[08:11] <neuralis> fabbione: have we considered shipping with some sane limits enabled by default in /etc/security/limits.conf?
[08:11] <fabbione> neuralis: the defaults are sane. :)
[08:11] <fabbione> no we are not going to touch them
[08:11] <fabbione> not for dapper
[08:12] <fabbione> and we are way past FF for that
[08:12] <neuralis> i didn't think any limits are enabled by defualt, are they?
[08:12] <fabbione> there are no limits
[08:12] <fabbione> and we don't want them
[08:12] <fabbione> it's more the time they break something that really protects you against stupidity
[08:13] <fabbione> i have seen far too many apache installs broken for the crap in limits.conf
[08:13] <maswan> if you have a multi-user system where you need them, you know much better what kind of limits you need
[08:13] <neuralis> it seems strange that we ship a system that's susceptible to a forkbomb out of the box.
[08:14] <fabbione> neuralis: i can give you a 20 lines C program that no matter what limits you put there it will kill your machine...
[08:16] <neuralis> right, but an nproc limit is low-hanging fruit. i don't feel too strongly about it, but i do think we should ship one.
[08:16] <maswan> hmm.. I think the only one we enforce is a 3 hour soft cputime limit on our multiuser machines
[08:17] <maswan> and that's mostly because people forget looping processes
[08:18] <maswan> neuralis: what should it be then? would a limit on 100k be useful?
[08:18] <fabbione> neuralis: i think who really needs limits should set them up as it fits better for them
[08:18] <maswan> neuralis: because below that I see it conflicting with real use
[08:23] <neuralis> maswan: your users run 100k processes in parallel?
[08:24] <maswan> neuralis: apache might
[08:24] <neuralis> very unlikely, and that's a special case.
[08:25] <neuralis> in any case, i'll consider throwing it into a spec for dapper+1, and we can get some other feedback.
[08:27] <neuralis> fabbione: send me your 20-line C program. there are any number of ways i can think of to bring down a machine, but i'd love to see yours. :)
[08:28] <fabbione> neuralis: just do a while loop with open(filefoo); close(fd);
[08:28] <fabbione> make sure you open and close
[08:29] <fabbione> a perfectly legal operation that will not hit limits at all
[08:29] <fabbione> 1 file open
[08:29] <fabbione> you will see your machine crashing in a few seconds.. depending on the RAM
[08:30] <fabbione> do not sleep in the middle.. no need to do any operations in the loop
[08:30] <fabbione> just open/close :)
[10:33] <TMM> hi!
[10:33] <TMM> to repost my question on -devel:
[10:33] <TMM> what would me the chances of getting iscsi support into the -server kernel before dapper releases? slim? extremely small? near-zero? :) it pretty much doesn't touch any files, it just adds a couple
[10:33] <mkrufky> zero -- dapper kernel is in code freeze
[10:33] <TMM> crud...
[10:34] <TMM> I only just noticed that it's missing
[10:34] <mkrufky> TMM: they are only doing bug fixes
[10:34] <mkrufky> TMM: try #ubuntu-kernel
[10:34] <TMM> hahaha, ok :)
[10:34] <mkrufky> TMM: maybe they can help you
[10:34] <mkrufky> ;-)
[10:36] <TMM> but, thanks mkrufky :)
[10:37] <mkrufky> TMM: i try
[10:37] <mkrufky> TMM: you shouldnt be afraid to compile your own kernel
[10:37] <mkrufky> TMM: the ubuntu guys frown on it, though
[10:37] <TMM> ow, I'm not, it's just that our customers won't like it very much
[10:37] <mkrufky> TMM: you will lose ubuntu tech support
[10:37] <mkrufky> gotcha
[10:37] <TMM> they *really* won't like that
[10:38] <mkrufky> well, you can always provide a package for them
[10:38] <TMM> not having iscsi support is going to be a huge problem
[10:38] <TMM> not only for me, but for others, and I am a fucking retard that I didn't check
[10:38] <TMM> earlier
[10:39] <TMM> I noteced it was missing from breezy as well, and never bothered to check dapper, until today, I was sort of assuming it would be there
[10:39] <mkrufky> TMM:  here is a GREAT howto for building .deb kernel-pachages
[10:39] <mkrufky> http://www.us.debian.org/releases/stable/i386/ch08s05.html.en#id2530099
[10:39] <TMM> I really don't want to put any more sles boxes
[10:39] <mkrufky> if i were you, I would build a kernel package, and host it in your own apt repo for your customers
[10:39] <TMM> mkrufky: I know how to do all that, but then I would have to track security. and prompty recompile
[10:40] <mkrufky> TMM: but, this DOES violate your support
[10:40] <mkrufky> yup :-(
[10:40] <TMM> I know, and I don't want that
[10:40] <mkrufky> ok
[10:40] <TMM> also, our company is looking to become ubuntu support reseller... would be a pretty stupid move
[10:40] <mkrufky> well, then.... your company may have some pull
[10:40] <TMM> meh, doubtful
[10:40] <TMM> we aren't yet
[10:41] <TMM> I am just too late probably
[10:41] <TMM> I am a fucking moron :)
[10:41] <mkrufky> :-(
[10:41] <TMM> trying to push ubuntu in the company I work for, and forgetting to implement something as critical as this...
[10:42] <ajmitch> TMM: we're not at kernel freeze yet, so there still might be a chance
[10:42] <TMM> that would be awesome... just tell me what I need to do :)
[10:42] <Fujitsu> More than a month until kernel freeze.
[10:42] <TMM> I'll do anything
[10:42] <Fujitsu> It is quite possible that you could get it in, as there is a focus on servers this time around.
[10:42] <Fujitsu> May 18.
[10:43] <ajmitch> TMM: filed a bug in malone asking for it?
[10:43] <TMM> I've got big hardware to test all of this crap on, I got 3 different types of iscsi sans to test from, got amd64 box too
[10:43] <ajmitch> talked to the guys in #ubuntu-kernel?
[10:43] <TMM> ajmitch: I just asked, there doesn't seem to be anyone home yet
[10:43] <TMM> ajmitch: and I haven't asked on malone yet...
[10:44] <TMM> having iscsi support would mean that I can stop putting crappy sles9 boxes in places where vmware needs to run for instance
[10:45] <TMM> with rhcs now in dapper, I think it is strange that it isn't in actually :)
[10:45] <TMM> rhcs is pretty darn cool
[10:45] <TMM> I implemented a 6 node cluster on redhat as4 for a customer :)
[10:45] <TMM> neat hardware too
[10:46] <TMM> I felt like a kid in a candystore
[10:46] <TMM> :)
[10:49] <TMM> ajmitch: what would I need to do? put it in malone? I don't necceceraly want to request it as a feature, more like 'permission' or something, I don't like asking others to do "my" work :)
[10:50] <TMM> ajmitch: plus, there is also the matter of the user-space utilities that would have to go into main/ then I suppose... that's probably a tad nastier
[10:50] <TMM> I really need to go sleep now, early day tomorrow...
[10:51] <TMM> ajmitch: could you please email me at hein-pieter.van.braam@ictivity.nl if you can help me with some information, please? :) I would really like to have this in dapper
[10:51] <TMM> bye now