[07:20] <TheMue> Morning.
[07:38] <rogpeppe> TheMue, fwereade_: hiya
[07:39] <TheMue> rogpeppe: Hello.
[08:19] <TheMue> Interesting, Intel and RedHat invest into MongoDB.
[08:30]  * TheMue has bazaar connection problems, grmblx
[08:49] <TheMue> dimitern: Hi.
[08:50] <dimitern> TheMue: hi :)
[09:22] <TheMue> Does anybody of you has bazaar troubles too?
[09:22] <TheMue> Or is it just a local problem here ...
[09:35] <TheMue> Found it! Somehow all my right to access ~/.ssh had been gone, strange.
[10:32] <rogpeppe> TheMue: that was my fault :-)
[10:32] <rogpeppe> TheMue: i think. (didn't i ask you to try something with ~/.ssh chmod'ed to 0?)
[10:37] <TheMue> rogpeppe: Oh, yes, now I remember. ;)
[11:02] <rogpeppe> a followup to yesterdays juju.Bootstrap CL (https://codereview.appspot.com/6843059/), if anyone cares to have a look: https://codereview.appspot.com/6847054
[11:03] <TheMue> Yep
[11:09] <TheMue> rogpeppe: So far Gtm, but have to look deeper into the bootstrap CL again. That stuf is a bit more complex.
[11:10] <rogpeppe> TheMue: yeah, the x509 stuff is much more complex than certificate handling should be.
[11:10] <rogpeppe> TheMue: having three different internal formats for a certificate doesn't help.
[11:10] <TheMue> rogpeppe: Yep
[11:11] <TheMue> rogpeppe: So after open source let's now switch to open communication. No more encryption or authentication, anywhere. :D
[11:19] <TheMue> rogpeppe: I'm just in generateRootCert(). The 10 years will once catch us, hehe. An old but still working installation, never updated.
[11:19] <rogpeppe> TheMue: yeah. i wondered about 50, but was worried about 2038
[11:19] <TheMue> rogpeppe: Like those old IBM /36 which are still working.
[11:20] <rogpeppe> TheMue: but tbh we're going to need some way of updating a root certificate anyway, so i don't think it's too much of a problem
[11:21] <rogpeppe> TheMue: we can implement that, then push out new root certificates before 10 years has expired, i hope :-)
[11:22] <rogpeppe> a little command i just implemented to help expose races in our tests: http://paste.ubuntu.com/1360068/
[11:23] <rogpeppe> it's worked ok - this command now reliably fails its test for me:
[11:23] <rogpeppe> chew 10s & GOMAXPROCS=50 time go test -gocheck.f PasswordChanging
[11:23] <rogpeppe> (in cmd/jujud)
[11:26] <TheMue> rogpeppe: will have a look after bootstrap
[11:26] <rogpeppe> TheMue: no particular need - i just quite liked the command, and it might be useful elsewhere.
[11:26] <TheMue> rogpeppe: Just have been distraced by my daughter passing some jelly beans to me.
[11:27] <rogpeppe> TheMue: can i have one, please?
[11:27] <TheMue> ./dcc rogpeppe "jelly beans"
[11:28] <rogpeppe> dcc?
[11:29] <TheMue> http://en.wikipedia.org/wiki/Direct_Client-to-Client
[11:31] <rogpeppe> TheMue: ah, i've never used that
[11:32] <TheMue> rogpeppe: I've used it in the 90s, some time ago. But I don't know anymore how it exactly is has to be used.
[11:37] <TheMue> rogpeppe: What is the meaning of SerialNumber in a certificate?
[11:37] <rogpeppe> TheMue: it's just an arbitrary number AFAICS
[11:37] <rogpeppe> TheMue: i.e. defined by the certificate issuing authority
[11:38] <rogpeppe> TheMue: which is us, in this case
[11:38] <TheMue> rogpeppe: IC, thx.
[11:38] <rogpeppe> TheMue: i may well be wrong!
[12:33] <TheMue> Aram: Hi.
[12:34] <TheMue> Aram: Thought about my naming question of yesterday? I would then create a launchpad project.
[13:06] <TheMue> rogpeppe: Two comments and a LGTM with a constraint (it depends on the bootstrap CL).
[13:07] <rogpeppe> TheMue: i'm not sure you've published your comments
[13:08] <rogpeppe> TheMue: (thanks BTW)
[13:08] <TheMue> rogpeppe: Oh, will look again.
[13:08] <TheMue> rogpeppe: They are published on the bootstrap CL.
[13:08] <rogpeppe> TheMue: ah, thanks
[13:09] <TheMue> rogpeppe: The follow-up looks good, but I'm currently not able to LGTM the bootstrap stuff. Have to dig deeper into X509 before. It's complex and new to me.
[13:09] <rogpeppe> TheMue: it was to me too :-)
[13:10] <rogpeppe> TheMue: tbh i think the Go API could be better there
[13:11] <TheMue> rogpeppe: Sadly this whole crypto stuff isn't simple. So I can't imagine how the API could be more simple. Maybe a wrapper for common use cases.
[13:12] <rogpeppe> TheMue: actually the crypto stuff is potentially very simple. it's x509 and its heap of related special cases that makes it hard.
[13:12] <TheMue> rogpeppe: IC
[13:34] <rogpeppe> time to reboot
[16:36] <rogpeppe> a small CL if anyone fancies taking a look: https://codereview.appspot.com/6854054/
[16:37] <Aram> rogpeppe: code wise LGTM, but I don't know anything about this stuff so I can't say if it's sane or not.
[16:38] <rogpeppe> Aram: thanks
[16:40] <TheMue> rogpeppe: From my side for the code too. How does the root PEM relate to the other stuff you've added before?
[16:40] <rogpeppe> TheMue: the root CA signs the certificate that the state uses to verify that it's the correct entity
[16:41] <rogpeppe> TheMue: so if something wants to connect to the state, it needs to know the root CA so that it can verify that it's talking to the right thing
[16:41] <TheMue> Aram: I just pushed a new revision, only minor changes. Tomorrow morning I'll create the lauchnpad project and also move the package one level up.
[16:42] <TheMue> rogpeppe: Ah, thx.
[16:42] <TheMue> rogpeppe: So you've got an LGTM.
[16:42] <rogpeppe> TheMue: thanks
[16:43] <TheMue> Aram: After that step we can use branches and reviews.
[16:45] <rogpeppe> TheMue, Aram: just so i can keep track: what's the current story with the LXC stuff?
[16:46] <Aram> rogpeppe: LXC wrapper.
[16:47] <rogpeppe> Aram: ok. distasteful i can see, but sensible.
[16:47] <rogpeppe> Aram: at least you know what's going on inside now :-)
[16:51] <TheMue> rogpeppe: I don't see it as distasteful, only as pragmatic. And it works. Sure, a kind of lxc daemon providing an API usable w/o C would be nice. But the result would be the same. :D
[16:52] <rogpeppe> TheMue: are we wrapping the shell scripts or the C API?
[16:52] <Aram> shell scripts, of course.
[16:52] <Aram> not much to do with the C api.
[16:52] <TheMue> rogpeppe: The commands, some are binaries, some are scripts.
[16:52] <Aram> plus some functionality is implemented outside of the API.
[16:52] <rogpeppe> ah, i misunderstood the "API usable w/o C" thing
[16:53] <rogpeppe> i was wondering if we were going to go the cgo route
[16:54] <TheMue> rogpeppe: The advantage of the usage of the commands is the compatability with the commands (never thought, lol).
[16:54] <TheMue> rogpeppe: That means that a container created by our package can be adminstrated by the lxc-… commands.
[16:55] <rogpeppe> TheMue: that's an excellent point
[16:57] <TheMue> rogpeppe: But for sure, a small and smart own implementation using the pure logic behind has its appeal.
[16:57] <rogpeppe> TheMue: this is linux - no way to be small or smart :-) :-)
[16:57] <TheMue> rogpeppe: :D
[16:58] <rogpeppe> Aram: i thought you might be at iwp9
[16:58] <TheMue> rogpeppe: What is iwp9? Surely something about Plan 9, isn't it?
[16:58] <rogpeppe> TheMue: http://7e.iwp9.org/
[16:59] <Aram> this is not about a desire for aesthetic purity, it's about how the provided tools are obtuse, unstable, unsuitable for composability, and how the authors don't know how to provide a good interface.
[16:59] <Aram> rogpeppe: I planned to, but I have to go to a memorial service in Romania.
[16:59] <rogpeppe> Aram: sorry to hear that
[17:00] <Aram> rogpeppe: with this ocasion, I'm also taking two weeks leave, to see my mother who came from US.
[17:00] <Aram> sorry for not annoucing earlier about my leave, but I decided only yesterday/
[17:01] <TheMue> Aram: Oh, thought it would be for recreation. Sorry to hear that, too.
[17:04] <TheMue> So, have to step out, but will come in later again.
[18:04] <rogpeppe> right, that's me for the day
[18:04] <rogpeppe> night all
[19:09] <TheMue> re