> I like the 'use case' part :)
[02:48] <thierry_> I got some problem with libofx2 package...
[02:50] <thierry_> E: /var/cache/apt/archives/libofx2_1%3a0.8.0-3ubuntu8_i386.deb: tried to replace /usr/share/libofx/dtd/opensp.dcl, who is also owned by libofx0c102
[02:50] <thierry_> sorry for the poor english, I just did a fast translation
[02:55] <siretart> muhaha
[02:55] <siretart> we will have a lot of fun the next months! :)
[02:56] <siretart> first draft of ConfigurationInfrastructure specced
[02:57] <zyga> diff of hoary + breezy final upgrade from CD diffed against clean breezy install
[03:00] <sivang> zyga: how do you do that ?
[03:01] <siretart> TMM: have you seen this one: https://wiki.ubuntu.com/NetworkAuthentication ?
[03:03] <TMM> siretart, crud, that looks rather similar to mine
[03:03] <zyga> sivang: install hoary, instert breezy cd, upgrade, boot knoppix, create tarball and sent it somewhere, install breezy, boot knoppix, create tarball and send it somewhere, extract both tarballs, diff -u
[03:04] <zyga> s/sent/send/
[03:04] <TMM> siretart, but lacks some things I also need, I should probably add that
[03:04] <siretart> TMM: I'd say finish drafting your spec, and then lets compare the two drafts
[03:04] <siretart> we can merge then later anyway
[03:05] <siretart> I think this NetworkAuthentication spec is way too vague and covers way too much
[03:05] <TMM> most of the specs are a bit wrong though
[03:06] <zyga> sivang: I didn't use the box so there should be little crap in /home - I think it's a good idea
[03:06] <TMM> for instance, you really don't want seperate network filesystems for your *nix boxes and your win32 boxes, just use cifs for everything
[03:06] <TMM> nfs isn't capable anyway
[03:06] <sivang> zyga: ah, you doing releases diffs
[03:07] <siretart> TMM: I wouldn't want to have my home on cifs
[03:07] <zyga> sivang: what did you think I was doing?
[03:07] <sivang> zyga: sorry, I was confused with some backlog I was reading at the same time
[03:07] <TMM> siretart, that actually works pretty good
[03:08] <sivang> zyga: thinking of incremental upgrades maybe? would be nice of we got that one there..would save lots of badnwidth and time for upgrades
[03:08] <TMM> siretart, would you rather have a homedir that everyone that knows your UID can read and write to?
[03:08] <Yagisan> zyga: back again
[03:08] <zyga> Yagisan: re
[03:08] <TMM> siretart, token based nfs authentication still is not implemented, it is being worked on, it was slated for inclusion in 2.6.10, but that never happened
[03:08] <siretart> TMM: does cifs support symlinks? hardlinks? sockets?
[03:09] <Yagisan> zyga: I've already deployed amd64 server + i386 clients
[03:09] <TMM> siretart, it does, hp and samba drafted posix extensions that work with samba
[03:09] <zyga> Yagisan: I need to try edubuntu soon
[03:09] <zyga> Yagisan: I've got two extra boxes here to play with
[03:09] <TMM> siretart, and, if you install unix services for windows win2k+ can do it too
[03:09] <Yagisan> zyga: I am doing the patches for edubuntu
[03:10] <siretart> TMM: sounds interesting. lets have a closer look at it and write a usable spec
[03:10] <Yagisan> zyga: Schools have a mix of different boxes
[03:10] <TMM> siretart, I'm trying to :)
[03:10] <TMM> nfs really is a no-go for now
[03:10] <siretart> TMM: quit from irc and come back when finished *g*
[03:10] <TMM> nfsv4 has the potential, but not the implementation
[03:11] <siretart> up to now, I only used nfsv3, with all limitations
[03:11] <sivang> zyga: I wonder if we'll get anything on the incremental upgrades thingy, you talking about diffing breezy vs. hoary reminded me of that
[03:11] <siretart> but what you say makes cifs interesting
[03:11] <TMM> siretart, limitations in one thing, it is just incredibly insecure
[03:11] <siretart> cifs would mean to fiddle around with samba, and this scares me a bit ;)
[03:11] <TMM> siretart, if you root a box that is connected to the network, and that can mount it, you can access all info, and destroy everything
[03:11] <Yagisan> zyga: I planned to use qemu for building ppc clients on i386 or amd64 servers, and i386 clients on ppc servers
[03:11] <zyga> sivang: delta updates  are already deployed in mandrivia, no?
[03:12] <sivang> zyga: don;t know
[03:12] <siretart> TMM: and with cifs? I can still su to the users and access his home, true?
[03:12] <Yagisan> zyga: but it seems qemu isn't up to the task of ppc on i386/amd64
[03:12] <TMM> siretart, only from the box he logged into, and only while he is logged in
[03:12] <zyga> Yagisan: no, it isn't :/
[03:12] <Yagisan> zyga: and I lack ppc hardware to test i386 on ppc
[03:12] <siretart> TMM: sounds great
[03:12] <TMM> siretart, if you root a box that has a mount to a share, then obviously you own that share, but only for the user that has logged into it
[03:13] <TMM> siretart, with nfs you could just write a small script that rotates your uid/gid and try rm -rf * on ech export for each uid
[03:13] <Yagisan> zyga: You can see from my patch that I cover all "trivial" combinations though
[03:13] <TMM> siretart, that would actually result in an emty server
[03:13] <zyga> Yagisan: yes quite impressive :)
[03:13] <zyga> Yagisan: small but usable
[03:14] <Yagisan> zyga: yep - It's amazing what you can do when your livelihood depends on it
[03:14] <zyga> hehe
[03:15] <Yagisan> zyga: other then qemu - is there any other way we could get say ppc on i386/amd64 ?
[03:16] <zyga> Yagisan: there is peach or something like that
[03:16] <zyga> Yagisan: FOSS ppc emulator
[03:16] <zyga> pearpc
[03:16] <zyga> sorry ;] 
[03:16] <Yagisan> zyga: ah - pearpc - full system - chokes on 2.6.x kernels
[03:16] <Yagisan> zyga: Individual binaries are what's needed
[03:17] <Yagisan> zyga : or - complete manual unpack and configure, using the native tools :(
[03:19] <zyga> it's a netboot + / over nfs?
[03:20] <Yagisan> zyga: yes
[03:20] <Yagisan> zyga: needs pxe - or etherboot with pxe emulation built in
[03:20] <zyga> Yagisan: so unless I'm mistaken: different / for every arch
[03:20] <zyga> then what?
[03:21] <Yagisan> zyga : that's right, different root for each arch, client boots, establishes a ssh session to the server
[03:21] <Yagisan> zyga: and runs etherything on the server
[03:21] <zyga> Yagisan: ahhh
[03:21] <Yagisan> s/etherything/everything
[03:21] <zyga> Yagisan: /me though clients use their own CPU for running stuff
[03:22] <zyga> cool
[03:22] <zyga> so it's a real thin client, only X is running on the client
[03:22] <zyga> well...
[03:22] <zyga> I'd say it's difficult/inpractical to run ppc over i386
[03:22] <Yagisan> zyga: I needed multiclinet-arch as I have 1 amd64 + 2 p2 < 300Mhz
[03:22] <zyga> speed will suck
[03:23] <Yagisan> zyga: it's only needed to run ppc code during unpack and setup of the chroot
[03:23] <zyga> Yagisan: well for amd64 you could just run a chroot probably, right?
[03:23] <zyga> Yagisan: ah
[03:23] <zyga> Yagisan: wait
[03:23] <zyga> so a ppc client powers up
[03:24] <zyga> it fetches boot code via pxe or something like that
[03:24] <zyga> then what?
[03:25] <Yagisan> zyga: loads the ppc kernel other the network
[03:26] <Yagisan> zyga: 8over
[03:26] <zyga> right
[03:26] <zyga> and then
[03:26] <zyga> ?
[03:26] <Yagisan> zyga: loads a ssh session to the server, then starts a local xserver to display the apps
[03:27] <zyga> hmm
[03:27] <zyga> so when do you need to run ppc on the server? I'm still not getting this
[03:28] <Yagisan> zyga: I need to run ppc on the server when I build the ppc chroot that will contain the ppc kernel and xserver
[03:28] <zyga> ahh
[03:28] <zyga> Yagisan: can't you just pull precompiled stuff?
[03:28] <Yagisan> zyga: that is the only time (apart from upgrades) that I need it
[03:29] <TMM> do the values between @'s automatically get expanded in the wiki?
[03:29] <zyga> Yagisan: or use one of the clients to act as a support box when doing that?
[03:30] <Yagisan> zyga: it's a chicken and egg - how can the client help if the client can't boot
[03:30] <zyga> Yagisan: boot a live cd on the client, use the client to do anything you need
[03:31] <zyga> it's a one-time operation
[03:33] <Yagisan> zyga: that doesn't scale to other arches, and requires manual intervention :(
[03:33] <zyga> Yagisan: true
[03:33] <zyga> Yagisan: is the chroot build automatic?
[03:34] <zyga> Yagisan: it sure scales to other arches - you just need a livecd for every arch you've got
[03:34] <Yagisan> zyga: yes - works similar to building a pbuilder chroot
[03:34] <zyga> Yagisan: then it could be automatic
[03:34] <Yagisan> zyga: not all arches can boot from cd
[03:34] <zyga> Yagisan: you are trying to get too much, my toster cannot boot linux - I don't care
[03:34] <zyga> s/toster/toaster/
[03:35] <Yagisan> zyga: I'm only interested in what what ubuntu supports - they are getting sparc and ia64 and hppa going
[03:35] <Yagisan> zyga: and your toaster should run netBSD
[03:35] <Yagisan> :)
[03:36] <zyga> Yagisan: hehe :>
[03:37] <TMM> siretart, https://wiki.ubuntu.com/AuthenticationInfrastructure
[03:37] <TMM> siretart, it's not everything I wanted to put in, but it's a start
[03:38] <Yagisan> zyga: what arches can you test ?
[03:41] <zyga> Yagisan: ubuntu will officially support ia64 and sparc?
[03:42] <zyga> modem died again, sorry
[03:42] <Yagisan> zyga: i don't know - I just lurk in some channels and follow the conversation
[03:46] <zyga> you can fell the vibrations and excesive heat though
[03:47] <Yagisan> zyga: yeah - but it would be cool to show off, "hey guys, even my coffee pot runs linux" :)
[03:48] <zyga> that's a ppc and a good motivation to run linux
[03:49] <Yagisan> zyga: I think there is a gamecube linux
[03:49] <zyga> but I need a modchip and eth0 that both cost around $100
[03:49] <zyga> there sure is :D
[03:49] <zyga> but 30 megs of usefull ram is a slight disadvantage
[03:50] <Yagisan> zyga: that would make an excellent ltsp thin client
[03:50] <Yagisan> zyga: so you DO have a ppc system to help me with :)
[03:52] <zyga> Yagisan: but I still need a modchip and eth0 :D
[03:52] <Yagisan> zyga: details, details
[03:52] <zyga> you can click on ads on my blog if you really want to help me helping you ;] 
[03:52] <zyga> I've got $0.74 ATM
[03:52] <zyga> :-))
[03:52] <zyga> OTOH it'd be alot easier to buy old g3
[03:53] <Yagisan> zyga: I have $10au left in my account - If I don't get another customer soon I can't pay the rent :(
[03:54] <zyga> Yagisan: what do you sell/support?
[03:54] <Yagisan> zyga: E-Security services (data recovery, pen testing etc)
[03:55] <Yagisan> zyga: I did a layout mockup of a website a while ago while I develop a real one
[03:55] <zyga> Yagisan: expand your services
[03:55] <zyga> Yagisan: I'm still amazed by how inefficient major corporations are
[03:55] <zyga> I'm a freelance programmer - I constantly get hired to 'provide a solution'
[03:56] <Yagisan> zyga: general layout mockup can be found here http://users.tpg.com.au/yagisan/
[03:56] <zyga> since I'm not hired as an analysist I just get to write code according to specs
[03:56] <zyga> Yagisan: http://www.suxx.pl/blog
[03:56] <zyga> Yagisan: use nicer stylesheet
[03:57] <zyga> colors suck IMHO
[03:57] <zyga> (anyway)
[03:57] <zyga> all the time I write something that is useless
[03:57] <zyga> I get paid
[03:57] <zyga> a month passes
[03:57] <Yagisan> zyga: it's a mockup. I like the colours, but the fonts and sizing suck
[03:57] <zyga> and I get hired again to write from scratch/improve previous tool
[03:58] <zyga> and this goes on and on since every version is equally useless  :-)
[03:58] <zyga> I guess I could go to that company and say 'your analisyst sucks, hire me'
[03:58] <zyga> but I neet to eat and such so I don't care ;-)
[03:59] <zyga> Yagisan: get rid of those buttons on the bottom, your clients don't even know what that is
[03:59] <zyga> or make them small and invisible unless you really look
[03:59] <zyga> get rid of 'page looks odd'
[04:00] <zyga> your clients don't like to feel stiupid
[04:00] <zyga> they will ignore you to prove their point
[04:00] <zyga> :-)
[04:00] <Yagisan> zyga: I haven't even offically launched it - it was a mockup
[04:00] <zyga> Yagisan: I know :)
[04:00] <zyga> and really change the colours to something corporate
[04:00] <zyga> blue+white  with black text
[04:00] <Yagisan> zyga: I didn't even put content up!
[04:00] <zyga> :-)
[04:00] <zyga> I'm commenting on the mockup
[04:01] <Yagisan> zyga: I hadn't done html for a long time - and then I discovered that IE would eat my css
[04:02] <Yagisan> zyga: so I put a bitch page for content
[04:02] <zyga> Yagisan: why don't you use an existing webportal/blog tool?
[04:03] <zyga> it's easier, works everywhere, looks good on various browsers and is more less correct according to taste/choice
[04:03] <Yagisan> zyga: because I haven't found one I like - I'm looking through aptitude now
[04:03] <zyga> Yagisan: aptitude hasn't got much webapps IMHO
[04:03] <zyga> Yagisan: try wordpress for blog - it's really good
[04:04] <Yagisan> zyga: is it in apt ?
[04:04] <zyga> looks excelent, has free and easy templates, is fully XHTML
[04:04] <zyga> Yagisan: no - it cannot be
[04:04] <zyga> it's like you want to install something in $HOME/public_html via apt ;-)
[04:04] <Kyral> Good morning
[04:04] <zyga> morning Kyral
[04:04] <Yagisan> zyga: what's it depend on ?
[04:04] <zyga> Yagisan: php, mysql
[04:04] <Yagisan> G'day Kyral
[04:05] <zyga> Yagisan: my blog runs that if you want to have a look
[04:05] <Yagisan> zyga - looking at your blog
[04:05] <zyga> It's fully GPLd if you care
[04:05] <zyga> admin side is lovely
[04:06] <zyga> easy upgrade notification
[04:06] <zyga> lots of plugins for various stuff
[04:06] <Yagisan> zyga: actually I do care (my pet package was rejected because upstream didn't care)
[04:06] <Yagisan> zyga: easy to transport between hosting providers ?
[04:06] <zyga> http://wordpress.org/extend/themes/
[04:06] <zyga> themes for you ;-)
[04:07] <zyga> Yagisan: yes, just export your database
[04:08] <Yagisan> zyga: I'll try to set that up on my ddns system - looks interesting
[04:09] <zyga> Yagisan: installation is easy all you need is to extract a tarball and click a few times
[04:11] <Yagisan> zyga: reading manual
[04:19] <Yagisan> zyga: you really hate my colours don't you
[04:26] <zyga_> cable tech support came, still no luck with modem :/
[04:28] <Yagisan> zyga_: whats wrong with your modem ?
[04:29] <zyga_> Yagisan: I don't know yet - it keeps disconnecting
[04:29] <zyga_> the signal suddenly became a lot weaker
[04:30] <Yagisan> zyga_: my adsl modem does that when it gets hot (cheap netcomm crap)
[04:31] <zyga_> brb
[05:04] <zyga> re
[05:04] <zyga> :-)
[05:05] <zyga> filter added, modem works
[05:05] <Yagisan> zyga: be back soon - putting daughter to bed
[05:08] <siretart> re
[05:08] <siretart> TMM: I just read your AuthenticationInfrastructure spec
[05:08] <Mez> \sh: ping
[05:09] <TMM> siretart, any good?
[05:10] <siretart> TMM: I'm a bit puzzeled
[05:10] <siretart> it describes an concept of "proxy pam authentication"
[05:11] <siretart> but I don't get the idea what this would mean
[05:11] <TMM> siretart, then the spec needs clearing up :)
[05:11] <siretart> does it mean that all applications need to be rewritten to use this proxy interface?
[05:11] <TMM> no
[05:11] <siretart> and after all, how would this be implemented?
[05:11] <siretart> TMM: what do you think how long would it take to implement that spec?
[05:12] <TMM> doesn't HAVE to be long I think
[05:12] <TMM> but, there's still some details that I need to think about, you wanted to read it, so I put it up :)
[05:12] <siretart> okay
[05:13] <TMM> the difficulty is in providing different pam plugins in different situations without switching the entire application stack over
[05:13] <siretart> I was rather thinking about some interfaces to the existing pam config
[05:13] <siretart> similar to update-inetd
[05:13] <siretart> yeah
[05:14] <TMM> the trouble with that is for multiple logins at the same machine
[05:14] <TMM> if you switch the pam plugins over later, suddenly your session might be worthless
[05:15] <TMM> even more so with NSS :)
[05:15] <siretart> can't you assume that the same login is unique over the network?
[05:16] <siretart> wouldn't that make thinks easier?
[05:16] <TMM> you'd have to assume that there is only one person at a machine at one time I think...
[05:16] <TMM> although you could only switch gdm over I suppose
[05:17] <siretart> no, that would break ltsp installations very very hard
[05:17] <TMM> it's not ideal :)
[05:17] <TMM> that's why I came up with the proxy pam stuff
[05:18] <siretart> which I don't understand at all :)
[05:18] <TMM> basically the idea is that the first session you start will have a type of authentication associated with it, if there is no type, it'll default to the current behaviour
[05:19] <TMM> does that make any sense?
[05:19] <TMM> OK, I need to clarify this in the spec :D
[05:19] <siretart> idea taken, okay. but how does that fit into /etc/pam.d/*?
[05:20] <siretart> TMM: yes, clarify this and try to sketch how a possible implementation could work under the hoods
[05:20] <TMM> the proxy would delegate the actual authentication to one of the 'real' plugins
[05:20] <Mez> \sh: regarding amarok... get it ready for dapper and I'll shove it into backports as soon as possible
[05:20] <TMM> you can cascade credentials down in the stack of plugins
[05:21] <TMM> the difference between that and this would be that the order of the plugins won't be determined by the various conf files directly anymore, but by pam itself
[05:21] <TMM> you can already pretty much do that
[05:22] <siretart> yes?
[05:23] <siretart> your proposal sounds a bit like messing a lot with libpam.
[05:23] <TMM> yeah, it's messing a lot with libpam
[05:23] <TMM> trying to work around some of its limitations
[05:24] <siretart> pam is a very security sensitive library. every change to that would require a lot of review. a hell of lot of reviews
[05:24] <TMM> I need to run some tests this week
[05:24] <TMM> I think I've got an idea that wouldn't require changes to libpam itself
[05:24] <TMM> will probably still need to patch libnss though
[05:25] <TMM> I can't really see a way around that
[05:25] <siretart> that would be better, because I don't think we could to massive changes to pam ourselves
[05:25] <siretart> hm. still libnss changes.. hmhm
[05:25] <TMM> depends a bit on how the nss sessions are regulated exactly...
[05:26] <TMM> it's current for a session, but, during some tests I did sometimes nss updates itself during a session, if that happens you are screwed
[05:29] <TMM> siretart, this is what is bugging me:
[05:29] <TMM> siretart, user logs in, and chooses "SMB auth" from gdm, all the scripts run, user authenticates, then, starts a nested login, and chooses local...
[05:29] <TMM> siretart, then logs in again... in what state is the PAM/NSS stuff then?
[05:30] <TMM> well, the state of the config files would be rahter obvious, but, what happens to authentication after that
[05:34] <TMM> siretart, how else would you do it? if it was trivial, then it would have been done long ago :)
[05:35] <mikhail^> how do i know who have signed my gnupg key already?
[05:38] <siretart> TMM: I'd rather define an interface to the current existing pam/nss config, that is scriptable
[05:38] <siretart> TMM: so that local admins can still keep ther sophisticated pam setups
[05:39] <siretart> TMM: but for projects like ClusterInstallation there is a defined interface to configure defined setups
[05:39] <siretart> this is much less than your proposal, I know.
[05:39] <siretart> But this way, we don't need to convince pitti that we need massive changes to pam and nss
[05:40] <siretart> and this is in fact my biggest concern.
[05:40] <siretart> when we touch libpam and/or libnss, it must be in a very save and sane way. We need to convince the security team, that the changes are supportable for 5 years!
[05:41] <siretart> you see my point?
[05:41] <TMM> siretart, well, the problem is still with the state of the pam/nss after a change while in another login
[05:41] <TMM> siretart, especially nss
[05:43] <siretart> -v please
[05:43] <TMM> ah, verbose :)
[05:44] <TMM> The nss lookups in a session, after /etc/nsswitch.conf has changed
[05:46] <siretart> yes
[05:46] <TMM> will the uid/gid numbers be resolved from the source you had when you first logged in, or from the new changed state
[05:46] <TMM> and, I have tested this
[05:46] <TMM> and the answer seems to be :"Perhaps"
[05:46] <TMM> that's not really good enough :)
[05:47] <siretart> I think the answer to this question is: all sources should be queried everytime, in a defined order
[05:47] <TMM> sorry for the non-verbosiveness, some people have decided that it is a good idea to talk to me
[05:47] <TMM> siretart, that is easy to do, but slow as hell
[05:47] <siretart> slow as hell?
[05:47] <siretart> use nscd
[05:47] <TMM> that'll just make matters worse
[05:48] <TMM> say you have an authentication method configured for SMB, LDAP, local and NDS
[05:49] <TMM> no matter what order you do, you are going to lag like a lot, especially if you need to change the order later, since nscd will be lagging, you could kill -hup it on change i suppose  though...
[05:50] <siretart> I get your problem very slowly. perhaps you should add this explanation to your spec
[05:50] <siretart> but I think I get you
[05:51] <siretart> still, I don't think this would be implementable in 2,5 months
[05:51] <TMM> nss is rather integral to the system, problem is, I am not EXACTLY sure where it fits in, but, afaik, it is called directly from the c library for certain operations, such as gethostbyname etc
[05:52] <TMM> and, changing its config will have effect on everything that uses those calls, pretty much immediatly
[05:52] <TMM> that needs to change
[05:52] <siretart> TMM: I have further question
[05:52] <TMM> siretart, please do! :) you are really helping me see the things I missed
[05:52] <siretart> TMM: does your concept handle the case of authentication with other facilities than gdm?
[05:52] <siretart> TMM: what about ssh, or even cron?
[05:53] <siretart> or imap?
[05:54] <TMM> for that it wouldn't be needed, as this is only intended as a way for users to log in to different systems, like the laptop example in the spec
[05:54] <TMM> for services, I need to draft another spec to compliment it
[05:55] <TMM> but they would not be handeled like this, they would be handeled in a bit more classic way, but with a configuration per service, that is static to be determined by the adminstrator
[05:55] <siretart> so you are saying users should only use gdm?
[05:55] <TMM> on an ubuntu desktop? yes
[05:55] <siretart> and I say definitly NO
[05:56] <siretart> you break a lot of things with this
[05:56] <TMM> it's not like you are alienating anyone or any authentication mechanisms
[05:56] <TMM> or breaking anything
[05:56] <TMM> there is no point to have a mail server authentication that is remotly configurable, you want to set that on the host that provides the service
[05:57] <siretart> how would a user then be able to authenticate when he tries to ssh to a workstation?
[05:57] <TMM> locally probably
[05:57] <siretart> or how he would be able to run cronjobs?
[05:57] <TMM> unless otherwise configured
[05:57] <siretart> only if he has a local account
[05:57] <siretart> what if the account is in ldap?
[05:57] <siretart> then no ssh to a machine is possible?
[05:57] <TMM> that is the whole point of this scheme
[05:58] <siretart> then I cannot support it. sorry
[05:58] <TMM> to be able to authenticate in a meaningful way if one of the mechanisms isn't functional
[05:58] <TMM> think laptop here for a second
[05:58] <TMM> for a desktop nothing much would change
[05:59] <TMM> you have a central authentication mechanism, that could simply also be set for ssh
[05:59] <TMM> and probably would be, as the machine is immobile
[05:59] <siretart> if you break ssh authentication with users only in ldap, you instantly break ltsp installations
[05:59] <TMM> no, I don't break that
[05:59] <TMM> this would make it possible to use a laptop temporary as a ltsp thin client!
[06:00] <TMM> the problem is MOBILE computers
[06:00] <TMM> for immobile compuers NOTHING would have to change
[06:01] <siretart> .oO( perhaps we should have taken this to #ubuntu-devel - more experienced developers are there )
[06:01] <TMM> at least I know what I have to clarify in my spec
[06:01] <siretart> yeah, this is a big step :)
[06:01] <TMM> but, trust me, this is not going to break pure ldap usersnames
[06:02] <siretart> I'm looking forward to read your implementation proposal
[06:02] <TMM> me too :)
[06:02] <siretart> you're ideas are really rocking!
[06:02] <siretart> but keep in mind, to get this into dapper, we must implement this in less than 2.5 months
[06:02] <TMM> have you had the misfortune to work with a windows box lately?
[06:02] <TMM> XP even?
[06:03] <siretart> better in less time
[06:03] <siretart> TMM: I don't care about windows
[06:03] <TMM> but, did you? :)
[06:03] <TMM> you can select what 'domain' you want to log on to, local or some network or whatever at the login manager
[06:04] <TMM> this is basically only trying to do this in a way that it won't break anything else
[06:04] <siretart> some parts of our university are using them
[06:04] <siretart> I have to use that option, and I think it is really awfull. we should try to avoid asking the user that question
[06:04] <TMM> for laptop users it's good
[06:04] <TMM> the laternative is timing out
[06:05] <siretart> yes
[06:05] <siretart> but in unix land, we have other services, with other philosophy
[06:05] <TMM> for desktop users we are going to have the option to not display it :)
[06:05] <siretart> please answer also this question in your spec:
[06:06] <TMM> we could use soething like rendevouz or SLP
[06:06] <siretart> you have different auth servers: ldap, local and smb
[06:06] <TMM> but that's not going to work in legacy windows networks
[06:06] <siretart> how does ssh/cron learn which one to query?
[06:06] <TMM> and I want to make it possible for dapper to plug into a windows network that windows does
[06:07] <TMM> siretart, and, for dapper to provide windows services to clients that need it
[06:08] <siretart> TMM: as said, I'm happy to read your implementation proposal, but think about our available timeframe
[06:10] <TMM> some hack isn't going to cut it here
[06:10] <TMM> :)
[06:10] <siretart> TMM: and I like you to talk to pitti, keybuk and/or jbaily about this. I'd like to hear other opinions, and if they think if it feasible for dapper
[06:10] <TMM> ok, I will do that
[06:10] <siretart> TMM: you know, you are requesting very much
[06:10] <TMM> I'm willing to put a lot of work into it myself
[06:10] <TMM> I'm not asking for someone to do it for me
[06:11] <siretart> and I'm willing to support you, If you can convince me that your implementation design is sane :)
[06:11] <TMM> I will tweak it
[06:11] <TMM> and run more tests
[06:11] <TMM> asap
[06:11] <siretart> okay :)
[06:11] <siretart> and: thank you for doing this. you have great ideas!
[06:11] <TMM> I want to have something that is at least discussable in time for ubz
[06:13] <TMM> siretart, no problem, I enjoy this
[06:13] <TMM> ubuntu's community is great
[06:13] <siretart> :)
[06:13] <siretart> definitly!
[06:13] <TMM> :)
[06:13] <TMM> I'll try to finish off something better soon
[06:14] <TMM> perhaps I'll have to settle for a config tool that allows it to be configured as 'windows client'
[06:14] <TMM> and not have the choice at login at all
[06:15] <TMM> that should be doable in a couple of weeks
[06:15] <TMM> perhaps my idea is more post-dapper then... when all the setting scripts are in place..
[06:16] <siretart> remember that I really need NetworkAuthentication, even when it only works with ldap
[06:17] <TMM> setting up an ldap client isn't really hard
[06:17] <TMM> even from a config tool :)
[06:28] <TMM> siretart, there has got to be a way to do this properly :)
[06:44] <\sh> siretart: u think with 100 packages out of marillat and debian he's able to upgrade cleanly?
[06:44] <koke> most of the BOF descriptions are empty right now :(
[06:50] <TMM> siretart, I think I see a better way...
[06:59] <siretart> \sh: I think so. where do you expect breakage?
[07:05] <TMM> siretart, I only need that proxy thing for NSS really
[07:05] <TMM> siretart, and that is fairly easy to implement as 'just another nss plugin'
[07:15] <siretart> TMM: sounds great! :)
[07:38] <TMM> you can set some variables in pam sessions, I could store the method used to authenticate there, then look that up with my nssswitch plug
[07:38] <TMM> does that sound better? :)
[07:44] <siretart> if that works safely, why not
[07:57] <TMM> siretart, I honestly can't think of a security problem with NSS...
[07:57] <TMM> siretart, well, perhaps if *someuser* started to resolve to UID 0
[07:57] <TMM> hem
[07:57] <TMM> ok...
[07:57] <TMM> perhaps there IS a security risk :)
[07:58] <Lathiat> security risk where?
[07:59] <TMM> Lathiat, changes to NSS in general
[07:59] <Lathiat> howso?
[08:00] <TMM> depends a bit if NSS is only convenience or not :) but, I suppose that there is UID checking on a lower level than NSS
[08:00] <TMM> it's been a long day :)
[08:00] <bddebian> Heya gang
[08:01] <siretart> heyho bddebian!
[08:01] <sivang> heythere bddebian
[08:01] <Lathiat> oh no
[08:01] <Lathiat> its bddebian
[08:01] <Lathiat> everyone hide
[08:01] <TMM> siretart, I've got to stop thinking about this today, I've had too much on my mind now :)
[08:01] <bddebian> Hello siretart, Lathiat
[08:01] <bddebian> Lathiat: Hide from me? :-)
[08:01] <Lathiat> hi bddebian!
[08:02] <Lathiat> bddebian: hide the thermonuclear weapons!
[08:02] <TMM> I should have enough time before UBz begins to get something into shape :)
[08:02] <siretart> TMM: well, I'm off for today, too. Lets discuss this tomorrow
[08:02] <TMM> siretart, good idea
[08:02] <bddebian> Gah :-)
[08:02] <siretart> TMM: or somewhen else.
[08:02] <siretart> I'd also like to bring this up to the ubuntu-devel mainling list, because I think a quite wide audience would be intersted in that
[08:02] <siretart> bye folks!
[08:02] <Yagisan> thermonuclear weapons ?
[08:02] <TMM> and, I suppose that nss is not very security critical...
[08:02] <TMM> tomorrow! :)
[08:03] <sivang> TMM: already working on dapper packages? :)
[08:03] <TMM> sivang, trying to spec features I'd like to implement
[08:04] <TMM> my knowledge is apparently fading a bit in the details
[08:04] <TMM> not helping :)
[08:07] <Mez> siretart: ping
[08:08] <siretart> Mez: I'm rather already off
[08:08] <Mez> siretart: was just wondering where they keyring for revu was
[08:08] <siretart> /srv/revu1/uploaders.gpg
[08:08] <siretart> Mez: use revu-key to add ppl to the keyring, as documented in revu-trac
[08:09] <siretart> http://revu.tauware.de/trac
[08:09] <Mez> cool
[08:09] <Mez> I wanst given the terac url
[08:09] <bddebian> Heya Mez
[08:09] <Mez> hey bddebian
[08:10] <siretart> oh sorry
[08:16] <xophEr> can I get adobe reader for breezy via the official repositories some day?
[08:17] <Lathiat> isnt it already in as 'acroread' ?
[08:17] <xophEr> acroread-debian-files is all I can find
[08:17] <xophEr> no idea what they are
[08:17] <LaserJock> bddebian: who can mark a bug as fixed, does it need to be a MOTU?
[08:18] <bddebian> LaserJock: No, as long as you have editbugs rights
[08:18] <LaserJock> bddebian: what do you think about https://launchpad.net/distros/ubuntu/+sources/xfig/+bug/2029?
[08:19] <zyga_> wake up guys :)
[08:20] <zenrox> i am awake
[08:20] <zenrox> i think
[08:20] <zyga_> let's package abiword 2.4 with grammar checking while it's still hot  :-)
[08:20] <zyga_> 2.4.1 that is
[08:21] <zenrox> i ant that awake
[08:21] <bddebian> LaserJock: Close it :-)
[08:21] <LaserJock> bddebian: done :-)
[08:24] <zyga> err
[08:25] <zyga> err :/
[08:35] <zyga> I hate this... It's already packaged
[09:35] <spayne> hey all
[09:35] <spayne> i got my key signed!
[09:36] <spayne> i have a .sig file, what do i do now?
[09:36] <LaserJock> spayne: how did that go? I need to get that done too
[09:36] <spayne> it was great
[09:36] <spayne> i met Jon and persuaded him to package for Ubuntu!
[09:36] <spayne> he is a Debian guy but wanting a chage
[09:37] <LaserJock> cool
[09:42] <spayne> which key server should i use?
[09:47] <jinty> hoi ajmitch
[09:50] <LaserJock> spayne: have you looked at https://wiki.ubuntu.com/GetYourKeySigned ?
[09:50] <spayne> going :)
[11:26] <jinty>  hay ajmitch
[11:26] <jinty> no worries
[11:26] <jinty> just about that schooltool-live package
[11:27] <ajmitch> oh?
[11:28] <jinty> yeah, the settings for the schooltool livecd
[11:28] <jinty> that wasn't on the agenda for breezy
[11:29] <jinty> I'm interested in having it in universe
[11:32] <ajmitch> for dapper?
[11:32] <jinty> indeed
[11:32] <ajmitch> (sorry, very lagged on dialup today)
[11:32] <jinty> ah
[11:33] <ajmitch> heh
[11:34] <LaserJock> ajmitch: is it OK to reject Malone #3039?
[11:34] <ajmitch> so what's involved in the schooltool-live setup
[11:35] <jinty> all it does is depend on schooltool/schoolbell, and put a few files into /etc/skel
[11:35] <ajmitch> LaserJock: probably my fault too :)
[11:35] <ajmitch> jinty: ok
[11:35] <jinty> so that icons appear on all new users desktops
[11:36] <ajmitch> I don't think there'd be any obstacle to getting it in for dapper
[11:36] <jinty> cool, so you could upload it now?
[11:37] <jinty> heh, if you have the time...
[11:37] <ajmitch> nope
[11:37] <ajmitch> dapper isn't open yet :)
[11:38] <jinty> ah, well then I guess I will ping you again later...
[11:39] <bmonty> hi all
[11:40] <ajmitch> hi bmonty
[11:40] <jinty> thanks anyway
[11:40] <ajmitch> LaserJock: why did you want to reject that bug?
[11:41] <LaserJock> sorry, I just set it to fixed
[11:42] <LaserJock> It said that the ipython symbolic link wasn't right
[11:42] <ajmitch> but was it fixed?
[11:42] <LaserJock> yes
[11:42] <LaserJock> I just installed ipython and everything was OK
[11:42] <LaserJock>  /usr/bin/ipython -> /etc/alternatives/ipython
[11:43] <LaserJock> and /etc/alternatives/ipython -> /usr/bin/python2.4-ipython
[11:43] <ajmitch> so he may have had alterbatives set wrong
[11:43] <LaserJock> perhaps