[01:19] Evening all [01:32] hi, sbalneav [01:41] Just sitting here in the coffee shop, waiting for my son to finish his piano lession [01:42] looking at bugs :) [01:42] looks like I've got 4 or 5 good bugs to deal with for bug day [01:42] Which reminds me [01:42] I should blog about it. [02:04] when is bug day again? [02:05] sbalneav: ^^^ [02:15] HedgeMage: 12th [02:32] HedgeMage, while copying over the issues do you want me to copy the ones that have been resolved as well, or just the ones that are open [02:39] dhillon-v10: please do both, so we don't have to wonder what has or hasn't been finished [02:40] HedgeMage, alright I am done with like 10 of those, just marking all of them confirmed :) [02:41] awesome [02:41] highvoltage, HedgeMage, I know I was added me to the website team but i still can't set the importance of the bugs, why is that? [02:42] HedgeMage, you bugs are short and sweet, so not much work :) [02:43] dhillon-v10: I have no idea, I'm not very familiar with LP [02:44] HedgeMage, I work with ubuntu and kubuntu website, and since those projects added me to their team I was able to change the importance, maybe highvoltage knows why this is happening [02:45] dhillon-v10: maybe he has to make the team own the project instead of his account owning it? [02:45] I'm not sure [02:45] As I said I'm new to LP [02:45] HedgeMage, :) okay I guess I can wait for sometime [02:46] brb [02:54] back [02:55] HedgeMage, its all done :) took me 15 mins [02:56] HedgeMage, now I'll add the tags and finish up [02:56] dhillon-v10: thanks...you rock :) [02:56] HedgeMage, nah, its just copying and pasting :) the next part is where I will actually do work [02:57] You have no idea how much I hate that sort of thing (I hated entering them in the first place). I'd choose coding for an hour over documenting/data entry for 20 minutes any time. [02:57] dhillon-v10: anyone who makes me have to do less of it is tops in my book :D [02:59] HedgeMage, yah entering them is a pain if you aren't used to it, I triage a lot of bugs so :) what's next [03:00] :) [03:01] can you link me to the project so I can look at the list? [03:01] I thought I had it somewhere... [03:02] HedgeMage, brb gotta eat dinner [03:02] dhillon-v10: also, are edge and regular LP operating on the same data, or do we have to make sure to use the same one? [03:02] ok [03:22] HedgeMage, alright i am back, edge and lp use the same data, edge just might have some experimental stuff. here's the link: https://bugs.edge.launchpad.net/edubuntu-website/+bugs you might see that there's a tag on the side that says github, those are all the bugs that I copied from github [03:29] dhillon-v10: awesome, thanks! [03:30] HedgeMage, np, now you said you wanted to tag some bugs as redesign right, which ones are they [03:43] dhillon-v10: sorry about that, back now [03:51] dhillon-v10: still around? [03:51] HedgeMage, yup ;0 [03:51] :) [03:51] HedgeMage, wow that was a smiley fail [03:51] heh [03:52] HedgeMage, so which bugs were the ones you wanted to have the tag redesign [03:53] I'd like everything we moved to have a tag referring to de upgrade/redesign so we can find them. I don't want to worry about stuff that applies to the old site or the wiki [03:53] * HedgeMage is all about focus, or at least tries to be when -- ooo! shiney! [03:55] HedgeMage, alright :) so you like shiny stuff [03:55] * HedgeMage == easily distracted [03:57] HedgeMage, if there's nothing else atm that I need to work on, I'll get to finishing my homework can we continue tomorrow [04:00] * dhillon-v10 thinks HedgeMage is busy [04:00] dhillon-v10: go for the homework thanks for the issue queue stuff :) [04:00] dhillon-v10: just parenting, as usual :) [04:00] HedgeMage, alright then bye and good night :) [04:01] you, too :) [04:21] * stgraber is trying to do some seed magic and get rid of some 800MB of packages from the DVD [04:21] I'm trying to only have the netbook remix packages on the DVD and drop the text installer to see if it works as I think it should ;) [04:21] :) [04:22] I saw you on identi.ca :) [04:41] yeah ! looks like I managed to get a DVD image that'll only contain extra packages + the live environment [04:41] :) [04:41] with extra packages being LTSP and the netbook interface [04:42] just need to upload that and check tomorrow for the new DVD image [04:46] stgraber: ignoring the lack of theme, we do now have the identi.ca group integration on the new site: http://edubuntu.frogandowl.org/ [04:48] yeah ! looks great [04:48] :) [04:48] one tiny step at a time [04:49] you know, I typically do not like that theme because it is always blue, but it looks good with the Edubuntu colors [04:50] heh [04:50] Thu, 2009-01-08 22:01 — nubae <- just need to hide that block on the front page :) [04:50] it's not our permanent theme [04:50] where is the permanent one? [04:50] don't make me go to email, I am to lazy :) [04:51] nixternal: mockups at http://imagebin.ca/view/KgCXBt.html and http://imagebin.ca/view/5n49WaF.html [04:51] nixternal: it's still under development [04:51] can we add one more logo to it? :p [04:52] I like it! [04:52] lol :) [04:52] good [04:52] haha, "random animal" [04:52] well, I wanted people to pay attention to the layout, not the content :P [06:20] !info ltsp-server [06:20] ltsp-server (source: ltsp): Basic LTSP server environment. In component main, is optional. Version 5.1.90-0ubuntu3 (karmic), package size 103 kB, installed size 1204 kB [06:20] !info ltsp-server lucid [06:20] ltsp-server (source: ltsp): Basic LTSP server environment. In component main, is optional. Version 5.1.98-0ubuntu1 (lucid), package size 101 kB, installed size 1256 kB [12:45] Morning all. I'll be afk most of the day, as I'll be in a management training course most of the day [14:06] alkisg: around? asquare? atriangle? [14:06] Heh! [14:06] dgroos: shoot [14:07] problems from yesterday seemed to have cleared up :) [14:07] don't know why. [14:07] So, I'm working on importing the users w/your script. [14:07] Nice [14:08] I think I might have made a mistake when I changed the permissions to 777 for the csv file I created though... [14:08] I don't think the .csv permissions would matter anywhere... what do you get? [14:09] When I was trying to import the users (menu option 3) I got a message in Terminal: "useradd: cannot lock /etc/passwd; try again later." [14:09] I got this message about 50 times. [14:10] The only deviation I had to make from your directions was that when I ran the script... [14:10] Did you run it with "sudo"? [14:11] yes [14:11] Strange. Did you have any other programs open, e.g. the gnome users-admin? [14:11] and chose option 3, to be able to locate the file I had to select the button in the bottom right hand corner and select the other option from the dropdown menu of 2 options. [14:12] just firefox. [14:13] Also, it looks like it imported maybe half the users? [14:13] dgroos: would you mind if I connected to your PC with vnc so that we can both look at it? [14:13] No prob [14:13] run: sudo apt-get install x11vnc [14:13] then: x11vnc -connect alkisg.dyndns.org [14:15] cool :) [14:16] this is less than half the users [14:26] Wow.... how much you charge? [14:26] dgroos: haha [14:26] Good morning all :) [14:27] dgroos: I'm guessing that the system is locking /etc/passwd to read the new users, and while it does that, no new users can be added!!! [14:27] Good morning HedgeMage [14:27] I wonder if there are license fees on this script and only allows 30 users at a time ;) [14:27] Lol!! :D [14:28] dgroos: I haven't tried it with so many users, so I'll debug it ASAP. The users should be fine now, though... [14:28] (I closed vnc btw) [14:48] hmmm... I ran the script again with option 5. It went down the list with, '...already exists' and stopped on a user and seemed to hang there. I waited about 15 minutes. The mouse cursor was nowhere to be found so I control-C and the script exited w/ message... [14:49] File "import-export-users.py", line 210, in gtk.main() [14:50] dgroos: aren't all the users imported? [14:50] I'm not sure? Did you do them all? [14:51] I think so, wanna connect with vnc again? [14:54] I don't want to take your time without trying some more on my side though thanks very much. I've got to teach now but will try again around midnight your time ;). I'll let you know how it goes! It might be OK after a restart :) [14:55] alkisg: Again, thanks so much for your time. [14:55] You're welcome... [19:25] !info karmic thunderbird [19:25] 'thunderbird' is not a valid distribution: hardy, hardy-backports, intrepid, intrepid-backports, jaunty, jaunty-backports, karmic, karmic-backports, karmic-proposed, kubuntu-backports, kubuntu-experimental, kubuntu-updates, lucid, lucid-backports, lucid-proposed, medibuntu, partner [19:25] !info thunderbird karmic [19:25] thunderbird (source: thunderbird): mail/news client with RSS and integrated spam filter support. In component main, is optional. Version 2.0.0.23+build1+nobinonly-0ubuntu1 (karmic), package size 11814 kB, installed size 35316 kB [19:28] !info thunderbird lucid [19:29] thunderbird (source: thunderbird): mail/news client with RSS and integrated spam filter support. In component main, is optional. Version 2.0.0.23+build1+nobinonly-0ubuntu1 (lucid), package size 11814 kB, installed size 35316 kB === highvolt1ge is now known as highvoltage [21:17] ogra, pleia2 o/ [21:18] Hi all - I am playing with a test system and LTSP, I noticed when hardening the ssh server setup on LTSP th ethin clients are refused authentication (connection refused) because of the PasswordAuthentication=no setting [21:18] I thought PKA was automatic. If it's not, how can can Iset the client to use only that ? [21:19] MagicFab: how would the users login? Automatically, with no username/password? [21:20] alkisg, I meant the image doesn't even load - I am not referring to splash login [21:20] The image loads with nbd, that doesn't relate to ssh security... [21:21] Hmm.... I see "After logging in, ldm starts a ssh tunnel and executes a X session on the server which is displayed through the tunnel on the thin client's X server. Using ssh here has the big advantage that you don't need to have a Xserver configured on the client and no unsafe TCP X transport is used as was done in older days of ltsp." [21:21] (from https://help.ubuntu.com/community/ThinClientHowto) [21:22] sorry I actually meant the opposite in my previous comment [21:22] ldm is the display manager, the one that gets the username/password from the user [21:22] That's when the image *finishes* loading... [21:23] So all users need to generate RSA pairs and have that on the server ? I came across this when setting up remote access to that server. [21:24] RSA pairs would mean that you had some user storage on the client [21:24] That is not the (usual) case with LTSP [21:24] I guess my question is what's the best practice to have both remote access to the server and proper settings for the clients. [21:25] You can limit password-enabled ssh to the ltsp-facing nic [21:25] no, RSA pairs meand .ssh has more than AuthHosts in it (on the server) [21:25] It's a pair; you need half of it on the server and half of it on the client [21:25] actually the client's would be within its image. [21:26] right ? [21:26] But how would the users authenticate, so that they could use the keys? [21:26] I know, that's why I am here :D [21:27] The only way for key-based authentication to make sense in LTSP (afaik) is if each user had his own usb stick with his keys, and used that as an authentication mechanism... [21:27] I usually won't setup a local account where someone else in the same LAN could launch a dictionary attack [21:28] How is that different from having LDAP accounts or local accounts in any local network? [21:28] limiting the auth method per NIC would be enough for now, but I am still curious . [21:29] I mean, what do you usually use, in non-ltsp setups? [21:29] alkisg, I don't expect shell accounts on the server when using LDAP. [21:30] For key authentication to work, you must login *first* on some machine to have access to your private key [21:30] OK, I got your concern. [21:30] I mentioned above the private key could be within the image - but doesn't make sense, that's why I am here. [21:31] You might want to also ask this in #ltsp, as it has more people there. [21:31] not much of a concern but more of lack of context / experience so I was missing some easy way to reason around this. When/if you know LTSP means a server listening on port22 with shell accounts and people with easy password, other measures are needed. [21:32] Well, anyone with a netbook can become an instant ltsp client [21:32] first and foremost I need to know how to make it acessible remotely without having only password auth :) [21:32] well, anyone with the right MAC address yes... etc. [21:33] Right, if you can block it per mac, it's the safest thing to do (still it can be easily faked, but it raises the bar a little) [21:34] motivations vs. $/resources to prevent all scenarios are next - I am also anticipating someone "OMFG! This LTSP server is by default INSECURE!" :) ..to which as you said I'd respond anyone with physical access to your LAN already has it easier. [21:35] ok, MAC address is something I hadn't thought of, I'll add it. Maybe I need a "LTSP hardening" checklist. Thanks for the answers. [21:35] Do ask this in #ltsp, as I'm not usually concerned about security, so I haven't given it too much thought [21:36] (and people here seem away at this time) [21:39] alkisg, tx again [21:53] HedgeMage: are you around? [21:56] alkisg: I also noticed the inconsistancy in case for --extra-help [21:56] alkisg: additially also that some sentences has periods at the end and some not [21:56] alkisg: I've been planning to give a patch for that :) [21:56] Yup, I reported that as well :D [21:57] highvoltage: if we're to fix them for Lucid, we'd better harry, as the translators will need some time to respond === lolcat is now known as SquishyD [22:55] alkisg: it'll probably be easier to ping me here, but seriously e-mail is much faster due to work policies [22:56] crimsun: should I file a new bug requesting the seeds change? [22:56] yes please [22:56] Thank you and sorry for pinging you :) [22:56] please subscribe me to it [22:57] oh no sweat regarding pinging me [23:36] I have a nagging issue regarding aspell, anyone know something about it? [23:39] highvoltage: am now [23:39] hi, crimsun long time no see [23:40] HedgeMage: I wanted to tell you something but I can't remember what :) [23:40] hi, HedgeMage. I've been around as dtchen. [23:40] (too lazy to /nick) [23:40] * highvoltage likes "crimsun" more :) [23:49] crimsun: ahh, I didn't know that was you :) [23:50] highvoltage: silly :P I'm packing for the move, so I'll be in and out. Feel free to message me when you remember. [23:51] I can only remember that I was very eager to tell you, which just makes it more difficult to remember [23:51] this is why I shouldn't be awake at 01:52