1132012848 M * michal_ so why evil_ping is evil ? 1132012873 M * Bertl well, that's how I called it, when we first encountered the debian ping 1132012894 M * michal_ nice ;] 1132012898 M * Bertl because it required an additional hack to make it work inside a guest (in a secure way) 1132012918 M * michal_ what kind of hack ?? 1132012928 M * michal_ both are open raw sockets 1132012942 M * Bertl yes, the difference is, one is for reading only 1132012959 M * Bertl the other one is used for transmitting self created icmp packets 1132012983 M * Bertl so while I can easily restrict the 'read' part, the write is more problematic 1132013012 P * stefani I'm Parting (the water) 1132013091 M * michal_ i see. and what was that secure solution to it ? (/me digging ;) 1132013215 M * Bertl if ((protocol == IPPROTO_ICMP) && vx_ccaps(VXC_RAW_ICMP)) 1132013215 M * Bertl goto override; 1132013758 M * michal_ tricky ;] 1132014048 M * Pazzo Bertl: I did a diff between strace of "your" ping and debian's ping 1132014065 M * Pazzo output is different 1132014077 M * Bertl yep, sure it is -- different method 1132014104 M * Pazzo yeah, but socket(PF_INET, SOCK_DGRAM, IPPROTO_IP) = 4 seems to be in both of them 1132014108 J * iprone ~iprone@adsl-065-012-167-027.sip.asm.bellsouth.net 1132014344 M * Pazzo http://devel.gelf.net/strace_pingdebian.txt 1132014351 M * Pazzo http://devel.gelf.net/strace_pingbertl.txt 1132014385 M * Pazzo "your" ping is doing bind(3, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("127.0.0.1")}, 16) = 0 1132015095 M * Bertl *phew* almost forgot how tricky the packet delivery is (in the linux ipstack) 1132015236 M * Pazzo :) 1132015299 Q * PhiberOptics Quit: « Ë×Çü®§îöñ » Info~[v9.5]~ Released~[October 27, 2003]~ 1132015698 M * Bertl hmm, hmm, the icmp echo_reply is discarded ... 1132015792 M * Bertl guess that needs another check of the socket ... 1132015931 M * Bertl yup, more than one raw sockets but the first one isn't interested :) 1132016141 Q * iprone Ping timeout: 480 seconds 1132016632 J * lilo_ ~lilo@lilo.usercloak.oftc.net 1132016726 Q * lilo Ping timeout: 480 seconds 1132016807 J * dos000 ~dos000@CPE00119572fd49-CM00137186e53a.cpe.net.cable.rogers.com 1132016880 M * Pazzo Bertl: do you want me to do some other testing? otherwise I'll switch back to 2.6.12-vs2.0 and compile a non-ngnet 2.1.0-rc7 kernel to do some tests for my personal needs 1132016902 M * Pazzo I'll keep hanging around here, so let me know if you want me to test something 1132016912 M * Pazzo (at any time :) 1132017005 M * Bertl okay, make that .. will take a little longer ... 1132017057 M * Pazzo np 1132017361 Q * click_ Ping timeout: 480 seconds 1132017742 J * Aiken_ ~james@tooax8-007.dialup.optusnet.com.au 1132018061 Q * Aiken Ping timeout: 480 seconds 1132018565 J * iprone ~iprone@adsl-065-012-167-027.sip.asm.bellsouth.net 1132019208 M * mnemoc Bert: awake? 1132019319 M * Bertl yup 1132019359 J * ryker ~ryker@c-67-176-240-74.hsd1.in.comcast.net 1132019369 M * Bertl welcome ryker! 1132019594 M * dos000 hey ! 1132019741 M * ryker hi 1132019939 M * mnemoc Bert: http://mnemoc.pastebin.com/429822 <--- what can be wrong? that guest doesn't have any limit, and it has the following bcaps: CAP_MKNOD CAP_CHOWN CAP_SYS_ADMIN CAP_SYS_RAWIO CAP_SYS_CHROOT CAP_SYS_PTRACE CAP_SYS_TTY_CONFIG 1132020009 M * Bertl CAP_IPC_LOCK is missing 1132020015 M * mnemoc thanks 1132020021 M * Bertl you're welcome! 1132020048 M * mnemoc :) 1132020320 M * mnemoc finally it worked! :) 1132020411 M * Bertl btw, it's interesting that your loop mount will lock something into memory ... 1132020431 Q * samuel Ping timeout: 480 seconds 1132020657 M * mnemoc i thought that was normal 1132020715 M * Bertl *argl* 1132020739 M * Bertl mnemoc: was a general one, not directed at you 1132020795 M * mnemoc :) 1132021298 M * Bertl Pazzo: ping? 1132021487 M * Pazzo pong 1132021503 M * Bertl I found it! actually it's trivial 1132021518 M * Bertl but on the way there, I fixed a lot of other stuff :) 1132021545 M * Bertl but jsut to verify, I'll upload a trivial patch in a minute 1132021561 M * Pazzo hehe 1132021663 M * Bertl http://vserver.13thfloor.at/Experimental/NGNET/delta-ngn0.03-fix01.diff 1132021684 M * Bertl I just forgot to disable the legacy net checks :/ 1132021699 M * Pazzo ? 1132021719 M * Bertl well, this patch will do that ... 1132021742 M * Pazzo hmm... how can I rebuild my kernel package without compiling the whole big thing? 1132021758 M * Pazzo I fear that make-kpkg will run a make mrproper first 1132021762 M * Bertl I'd suggest you _apply_ that patch, and then in the source tree do 1132021774 M * Bertl 'make' and after that 'make dpkg' 1132021831 A * Pazzo creates a copy of the whole sourcetree :) 1132022059 M * Pazzo hey, make-kpkg is intelligent :) 1132022192 M * Bertl excellent! 1132022204 M * Pazzo sorry, had to wait a little bit - it was also redoing the kernel-source and kernel-headers packages 1132022210 M * Pazzo rebooting 1132022249 M * Bertl np, after all it took me .. hmm almost 4 hours to figure :) 1132022277 M * Pazzo back 1132022298 A * Pazzo gives Bertl a big cup of really black hot italian coffee 1132022366 M * Bertl I assume it is also strong enough to hold a spoon, yes? 1132022381 M * Pazzo hehe - 4 hours for an if statement :-) 1132022387 M * Pazzo sure! 1132022410 M * Pazzo should I redo the tcpdump / ping test now? 1132022416 M * Bertl yes, please 1132022422 M * Pazzo I'll start with debian's tools 1132022426 M * Bertl I'd like to know if that was the essential fix 1132022438 M * Bertl as I said, I ahve a bunch of other changes here too 1132022455 M * Bertl but IMHO that should suffice 1132022495 Q * monrad Remote host closed the connection 1132022532 M * Pazzo ping works - tcpdump sees no action 1132022548 M * Pazzo same thing with "your" ping 1132022552 M * Bertl k, now try in the same context (without the -C) 1132022579 M * Pazzo you mean: tcpdump in the same context and ping in context 666? 1132022592 M * Pazzo or both without vnet? 1132022599 M * Bertl no, actually I meant ping in 666 1132022608 M * Bertl the tcpdump there should see that 1132022647 M * Pazzo hmmm... result: 1132022685 M * Pazzo (doing "tcpdump -vvnei lo" - without vnet) 1132022692 M * Pazzo ping -c 1 127.0.0.1 => seen by tcpdump 1132022706 M * Pazzo ./vnet -n 666 -- ./ping -c 1 127.0.0.1 => seen by tcpdump 1132022725 M * Pazzo ./vnet -C -n 666 -- ./ping -c 1 127.0.0.1 => not seen by tcpdump 1132022741 M * Pazzo ??? 1132022744 M * Bertl error checks are not implemented in vnet 1132022760 M * Bertl was a quick and dirty hack from hollow 1132022770 M * Bertl I assume the first one failed 1132022785 M * Bertl and 'just' executed the ping on the host 1132022812 M * Pazzo by "the first one" you mean "./vnet -n 666 -- ./ping -c 1 127.0.0.1" ? 1132022817 M * Bertl yep 1132022834 M * Bertl or maybe the second one failed? 1132022842 M * Bertl where is your tcpdump running? 1132022848 M * Bertl in context 666? 1132022854 M * Pazzo btw: same thing using debians ping 1132022857 M * Pazzo : 1132022903 M * Pazzo ./vnet -C -n 666 -- ping -c 1 127.0.0.1 1132022914 M * Pazzo 1 packets transmitted, 0 received, 100% packet loss, time 0ms 1132022922 M * Pazzo and no action in tcpdump 1132022936 M * Pazzo ./vnet -n 666 -- ping -c 1 127.0.0.1 1132022937 M * Bertl hmm, that should be on the host, I guess 1132022944 M * Bertl (the first one) 1132022954 M * Pazzo "succeeds" -> so probably fails - and is visible in tcpdump 1132022965 M * Bertl maybe we should add basic error handling to vnet.c ? 1132023007 M * Bertl hmm, actually there should be some error handling .. strange ... 1132023013 M * Pazzo would not be that bad 1132023077 M * Pazzo there is "Failed to create network context", "Can't create and migrate at the same time", "Failed to migrate to network context" - and that's it 1132023087 J * monrad ~monrad@213083190130.sonofon.dk 1132023105 M * Bertl ah, interesting ... 1132023147 M * Pazzo by "there is" I mean that this messages are available in vnet.c - they have not been written to my console 1132023157 M * Bertl good :) 1132023192 M * Bertl try with -M instead of -C 1132023213 M * Pazzo Failed to migrate to network context: No such process 1132023233 M * Pazzo hehe - BUT: 1132023236 M * Bertl okay, so no tcpdump in 666 running? 1132023238 M * Pazzo ./vnet -C -n 666 -- tcpdump -vvnei lo 1132023246 M * Pazzo ./vnet -M -n 666 -- ping -c 1 127.0.0.1 1132023249 M * Pazzo works! 1132023258 M * Bertl yeah, that's how it is supposed to be ... 1132023266 M * Pazzo and tcpdump see's the packet 1132023269 M * Bertl sometimes it really helps to read the help :) 1132023296 M * Pazzo so leaving away -C/-M just drops the packet in main context, right? 1132023311 M * Bertl yup 1132023314 M * Pazzo k 1132023328 M * Pazzo so what's next? 1132023343 M * Bertl well, that's it basically (for tonight) 1132023352 M * Pazzo allright 1132023355 M * Bertl the loopback device is 'isolated' 1132023371 M * Pazzo isolated? 1132023375 M * Bertl i.e. you can send packets and receive them without disturbing the other guests 1132023390 M * Bertl you can for example start two tcpdumps in two different contexts 1132023393 M * Pazzo you're right 1132023408 M * Bertl and they will not capture packets from the other context 1132023411 M * Pazzo tcpdump in 666 doesn't see ping lo in context main 1132023422 M * Pazzo pretty cool 1132023430 M * Bertl yeah, thought so too :) 1132023459 M * Bertl of course, they share the routing and netfilter tables, so not too much flexibility there yet 1132023462 M * Pazzo hmm... but this isn't appliable to external interfaces is it? 1132023480 M * Bertl a variant of this is ... 1132023494 A * Pazzo tries to immagine how this could work 1132023499 M * Bertl ah, you can test something else to get a better picture 1132023511 M * Bertl do you have a dummy device? 1132023512 M * Pazzo tell me! 1132023521 M * Pazzo no, but I could create one 1132023530 M * Bertl yeah, just modprobe dummy 1132023545 M * Pazzo dummy0 is there 1132023548 M * Bertl then get the device id with 'ip link ls' 1132023561 Q * iprone Ping timeout: 480 seconds 1132023561 M * Pazzo 3 1132023564 M * Bertl vdevtag -i 3 -n 42 1132023581 M * Bertl then do ifconfig (or ip link ls) 1132023606 M * Bertl then redo with ./vnet -C 42 -- ifconfig -a 1132023609 M * Pazzo cool 1132023625 M * Pazzo hmm 1132023637 M * Pazzo nothing there 1132023654 M * Pazzo dummy0 isn't available any more in main context 1132023666 M * Pazzo but also can't see it in context 42 1132023703 M * Bertl hmm, indeed, that's a bug 1132023735 M * Bertl but imagine it would now be visible in nid 42 :) 1132023761 M * Pazzo would be great - coupled with something like tun/tap - cooool! 1132023770 M * Bertl then imagine two network devices similar to lo 1132023798 M * Bertl which, instead of bouncing back the packet, exchange packets (across contexts) 1132023821 M * Pazzo ? 1132023854 M * Bertl the lo device basically receives the packet, and as only operation, transmits it back ... 1132023855 M * Pazzo "tun/tap" using socket buffers? 1132023875 M * Bertl two 'vnet' devices can exchange the packets instead 1132023890 M * Bertl (this can also be extendet to more than 2 devices in the future) 1132023908 M * Bertl which basically is some kind of loopback device across contexts 1132023926 M * Bertl given proper routing support, a virtual network line 1132023943 J * iprone ~iprone@adsl-065-012-167-027.sip.asm.bellsouth.net 1132023944 M * Pazzo didn't get the really big picture - but looks to be a great thing! 1132023969 M * Bertl well, and you are part of it now :) 1132023971 M * Pazzo is there still a lot of work to do? (-> routing tables, iptables...) 1132023994 M * Bertl yes, a lot of stuff has to be done, but it looks like we will address this pretty soon 1132024036 M * Pazzo that would be really cool - if you need some testing next days just tell me 1132024060 M * Bertl we will, not necessarily in the next days, but weeks ... 1132024070 M * Pazzo I'm really busy all days but should be online most of the time - so just ping me 1132024084 M * Bertl okay, will do so ... thanks! 1132024085 M * Pazzo this project is worth investing some time :) 1132024113 M * Pazzo a big thank to you - you're great Bertl! 1132024128 M * Bertl you're welcome! 1132024415 M * dos000 is it possible to get a log for evry bummer service that tries to bind to the lo device ? 1132024436 M * Bertl what kind of log? 1132024478 M * dos000 any thing that points to the service in question pid , location etc ... 1132024490 M * Bertl maybe 'netstat -ln' is what you are looking for? 1132024738 M * dos000 Bertl, hmm .. problem is if the service tried to open it and died netsat will be of no help 1132024754 M * Bertl 'netstat -en' 1132024785 M * Bertl well, yes, if it 'died' somewhere on the way, no luck 1132024811 M * Bertl so you want to list 'attempts' to bind to a socket, which were denied, yes? 1132024885 M * dos000 somewhat ... i am install a bunch of servers in different vsersers and going through the changes to bind to respective ips. which is tedious 1132024932 M * dos000 yes. 1132025029 M * dos000 i guess when there will be a true loopback for each vserver then this will solve the problem 1132025116 M * Bertl you could add a line to your kernel source 1132025181 M * dos000 where ? 1132025181 M * Bertl (could print context id, ip, and pid) 1132025205 M * Bertl basically addr_in_nx_info() is the central point 1132025234 M * Bertl it knows the network context, the requested address and the process 1132025247 M * Bertl but, it might also lead to a lot of false positives 1132025275 M * Bertl (e.g. if somebody is doing ip addr ls, it will give a whole bunch of log entries) 1132025307 M * dos000 ok ... 1132025330 M * Bertl dos000: but, if you really want to work on such kind of diagnostic (i.e. you want to do the testing for it :) 1132025346 M * Bertl then we can look into it tomorrow (or at least this week) 1132025353 M * dos000 i never did kernel dev .. so far 1132025379 M * Bertl well, kernel devel with me is pretty easy (usually) 1132025408 M * Bertl your part is mainly testing and complaining :) 1132025415 M * dos000 ok ! 1132025441 M * Bertl of course, you should know how to build a kernel and such 1132025451 M * dos000 for get it .. for now. i will do grep in the etc dir 1132025468 M * dos000 i did .. just never tinkled with. 1132025472 M * Bertl okay, that's fine for me too :) 1132025522 M * Bertl good, so enough for me for today ... have a nice whatever everyone ... and cya tomorrow! 1132025528 M * Bertl thanks again Pazzo! 1132025531 M * dos000 thanks 1132025544 N * Bertl Bertl_zZ 1132025916 Q * iprone Ping timeout: 480 seconds 1132025956 J * iprone ~iprone@adsl-065-012-167-027.sip.asm.bellsouth.net 1132026053 M * Pazzo have a good night Bertl! 1132028732 Q * Aiken_ Quit: Leaving 1132028846 Q * AndrewLee Read error: Connection reset by peer 1132029151 J * AndrewLee ~andrew@tnlug.linux.org.tw 1132030947 J * _nokoya young@hi-230-82.tm.net.org.my 1132030975 Q * nokoya Ping timeout: 480 seconds 1132030984 N * _nokoya nokoya 1132031800 Q * micah jupiter.oftc.net unununium.oftc.net 1132031800 Q * Medivh jupiter.oftc.net unununium.oftc.net 1132031800 Q * Bertl_zZ jupiter.oftc.net unununium.oftc.net 1132031800 Q * ag- jupiter.oftc.net unununium.oftc.net 1132031805 Q * FireEgl jupiter.oftc.net venus.oftc.net 1132031805 Q * aba jupiter.oftc.net venus.oftc.net 1132031881 J * micah micah@micha.hampshire.edu 1132031881 J * Medivh ck@paradise.by.the.dashboardlight.de 1132031881 J * Bertl_zZ herbert@212.16.62.52 1132031881 J * ag- ag@caladan.roxor.cx 1132031899 J * FireEgl Atlantica@2001:5c0:84dc:: 1132031899 J * aba ~aba@2001:a60:f006::2 1132032052 Q * dos000 Quit: Leaving 1132033800 Q * ryker Quit: Leaving 1132035246 Q * lilo_ Quit: leaving 1132035258 J * lilo ~lilo@lilo.usercloak.oftc.net 1132039558 J * Doener doener@i5387E57F.versanet.de 1132040720 Q * shedi Quit: Leaving 1132041623 Q * tchan Ping timeout: 480 seconds 1132042614 Q * ^Cist Ping timeout: 480 seconds 1132043634 J * gregster ~gregor@greart.de 1132043642 M * gregster good morning 1132043800 M * harry yoew 1132043847 M * gregster this morning i want install a new vserver, before it works fine but now i got an error "E: No such script: sarge" - i use eaxactly the same command, only with changed hostdatas 1132043880 M * gregster has anyone an idea for a solution ? 1132043892 M * harry yes 1132043898 M * harry check what your script does 1132043908 M * harry why does it try to find a SCRIPT called sarge 1132043974 M * Doener harry: that's debootstrap trying to find a script to create a sarge base system 1132044039 M * Doener harry: what's the exact command you're using? 1132044042 M * gregster where should this script located ? 1132044059 M * gregster i use the command 1132044061 M * gregster one mom 1132044066 M * harry i normally use a script that... i don't know who, wrote ): 1132044067 M * harry :) 1132044113 M * Doener /usr/lib/debootstrap/scripts/sarge -- that's the location it is stored at when you install debootstrap on debian sarge through apt 1132044118 M * harry vserver:/usr/local/bin# head deploy-vserver.sh 1132044118 M * harry #/bin/bash 1132044118 M * harry # 1132044118 M * harry # (C)opyright 2003 Martin List-Petersen (martin at list-petersen dot dk) 1132044118 M * harry # Variation of a script originally created for TuxBox 1132044120 M * harry # 1132044122 M * harry # Script for deploying vservers from guest images 1132044159 M * harry i know, i should do it another way, but hey... i'm just a beginner :) 1132044168 M * gregster this is the command: vserver foobar build -m debootstrap --rootdir=/vservers --hostname foobar.lalla.net --netdev eth0 --interface 192.168.10.10/24 --force --flags sched_hard,nproc,VIRT_UPTIME,VIRT_M ext=42010 -- -d sarge -m http://ftp.de.debian.org/debian-amd64/debian/ 1132044254 M * Doener gregster: oh, oops... somehow i messed up who is who ;) 1132044254 M * gregster the script is there 1132044277 M * gregster on the usr/lib/... 1132044325 M * gregster ah :) 1132044365 M * gregster ok now i am the 1st in the queue :) 1132044399 M * Doener did you try just using debootstrap directly, does that work? 1132044476 M * gregster ehm, can i destroy s.t. with it ? 1132044538 M * gregster i only used deboostrap for the vservers until now 1132044567 M * Doener not that i'd know... (unless you let it bootstrap you host system or sth. like that ;) 1132044587 M * Doener mkdir /foo; debootstrap sarge /foo 1132044595 M * Doener that should do the job and be safe 1132044660 M * Doener you might want to append your mirror, i.e.: 1132044669 M * Doener mkdir /foo; debootstrap sarge /foo http://ftp.de.debian.org/debian-amd64/debian/ 1132044696 M * gregster works 1132044728 M * Doener ok, then try building the vserver with: vserver --debug foobar build <...> 1132044760 M * Doener if it fails again, search in the output for the line where debootstrap is called 1132044801 M * gregster ok 1132044804 M * gregster i do 1132044805 M * gregster .. 1132044949 M * gregster there is no line with debootstrap calling 1132044972 M * Doener hm... that's not quite what i expected.. :( 1132044983 M * Doener anyway, got to go, university.. :/ 1132044993 M * Doener good luck! 1132044994 Q * Doener Quit: Leaving 1132045706 J * MacTen ~macten@82.209.246.234 1132045721 M * MacTen Bertl_zZ, hi 1132045830 M * matti MacTen: Herbert falls asleep some time ago :) 1132045986 J * Graveworm Graveworm@p5091C3E5.dip0.t-ipconnect.de 1132046109 M * Graveworm hello, one again i have little problem :) in one of my vservers i get a segmentation fault if i try to start vi and a Trace/breakpoint trap after chmod 1132046119 M * Graveworm once 1132046122 M * MacTen matti, ok. i will return later 1132046136 M * matti MacTen: You can say, and wait for 'em :) 1132046149 M * Graveworm i think the hardware is ok and this is the only one in 7 that has this problem 1132046196 M * MacTen matti, i just wanted to ask him about another bug with LA 1132046235 M * matti MacTen: Hm, so - mail 'em, or just leave him a message on query. 1132046424 Q * MacTen Read error: No route to host 1132048255 J * prae ~prae@ezoffice.mandriva.com 1132048833 J * dddd44 ~dhb55@218.111.178.108 1132049212 J * Kara_ ~Angel2@ip-80-226-255-202.vodafone-net.de 1132049282 M * Kara_ I ran this vserver testfile and it returns a failure. Can anybody help me with a hint how to fix it? 1132049289 M * Kara_ Linux-VServer Test [V0.13] Copyright (C) 2003-2005 H.Poetzl 1132049290 M * Kara_ chcontext is working. 1132049290 M * Kara_ chbind: vc_set_ipv4root(): Function not implemented 1132049290 M * Kara_ chbind failed! 1132049299 M * Kara_ Linux 2.6.12.5 i686/0.30.209/0.30.209 [Ea] (0) 1132049300 M * Kara_ VCI: 0002:0001 273 030000b2 1132049300 M * Kara_ --- 1132049320 M * harry Kara_: rtfm! :p 1132049342 M * Kara_ ... tried to find something for the whole weekend. my boss is going nuts :( 1132049369 M * harry kara, it's a common problem 1132049373 M * harry it's explained in the faq 1132049384 M * harry but i just shutdowned my vserver server 1132049398 M * harry so i can't immediately tell you what to enable in kernel config 1132049427 M * harry (ps. google down here, it seems :s) 1132049448 M * Kara_ ok. thx anyway. but i do not have to downgrade to 2.4? (last question. promised) 1132049453 M * harry Q: testme.sh fails with chbind: vc_set_ipv4root(): Function not implemented 1132049455 M * harry A: You probably have disabled CONFIG_VSERVER_LEGACY in your kernel configuration. As explained at http://list.linux-vserver.org/archive/vserver/msg08172.html (cache) the network code still requires this API and the tools do not (yet) know about the new one. 1132049495 M * Kara_ *checks* thx a lot :) 1132049497 M * harry questions are made to be asked 1132049510 M * harry so if you have any... ask :) 1132049514 M * harry (but google first ;)) 1132049539 M * harry btw. i'm by no means expert in vserver! (i'm still just testing it) 1132049553 M * harry want to have it operational very soon, but thats another story :)) 1132049562 M * Kara_ believe me, i tried to google - but i guess i start to see "things" already. 1132049564 M * harry right now... firewalls + backups! 1132049570 M * Kara_ are you close to it though? 1132049591 M * harry i just did: www.google.be/search?q=vc_set_ipv4root(): Function not implemented 1132049603 M * harry well... i set up a test server 1132049604 M * harry which works 1132049619 M * Kara_ i have been searching for "chbind failure" ... my stupdity. 1132049626 M * harry i'm trying to merge grsecurity and vserver 1132049636 M * Kara_ ouch - hobby or job? 1132049653 M * harry well... i'm sysadmin and responsable for security/firwealling etc... 1132049663 M * harry (ON the servers, for the rest we have network team) 1132049676 M * harry so... it's mainly hobby 1132049682 M * harry but also useful for the job 1132049705 M * harry problem is, with my gf and stuff, i don't have a lot of time for hacking that kind of stuff 1132049723 M * Kara_ i am working for a webhoster. our sysadmin orderd to install vservers two weeks ago. nobody here to help. that sucks sometimes 1132049725 M * harry so basicly, i just wait/hope that someone does it for me :) 1132049729 M * Kara_ lol 1132049737 A * Kara_ is a girl *chuckles* 1132049747 M * harry nice :) 1132049758 M * harry you don't see that very often in computerstuff :) 1132049781 M * bragon Kara_: if you are working for a webhoster you should help the project, not to ask for help ... 1132049785 M * Kara_ i know - makes life even harder. nobody ever listens to me 1132049807 M * Kara_ bragon - usually i am supporter. 1132049819 M * bragon whaou 1132049828 M * Kara_ :( 1132049830 M * bragon Kara_ are you a french hoster ? 1132049833 M * harry Kara_: not everyone has time for that kind of stuff 1132049839 M * Kara_ german 1132049842 M * harry vous etes francais? 1132049851 M * bragon harry: moi oui 1132049851 M * harry aaaah, du bist ein deutsches madchen! 1132049857 M * Kara_ ja :) 1132049877 M * harry und wie geht es ihnen heute? 1132049878 M * harry ;) 1132049889 M * Kara_ je suis tres bien tojours 1132049894 M * harry aargh... just stick to english :) 1132049901 M * Kara_ preferrably :) 1132049904 M * bragon yeah english is better :) 1132049914 M * harry nobody here speaks dutch i guess... :) 1132049927 M * Kara_ well .... i could speak dutch *coughs* 1132049937 M * harry spreekt gij ook nederlands? 1132049938 M * Kara_ but lets stick to english, it's way too long ago 1132049941 M * harry oe... phone! 1132049967 M * Kara_ mine is idle - thank gods... 1132050170 Q * BWare Ping timeout: 480 seconds 1132050192 J * BWare ~bware@office.intouch.net 1132050292 M * Kara_ it worked. thx alot. 1132050355 J * shedi ~siggi@tolvudeild-201.lhi.is 1132050460 M * harry Kara_: np 1132050462 A * harry coffee 1132050474 M * Kara_ hf 1132050816 Q * virtuoso Ping timeout: 480 seconds 1132050868 Q * dddd44 Read error: Connection reset by peer 1132051623 M * Graveworm may be a bit off topic but do you know if there is a german contact person for vservers? my company could use some schooling :) 1132051817 M * Kara_ I have no idea. Although I could use it too ;) 1132051860 M * Kara_ so if you find one... tell me! 1132052045 J * tchan ~tchan@c-67-174-18-204.hsd1.il.comcast.net 1132052117 J * MacTen ~macten@office.extmedia.com 1132052581 J * virtuoso ~s0t0na@80.253.205.251 1132052727 J * mrec_ ~revenger@p54B00DB2.dip0.t-ipconnect.de 1132053145 Q * mrec Ping timeout: 480 seconds 1132055143 Q * mrec_ Remote host closed the connection 1132055521 Q * iprone Ping timeout: 480 seconds 1132055892 J * Guest193 ~Miranda@83.215.237.5 1132056143 Q * tchan Remote host closed the connection 1132056178 J * tchan ~tchan@c-67-174-18-204.hsd1.il.comcast.net 1132057102 J * dddd44 dhb55@218.111.178.108 1132057357 Q * Graveworm Quit: 1132057594 Q * prae Quit: Execute Order 69 ! 1132058740 Q * virtuoso Ping timeout: 480 seconds 1132058750 J * virtuoso ~s0t0na@80.253.205.251 1132059033 J * click click@ti511110a080-5855.bb.online.no 1132059054 Q * click Quit: 1132059358 J * click click@ti511110a080-5855.bb.online.no 1132059650 Q * dddd44 Read error: Connection reset by peer 1132059724 J * Doener doener@i5387E57F.versanet.de 1132060430 J * dddd44 dhb55@218.111.178.108 1132060680 J * ^Cist ~x@p54A56EBF.dip.t-dialin.net 1132060704 M * ^Cist moin 1132061292 M * Kara_ hi 1132061531 Q * Doener Ping timeout: 480 seconds 1132061537 J * Doener doener@i5387DEC0.versanet.de 1132061920 Q * dddd44 Read error: Connection reset by peer 1132063101 Q * Johnsie Read error: Connection reset by peer 1132063263 J * Johnnie ~john@acs-24-154-53-217.zoominternet.net 1132063290 J * dddd44 dhb55@218.111.178.108 1132063522 M * daniel_hozac german contact person? Herbert is from Austria... does that count? 1132063522 Q * derbien Read error: Connection reset by peer 1132063716 M * Doener i'm from germany, but i don't think i'm qualified for schooling... 1132063774 M * daniel_hozac oh right, didn't notice you came back, sorry. 1132063793 M * Doener no problem, didn't notice myself either ;) 1132063804 M * daniel_hozac haha 1132063834 M * Doener stupid timeout delay, had just a bunch of 'nick already in use' messages 1132063940 M * daniel_hozac ah 1132064034 M * derjohn Doener, how asked for "schooling"? 1132064205 M * Doener Graveworm (already left) and Kara said she could use some, too 1132064296 M * derjohn Doener, thx. 1132064345 M * Kara_ I definatly could, Doener 1132064402 M * derjohn Kara_, was ist a serioes request for training/schooling? 1132064420 M * derjohn Kara_, or do you have to go unbred? 1132064428 A * Kara_ blinks 1132064432 M * Kara_ no serious 1132064485 M * Kara_ looks like i will have to administrate, install and support vservers at work - so i am not just kidding 1132064510 M * daniel_hozac that's what this channel is for :) 1132064530 M * Kara_ to bug you with silly noob questions? 1132064555 M * Doener exactly ;) 1132064559 M * Kara_ :) 1132064591 M * Doener see topic ;) (well, a bit of prior reading of the existing docs is expected of course) 1132064602 M * derjohn That's how it works ;) 1132064609 M * Kara_ guess what i have done the past weeks -.- 1132064644 M * derjohn Holiday? 1132064657 M * Kara_ d'oh 1132064666 M * derjohn self-made preparatory training? :) 1132064705 M * Kara_ look right now: i cannot install ssh for the vserver, because it cannot find cdrom - on the other hand i may not download any sources, because our bureau is limited to umts with traffic-flat 1132064719 M * Kara_ derjohn, playing egoshooters ;) 1132064737 M * derjohn ay caramba! 1132064797 M * derjohn well, I could send you a cdrom, if you cannot find one. 1132064800 M * Doener Kara_: 2.6 kernel? 1132064808 M * Kara_ 2.6.12.5 1132064828 M * daniel_hozac how old ;) 1132064844 M * Kara_ my bad. it cannot mount the device ... 1132064850 M * Kara_ me or the kernel? 1132064850 M * derjohn antiquated 1132064850 M * Doener ok, what distro is the vserver based on? 1132064861 M * Kara_ debain sarge 1132064896 M * Doener ok, could you show me the deb line for the cd from sources.list? i don't remember how they look for cds and have no debian at hand 1132064911 M * Doener (the sources.list inside the vserver) 1132064913 M * derjohn aet-setup 1132064916 M * derjohn apt-setuop 1132064930 M * derjohn asks for it 1132064943 M * Kara_ eb ftp://ftp.de.debian.org/debian/ testing main 1132064946 M * Kara_ +d 1132064960 M * daniel_hozac wouldn't it be easier to copy the files off the CD(s?) to a directory and use that? 1132064961 M * derjohn But it sounds like the cdrom is not recognized 1132064970 M * Doener Kara_: hm, weren't you talking about a cd? 1132064979 M * Kara_ it's an usb device though 1132064984 M * Kara_ Doener - das laufwerk wird nicht erkannt 1132065003 M * Doener Kara_: ah, so there's not even an entry in sources.list yet, right? 1132065040 M * Kara_ ouch. right 1132065064 M * Doener argh... ok, finally i got it... it's the drive, not the disc... brb, coffee... 1132065075 M * Kara_ :) 1132065079 Q * MacTen Quit: Peace and Protection 4.22 1132065276 M * derjohn Kara_, mount /dev7cdrom vs. /dev/hdX ? 1132065289 M * derjohn dmesg |grep cdrom ? 1132065289 M * Doener Kara_: ok, so you can't use the drive at all, right? not even on the host system? 1132065305 M * derjohn hm, but it thinks that the wrong channel for that. 1132065372 M * Doener derjohn: i guess it actually is vserver related, but due to too much blood in my caffeine stream, i didn't understand the exact state of her problem yet ;) 1132065436 J * iprone ~iprone@65.83.231.99 1132065453 Q * dddd44 Read error: Connection reset by peer 1132065472 M * derjohn eh, I assumed she wanted to install ssh on the host. But you maybe right, it inside the guest. so installing an "apt-get install apt-proxy" on the host? 1132065495 M * Doener i guess it's due to a missing dev node (cause the vserver usually isn't supposed to access the cdrom drive) and/or missing mount capability. but the "cd/cdrom/cdrom drive" naming mess confused me 1132065520 M * derjohn or better using the vserver pkg mgmt? or even bind --remount /var/cache/apt/archives to /var/lib/vservers/foo//var/cache/apt/archives ? 1132065565 M * Doener apt-proxy seems to be a good idea, if that works when the proxy is based on cds 1132065590 M * derjohn I would go for the apt proxy ... bust only my $.02. If it ssh only copy the *ssh*.deb manually would resolve the problem too;) 1132065607 M * Kara_ pardon? sry customer has been on the phone 1132065607 M * Doener vserver pkg mgmt? the bind mount is probably ok for 'known to be good' vservers, but not generally 1132065641 M * derjohn apt-proxy knows "backends"... at least file system is supported. So getting a DVD ..... 1132065652 M * derjohn yes, root is never evil as we know 1132065712 M * Doener Kara_: ok, let's see if we understood your problem... You have a cdrom drive that you can use on the host, but not inside the vserver and thus you can't install ssh. right? 1132065724 M * Doener (install ssh inside the vserver) 1132065753 M * Kara_ right 1132065864 M * derjohn Kara_, why not copy /var/cache/apt/archives/ssh* to /var/lib/vservers/foo/ and dpkg -i ssh*.deb ? 1132066076 M * derjohn Kara_, BTW: util-vservers on debian sarge is f***^W broken in some ways, so use a local compile of the 0.30-208 or dist-upgrade so sid 1132066104 M * Kara_ i got it from 13th floor and compiled it 1132066124 M * derjohn good choice. 1132066346 M * Kara_ got it, thx to doener :) 1132066498 Q * derjohn Remote host closed the connection 1132066534 J * derjohn ~derjohn@80.69.35.186 1132066652 M * Doener what we did: mounted the cdrom from within the host context into the vserver's namespace and added it to the sources.list using apt-cdrom. not necessary if you only want to install the ssh package, but works that way it allows installing all packages through apt. 1132066975 J * dddd44 dhb55@218.111.178.108 1132068914 Q * Doener Quit: Leaving 1132069375 Q * lilo Read error: Connection reset by peer 1132069723 J * lilo ~lilo@lilo.usercloak.oftc.net 1132070024 Q * Kara_ Quit: Leaving 1132070810 J * Loki|muh loki@satanix.de 1132070861 Q * shedi Ping timeout: 480 seconds 1132071590 Q * Guest193 Read error: Connection reset by peer 1132073251 Q * jkl Ping timeout: 480 seconds 1132073445 J * Breaker_uk ~jhgiug@host81-134-146-163.in-addr.btopenworld.com 1132073890 Q * Breaker_uk Quit: 1132074089 J * stefani ~stefani@superquan.apl.washington.edu 1132075239 N * Bertl_zZ Bertl 1132075244 M * Bertl evening folks! 1132075943 J * ryker ~ryker@clo-122-046.calumet.purdue.edu 1132076417 M * Bertl welcome ryker! 1132076437 J * prae ~benjamin@sherpadown.net 1132076736 J * shedi ~siggi@inferno.lhi.is 1132076860 M * Bertl welcome prae! shedi! 1132077050 M * prae Hi Bertl 1132077337 M * Bertl okay, off for now ... back later ... 1132077342 N * Bertl Bertl_oO 1132078025 M * ag- derjohn: why not using the last version 0.30.209? :) 1132078135 M * ag- btw, i'm using those user-space tools built with glibc and no issue so far 1132078198 M * derjohn ag-, oh it's finished? man, I think someone has to be a PR Manager and post the cuurent versions on ML. Or at least set them as topic here :)= 1132078236 M * derjohn So, if Bertl_oO is too lazy, maybe I will do it. 1132078263 A * derjohn has an sharper eye on versions now. 1132078294 T * ag- Topic: http://linux-vserver.org/ | latest stable 2.0, 2.0.1-rc2, 1.2.10, 1.2.11-rc1, devel 2.1.0-rc7 | util-vserver-0.30.209 | He who asks a question is a fool for a minute; he who doesn't ask is a fool for a lifetime -- share the gained knowledge on the wiki, and we'll forget about the minute ;) 1132078313 M * ag- derjohn: hehe :) 1132078338 M * derjohn uh 1132078349 A * derjohn was blind? 1132078382 M * derjohn or was it a change for real ... cannot figure out if xchat changed the topic immediately 1132078406 M * ag- Hollow: nice job for the new tools, clean code and everything :) 1132078535 J * Aiken ~james@tooax6-018.dialup.optusnet.com.au 1132078665 M * Hollow ag-: which tools (version) are you talking about? 1132078694 M * derjohn Hollow, util-vserver 1132078703 M * Hollow ... (version) ... 1132078742 M * derjohn Hollow, he? util-vserver-0.30.209 he was talking 'bout 1132078751 M * ag- Hollow: i was talking about the old tools in the first time (ensc's ones) 1132078756 M * ag- Hollow: and then about yours 1132078778 M * Hollow ok.. seems like my local svn has made the round already :P 1132078865 M * Hollow vacation tomorrow.. so i'll try to use it for util-vserver 1132079027 M * Hollow ag-: did you look at the source? any comments, wishes? 1132079164 Q * iprone Quit: Leaving 1132079178 M * ag- Hollow: so far, it's fine with me 1132079228 M * Hollow ok, i hope to get a public beat finished until the end of the year 1132079235 M * Hollow s/beat/beta/ 1132079258 M * Hollow though i could make the svn public earlier 1132079311 J * Doener doener@i5387DEC0.versanet.de 1132079318 M * Hollow heya Doener 1132079330 M * Doener hi Hollow 1132080087 Q * FireEgl Ping timeout: 480 seconds 1132080604 M * Hollow Doener: you did some namesapce testing right? 1132080649 M * Doener i did all kinds of things with namespaces... guess most were pretty useless ;) 1132080699 M * Hollow heh, do you have some code snipplets? i'm even to dumb to create a new namespace.. 1132080737 M * Hollow oh wait, i finally got it.. wtf 1132080741 M * michal_ per process namespaces are neat 1132080748 A * michal_ has been playing with it 1132080757 M * Hollow i was trying 2 hours yesterday, and now it works in like 5 minutes 1132080783 M * Doener clone with CLONE_NEWNS should do... 1132080800 M * michal_ mhm 1132080803 M * Hollow yeah.. still the glibc clone syntax is somehwat... strange ;) 1132080813 M * michal_ and that start yourself some kind of shell 1132081331 M * michal_ http://oss.sgi.com/projects/netdev/archive/2004-10/msg00893.html <- also nice thing but implementation sucks ;] 1132081672 M * michal_ http://linux-vrf.sourceforge.net/ ^^ 1132081674 M * michal_ nice thing 1132081740 J * schak schak@dslb-082-083-045-095.pools.arcor-ip.net 1132081794 M * michal_ Bertl_oO: please look at http://linux-vrf.sourceforge.net when you will be back. it is more or less like per process network namespace - something that could play nice with vserver too 1132082829 M * Hollow Doener: ok, it's working now.. so i read enricos slides about chroot breakouts.. did you do security testings with namespaces? do i need all those secure chdir things? 1132082920 M * Doener up until the chroot, you still have the whole namespace available, so i'd say yes 1132082937 M * Hollow well, not if you rbind /vservers/foo to /, no? 1132082979 M * Doener you're still on the old /. the rbind just prevents breaking out of the chroot 1132083006 M * Hollow ok, but a simple chrid() should be enought then? 1132083009 M * Hollow chdir 1132083043 M * Hollow dunno if you ever looked at enricos secureChdir function.. i still don't get what it does in detail :P 1132083053 M * Doener to what path? you're inside the path-tree of the old /, so chdir / will get you exactly there 1132083097 M * Hollow so how do i get to my new /? 1132083150 M * Doener as far as i understood it, not at all... it just somehow magically blocks break out attempts... but i might be totally wrong there, didn't get the kernel side... 1132083162 M * Hollow hm 1132083195 M * Hollow ok, seems like we have to try to break out later on :P 1132083217 M * Hollow at least it should work for the early development 1132083324 M * Doener hm, secureChdir isn't as hard as it seems I'd say... 1132083347 M * Doener if opt->do_chroot is 0, it's basically just chdir 1132083387 M * Hollow yeah, but what does restoreRoot do? some magic with the file descriptors which may point to cwd outside the chroot etc pp 1132083416 M * Doener if opt->do_chroot is 1, you first chroot into the vserver, then chdir, get a file descriptor for the current directory, chroot back to the original root and then chdir into the target directory 'again' 1132083429 J * Viper0482 ~Viper0482@p549764FC.dip.t-dialin.net 1132083444 M * Hollow hm.. 1132083467 M * Hollow so i'm back in the original root, but my fds are pointing inside the chroot 1132083471 M * Doener again in quotes, because if you have a symlink in your path, only the chroot will make sure that you actually end up _inside_ the vserver and don't follow an absolute symlink into the host system 1132083513 M * Doener the chroot syscall just changes the root entry in the current process' fs struct. it doesn't touch the mount tree, so the fd stays valid 1132083534 M * Hollow yeah, so we change them, but then got back to our original root 1132083543 M * Doener the restoreRoot also works using a file descriptor. it's just a simple way to break out of a chroot 1132083575 M * Hollow ic.. 1132083581 M * Doener take this simple tree: a->b->c 1132083598 M * Doener a = current root, b = where we chroot to, c = target directory 1132083604 M * michal_ Hollow: could you share linki to those slides ? 1132083633 M * Doener we chroot, chdir into c, save a file descriptor to c, chroot back to a and chdir to c through the filedescriptor 1132083641 M * Hollow michal_: if i'd remembered the url.. 1132083674 M * Hollow Doener: ok, and what do we gain with all this? 1132083683 M * Doener 20:37:51 Doener again in quotes, because if you have a symlink in your path, only the chroot will make sure that you actually end up _inside_ the vserver and don't follow an absolute symlink into the host system 1132083701 M * Doener i.e. prevent symlink attacks/errors 1132083705 M * Hollow ok 1132083747 M * Doener say your vserver has a symlink at /vservers/foo/var/run that points to / 1132083765 M * Doener no, without the chroot, we'd actually follow the symlink to the host's(!) / 1132083794 M * Doener and now we clean up our directory to get a clean run-environment... rm -r * .... BOOM! 1132083819 M * Doener with the chroot tricks, we only delete the vserver's / contents 1132083832 M * daniel_hozac michal_: http://www.nongnu.org/util-vserver/doc/virtual-servers.pdf 1132083864 M * Doener Hollow: btw, thanks for asking, I never understood that stuff when i looked at it earlier, now it just flowed into my brain ;) 1132083875 M * Hollow heh :) 1132083921 M * Hollow Doener: did you take a look at my current util-vserver? 1132083934 M * Doener no, i'm short on time all the time :( 1132083951 M * michal_ thx 1132083986 M * Hollow anyway, in the rare case you want to spend some minutes: http://home.xnull.de/misc/util-vserver-1.0_pre20051113.tar.bz2 ;) 1132084066 Q * shedi Ping timeout: 480 seconds 1132084683 J * shedi ~siggi@inferno.lhi.is 1132084816 Q * shedi Quit: 1132084978 M * michal_ [21:02:43] < arachnist> "if the solution is microsoft, i want my problem back" 1132085211 N * cereal _cereal 1132085354 J * shedi ~siggi@inferno.lhi.is 1132085962 Q * Viper0482 Quit: bin raus, 1132086557 J * Viper0482 ~Viper0482@p549764FC.dip.t-dialin.net 1132086572 Q * Viper0482 Quit: 1132088424 M * sizo re 1132089293 J * lilo_ ~lilo@lilo.usercloak.oftc.net 1132089304 Q * lilo Remote host closed the connection 1132090943 J * lilo ~lilo@lilo.usercloak.oftc.net 1132090966 Q * lilo_ Ping timeout: 480 seconds 1132091448 J * Viper0482 ~Viper0482@p549764FC.dip.t-dialin.net 1132091902 Q * prae Quit: Pwet 1132093569 Q * Viper0482 Remote host closed the connection 1132094526 P * stefani I'm Parting (the water) 1132094761 Q * Doener Quit: Leaving 1132096019 Q * ryker Quit: Leaving 1132096676 Q * schak Ping timeout: 480 seconds 1132097023 Q * aba jupiter.oftc.net venus.oftc.net 1132097104 J * aba ~aba@2001:a60:f006::2 1132097729 Q * Aiken jupiter.oftc.net unununium.oftc.net 1132097729 Q * BWare jupiter.oftc.net unununium.oftc.net 1132097729 Q * ag- jupiter.oftc.net unununium.oftc.net 1132097729 Q * Medivh jupiter.oftc.net unununium.oftc.net 1132097729 Q * micah jupiter.oftc.net unununium.oftc.net 1132097729 Q * Bertl_oO jupiter.oftc.net unununium.oftc.net 1132097809 Q * derjohn jupiter.oftc.net quasar.oftc.net 1132097809 Q * click jupiter.oftc.net quasar.oftc.net 1132097809 Q * gregster jupiter.oftc.net quasar.oftc.net 1132097809 Q * AndrewLee jupiter.oftc.net quasar.oftc.net 1132097809 Q * MostlyHarmless jupiter.oftc.net quasar.oftc.net 1132097809 Q * mugwump jupiter.oftc.net quasar.oftc.net 1132097809 Q * alexx jupiter.oftc.net quasar.oftc.net 1132097809 Q * tanjix jupiter.oftc.net quasar.oftc.net 1132097809 Q * Hunger jupiter.oftc.net quasar.oftc.net 1132097809 Q * nox jupiter.oftc.net quasar.oftc.net 1132097809 Q * lonewolff jupiter.oftc.net quasar.oftc.net 1132097809 Q * mountie jupiter.oftc.net quasar.oftc.net 1132097809 Q * bragon jupiter.oftc.net quasar.oftc.net 1132097809 Q * dhansen jupiter.oftc.net quasar.oftc.net 1132098026 Q * aba xenon.oftc.net jupiter.oftc.net 1132098026 Q * PerlOffice xenon.oftc.net jupiter.oftc.net 1132098026 Q * lilo xenon.oftc.net jupiter.oftc.net 1132098026 Q * Loki|muh xenon.oftc.net jupiter.oftc.net 1132098026 Q * dddd44 xenon.oftc.net jupiter.oftc.net 1132098026 Q * _cereal xenon.oftc.net jupiter.oftc.net 1132098026 Q * sebi xenon.oftc.net jupiter.oftc.net 1132098026 Q * xzu xenon.oftc.net jupiter.oftc.net 1132098026 Q * Millox xenon.oftc.net jupiter.oftc.net 1132098026 Q * meebey xenon.oftc.net jupiter.oftc.net 1132098026 Q * logger xenon.oftc.net jupiter.oftc.net 1132098026 Q * case xenon.oftc.net jupiter.oftc.net 1132098026 Q * eyck xenon.oftc.net jupiter.oftc.net 1132098026 Q * michal_ xenon.oftc.net jupiter.oftc.net 1132098026 Q * neofutur_ xenon.oftc.net jupiter.oftc.net 1132098026 Q * shedi xenon.oftc.net jupiter.oftc.net 1132098026 Q * Johnnie xenon.oftc.net jupiter.oftc.net 1132098026 Q * ^Cist xenon.oftc.net jupiter.oftc.net 1132098026 Q * virtuoso xenon.oftc.net jupiter.oftc.net 1132098027 Q * tchan xenon.oftc.net jupiter.oftc.net 1132098027 Q * monrad xenon.oftc.net jupiter.oftc.net 1132098027 Q * sladen xenon.oftc.net jupiter.oftc.net 1132098027 Q * cryo xenon.oftc.net jupiter.oftc.net 1132098027 Q * Pazzo xenon.oftc.net jupiter.oftc.net 1132098027 Q * entroposcope xenon.oftc.net jupiter.oftc.net 1132098027 Q * Hollow xenon.oftc.net jupiter.oftc.net 1132098027 Q * dlippolt xenon.oftc.net jupiter.oftc.net 1132098027 Q * Marchildon xenon.oftc.net jupiter.oftc.net 1132098027 Q * harry xenon.oftc.net jupiter.oftc.net 1132098027 Q * flock xenon.oftc.net jupiter.oftc.net 1132098027 Q * matti xenon.oftc.net jupiter.oftc.net 1132098027 Q * Vudumen xenon.oftc.net jupiter.oftc.net 1132098027 Q * Greek0 xenon.oftc.net jupiter.oftc.net 1132098027 Q * ComplexHo xenon.oftc.net jupiter.oftc.net 1132098312 J * dhansen ~dave@sprucegoose.sr71.net 1132098312 J * bragon ~bragon@god.geeknode.org 1132098312 J * mountie ~mountie@CPEdeaddeaddead-CM000a739acaa4.cpe.net.cable.rogers.com 1132098312 J * lonewolff ~lonewolff@host86-128-133-145.range86-128.btcentralplus.com 1132098312 J * nox ~nox@nox.user.oftc.net 1132098312 J * Hunger Hunger.hu@Hunger.hu 1132098312 J * tanjix tanjix@office.star-hosting.de 1132098312 J * alexx ~alexx@proxy.ikse.net 1132098312 J * mugwump ~samv@watts.utsl.gen.nz 1132098312 J * MostlyHarmless ~mh@melbourne.mostly-harmless.ca 1132098312 J * AndrewLee ~andrew@tnlug.linux.org.tw 1132098312 J * gregster ~gregor@greart.de 1132098312 J * click click@ti511110a080-5855.bb.online.no 1132098312 J * derjohn ~derjohn@80.69.35.186 1132098312 J * ag- ag@caladan.roxor.cx 1132098312 J * Bertl_oO herbert@212.16.62.52 1132098312 J * Medivh ck@paradise.by.the.dashboardlight.de 1132098312 J * micah micah@micha.hampshire.edu 1132098312 J * BWare ~bware@office.intouch.net 1132098312 J * Aiken ~james@tooax6-018.dialup.optusnet.com.au 1132098312 J * lilo ~lilo@lilo.usercloak.oftc.net 1132098312 J * shedi ~siggi@inferno.lhi.is 1132098312 J * Loki|muh loki@satanix.de 1132098312 J * dddd44 dhb55@218.111.178.108 1132098312 J * Johnnie ~john@acs-24-154-53-217.zoominternet.net 1132098312 J * ^Cist ~x@p54A56EBF.dip.t-dialin.net 1132098312 J * virtuoso ~s0t0na@80.253.205.251 1132098312 J * tchan ~tchan@c-67-174-18-204.hsd1.il.comcast.net 1132098312 J * monrad ~monrad@213083190130.sonofon.dk 1132098312 J * sladen paul@starsky.19inch.net 1132098312 J * cryo ~say@212.86.233.146 1132098312 J * _cereal koepi@217.20.124.153 1132098312 J * Pazzo ~Pazzo@host130-250.pool8172.interbusiness.it 1132098312 J * entroposcope ~entroposc@user-0c992og.cable.mindspring.com 1132098312 J * sebi ~sebi@Fd09f.f.strato-dslnet.de 1132098312 J * Hollow ~hollow@82.135.28.84 1132098312 J * dlippolt ~dlippolt@cpe-70-112-77-129.austin.res.rr.com 1132098313 J * Marchildon ~nicolas@dsl.speedline207.106.electronicbox.net 1132098313 J * xzu ~otto@brucester.a20.net 1132098313 J * Millox ~mattias@shienar.csbnet.se 1132098313 J * neofutur_ ~neofutur@neofutur.net 1132098313 J * meebey meebey@booster.qnetp.net 1132098313 J * logger ~rs@84.244.0.15 1132098313 J * case ~case@donpanic.faveve.uni-stuttgart.de 1132098313 J * michal_ ~michal@mprivacy-update.de 1132098313 J * eyck ~eyck@81.219.64.71 1132098313 J * harry ~harry@d515321D1.access.telenet.be 1132098313 J * flock ~restless@l192-117-111-12.broadband.actcom.net.il 1132098313 J * matti matti@linux.gentoo.pl 1132098313 J * PerlOffice ~stuart@220-253-85-202.QLD.netspace.net.au 1132098313 J * ComplexHo ~ComplexHo@cpc1-brig3-6-0-cust194.brig.cable.ntl.com 1132098313 J * Greek0 ~greek0@85.255.145.201 1132098313 J * Vudumen vudumen@perverz.hu 1132098327 J * aba ~aba@2001:a60:f006::2 1132098733 M * sizo n8