TheMue | Morning. | 07:20 |
---|---|---|
rogpeppe | TheMue, fwereade_: hiya | 07:38 |
TheMue | rogpeppe: Hello. | 07:39 |
TheMue | Interesting, Intel and RedHat invest into MongoDB. | 08:19 |
* TheMue has bazaar connection problems, grmblx | 08:30 | |
TheMue | dimitern: Hi. | 08:49 |
dimitern | TheMue: hi :) | 08:50 |
TheMue | Does anybody of you has bazaar troubles too? | 09:22 |
TheMue | Or is it just a local problem here ... | 09:22 |
TheMue | Found it! Somehow all my right to access ~/.ssh had been gone, strange. | 09:35 |
rogpeppe | TheMue: that was my fault :-) | 10:32 |
rogpeppe | TheMue: i think. (didn't i ask you to try something with ~/.ssh chmod'ed to 0?) | 10:32 |
TheMue | rogpeppe: Oh, yes, now I remember. ;) | 10:37 |
rogpeppe | a followup to yesterdays juju.Bootstrap CL (https://codereview.appspot.com/6843059/), if anyone cares to have a look: https://codereview.appspot.com/6847054 | 11:02 |
TheMue | Yep | 11:03 |
TheMue | rogpeppe: So far Gtm, but have to look deeper into the bootstrap CL again. That stuf is a bit more complex. | 11:09 |
rogpeppe | TheMue: yeah, the x509 stuff is much more complex than certificate handling should be. | 11:10 |
rogpeppe | TheMue: having three different internal formats for a certificate doesn't help. | 11:10 |
TheMue | rogpeppe: Yep | 11:10 |
TheMue | rogpeppe: So after open source let's now switch to open communication. No more encryption or authentication, anywhere. :D | 11:11 |
TheMue | rogpeppe: I'm just in generateRootCert(). The 10 years will once catch us, hehe. An old but still working installation, never updated. | 11:19 |
rogpeppe | TheMue: yeah. i wondered about 50, but was worried about 2038 | 11:19 |
TheMue | rogpeppe: Like those old IBM /36 which are still working. | 11:19 |
rogpeppe | TheMue: but tbh we're going to need some way of updating a root certificate anyway, so i don't think it's too much of a problem | 11:20 |
rogpeppe | TheMue: we can implement that, then push out new root certificates before 10 years has expired, i hope :-) | 11:21 |
rogpeppe | a little command i just implemented to help expose races in our tests: http://paste.ubuntu.com/1360068/ | 11:22 |
rogpeppe | it's worked ok - this command now reliably fails its test for me: | 11:23 |
rogpeppe | chew 10s & GOMAXPROCS=50 time go test -gocheck.f PasswordChanging | 11:23 |
rogpeppe | (in cmd/jujud) | 11:23 |
TheMue | rogpeppe: will have a look after bootstrap | 11:26 |
rogpeppe | TheMue: no particular need - i just quite liked the command, and it might be useful elsewhere. | 11:26 |
TheMue | rogpeppe: Just have been distraced by my daughter passing some jelly beans to me. | 11:26 |
rogpeppe | TheMue: can i have one, please? | 11:27 |
TheMue | ./dcc rogpeppe "jelly beans" | 11:27 |
rogpeppe | dcc? | 11:28 |
TheMue | http://en.wikipedia.org/wiki/Direct_Client-to-Client | 11:29 |
rogpeppe | TheMue: ah, i've never used that | 11:31 |
TheMue | rogpeppe: I've used it in the 90s, some time ago. But I don't know anymore how it exactly is has to be used. | 11:32 |
TheMue | rogpeppe: What is the meaning of SerialNumber in a certificate? | 11:37 |
rogpeppe | TheMue: it's just an arbitrary number AFAICS | 11:37 |
rogpeppe | TheMue: i.e. defined by the certificate issuing authority | 11:37 |
rogpeppe | TheMue: which is us, in this case | 11:38 |
TheMue | rogpeppe: IC, thx. | 11:38 |
rogpeppe | TheMue: i may well be wrong! | 11:38 |
TheMue | Aram: Hi. | 12:33 |
TheMue | Aram: Thought about my naming question of yesterday? I would then create a launchpad project. | 12:34 |
TheMue | rogpeppe: Two comments and a LGTM with a constraint (it depends on the bootstrap CL). | 13:06 |
rogpeppe | TheMue: i'm not sure you've published your comments | 13:07 |
rogpeppe | TheMue: (thanks BTW) | 13:08 |
TheMue | rogpeppe: Oh, will look again. | 13:08 |
TheMue | rogpeppe: They are published on the bootstrap CL. | 13:08 |
rogpeppe | TheMue: ah, thanks | 13:08 |
TheMue | rogpeppe: The follow-up looks good, but I'm currently not able to LGTM the bootstrap stuff. Have to dig deeper into X509 before. It's complex and new to me. | 13:09 |
rogpeppe | TheMue: it was to me too :-) | 13:09 |
rogpeppe | TheMue: tbh i think the Go API could be better there | 13:10 |
TheMue | rogpeppe: Sadly this whole crypto stuff isn't simple. So I can't imagine how the API could be more simple. Maybe a wrapper for common use cases. | 13:11 |
rogpeppe | TheMue: actually the crypto stuff is potentially very simple. it's x509 and its heap of related special cases that makes it hard. | 13:12 |
TheMue | rogpeppe: IC | 13:12 |
rogpeppe | time to reboot | 13:34 |
=== rog is now known as Guest94437 | ||
=== Guest94437 is now known as rogpeppe | ||
=== TheMue_ is now known as TheMue | ||
rogpeppe | a small CL if anyone fancies taking a look: https://codereview.appspot.com/6854054/ | 16:36 |
Aram | rogpeppe: code wise LGTM, but I don't know anything about this stuff so I can't say if it's sane or not. | 16:37 |
rogpeppe | Aram: thanks | 16:38 |
TheMue | rogpeppe: From my side for the code too. How does the root PEM relate to the other stuff you've added before? | 16:40 |
rogpeppe | TheMue: the root CA signs the certificate that the state uses to verify that it's the correct entity | 16:40 |
rogpeppe | TheMue: so if something wants to connect to the state, it needs to know the root CA so that it can verify that it's talking to the right thing | 16:41 |
TheMue | Aram: I just pushed a new revision, only minor changes. Tomorrow morning I'll create the lauchnpad project and also move the package one level up. | 16:41 |
TheMue | rogpeppe: Ah, thx. | 16:42 |
TheMue | rogpeppe: So you've got an LGTM. | 16:42 |
rogpeppe | TheMue: thanks | 16:42 |
TheMue | Aram: After that step we can use branches and reviews. | 16:43 |
rogpeppe | TheMue, Aram: just so i can keep track: what's the current story with the LXC stuff? | 16:45 |
Aram | rogpeppe: LXC wrapper. | 16:46 |
rogpeppe | Aram: ok. distasteful i can see, but sensible. | 16:47 |
rogpeppe | Aram: at least you know what's going on inside now :-) | 16:47 |
TheMue | rogpeppe: I don't see it as distasteful, only as pragmatic. And it works. Sure, a kind of lxc daemon providing an API usable w/o C would be nice. But the result would be the same. :D | 16:51 |
rogpeppe | TheMue: are we wrapping the shell scripts or the C API? | 16:52 |
Aram | shell scripts, of course. | 16:52 |
Aram | not much to do with the C api. | 16:52 |
TheMue | rogpeppe: The commands, some are binaries, some are scripts. | 16:52 |
Aram | plus some functionality is implemented outside of the API. | 16:52 |
rogpeppe | ah, i misunderstood the "API usable w/o C" thing | 16:52 |
rogpeppe | i was wondering if we were going to go the cgo route | 16:53 |
TheMue | rogpeppe: The advantage of the usage of the commands is the compatability with the commands (never thought, lol). | 16:54 |
TheMue | rogpeppe: That means that a container created by our package can be adminstrated by the lxc-… commands. | 16:54 |
rogpeppe | TheMue: that's an excellent point | 16:55 |
TheMue | rogpeppe: But for sure, a small and smart own implementation using the pure logic behind has its appeal. | 16:57 |
rogpeppe | TheMue: this is linux - no way to be small or smart :-) :-) | 16:57 |
TheMue | rogpeppe: :D | 16:57 |
rogpeppe | Aram: i thought you might be at iwp9 | 16:58 |
TheMue | rogpeppe: What is iwp9? Surely something about Plan 9, isn't it? | 16:58 |
rogpeppe | TheMue: http://7e.iwp9.org/ | 16:58 |
Aram | this is not about a desire for aesthetic purity, it's about how the provided tools are obtuse, unstable, unsuitable for composability, and how the authors don't know how to provide a good interface. | 16:59 |
Aram | rogpeppe: I planned to, but I have to go to a memorial service in Romania. | 16:59 |
rogpeppe | Aram: sorry to hear that | 16:59 |
Aram | rogpeppe: with this ocasion, I'm also taking two weeks leave, to see my mother who came from US. | 17:00 |
Aram | sorry for not annoucing earlier about my leave, but I decided only yesterday/ | 17:00 |
TheMue | Aram: Oh, thought it would be for recreation. Sorry to hear that, too. | 17:01 |
TheMue | So, have to step out, but will come in later again. | 17:04 |
rogpeppe | right, that's me for the day | 18:04 |
rogpeppe | night all | 18:04 |
TheMue | re | 19:09 |
Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!