/srv/irclogs.ubuntu.com/2006/03/21/#ubuntu-server.txt

=== mgalvin [n=mgalvin@ubuntu/member/mgalvin] has joined #ubuntu-server
=== nictuku [n=yves@201.10.184.190] has joined #ubuntu-server
=== mgalvin [n=mgalvin@ubuntu/member/mgalvin] has joined #ubuntu-server
=== mgalvin [n=mgalvin@ubuntu/member/mgalvin] has joined #ubuntu-server
=== natroll_movie [n=natroll@68-190-90-101.dhcp.mdsn.wi.charter.com] has joined #ubuntu-server
=== bpuccio [n=brian@ool-457a9c38.dyn.optonline.net] has joined #ubuntu-server
neuralisfabbione: have we considered shipping with some sane limits enabled by default in /etc/security/limits.conf?08:11
fabbioneneuralis: the defaults are sane. :)08:11
fabbioneno we are not going to touch them08:11
fabbionenot for dapper08:11
fabbioneand we are way past FF for that08:12
neuralisi didn't think any limits are enabled by defualt, are they?08:12
fabbionethere are no limits08:12
fabbioneand we don't want them08:12
fabbioneit's more the time they break something that really protects you against stupidity08:12
fabbionei have seen far too many apache installs broken for the crap in limits.conf08:13
maswanif you have a multi-user system where you need them, you know much better what kind of limits you need08:13
neuralisit seems strange that we ship a system that's susceptible to a forkbomb out of the box.08:13
fabbioneneuralis: i can give you a 20 lines C program that no matter what limits you put there it will kill your machine...08:14
neuralisright, but an nproc limit is low-hanging fruit. i don't feel too strongly about it, but i do think we should ship one.08:16
maswanhmm.. I think the only one we enforce is a 3 hour soft cputime limit on our multiuser machines08:16
maswanand that's mostly because people forget looping processes08:17
maswanneuralis: what should it be then? would a limit on 100k be useful?08:18
fabbioneneuralis: i think who really needs limits should set them up as it fits better for them08:18
maswanneuralis: because below that I see it conflicting with real use08:18
neuralismaswan: your users run 100k processes in parallel?08:23
maswanneuralis: apache might08:24
neuralisvery unlikely, and that's a special case.08:24
neuralisin any case, i'll consider throwing it into a spec for dapper+1, and we can get some other feedback.08:25
neuralisfabbione: send me your 20-line C program. there are any number of ways i can think of to bring down a machine, but i'd love to see yours. :)08:27
fabbioneneuralis: just do a while loop with open(filefoo); close(fd);08:28
fabbionemake sure you open and close08:28
fabbionea perfectly legal operation that will not hit limits at all08:29
fabbione1 file open08:29
fabbioneyou will see your machine crashing in a few seconds.. depending on the RAM08:29
fabbionedo not sleep in the middle.. no need to do any operations in the loop08:30
fabbionejust open/close :)08:30
=== Pygi [n=mario@83-131-250-25.adsl.net.t-com.hr] has joined #ubuntu-server
=== natroll [n=natroll@68-190-90-101.dhcp.mdsn.wi.charter.com] has joined #ubuntu-server
=== |JulienH| [n=JulienH@tru75-2-82-67-204-235.fbx.proxad.net] has joined #ubuntu-server
=== fdb [n=fdb@88.213.130.166] has joined #ubuntu-server
=== _JulienH_ [n=JulienH@tru75-2-82-67-204-235.fbx.proxad.net] has joined #ubuntu-server
=== |JulienH| [n=JulienH@tru75-2-82-67-204-235.fbx.proxad.net] has joined #ubuntu-server
=== hunger [n=tobias@p54A61836.dip0.t-ipconnect.de] has joined #ubuntu-server
=== mgalvin [n=mgalvin@ubuntu/member/mgalvin] has joined #ubuntu-server
=== mgalvin [n=mgalvin@ubuntu/member/mgalvin] has joined #ubuntu-server
=== Pygi [n=mario@83-131-247-214.adsl.net.t-com.hr] has joined #ubuntu-server
=== lionelp [n=lionel@ip-128.net-82-216-65.rev.numericable.fr] has joined #ubuntu-server
=== Pygi [n=mario@83-131-247-214.adsl.net.t-com.hr] has joined #ubuntu-server
=== lbm [n=lbm@x1-6-00-13-10-7a-d1-e4.k233.webspeed.dk] has joined #ubuntu-server
=== tiefox [n=giovanni@200.208.130.3] has joined #ubuntu-server
=== allee [n=ach@allee.exgal.mpe.mpg.de] has left #ubuntu-server ["Konversation]
=== mgalvin [n=mgalvin@ubuntu/member/mgalvin] has joined #ubuntu-server
=== mario_ [n=mario@83-131-236-96.adsl.net.t-com.hr] has joined #ubuntu-server
=== LordHunter317 [n=hunter@nat73.vnet.wnec.edu] has joined #ubuntu-server
=== Pygi [n=mario@83-131-247-116.adsl.net.t-com.hr] has joined #ubuntu-server
=== mgalvin [n=mgalvin@ubuntu/member/mgalvin] has joined #ubuntu-server
=== TMM [n=hp@c51471f2c.cable.wanadoo.nl] has joined #ubuntu-server
TMMhi!10:33
TMMto repost my question on -devel:10:33
TMMwhat would me the chances of getting iscsi support into the -server kernel before dapper releases? slim? extremely small? near-zero? :) it pretty much doesn't touch any files, it just adds a couple10:33
mkrufkyzero -- dapper kernel is in code freeze10:33
TMMcrud...10:33
TMMI only just noticed that it's missing10:34
mkrufkyTMM: they are only doing bug fixes10:34
mkrufkyTMM: try #ubuntu-kernel10:34
TMMhahaha, ok :)10:34
mkrufkyTMM: maybe they can help you10:34
=== TMM joins the 3rd channel
mkrufky;-)10:34
=== Fujitsu [n=fujitsu@c211-28-183-112.eburwd7.vic.optusnet.com.au] has joined #ubuntu-server
=== tseng [n=tseng@unaffiliated/tseng] has joined #ubuntu-server
TMMbut, thanks mkrufky :)10:36
mkrufkyTMM: i try10:37
mkrufkyTMM: you shouldnt be afraid to compile your own kernel10:37
mkrufkyTMM: the ubuntu guys frown on it, though10:37
TMMow, I'm not, it's just that our customers won't like it very much10:37
mkrufkyTMM: you will lose ubuntu tech support10:37
mkrufkygotcha10:37
TMMthey *really* won't like that10:37
mkrufkywell, you can always provide a package for them10:38
TMMnot having iscsi support is going to be a huge problem10:38
TMMnot only for me, but for others, and I am a fucking retard that I didn't check10:38
TMMearlier10:38
TMMI noteced it was missing from breezy as well, and never bothered to check dapper, until today, I was sort of assuming it would be there10:39
mkrufkyTMM:  here is a GREAT howto for building .deb kernel-pachages10:39
mkrufkyhttp://www.us.debian.org/releases/stable/i386/ch08s05.html.en#id253009910:39
TMMI really don't want to put any more sles boxes10:39
mkrufkyif i were you, I would build a kernel package, and host it in your own apt repo for your customers10:39
TMMmkrufky: I know how to do all that, but then I would have to track security. and prompty recompile10:39
mkrufkyTMM: but, this DOES violate your support10:40
mkrufkyyup :-(10:40
TMMI know, and I don't want that10:40
mkrufkyok10:40
=== mkrufky just trying to share the knowledge
TMMalso, our company is looking to become ubuntu support reseller... would be a pretty stupid move10:40
mkrufkywell, then.... your company may have some pull10:40
TMMmeh, doubtful10:40
TMMwe aren't yet10:40
TMMI am just too late probably10:41
TMMI am a fucking moron :)10:41
mkrufky:-(10:41
TMMtrying to push ubuntu in the company I work for, and forgetting to implement something as critical as this...10:41
ajmitchTMM: we're not at kernel freeze yet, so there still might be a chance10:42
TMMthat would be awesome... just tell me what I need to do :)10:42
FujitsuMore than a month until kernel freeze.10:42
TMMI'll do anything10:42
FujitsuIt is quite possible that you could get it in, as there is a focus on servers this time around.10:42
FujitsuMay 18.10:42
ajmitchTMM: filed a bug in malone asking for it?10:43
TMMI've got big hardware to test all of this crap on, I got 3 different types of iscsi sans to test from, got amd64 box too10:43
ajmitchtalked to the guys in #ubuntu-kernel?10:43
TMMajmitch: I just asked, there doesn't seem to be anyone home yet10:43
TMMajmitch: and I haven't asked on malone yet...10:43
TMMhaving iscsi support would mean that I can stop putting crappy sles9 boxes in places where vmware needs to run for instance10:44
TMMwith rhcs now in dapper, I think it is strange that it isn't in actually :)10:45
TMMrhcs is pretty darn cool10:45
TMMI implemented a 6 node cluster on redhat as4 for a customer :)10:45
TMMneat hardware too10:45
TMMI felt like a kid in a candystore10:46
TMM:)10:46
TMMajmitch: what would I need to do? put it in malone? I don't necceceraly want to request it as a feature, more like 'permission' or something, I don't like asking others to do "my" work :)10:49
TMMajmitch: plus, there is also the matter of the user-space utilities that would have to go into main/ then I suppose... that's probably a tad nastier10:50
TMMI really need to go sleep now, early day tomorrow...10:50
TMMajmitch: could you please email me at hein-pieter.van.braam@ictivity.nl if you can help me with some information, please? :) I would really like to have this in dapper10:51
TMMbye now10:51

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!