1118102568 M * shuri brb
1118102576 Q * shuri Read error: Connection reset by peer
1118102705 J * shuri sjnesjd@64.235.209.226
1118103160 J * monrad ~monrad@213083190130.sonofon.dk
1118103202 M * Bertl evening monrad!
1118103233 M * monrad evening
1118103256 M * monrad guess who hit the ctrl+alt+backspace combo
1118103526 M * shuri re
1118103544 M * Doener wb shuri 
1118106026 J * eXplasm2 explasm@p549FF5CD.dip.t-dialin.net
1118106468 Q * eXplasm Ping timeout: 480 seconds
1118108150 M * Bertl Doener, RFC: http://vserver.13thfloor.at/Experimental/delta-helper-feat01.diff
1118108176 M * Bertl I thought this might be a little more flexible ...
1118108339 M * Doener -	argv[1] = "mickey";
1118108349 M * Doener i never noticed that one ;)
1118108357 M * Doener has it any special meaning?
1118108361 M * Bertl well, because it was never there ;)
1118108381 M * Bertl artefact from my testing ...
1118108386 M * Doener ah ok
1118108468 M * Doener looks good i'd say
1118108489 M * Bertl could you test something for me?
1118108501 M * Bertl (or read the source in this regard)
1118108519 M * Bertl I'm not sure the tools will handle the version change correctly
1118108532 M * Bertl -#define VCI_VERSION0x00010025
1118108533 M * Bertl +#define VCI_VERSION0x00020001
1118108551 M * Doener the tools use if (version > xxxx)
1118108566 M * Bertl with xxx being the full word?
1118108600 M * Bertl (or better, with version being the full (32bit) word
1118108781 M * Doener #  define CALL_VC_V13B(F,...)	CALL_VC_GENERAL(0x00010021, v13b, F, __VA_ARGS__)
1118108801 M * Bertl looks good!
1118108802 M * Doener in that case 0x00010021 is compared against the value returned from the syscall
1118108811 M * Bertl thanks!
1118108817 M * Doener you're welcome
1118108851 A * Doener continues watching blender video tutorials :)
1118108886 A * Bertl was freeing blender back then ...
1118108887 M * Doener i've seen them a few times now, but i like the speaker's voice somehow... when i need to relax a little, i watch them ;)
1118108907 A * Doener didn't have money back then...
1118108918 M * Doener ... not that i would have money now... ;)
1118109760 Q * gregster Remote host closed the connection
1118109770 J * gregster ~gregor@greart.de
1118109779 M * Bertl wb gregster!
1118109853 Q * jkl Ping timeout: 480 seconds
1118109888 Q * shuri Ping timeout: 480 seconds
1118110264 M * Bertl http://vserver.13thfloor.at/Experimental/FOR-2.0/delta-version-fix01.diff
1118110274 M * Bertl http://vserver.13thfloor.at/Experimental/FOR-2.0/delta-vhelper-feat01.diff
1118110280 M * Bertl http://vserver.13thfloor.at/Experimental/FOR-2.0/delta-nhelper-feat01.diff
1118110586 M * locksy Hi!  Just looking for suggestions about which initstyle to use (and which init package if any) on a Debian box which will run one vserver only (apache + postfix inside vserver - ftp, ssh outside)
1118110608 M * Bertl hmm, sysv and no init at all?
1118110629 M * locksy Ok,  sounds right to me :)
1118111361 M * locksy Hmm,  does anyone know the syntax for bind mounts in fstab (I've worked it out before but I can't find it atm)
1118111419 M * Bertl /var/tmp        /tmp            none    bind                            0 0
1118111453 Q * rs Quit: rs
1118111546 M * locksy thx,  which file should I be putting it in if I want to do: /tmp/vmain /var/lib/vservers/main/tmp none bind 0 0  whenever the main vserver is entered?
1118111584 M * locksy a quick look at /etc/vservers/main/fstab suggests it works from inside the vserver?
1118111601 M * daniel_hozac the first path is outside the vserver, the second path is inside.
1118111621 M * locksy Aaaah, makes sense :)
1118111883 T * Bertl http://linux-vserver.org/ | latest stable 1.2.10, devel 1.9.5, 2.0-rc4, ng9.5  -- He who asks a question is a fool for a minute; he who doesn't ask is a fool for a lifetime -- share the gained knowledge on the wiki, and we'll forget about the minute ;)
1118112508 M * Aiken how do you stress test to make sure vserver is stable?
1118112677 M * Bertl we let the companies do the stress testing ;)
1118112719 M * Bertl no, seriously, from time to time there are real stress tests with 'killer' apps ...
1118112755 M * Bertl this typically involves creating a few million contexts and such ...
1118112780 M * Bertl having up to 20k processes and more ...
1118112804 M * Bertl (all this happens on a 4-way SMP box ...)
1118112868 M * Aiken the worst I had come up with so far was the host and 2 or more vservers doing kernel compiles at the same time
1118113055 M * Bertl and, did it work as expected?
1118113099 M * Aiken I am looking vs1.2.10 on a 2.4 box I want to setup, successfull kernel compile in all cases
1118113132 M * Aiken all I can say abt vs2.0 today is if I want to use it I really should boot his machine with the correct kernel :(
1118113256 M * Aiken with the 2.4 box I just want to be sure before I touch a machine that does not give me any trouble
1118113612 M * Aiken the first things I checked was  not being able to touch eth0, host's hostname and trying kill -9 on host processes.
1118113629 M * Aiken it was those 3 that got me wary of chroot and got me looking at vserver
1118114423 M * Bertl sounds like a happy user so far ;)
1118114587 M * Aiken means I can get the functionality I wanted from solaris zones with out changing to solaris  :)
1118114736 M * Bertl qualifies for me ...
1118114752 M * Bertl okay, I'm off to bed now ... back after some sleep ...
1118114763 M * Bertl night Doener! night folks!
1118114770 N * Bertl Bertl_zZ
1118125079 Q * monrad Quit: Leaving
1118127519 M * eyck night
1118128087 J * erwan_ho ~erwan@konilope.dyndns.org
1118128110 J * Aiken_ ~james@tooax8-145.dialup.optusnet.com.au
1118128429 Q * Aiken Ping timeout: 480 seconds
1118128617 Q * erwan_ho Remote host closed the connection
1118128663 P * Aiken_ Leaving
1118129074 M * SiD3WiNDR hehe
1118129080 M * SiD3WiNDR I was reading in one of my o'reilly box
1118129084 M * SiD3WiNDR books even
1118129087 M * SiD3WiNDR "apache security"
1118129095 M * SiD3WiNDR linux-vserver is suggested there as security measure! :)
1118131818 J * prae ~prae@ezoffice.mandriva.com
1118132352 J * rs ~rs@imhotep.rhapsodyk.net
1118132373 J * betonamu ~Administr@dhcp-243-048.mag.keio.ac.jp
1118132444 M * betonamu hello. i am new to vserver. to understand it better, i am looking for a (scientific) paper about vserver, but dont see any (??). could anybody here recommend me where to find?
1118132459 M * betonamu i look at the home page, but there is only few userguide
1118132828 M * Loki|muh try the whitepaper
1118132842 M * Loki|muh or 'use the source, luke' *g*
1118133382 M * betonamu Loki|muh: where is the whitepaper?
1118133469 M * Loki|muh http://linux-vserver.org/Linux-VServer-Paper
1118133611 M * betonamu ah i known that page. it seems be the best resource on vserver architecture (unfortunately!!)
1118133677 M * Loki|muh hmmm best would be waiting for Bertl_zZ or Doener, these 2 know best about the vserver code I think
1118133722 M * betonamu this room seems quiet?
1118133749 M * betonamu but looks like vserver is pretty popular? 64 in this room now
1118133792 M * betonamu Loki|muh: any chance to get vserver into mainline kernel? any attempt to do that?
1118133847 M * Loki|muh sorry, dunno
1118134658 Q * rs Quit: rs
1118134758 M * SiD3WiNDR betonamu: channel 'traffic' usually picks up in the afternoon/evening CET time :)
1118136464 J * rs ~rs@staff.lycos.fr
1118137774 J * Doener` ~doener@p54876CB9.dip.t-dialin.net
1118137853 J * dsoul darksoul@pingu.ii.uj.edu.pl
1118137903 Q * Doener Ping timeout: 480 seconds
1118138424 Q * id Ping timeout: 480 seconds
1118138593 Q * Doener` Ping timeout: 480 seconds
1118138612 J * Doener ~doener@p548765D2.dip.t-dialin.net
1118139470 Q * rs Quit: rs
1118139886 M * ruuth hi! If I follow hollow's guide (http://dev.gentoo.org/~hollow/vserver/guide/) - do I have to use the standard profile (choosing the right profile) or the vserver profile - (following the gentoo-install-manual)?
1118139912 M * Hollow ruuth: please use the standard profile for now
1118139920 M * ruuth Hollow: ok!
1118139946 M * Hollow once the new profile is finished i'll update the docs
1118139958 M * Hollow should be pretty soon
1118140252 M * ruuth Hollow: How many developers are there in the vserver-project?
1118140281 M * Hollow currently only DaPhreak is helping me with the grsec patches
1118140296 M * Hollow wanna join?
1118140307 M * ruuth Hollow: Wow! You're the only one?
1118140312 M * Hollow kinda
1118140364 M * ruuth Hollow: opening private chat ...
1118140370 M * Hollow k
1118140373 J * Xorith ~noxoriths@pool-71-241-76-237.scr.east.verizon.net
1118140419 M * Xorith dsoul: I think what I'm needing is something showing the pro's and con's of the two :P
1118140514 M * DaPhreak Hollow: are you on the late afternoon in ?!
1118140530 J * axu_ ~axu@62.116.66.2
1118140534 M * axu_ hello :)
1118140545 M * Hollow DaPhreak: *shrug* maybe ;)
1118140565 M * axu_ is there a fast way to see all processes and there cpu usage from within the rootserver ?
1118140597 M * axu_ i have a vserverhost with 10 vservers and one has an ap in it running wild :) lazy me, i dont want to walk all of them :)
1118140670 M * axu_ ok.. lets enter those arenas ;)
1118140740 M * axu_ hmmm, klogd in 3 vservers was the problem
1118140760 M * axu_ should possibly disable it, it has no need i assume
1118140864 M * Xorith Can vserver actually run a completely different distro from the host?
1118140875 M * axu_ Xorith: shure
1118140895 M * Xorith Well I was recommended to look at vserver (I'm a tech for a virtual hosting company)
1118140926 M * Xorith Currently, we use UML, and I don't want to "trade features". So as long as I can establish that something like vserver will be "the same but better", I'm happy :P
1118140943 M * axu_ Xorith: go have a look, i use it for about 1 1/2 years. its a charm :)
1118140964 M * Xorith I really need to get some more hardware for my home, so I can actually play with things like this
1118140986 M * Xorith UML is nice in the sense that ot
1118140987 M * Xorith err
1118141007 M * axu_ xorith: no you dont. just get qemu up and running..install your favorite distro +? vserverpatched kernel + tools. on you go
1118141040 M * Xorith it's obvious. You're booting a kernel. Filesystems are block devices, so they can be mounted and tweaked on the host. The only pains we're having is UML is slow.. and there's no "easy" way to limit servers.
1118141056 M * axu_ xorith: uml is soem kind of different thing. vserver is more like superhard jails or chroot
1118141060 M * Xorith Customers have a technical CPU limit, but they don't know we can't really enforce it yet.
1118141080 M * axu_ 1 kernel
1118141098 M * Xorith What if a vserver does something to cause that kernel to panic?
1118141099 J * Doener` ~doener@p5487446C.dip.t-dialin.net
1118141106 M * Xorith Does that mean they all go down?
1118141118 M * axu_ Xorith: shure :)
1118141126 M * Xorith Not sure I like that. :P
1118141194 M * axu_ Xorith: then you should use solaris. or aix.
1118141299 Q * Doener Ping timeout: 480 seconds
1118141310 M * eyck do you think solaris will protect you from kernel panic?
1118141335 M * axu_ eyck: in conjunction with certified apps for those oses, yes :)
1118141392 M * Xorith Well it's my understanding though, that if a user runs an app on a UML, the kernel that's running the UML will be the one to suffer.
1118141407 M * Xorith I'm sure if someone did something bad enough it'd bring the whole server down.
1118141430 M * eyck so, if your app is certified, then it will work even when kernel panics? interesting.
1118141511 M * eyck I haven't seen such functionality in any of the solaris versions I've been working with
1118141531 M * axu_ eyck: i havent ever seen a solaris kernel panic :) so my talk is really theoreticaly :) but i have seen, misc systems in the telecombusiness running solaris for years under heavy load with databases, networkmonitoringtools, and telcospecific stuff on it ....
1118141573 M * Xorith I've seen systems run for years just on Linux, under heavy load.
1118141636 M * axu_ who hasent ? ;)
1118141667 M * Xorith Anywho, I'll have to toy with vserver
1118141668 M * eyck you people need to study logic, or mathematics or sth,
1118141680 M * axu_ eyck: hehehe
1118141695 M * Xorith Would love to find a page that lays out UML, Xen, and vserver with benchmarks, features, and drawbacks.
1118141727 M * Xorith While I'm at it. I'd also love to find a programming language that writes it's own code based on what I think, and does it bug-free, but alas ;)
1118141736 M * eyck UML/Xen/vservers are orthogonal concepts
1118141782 M * eyck Xorith: it's called 'perl'
1118141784 M * Xorith Yes, but logically they all have differences.
1118141799 M * eyck and there even is mythical module called 'DWIM'
1118141807 M * eyck perl -e 'use DWIM;' and you should be all set
1118141816 M * Xorith Perl hasn't developed telepathic communications yet :P
1118141825 M * Xorith Though I hear it's in early alpha stages.
1118141864 M * axu_ i guess with benchmarks. vserver is unbeatable :)
1118141873 M * Xorith Xen also shows to be unbeatable.
1118141898 M * Xorith The benchmarks on it's page show to be very close, if not equal to, native linux. :P
1118141919 M * Xorith The problem is, I need a good reason to pull the server down and rework how things are. It's the old "if it ain't broke, don't fix it"
1118141920 J * id ~id@relax-media.softwarezentrum.de
1118141940 M * Xorith While UML doesn't offer everything we're looking for (yet), it's what's working now.
1118141965 M * eyck vserver should win any virtualisation benchmarks hands down
1118141996 M * Xorith I need to test it for myself then.
1118141999 M * Xorith Not the benchmark
1118142002 M * Xorith But the features
1118142011 M * Xorith I'm currently falling in love with UML's CoW support. ;)
1118142018 M * eyck you need to understand those approaches
1118142028 M * Xorith I understand UML enough
1118142045 M * eyck that's a good start :) good luck :) 
1118142070 M * eyck vserver has CoW links, and Xen had this COW block device IIRC
1118142083 M * eyck oh, no
1118142105 M * eyck vserver would like to support CoW links, right now we only got COW block device, right.
1118142132 M * Xorith I think that's all UML does anyway... Not sure. I just started toying with it, and it's saved my backside already
1118142185 M * Xorith I'm working a distro up from FC2 to FC3, and I use the CoW files to ensure that if a particular package breaks the distro, I can easily recover. When things work and prove to be stable, I merge the CoW with the pristine.
1118142276 M * Xorith The other reason we're going to CoW files is so it'll be easier to "restore" a VM to "default" settings. Most of our clients use their VMs for testing and development. :P
1118142360 M * Xorith Oh, what about as far as web-based control panel tools for vservers?
1118142912 M * betonamu eyck: what is COW links? i know COW device, but what is this?
1118142956 M * betonamu eyck: how about comparing performance with Xen?
1118142998 M * eyck betonamu: performance of what?
1118143011 J * erwan_taf ~erwan@81.80.43.67
1118143029 M * betonamu eyck: you said that vserver is best at performane?
1118143038 M * betonamu (benchmark)
1118143042 M * eyck what about, you run Xen, inside it there are multiple vservers, and inside one of vservers you run UML
1118143054 M * eyck betonamu: it is,
1118143071 M * eyck but what exactly is it that you care about?
1118143170 M * betonamu eyck: just because i dont understand the context of your conclusion
1118143180 M * betonamu ok, how about CoW links? what is that?
1118143194 M * eyck do you understand how Xen works? and how vserver works?
1118143244 M * betonamu eyck: i know xen, but not vserver. just now i am reading its paper
1118143288 M * eyck oh, you come from academic background?
1118143293 M * betonamu (but papers on vserver are pretty rare)
1118143323 M * betonamu eyck: just because it is best to read scientific paper to understand it, rite?
1118143339 M * eyck so, you do come from academic background.
1118143367 M * betonamu eyck: i guess it is not that important, academic or not
1118143393 M * betonamu but academic paper is obviously better than some userguides
1118143402 M * eyck *of course*
1118143421 M * eyck there's nothing like reading documentation to get to know the subject.
1118143439 M * betonamu eyck: any attempt to push vserver to mainline ?
1118143480 M * eyck yup,
1118143489 M * eyck but SELinux people blocked it.
1118143496 M * betonamu hey, why?
1118143514 M * eyck because they are the SELinux people, the ultimate in linux security.
1118143520 M * eyck and they know everything,
1118143538 M * betonamu i guess selinux and vserver have separate segments
1118143541 M * eyck and there is no SELinux kabal.
1118143556 M * eyck go, and tell them that.
1118143585 M * eyck and they will tell you, that if you want vserver in mainline, you need to extend SELinux so that it can do the vserver's work.
1118143619 M * betonamu i guess probably if merging vserver into mainline, selinux must be reworked because there are some conflicts
1118143627 M * betonamu yeah, i think so
1118143651 M * eyck that's not the problem.
1118143678 M * betonamu selinux is kind of monopoly. 
1118143691 M * betonamu virtually only selinux uses LSM. that is too bad
1118143694 M * dsoul realy?:P
1118143706 M * betonamu LSM is badly designed :(
1118143730 M * eyck I've been told by Russel Coker, that vserver, grsec and all the other people are just lazy, and it's their own fault for not fixing LSM
1118143752 M * betonamu how did you answer?
1118143770 M * eyck I was just speachless
1118143783 M * eyck besides, I don't speak english that well in real life,
1118143800 M * betonamu what happen with vserver at that time? why you dont join designing LSM?
1118143814 M * betonamu ah so you meet Coker in conference?
1118143818 M * eyck yupp
1118143824 M * betonamu he is a very nice guy, anyway
1118143839 M * albeiro dsoul: :)
1118143842 M * eyck if you've got the talent and time, go ahead and fix LSM
1118143856 M * betonamu i think it is too late now
1118143865 M * eyck then go ahead,
1118143880 M * eyck that would be good for both LSM and vserver 
1118143882 M * betonamu there is one paper on lwn.net about "is it time to remove LSM"
1118143889 M * eyck (and probably grsec)
1118143921 M * betonamu it will be free to everybody this Thursday. look forward to seeing what they said
1118143923 M * dsoul albeiro: ;)
1118143934 M * albeiro there is a simple way of fixing lsm
1118143950 M * albeiro throw it out and let security experts design necesary functionality
1118143976 M * dsoul no sense
1118143985 M * dsoul beter to design new kernel 
1118143995 M * eyck oh, and I've been told that non-SELinux people are 14-year old brasilian programmers that can't code.
1118143995 M * albeiro right.
1118144006 M * dsoul eyck: lol
1118144013 M * albeiro i mean dsoul right now eyck ;p
1118144019 M * albeiro now/not/
1118144020 M * eyck very nice of russel to let me know that.
1118144042 M * betonamu nd I've been told that non-SELinux people are 14-year old brasilian programmers that can't code.?
1118144050 M * betonamu what is that? any typo here?
1118144055 M * betonamu i dont understand it
1118144099 M * eyck is there some problem with syntax?
1118144106 M * eyck or semantics?
1118144167 M * betonamu probably both grammatic and semantics, cause i dont understand it
1118144187 M * betonamu no-selinux peole or selinux peole?
1118144195 M * eyck non-SELinux people.
1118144196 M * betonamu s/no/non/
1118144201 M * albeiro everybody but selinux
1118144222 M * betonamu ah i see. Coker must not be serious at that time
1118144240 M * betonamu for example Linus is non-selinux :)
1118144271 M * albeiro linus publicly admited he know nothing about security
1118144273 M * betonamu but anyway that sentence above still has some problem in semantics
1118144279 M * eyck Linus is not a security guy
1118144284 M * betonamu but he can code
1118144301 M * betonamu so that makes nonsense at all :)
1118144315 M * albeiro yep. linux works. but nothing above it.
1118144352 M * eyck I don't think "so that makes nonsense at all" is english.
1118144354 M * betonamu i think ath any guys at that level (like Linus) can understand any security problem very easily (may be too easily)
1118144374 M * Xorith Apparently bill gates wasn't a security guy either. Neither were any of his hundreds of developers. :P
1118144380 M * betonamu eyck: i am not native, either :)
1118144383 M * eyck betonamu: there is a 'scientific paper' about Linus not understanding security :)))
1118144418 M * betonamu cause he doesnt pay attention. if he does, i dont see any problem.
1118144427 M * albeiro but MS is doing recent security releated decision and solutions in a right way
1118144455 M * albeiro finally they got it and are going in more or less right direction
1118144527 M * dsoul less ;P
1118144549 M * betonamu MS have all the top security experts. i think  they just got problem organize their developers to work on security.
1118144567 M * albeiro dsoul: linux is going much worse way ;)
1118144586 M * dsoul albeiro: agree :)
1118144597 M * betonamu and yes, i think linux has worse record on security than MS.
1118144611 M * betonamu too much bugs on kernel recently
1118144647 M * dsoul bugs are not problem
1118144671 M * dsoul they are patched quickly
1118144685 M * betonamu why not problem?
1118144687 M * Xorith But not all admins patch.
1118144691 M * betonamu that is very bad for linux image
1118144707 M * betonamu besides, not every systems get patched quickly enough
1118144711 M * dsoul top security experts @ MS? neeeeeeee :)
1118144731 M * eyck dsoul: why not?
1118144735 M * betonamu dsoul: yes, never doubt about that. MS has a lot of top security experts
1118144778 M * Xorith They do *now*, the problem is they didn't when they started the NT arch. :P
1118144785 M * eyck hmm
1118144808 M * Xorith We were hacking NT4 out of boredom in highschool.
1118144809 M * eyck you think NT arch is insecure?
1118144826 M * Xorith It's more secure than the old 95/98 arch
1118144838 M * eyck it's more secure then linux
1118144863 M * axu_ my c64basic os is more secure then linux
1118144866 M * Xorith Perhaps in the current state.
1118144868 M * eyck not really,
1118144887 M * axu_ my c64 never got hacked
1118144894 M * eyck NT is microkernel-based OS, linux is monolithic child's toy.
1118144920 A * Xorith looks at the terminology hit the wall behind him.
1118144921 M * betonamu eyck: there are some problem with NT architecture
1118144934 M * eyck like?
1118144948 M * betonamu but GUI is in kernel, anyway, so how come it is good?
1118144960 M * eyck it's not part of original design
1118144980 M * Xorith I suppose the remote management parts aren't actually part of the arch.
1118145006 M * eyck in original design GUI run in userspace and was dog-slow :) 
1118145021 M * Xorith Kinda like Gnome? :P
1118145042 M * eyck nope, GNOME is fast and runs lots of stuff in kernel mode
1118145070 M * betonamu eyck: which part of gnome in kernel?
1118145085 M * Xorith I haven't toyed with a GUI on Linux since GNOME 1 on a RH6 or 7 box, running on a 300mhz Celeron.. so I suppose it's gotten better since then.
1118145138 M * Xorith Well except for on a VM, but slowness is expected then.
1118145140 M * eyck betonamu: lot's of drawing primitives, transparency etc... everything with 'accelerated' in description ;) 
1118145152 M * eyck Xorith: VM?
1118145164 M * Xorith virtual machines. ie VMware, MS Virtual PC
1118145169 M * Xorith UML
1118145212 M * Xorith I've run GNOME2 in all three of those, with performance hangs. Mostly due to the limited resources granted to the VM
1118145248 M * betonamu eyck: like what?
1118145295 M * eyck like, XVideo,
1118145319 M * betonamu xvideo? what is the kernel module for it?
1118145351 M * betonamu actually i dont use gnome, too slow. i go for fluxbox or icewm
1118145362 M * Xorith Holy crap.
1118145396 M * Xorith I guess that's a bad config. Pages of panics.
1118145457 M * axu_ eyck: transparency ? istn that just a dump copy of the framebuffer copied somewhere else and put with an tint effect ?
1118145525 M * axu_ or is the composite thingy working with gnome ?
1118145531 M * eyck isn't it?
1118145566 M * axu_ eyck: l?ast time i tried i had real transparency through xcompmgr + transset, and fake transparency with gnome
1118145580 M * axu_ 3-4 months ago
1118145624 M * axu_ maybe should look again
1118145696 M * axu_ like if you drag an icon over a running movie (x11 output!) can you see the movie below the gnome icon ?
1118145834 Q * betonamu Ping timeout: 480 seconds
1118145912 M * eyck what?
1118145916 M * eyck I don't use gnome
1118146181 Q * Xorith Quit: 
1118146240 J * rs ~rs@staff.lycos.fr
1118146303 M * eyck oh well,
1118147704 M * axu_ me neitrher ;)
1118147706 M * axu_ ok, bye folks
1118147711 P * axu_ Client exiting
1118152373 N * Bertl_zZ Bertl
1118152417 M * Bertl morning folks!
1118153454 M * Pazzo moin Bertl!
1118156036 M * ruuth Bertl: Did you get my private Message? What do you think?
1118156063 J * jsambrook ~jsambrook@aelfric.plus.com
1118156066 P * jsambrook 
1118156104 M * Bertl ruuth: hmm, well, could you repeat the question please?
1118156194 M * ruuth Bertl: -> private Window
1118156256 J * shuri sjnesjd@64.235.209.226
1118156260 M * shuri ola
1118156377 M * shuri i got an hold vserver install
1118156379 M * shuri 2.4.27-vs1.29
1118156398 M * Bertl hey shuri!
1118156408 M * SiD3WiNDR Bertl: did you know vserver was mentioned in the "apache security" book? :)
1118156448 M * shuri how can i allow ping into one vserver
1118156460 M * Bertl shuri: is 'ola' just an onomatopoeic expression, or are you looking for the debian maintainer?
1118156464 M * shuri S_CAPS="CAP_NET_RAW" is not enouggh
1118156464 M * SiD3WiNDR lol
1118156472 M * SiD3WiNDR I think the first one, Bertl :)
1118156489 M * Bertl shuri: ping 'into' a vserver is not possible
1118156504 M * Bertl shuri: ping to a vserver ip works out of the box ...
1118156516 M * Bertl SiD3WiNDR: hey, and no, didn't know .. url?
1118156528 M * SiD3WiNDR hm, I have it hardcopy ;)
1118156533 M * shuri ping google.co
1118156535 M * shuri com
1118156537 M * SiD3WiNDR it's the book "Apache security" by O'Reilly
1118156550 M * Bertl shuri: you have a vserver for google?
1118156553 M * shuri ola is an onomatopoeic expression :)
1118156563 M * SiD3WiNDR when talking about separating parts and stuff, it talks about using different machines, which is expensive, or using vserver or uml :)
1118156563 M * shuri i got a server to monitoring
1118156576 M * shuri nagios / mon
1118156604 M * shuri nagios need to ping to see if other host are alaive
1118156606 M * shuri alive
1118156626 M * Bertl shuri: what a great method to verify that ...
1118156644 M * Bertl SiD3WiNDR: cool!
1118156648 M * shuri huh?
1118156696 M * Bertl shuri: well, one half of my hosts will reply to pings if if they are hard locked (kernel panic), for the other half, the router/firewall will reply the ping on behalf ;)
1118156722 M * shuri well is the router do not ping
1118156731 M * shuri of the gateway of the provider...
1118156735 M * shuri i need to know it.
1118156746 M * SiD3WiNDR Bertl: yea, thought so too. It's just a reference to the site, but still cool... stumbled upon that while reading the book :)
1118156750 M * shuri when cisco freeze it do not answer to ping:)
1118156754 M * Bertl k, so you are 'trying' to ping from _inside_ the guest, no?
1118156771 M * SiD3WiNDR yes
1118156781 M * shuri i need to be able to ping anyting from a vserver
1118156787 M * shuri even if is not secure
1118156800 M * Bertl good, you successfully added CAP_NET_RAW (on your 2.4 kernel)?
1118156804 M * shuri yes
1118156813 M * Bertl and ping still doesn't work?
1118156844 M * shuri ping: ping must run as root
1118156856 M * Bertl you are not root in your vserver?
1118156865 M * shuri yes i am
1118156867 M * shuri lol
1118156870 M * shuri vserver mon enter
1118156881 M * shuri ping x.x.x.x
1118156887 M * Bertl so what is your ping trying to tell you?
1118156908 M * shuri # ping google.com 
1118156908 M * shuri ping: ping must run as root
1118156957 M * shuri any other way to allow ping?
1118156961 M * Bertl what about giving strace a chance?
1118157013 M * shuri dont know how it work..
1118157168 M * shuri i will upgrade my kernel.. 
1118157178 M * shuri got one box with lastest stable and it work
1118157234 M * Bertl strace -fF -o ping.log ping google.com
1118157316 M * shuri  strace -fF -o ping.log ping google.com
1118157317 M * shuri ping: ping must run as root
1118157318 M * shuri hihi
1118157330 M * Bertl now upload the ping.log somewhere
1118157338 M * shuri k
1118157469 M * shuri http://shuri.electronicbox.net/ping.log
1118157586 M * shuri anyway this box is old.
1118157593 M * shuri will upgrade is to latest
1118157607 M * Bertl 2.0-rc4? good idea!
1118157622 M * shuri got 2 box on  it
1118157623 M * shuri :_)
1118157630 M * Bertl really?
1118157635 M * shuri yes
1118157638 M * shuri but rc3
1118157645 M * Bertl anyway, quite fast
1118157679 M * Bertl your guest doesn't have CAP_NET_RAW ...
1118157705 M * shuri S_CAPS="CAP_NET_RAW CAP_NET_ADMIN"
1118157759 Q * erwan_taf Remote host closed the connection
1118157816 M * shuri i think the problem is the tool
1118157825 M * Bertl which tool?
1118157850 M * shuri maybe i got to much lasted utils for this kernel
1118157878 M * Bertl could be ...
1118158066 M * Doener` Bertl: http://www.oreilly.de/catalog/apachesc/chapter/ch02.pdf
1118158084 M * Doener` Page 28 (PDF) or Page 41 (Book)
1118158142 M * Doener` there's a paragraph mentioning virtualizion to be discussed in an other chapter (which is not available as preview :( )
1118158174 M * Bertl ah, thanks!
1118158191 M * Bertl btw, 2.0-rc4 looks good with legacy stuff and in the plm tests ;)
1118158228 M * shuri good to know!
1118158230 M * Doener` http://www.apachesecurity.net/about/links.html
1118158241 M * Doener` 6th links in chapter 9
1118158779 M * DaPhreak Bertl: does the -rc4 already include the xfs-fix ?!
1118158829 M * SiD3WiNDR :)
1118158836 J * erwan_taf ~erwan@81.80.43.67
1118158845 M * DaPhreak (hopefully)
1118158893 Q * erwan_taf Remote host closed the connection
1118159004 Q * rs Quit: rs
1118159006 M * Bertl DaPhreak: of course!
1118159018 M * DaPhreak Bertl: thanks ;)
1118159040 M * DaPhreak saw it a second ago on the patch --dry-run ;)
1118159196 Q * cryo Remote host closed the connection
1118159412 J * cryo ~say@212.86.243.154
1118160137 M * ruuth help! my first vserver-start-stop hangs at "saving random seed" :|
1118160216 J * erwan_taf ~erwan@81.80.43.67
1118160236 J * rs ~rs@Laubervilliers-151-13-4-57.w82-127.abo.wanadoo.fr
1118160240 M * Bertl ruuth: well, a) it's not supposed to do that, and b) you sure it hangs there?
1118160248 M * Bertl welcome erwan_taf! rs!
1118160254 M * rs re
1118160274 M * ruuth Bertl: Yes. I'm waiting for about 3 Minutes now.
1118160277 M * Bertl Doener`: just realized we have no semaphore accounting in 2.0?
1118160281 M * DaPhreak yupp Bertl ;) experienced it some times ..
1118160300 M * DaPhreak ruuth: try a `rc-update del urandom default` inside that vserver
1118160312 M * erwan_taf hey Bertl \o/
1118160316 M * ruuth DaPhreak: ok ... mom ...
1118160350 M * Doener` hmm... where did i see that code then...
1118160354 M * DaPhreak if that doesn't work, you have to edit your init-script and _remove_ urandom from the depend line
1118160368 M * Doener` i mess up stuff too often in my head lately...
1118160402 M * DaPhreak comes from thinking too hard ;) or even by head-banging (with a wall ;P)
1118160591 M * ruuth DaPhreak: it's not found in default - I see it in boot
1118160607 M * ruuth DaPhreak
1118160628 M * DaPhreak yeah ... then delete it from boot and remove it from your init-scripts :)
1118160633 M * ruuth DaPhreak: Sorry ... damn NetTalk-Program
1118160911 M * ruuth DaPhreak: It seems that the vshelper script hangs AFTER the saving random seed!
1118160942 M * DaPhreak hmm take a look at halt.sh (in /etc/init.d of your vserver)
1118160967 M * Bertl ruuth: you are using 2.0?
1118160979 M * DaPhreak and make sure you comment out the first /sbin/halt 
1118160990 M * Bertl no, please don't do that
1118161001 M * DaPhreak ?
1118161012 M * Bertl ruuth: which kernel version do you use?
1118161024 M * DaPhreak Bertl: well the first halt is -idp .. and not -f ;)
1118161064 M * DaPhreak or is the -f harmful for those older than 2.0 ?
1118161114 M * Bertl no, your approach is fine, I just would like to know the kernel version and if it is fixed with 2.0-rc4 or not ...
1118161135 M * DaPhreak heh ;) ah :D
1118161160 M * DaPhreak probably not .. since -rc4 is not yet in the official portage tree (AFAIK)
1118161469 M * ruuth Bertl: 2.6.11.11-vs2.0-rc3
1118161508 M * DaPhreak ruuth: do you have an overlay-dir on the host (the physical server) ?
1118161510 M * Bertl okay, could you update to rc4 and see if it remains?
1118161587 A * DaPhreak 's rebooting to -rc4. Back in a minute or so (hopefully) ;P
1118161606 M * ruuth DaPhreak: No
1118161622 Q * ruuth Quit: Nettalk6 der Freeware IRC-Client
1118161666 J * ruuth VooDoo@topas.informatik.uni-ulm.de
1118161774 M * ruuth back again - had to update my icr client ...
1118161835 Q * ruuth Read error: Connection reset by peer
1118161883 J * ruuth VooDoo@topas.informatik.uni-ulm.de
1118162074 Q * erwan_taf Remote host closed the connection
1118162150 M * DaPhreak *grrr* ;(
1118162152 M * DaPhreak Bertl: http://pastebin.com/296562
1118162181 M * Bertl well, didn't you read the help in the config?
1118162208 M * DaPhreak eh ?
1118162213 M * DaPhreak kernel config ?!
1118162231 M * Bertl         bool    "Disable Legacy Networking Kernel API"
1118162234 M * Bertl           This disables the legacy networking API which is required
1118162234 M * Bertl           by the chbind tool. Do not disable it unless you exactly
1118162234 M * Bertl           know what you are doing.
1118162256 A * DaPhreak didn't disable that one ..
1118162268 M * DaPhreak hmm i used a shitty config ... 
1118162619 J * jkl eric@c-67-173-254-242.hsd1.co.comcast.net
1118162904 M * DaPhreak second try :)
1118162956 M * ruuth how can I update to rc4? my portage says that rc3 is the latest ...
1118162978 M * ruuth ~x86 unmasked
1118163030 M * dsoul if it's not in portage it do not exist ?:P
1118163190 M * ruuth dsoul: yeah! :) ... but I know it must be somewhere ;) ... and not only in the channel-topic
1118163252 M * Bertl http://vserver.13thfloor.at/Experimental/patch-2.6.11.11-vs2.0-rc4.diff.bz2 (but I guess gentoo folks will update pretty soon)
1118163383 M * ruuth Bertl: Thanks - I hope Hollow will take care of it soon ;)
1118163437 M * Hollow right ;)
1118163438 M * ruuth As soon as it is in ther Portage tree - I will try, if the vserver stop keeps hanging after "saving random seed"
1118163463 M * Hollow -rc4 will get in this evening
1118163472 M * ruuth Hollow: Cool!
1118163992 M * DaPhreak $ uname -r
1118163993 M * DaPhreak 2.6.11.11-vs2.0-rc4
1118163995 M * DaPhreak ;)
1118164001 M * Bertl congrats!
1118164051 M * DaPhreak yeah :) finally :D
1118164065 M * DaPhreak now i only have to fix up that xids ;)
1118164430 M * Bertl hhmm?
1118164476 M * DaPhreak yeah .. those vservers are _very_ old ;) so that all their stuff belongs to them, i'm fixing up the xid-tags .. (for their directories, etc)
1118164878 M * Bertl okay, I'm off now .. back later ...
1118164895 N * Bertl Bertl_oO
1118164929 Q * prae Quit: Client exiting
1118166759 M * jkl i am having trouble with portforwarding to a vserver, any docs describing this?
1118166828 J * steve^ ~steve@user-2774.l6.c5.dsl.pol.co.uk
1118166829 M * steve^ hi all
1118166841 M * steve^ is the 2.6 tree stable enough for production use?
1118167256 M * ruuth Bertl: is it possible that the vshelper-script in 0.30.207 is missing the STOP argument?
1118167321 M * ruuth Bertl: I just saw that vshelper is called with "stop" and vserver pid
1118167323 Q * steve^ Ping timeout: 480 seconds
1118167400 M * ruuth DaPhreak: is it possible that the vshelper-script in 0.30.207 is missing the STOP argument? I just saw that vshelper is called with "stop" and vserver pid. I had a quick look at the script-code and found no stop section ... only *) handling all unknown
1118167696 J * erwan_ho ~erwan@konilope.dyndns.org
1118172174 M * Hollow ruuth: 2.0-rc4 is in cvs
1118172191 M * Hollow DaPhreak: ^
1118173650 M * jkl is there a way to run tcpdump from within a vserver?
1118173899 M * daniel_hozac give it CAP_NET_RAW?
1118173963 Q * erwan_ho Quit: Leaving
1118173974 M * jkl whats that?
1118174042 J * mef ~mef@targe.CS.Princeton.EDU
1118174545 J * yarihm ~yarihm@84.73.118.158
1118174586 M * yarihm yo everyone, yo Bertl_oO 
1118176493 Q * albeiro Ping timeout: 480 seconds
1118176904 J * albeiro ~albeiro@procyon.romke.net
1118177613 Q * duckx Read error: Connection reset by peer
1118177615 J * duckx ~Duck@81.57.39.234
1118178546 M * Doener` g'night folks
1118178550 N * Doener` Doener_zZz
1118179308 N * Bertl_oO Bertl
1118179323 M * Bertl evening folks!
1118179404 M * case jkl: a capability for a vserver, should be in /etc/vservers/vs.conf: S_CAPS="CAP_NET_RAW CAP_NET_ADMIN", e.g.
1118179668 M * Bertl hmm, only for old configs ;)
1118179682 M * Bertl and you actually don't want to give them ;)
1118179760 M * mugwump morning
1118179808 M * mugwump how's the 2.0 release going, Bertl?  Got a 0.30.208 from enrico ?
1118180202 M * Bertl well, didn't check the last 3 hours, but before we had none ...
1118180216 M * Bertl 2.0 is going fine (kernel side)
1118180404 M * mugwump I'm investigating automatic tracking of the savannah sources via svk into the openfoundry repository..
1118180581 Q * shuri Read error: Connection reset by peer
1118180716 M * mugwump blast, getting commit messages out of savannah requires you to be a project member
1118181229 J * Aiken ~james@tooax6-104.dialup.optusnet.com.au
1118181527 M * mugwump http://rafb.net/paste/results/9aHZQC55.nln.html # differences ... hmm
1118181755 M * Bertl hmm .. yeah, we should try sync up again ...
1118182021 Q * mef Remote host closed the connection
1118182656 M * Bertl mugwump: did you get around having a look at 2.0-rc*?
1118183039 M * Aiken the web page still says rc3
1118183100 M * Bertl really? well, rc4 is current ...
1118183197 M * Aiken I just downloaded rc4
1118183228 M * mugwump I'm on -pre1 atm
1118183277 M * Bertl ruuth: still around?
1118183307 M * Bertl jkl: what do you want to 'forward'?
1118183873 M * Aiken for a machine with 1gig of ram, which is better? himem support or changing the split?
1118183911 M * Bertl split, nohighmem, highmem in this order ...
1118183920 M * Bertl i.e. different split -> full 1GB
1118183932 M * Bertl no highmem -> 927MB
1118183936 M * Aiken nohimem is not an option as I want the full 1 gig
1118183949 M * Aiken I only get 896 meg with nohimen
1118183949 M * Bertl both is better than having 1GB with highmem
1118183983 M * Bertl himem on x86 is really slow ... and complicated
1118184045 M * Aiken 2.5/1.5 or 2/2?  have not looked at the split before so not sure which way to go
1118184056 M * Aiken but as the option comes up with the vserver patch I though I would try it
1118184057 M * Bertl 2/2 is probably the simplest
1118184063 M * Aiken ok
1118184766 M * jkl Bertl: tcp traffic going to port 80 with an apache webserver running in a verserver
1118184779 M * jkl vserver even
1118184815 M * jkl but i have two internet connections and was forwarding both on port 80 to the apache server
1118184821 M * Bertl no forwarding fro vservers ;)
1118184826 M * jkl one would work, one wouldn't 
1118184831 M * jkl well, i was trying to use DNAT
1118184834 M * jkl will that work?
1118184845 M * Bertl it should ...
1118184869 M * jkl i have a feeling that doing it on both interfaces messed something up
1118184883 M * Bertl two internet conections sound like two different gateways
1118184884 M * jkl i switched it to just one a couple hours ago and it seems to be working reliably now
1118184915 M * jkl i have two modems connected to two ethernet cards on the same machine that is running the vserver
1118184918 M * Bertl which is a little trickier, especially if you map them to a single ip
1118184926 M * jkl two separate ips
1118184934 M * Bertl for the vserver?
1118184940 M * jkl equal cost multipath routing on the host
1118184976 M * jkl apache web server running in a vserver with a firewalled NAT ip
1118185012 M * jkl vserver only has one firewalled ip address
1118185139 Q * rs Quit: rs
1118185166 M * jkl *shrug* i'm going to add the other DNAT rule back in and see if it breaks again
1118185274 M * mugwump Bertl, are all 25 bugs on http://savannah.nongnu.org/bugs/?group=util-vserver&func=browse&set=open current, or just the ones you mailed Enrico about on the list?
1118185289 M * Bertl almost all ...
1118185299 M * mugwump ouch, ok
1118185341 M * Bertl a few have been addressed by the cvs ...
1118185381 M * Bertl jkl: probably a better setup is to give 2 separate private ips to the vserver, one for each public ip ...
1118185449 M * jkl and then have the apache server bind to both
1118185456 M * Bertl precisely
1118185467 M * jkl yeah that would make a lot more sense
1118185492 M * jkl what's the easiest way to add another ip to an existing vserver?
1118185503 M * Bertl I assume new style config?
1118185511 M * jkl yes
1118185533 M * Bertl you have a dir in '../<name>/interfaces'
1118185537 M * jkl yep
1118185547 M * jkl just add more to that eh?
1118185550 M * Bertl just copy the 0 
1118185558 M * Bertl (or whatever it is called right now)
1118185566 M * Bertl then edit the ip ...
1118185642 Q * Aiken Quit: Leaving
1118185680 M * jkl so i should copy it to 1?
1118185689 M * Bertl yup, for example
1118185700 M * Bertl (the actual name doesn't really matter)
1118185781 M * jkl ok
1118185824 M * jkl is prefix the netmask?
1118185863 M * Bertl the network prefix, yes ... keep in mind, unless you make a multitable routing setup (for the two gateways) the packets leaving the guest will originate from the first assigned ip
1118185880 J * Aiken ~james@tooax6-104.dialup.optusnet.com.au
1118185913 M * jkl egh, yeah you're right
1118185938 M * jkl so ill have to mark the packets as they come into the guest to make sure they go back out over the correct interface
1118185940 M * jkl ?
1118185969 M * Bertl depends, connection tracking should take care of that if you do DNAT
1118186001 M * Bertl if you have guest originating packets, you will need to get an MT setup
1118186120 Q * yarihm Quit: Leaving
1118186441 M * jkl sweet, i think that did it
1118186769 M * Aiken rc4 with a 2/2 split seems to be working ok for me
1118186785 M * Bertl good!
1118186974 M * mugwump (svn merge)++
1118187049 M * Aiken I keep forgetting how to setup the hardcpu limit
1118187076 M * Bertl token bucket ;)
1118187134 M * mugwump (svn merge)++ # another CVS revision cleanly merged into SVN without a hitch!
1118187144 M * Bertl cool!
1118187199 Q * matti Ping timeout: 480 seconds
1118187388 M * mugwump rightio ... r146 of http://svn.openfoundry.org/utilvserver/trunk has had all changes from 2005-04-28 to HEAD merged
1118187555 M * mugwump changes up to 2005-04-30 seemed to already be applied to HEAD, so no changes were needed (as seen with merge in version r142)
1118187566 M * mugwump the rest applied cleanly with no manual intervention required
1118187601 M * Bertl okay, so the svn repository (HEAD) is now in sync with enricos changes?
1118187625 M * mugwump I believe so!
1118187639 M * Bertl excellent, will test it asap ...
1118187744 M * mugwump that would be good, perhaps check with diff or something it matches the head revision from CVS you've been working with, or that the differences are inconsequential..
1118187766 M * mugwump then we can crack on with the major issues you mentioned in the list e-mail
1118187956 M * Aiken I got it working following http://www.paul.sladen.org/vserver/archives/200412/0099.html
1118187980 M * Aiken is that the way to do setup the cpu limit or is than an easier way, ie just specify 20%
1118188005 M * Bertl hehe, well, that is the way, and it's actually pretty easy too
1118188038 M * Bertl the parameters you set here are part of the config now
1118188055 M * Bertl so you can simply enter them there, no need for hardcore flag setting and such
1118188083 M * Bertl the basic elements (FillRate, Interval, Min/max) are the same
1118188110 M * Aiken so I assume some overhead on the host is normal???
1118188125 M * Aiken xp1600, I have the vserver limited to 50% and the host is 30% idle
1118188141 M * Bertl your settings are?
1118188160 M * Aiken 50 
1118188161 M * Aiken 100 
1118188161 M * Aiken 600 
1118188161 M * Aiken 0 
1118188161 M * Aiken 500 
1118188162 M * Aiken 0
1118188177 M * Aiken the example on that post with the first line 50 instead of 20
1118188200 M * Bertl how do you test, (i.e. what is running inside?)
1118188228 M * mugwump you can reduce that 50/100 to 1/2 if you like
1118188246 M * Bertl Aiken: and most important, did you enable the limit idle task option in the kernel?
1118188252 M * Aiken at the moment ssh into the vserver with top running with an update interval of zero
1118188284 M * Aiken no
1118188292 M * Aiken time for another kernel compile?
1118188298 M * Bertl hmm, this probably includes network stuff too ... you should get a real cpu-hog ...
1118188316 M * mugwump perl -e "1 while 1" is my favourite :)
1118188358 M * Bertl yeah, or if you prefer C ... http://vserver.13thfloor.at/Experimental/TOOLS/cpuhog.c
1118188358 M * Aiken mugwump much better example
1118188379 M * Aiken vserver is holding 50% and the host is 40 - 45% idle
1118188425 M * Aiken I can live with that
1118188425 M * Bertl you get 'preciser' limits with the idle task limiting enabled
1118188441 M * Bertl but it also adds more overhead in form of task switching
1118188458 M * mugwump (english nitpick: that's "more precise" ;)
1118188465 M * Aiken "but increases scheduling overhead" put me off enabling it at the time
1118188475 M * Bertl mugwump: oops, thanks!
1118188514 M * Bertl Aiken: basically the overhead/quality tradeoff goes like this:
1118188548 M * Bertl No-Limit - Priority Scheduler - Hard CPU Limits - Hard With Idle Limits
1118188572 M * Bertl from left to right you increase the overhead and precision ...
1118188635 M * mugwump of course this "overhead" is still very difficult to measure even on the maximum setting AIUI
1118188668 M * Bertl yes, it also depends on the number of processes
1118188709 M * Bertl for example, an interesting corner case is when a number of processes which are not really cpu bound are constantly accessing the disk subsystem
1118188742 M * Aiken lots of swap or a big compile
1118188766 M * Bertl in this case it is very improtant to keep the interval high, with a given rate/interval ratio