[01:19] <sbalneav> Evening all
[01:32] <HedgeMage> hi, sbalneav
[01:41] <sbalneav> Just sitting here in the coffee shop, waiting for my son to finish his piano lession
[01:42] <sbalneav> looking at bugs :)
[01:42] <sbalneav> looks like I've got 4 or 5 good bugs to deal with for bug day
[01:42] <sbalneav> Which reminds me
[01:42] <sbalneav> I should blog about it.
[02:04] <HedgeMage> when is bug day again?
[02:05] <HedgeMage> sbalneav: ^^^
[02:15] <sbalneav> HedgeMage: 12th
[02:32] <dhillon-v10> HedgeMage, while copying over the issues do you want me to copy  the ones that have been resolved as well, or just the ones that are open
[02:39] <HedgeMage> dhillon-v10: please do both, so we don't have to wonder what has or hasn't been finished
[02:40] <dhillon-v10> HedgeMage, alright I am done with like 10 of those, just marking all of them confirmed :)
[02:41] <HedgeMage> awesome
[02:41] <dhillon-v10> highvoltage, HedgeMage, I know I was added me to the website team but i still can't set the importance of the bugs, why is that?
[02:42] <dhillon-v10> HedgeMage, you bugs are short and sweet, so not much work :)
[02:43] <HedgeMage> dhillon-v10: I have no idea, I'm not very familiar with LP
[02:44] <dhillon-v10> HedgeMage, I work with ubuntu and kubuntu website, and since those projects added me to their team I was able to change the importance, maybe highvoltage knows why this is happening
[02:45] <HedgeMage> dhillon-v10: maybe he has to make the team own the project instead of his account owning it?
[02:45] <HedgeMage> I'm not sure
[02:45] <HedgeMage> As I said I'm new to LP
[02:45] <dhillon-v10> HedgeMage, :) okay I guess I can wait for sometime
[02:46] <HedgeMage> brb
[02:54] <HedgeMage> back
[02:55] <dhillon-v10> HedgeMage, its all done :) took me 15 mins
[02:56] <dhillon-v10> HedgeMage, now I'll add the tags and finish up
[02:56] <HedgeMage> dhillon-v10: thanks...you rock :)
[02:56] <dhillon-v10> HedgeMage, nah, its just copying and pasting :) the next part is where I will actually do work
[02:57] <HedgeMage> You have no idea how much I hate that sort of thing (I hated entering them in the first place).  I'd choose coding for an hour over documenting/data entry for 20 minutes any time.
[02:57] <HedgeMage> dhillon-v10: anyone who makes me have to do less of it is tops in my book :D
[02:59] <dhillon-v10> HedgeMage, yah entering them is a pain if you aren't used to it, I triage a lot of bugs so :) what's next
[03:00] <HedgeMage> :)
[03:01] <HedgeMage> can you link me to the project so I can look at the list?
[03:01] <HedgeMage> I thought I had it somewhere...
[03:02] <dhillon-v10> HedgeMage, brb gotta eat dinner
[03:02] <HedgeMage> dhillon-v10: also, are edge and regular LP operating on the same data, or do we have to make sure to use the same one?
[03:02] <HedgeMage> ok
[03:22] <dhillon-v10> HedgeMage, alright i am back, edge and lp use the same data, edge just might have some experimental stuff. here's the link: https://bugs.edge.launchpad.net/edubuntu-website/+bugs you might see that there's a tag on the side that says github, those are all the bugs that I copied from github
[03:29] <HedgeMage> dhillon-v10: awesome, thanks!
[03:30] <dhillon-v10> HedgeMage, np, now you said you wanted to tag some bugs as redesign right, which ones are they
[03:43] <HedgeMage> dhillon-v10: sorry about that, back now
[03:51] <HedgeMage> dhillon-v10: still around?
[03:51] <dhillon-v10> HedgeMage, yup ;0
[03:51] <dhillon-v10> :)
[03:51] <dhillon-v10> HedgeMage, wow that was a smiley fail
[03:51] <HedgeMage> heh
[03:52] <dhillon-v10> HedgeMage, so which bugs were the ones you wanted to have the tag redesign
[03:53] <HedgeMage> I'd like everything we moved to have a tag referring to de upgrade/redesign so we can find them.  I don't want to worry about stuff that applies to the old site or the wiki
[03:53]  * HedgeMage is all about focus, or at least tries to be when -- ooo! shiney!
[03:55] <dhillon-v10> HedgeMage, alright :) so you like shiny stuff
[03:55]  * HedgeMage == easily distracted
[03:57] <dhillon-v10> HedgeMage, if there's nothing else atm that I need to work on, I'll get to finishing my homework can we continue tomorrow
[04:00]  * dhillon-v10 thinks HedgeMage is busy
[04:00] <HedgeMage> dhillon-v10: go for the homework thanks for the issue queue stuff :)
[04:00] <HedgeMage> dhillon-v10: just parenting, as usual :)
[04:00] <dhillon-v10> HedgeMage, alright then bye and good night :)
[04:01] <HedgeMage> you, too :)
[04:21]  * stgraber is trying to do some seed magic and get rid of some 800MB of packages from the DVD
[04:21] <stgraber> I'm trying to only have the netbook remix packages on the DVD and drop the text installer to see if it works as I think it should ;)
[04:21] <HedgeMage> :)
[04:22] <HedgeMage> I saw you on identi.ca :)
[04:41] <stgraber> yeah ! looks like I managed to get a DVD image that'll only contain extra packages + the live environment
[04:41] <HedgeMage> :)
[04:41] <stgraber> with extra packages being LTSP and the netbook interface
[04:42] <stgraber> just need to upload that and check tomorrow for the new DVD image
[04:46] <HedgeMage> stgraber: ignoring the lack of theme, we do now have the identi.ca group integration on the new site: http://edubuntu.frogandowl.org/
[04:48] <stgraber> yeah ! looks great
[04:48] <HedgeMage> :)
[04:48] <HedgeMage> one tiny step at a time
[04:49] <nixternal> you know, I typically do not like that theme because it is always blue, but it looks good with the Edubuntu colors
[04:50] <HedgeMage> heh
[04:50] <nixternal> Thu, 2009-01-08 22:01 — nubae   <- just need to hide that block on the front page :)
[04:50] <HedgeMage> it's not our permanent theme
[04:50] <nixternal> where is the permanent one?
[04:50] <nixternal> don't make me go to email, I am to lazy :)
[04:51] <HedgeMage> nixternal: mockups at http://imagebin.ca/view/KgCXBt.html and http://imagebin.ca/view/5n49WaF.html
[04:51] <HedgeMage> nixternal: it's still under development
[04:51] <nixternal> can we add one more logo to it? :p
[04:52] <nixternal> I like it!
[04:52] <HedgeMage> lol :)
[04:52] <HedgeMage> good
[04:52] <nixternal> haha, "random animal"
[04:52] <HedgeMage> well, I wanted people to pay attention to the layout, not the content :P
[06:20] <alkisg> !info ltsp-server
[06:20] <alkisg> !info ltsp-server lucid
[12:45] <sbalneav> Morning all.  I'll be afk most of the day, as I'll be in a management training course most of the day
[14:06] <dgroos> alkisg: around? asquare? atriangle?
[14:06] <alkisg> Heh!
[14:06] <alkisg> dgroos: shoot
[14:07] <dgroos> problems from yesterday seemed to have cleared up :)
[14:07] <dgroos> don't know why.
[14:07] <dgroos> So, I'm working on importing the users w/your script.
[14:07] <alkisg> Nice
[14:08] <dgroos> I think I might have made a mistake when I changed the permissions to 777 for the csv file I created though...
[14:08] <alkisg> I don't think the .csv permissions would matter anywhere... what do you get?
[14:09] <dgroos> When I was trying to import the users (menu option 3) I got a message in Terminal: "useradd: cannot lock /etc/passwd; try again later."
[14:09] <dgroos> I got this message about 50 times.
[14:10] <dgroos> The only deviation I had to make from your directions was that when I ran the script...
[14:10] <alkisg> Did you run it with "sudo"?
[14:11] <dgroos> yes
[14:11] <alkisg> Strange. Did you have any other programs open, e.g. the gnome users-admin?
[14:11] <dgroos> and chose option 3, to be able to locate the file I had to select the button in the bottom right hand corner and select the other option from the dropdown menu of 2 options.
[14:12] <dgroos> just firefox.
[14:13] <dgroos> Also, it looks like it imported maybe half the users?
[14:13] <alkisg> dgroos: would you mind if I connected to your PC with vnc so that we can both look at it?
[14:13] <dgroos> No prob
[14:13] <alkisg> run: sudo apt-get install x11vnc
[14:13] <alkisg> then: x11vnc -connect alkisg.dyndns.org
[14:15] <dgroos> cool :)
[14:16] <dgroos> this is less than half the users
[14:26] <dgroos> Wow.... how much you charge?
[14:26] <alkisg> dgroos: haha
[14:26] <HedgeMage> Good morning all :)
[14:27] <alkisg> dgroos: I'm guessing that the system is locking /etc/passwd to read the new users, and while it does that, no new users can be added!!!
[14:27] <alkisg> Good morning HedgeMage
[14:27] <dgroos> I wonder if there are license fees on this script and only allows 30 users at a time ;)
[14:27] <alkisg> Lol!! :D
[14:28] <alkisg> dgroos: I haven't tried it with so many users, so I'll debug it ASAP. The users should be fine now, though...
[14:28] <alkisg> (I closed vnc btw)
[14:48] <dgroos> hmmm... I ran the script again with option 5.  It went down the list with, '...already exists' and stopped on a user and seemed to hang there.  I waited about 15 minutes.  The mouse cursor was nowhere to be found so I control-C and the script exited w/ message...
[14:49] <dgroos> File "import-export-users.py", line 210, in <module> gtk.main()
[14:50] <alkisg> dgroos: aren't all the users imported?
[14:50] <dgroos> I'm not sure?  Did you do them all?
[14:51] <alkisg> I think so, wanna connect with vnc again?
[14:54] <dgroos> I don't want to take your time without trying some more on my side though thanks very much.  I've got to teach now but will try again around midnight your time ;).  I'll let you know how it goes!  It might be OK after a restart :)
[14:55] <dgroos> alkisg: Again, thanks so much for your time.
[14:55] <alkisg> You're welcome...
[19:25] <alkisg> !info karmic thunderbird
[19:25] <alkisg> !info thunderbird karmic
[19:28] <alkisg> !info thunderbird lucid
[21:17] <MagicFab> ogra, pleia2 o/
[21:18] <MagicFab> Hi all - I am playing with a test system and LTSP, I noticed when hardening the ssh server setup on LTSP th ethin clients are refused authentication (connection refused) because of the PasswordAuthentication=no setting
[21:18] <MagicFab> I thought PKA was automatic. If it's not, how can can Iset the client to use only that ?
[21:19] <alkisg> MagicFab: how would the users login? Automatically, with no username/password?
[21:20] <MagicFab> alkisg, I meant the image doesn't even load - I am not referring to splash login
[21:20] <alkisg> The image loads with nbd, that doesn't relate to ssh security...
[21:21] <MagicFab> Hmm.... I see "After logging in, ldm starts a ssh tunnel and executes a X session on the server which is displayed through the tunnel on the thin client's X server. Using ssh here has the big advantage that you don't need to have a Xserver configured on the client and no unsafe TCP X transport is used as was done in older days of ltsp."
[21:21] <MagicFab> (from https://help.ubuntu.com/community/ThinClientHowto)
[21:22] <MagicFab> sorry I actually meant the opposite in my previous comment
[21:22] <alkisg> ldm is the display manager, the one that gets the username/password from the user
[21:22] <alkisg> That's when the image *finishes* loading...
[21:23] <MagicFab> So all users need to generate RSA pairs and have that on the server ? I came across this when setting up remote access to that server.
[21:24] <alkisg> RSA pairs would mean that you had some user storage on the client
[21:24] <alkisg> That is not the (usual) case with LTSP
[21:24] <MagicFab> I guess my question is what's the best practice to have both remote access to the server and proper settings for the clients.
[21:25] <alkisg> You can limit password-enabled ssh to the ltsp-facing nic
[21:25] <MagicFab> no, RSA pairs meand .ssh has more than AuthHosts in it (on the server)
[21:25] <alkisg> It's a pair; you need half of it on the server and half of it on the client
[21:25] <MagicFab> actually the client's would be within its image.
[21:26] <MagicFab> right ?
[21:26] <alkisg> But how would the users authenticate, so that they could use the keys?
[21:26] <MagicFab> I know, that's why I am here :D
[21:27] <alkisg> The only way for key-based authentication to make sense in LTSP (afaik) is if each user had his own usb stick with his keys, and used that as an authentication mechanism...
[21:27] <MagicFab> I usually won't setup a local account where someone else in the same LAN could launch a dictionary attack
[21:28] <alkisg> How is that different from having LDAP accounts or local accounts in any local network?
[21:28] <MagicFab> limiting the auth method per NIC would be enough for now, but I am still curious .
[21:29] <alkisg> I mean, what do you usually use, in non-ltsp setups?
[21:29] <MagicFab> alkisg, I don't expect shell accounts on the server when using LDAP.
[21:30] <alkisg> For key authentication to work, you must login *first* on some machine to have access to your private key
[21:30] <alkisg> OK, I got your concern.
[21:30] <MagicFab> I mentioned above the private key could be within the image - but doesn't make sense, that's why I am here.
[21:31] <alkisg> You might want to also ask this in #ltsp, as it has more people there.
[21:31] <MagicFab> not much of a concern but more of lack of context / experience so I was missing some easy way to reason around this. When/if you know LTSP means a server listening on port22 with shell accounts and people with easy password, other measures are needed.
[21:32] <alkisg> Well, anyone with a netbook can become an instant ltsp client
[21:32] <MagicFab> first and foremost I need to know how to make it acessible remotely without having only password auth :)
[21:32] <MagicFab> well, anyone with the right MAC address yes... etc.
[21:33] <alkisg> Right, if you can block it per mac, it's the safest thing to do (still it can be easily faked, but it raises the bar a little)
[21:34] <MagicFab> motivations vs. $/resources to prevent all scenarios are next - I am also anticipating someone "OMFG! This LTSP server is by default INSECURE!" :) ..to which as you said I'd respond anyone with physical access to your LAN already has it easier.
[21:35] <MagicFab> ok, MAC address is something I hadn't thought of, I'll add it. Maybe I need a "LTSP hardening" checklist. Thanks for the answers.
[21:35] <alkisg> Do ask this in #ltsp, as I'm not usually concerned about security, so I haven't given it too much thought
[21:36] <alkisg> (and people here seem away at this time)
[21:39] <MagicFab> alkisg, tx again
[21:53] <highvoltage> HedgeMage: are you around?
[21:56] <highvoltage> alkisg: I also noticed the inconsistancy in case for --extra-help
[21:56] <highvoltage> alkisg: additially also that some sentences has periods at the end and some not
[21:56] <highvoltage> alkisg: I've been planning to give a patch for that :)
[21:56] <alkisg> Yup, I reported that as well :D
[21:57] <alkisg> highvoltage: if we're to fix them for Lucid, we'd better harry, as the translators will need some time to respond
[22:55] <crimsun> alkisg: it'll probably be easier to ping me here, but seriously e-mail is much faster due to work policies
[22:56] <alkisg> crimsun: should I file a new bug requesting the seeds change?
[22:56] <crimsun> yes please
[22:56] <alkisg> Thank you and sorry for pinging you :)
[22:56] <crimsun> please subscribe me to it
[22:57] <crimsun> oh no sweat regarding pinging me
[23:36] <isforinsects> I have a nagging issue regarding aspell, anyone know something about it?
[23:39] <HedgeMage> highvoltage: am now
[23:39] <HedgeMage> hi, crimsun long time no see
[23:40] <highvoltage> HedgeMage: I wanted to tell you something but I can't remember what :)
[23:40] <crimsun> hi, HedgeMage. I've been around as dtchen.
[23:40] <crimsun> (too lazy to /nick)
[23:40]  * highvoltage likes "crimsun" more :)
[23:49] <HedgeMage> crimsun: ahh, I didn't know that was you :)
[23:50] <HedgeMage> highvoltage: silly :P   I'm packing for the move, so I'll be in and out.  Feel free to message me when you remember.
[23:51] <highvoltage> I can only remember that I was very eager to tell you, which just makes it more difficult to remember
[23:51] <highvoltage> this is why I shouldn't be awake at 01:52