1163203685 Q * micah Remote host closed the connection 1163203836 P * stefani parting (is such sweet sorrow) 1163203886 M * Bertl okay, folks, I'm off to bed now ... have a good one everyone! 1163203893 N * Bertl Bertl_zZ 1163204259 J * micah ~micah@micah.riseup.net 1163204544 N * sebastian sebastian_Zz 1163204544 M * daniel_hozac anyone around interested in playing with the new vsched (should be able to configure the 2.1.1 scheduler just fine). 1163204555 M * daniel_hozac s/.$/?/ 1163204991 M * daniel_hozac it's in trunk now, so please play around and try to break it. 1163205006 M * daniel_hozac (and, well, see if it works at all) 1163205154 Q * yarihm Quit: Leaving 1163206190 Q * gerrit Ping timeout: 480 seconds 1163206422 M * daniel_hozac ok, what's in there right now seems to work for me. 1163207340 Q * Radiance Server closed connection 1163207352 J * Radiance c22d41fe41@193.16.154.175 1163208100 Q * rgl Quit: Fui embora 1163209440 Q * phreak`` Server closed connection 1163209455 J * phreak`` ~phreak``@styx.xnull.de 1163210316 J * Johnnie ~jdlewis@jdlewis.org 1163212065 Q * bronson Quit: Ex-Chat 1163212485 J * bronson ~bronson@66.160.177.229 1163213410 Q * Piet Quit: Piet 1163216961 Q * wenchien Server closed connection 1163216978 J * wenchien ~wenchien@59-105-176-11.adsl.static.seed.net.tw 1163218392 Q * mcp Server closed connection 1163218416 J * mcp ~hightower@wolk-project.de 1163219090 Q * bronson Quit: Ex-Chat 1163219251 J * daniel15 ~dansoftau@60-240-157-151.tpgi.com.au 1163219310 M * daniel15 Is anyone here responsible for the Linux-Vserver website? 1163219317 M * daniel15 You still have a spam problem on your Wiki... 1163219787 Q * sebastian_Zz Ping timeout: 480 seconds 1163219812 J * sebastian_Zz ~sebastian@pD957ED29.dip.t-dialin.net 1163220038 N * daniel15 Daniel15 1163220333 M * cehteh Daniel15: just remove it :) 1163220406 M * Daniel15 Yeah, I remove the spam, but bots keep adding more 1163220421 M * Daniel15 I suggest an admin (if any is here) install this: http://meta.wikimedia.org/wiki/ConfirmEdit_extension 1163220569 M * cehteh the moin wiki has a blacklist against spoam that also works nice 1163220584 M * cehteh cpatchas really sux 1163220688 M * micah especially for the blind 1163220704 M * micah (unless there is an audio link) 1163220762 M * cehteh how about deaf + blind people then? 1163220854 M * micah i dont know much about tactile I/O, but I know they exist 1163220895 M * cehteh yes .. but that wont work with audio links 1163220982 M * cehteh well this blacklist aproach works really good and stays in the back .. users adding normal content dont even notice it 1163220990 M * micah cehteh: captcha 1163220993 M * micah cehteh: err 1163220997 M * micah http://www.standards-schmandards.com/2005/captcha 1163221013 M * cehteh and the day it begins failing, one could add a bayes net to filter edits 1163221085 M * cehteh micah: captchas are bad period. 1163221116 M * micah also a simple alt-tag that says, if you cannot read this captcha, please contact email@address.here to post your comment 1163221124 M * cehteh they require extra action from legitimate users. 1163221188 M * Daniel15 I suppose the best solution to spam issues would be an Akismet plugin (akismet.com), but I'm not sure if one exists for MediaWiki 1163221214 M * Daniel15 And I'm not sure how MediaWiki's plugin architecture works, otherwise I'd write a plugin for it myself :) 1163221305 M * cehteh uhm 1163221323 M * cehteh black box spam filtering in a commercial way? 1163221378 M * Daniel15 ? 1163221381 M * cehteh i am really sure, i dont want that, not even the free version 1163221392 M * Daniel15 It works quite well on my blog 1163221414 M * cehteh sending all comments to their servers? 1163221436 M * cehteh they dont even explain how they filter 1163221446 M * Daniel15 It sends the comment to their servers, which check if it's spam and return a yes or no 1163221467 M * cehteh start a blog where you discuss sex toys and potency pills and try if it still works 1163221474 M * cehteh yes 1163221480 M * cehteh i really dislike that 1163221493 M * cehteh and i wont comment on a blog using such software 1163221516 M * Daniel15 How would you know the blog is using it? :P 1163221517 N * Bertl_zZ Bertl 1163221525 M * Daniel15 I use it on my blog: http://www.daniel15.com/blog/ 1163221534 M * Bertl hey, woke up for some reason ... 1163221545 M * cehteh morning Bertl ;) 1163221557 M * Bertl hmm .. spam hitting the wiki? 1163221565 M * Daniel15 Yeah :P 1163221569 M * Daniel15 It's OK, it's gone now ;) 1163221608 M * Daniel15 I did my usual "Go through the Recent Changes page and check for spam" thing I do every so often 1163221612 M * micah Bertl could smell the spam hitting the wiki, thought it was a fire and woke up 1163221620 M * Bertl we have a constantly updated blacklist (automatic) 1163221630 M * cehteh Daniel15: yes if you dont tell that you use it i cant know ... but i still really dislike that 1163221646 M * Bertl thing is, some stuff always comes through, especially from the bots 1163221684 M * cehteh Bertl: the moinmoin team has a distributed blacklist .. maybe you fetch that one .. thats mantained by 1000's of worker bees 1163221714 M * cehteh http://moinmoin.wikiwikiweb.de/BadContent 1163221782 M * Bertl yeah, we will suggest that to Hollow, who maintains the wiki 1163221819 M * cehteh ok 1163221949 A * cehteh would like a 'revert spam' (not just revert) feature which autmatically trains a bayes net with the revision changes which introduced the spam 1163221963 M * Bertl Daniel15: seems you are constantly cleaning up certain pages 1163222119 M * Daniel15 Yeah, it seems like spam bots target pages like http://linux-vserver.org/Mailman/listinfo/, and the Talk:Welcome_to_Linux-VServer.org page 1163222144 M * Bertl yeah, saw that, removed the listinfo page 1163222198 M * Daniel15 Hey, does anyone know if there's much difference between the '2.6.16-2-vserver-686' kernel, and the 2.6.17+2 version of the same kernel (both Debian packages)? 1163222202 M * Bertl please talk to hollow he should be able to revamp your wiki power when you want to keep an eye on those pages 1163222238 M * Daniel15 I'm currently using the 2.6.16-2-vserver-686 kernel, and ran aptitude update, and I saw a new kernel version was available 1163222241 M * Daniel15 @Bertl: Thanks :) 1163222244 M * Bertl personally, I'd opt for the recent 2.6.18 packages 1163222282 M * Daniel15 As far as I can see, the only package available in the Debian repositories is the 2.6.17 version (these are the precompiled kernels, I'm not compiling them myself) 1163222308 M * Bertl no, 2.6.18-2? IIRC should be there too 1163222328 M * Bertl guess in testing/unstable 1163222333 M * Daniel15 OK, just running apt-get update now, I'll check once that's done 1163222376 M * Daniel15 Is there any large difference between them, or is it mainly kernel bug fixes, etc.? 1163222381 M * Bertl but basically if you do not miss any features and/or encounter any issues, all is fine 1163222403 M * Bertl I have absolutely no idea on what mainstream patch the debian kernels are based 1163222417 M * Bertl i.e. the _name_ does not tell the vserver patch version 1163222448 M * Bertl if you figure, e.g. 2.6.16-2 is actually 2.6.15-vs2.0.1something 1163222464 M * Bertl then I can tell you the differences between two of them 1163222680 M * Daniel15 Hmm... The newest one in testing is 2.6.17-9 1163222690 M * Daniel15 And I have no idea what vserver patch version they're using 1163222713 M * Daniel15 All these kernel packages are confusing :P 1163222758 M * Bertl I totally agree, would really appreciate they'd mention the patch version somewhere 1163222783 M * Daniel15 Is there any way to find the patch version? 1163222794 M * Daniel15 Can any of the vserver utilites get the version number somehow? 1163222823 M * Bertl not really, it's coded into the kernel name (usually) but that is removed by debian folks 1163222864 M * Bertl OTOH it's probably better they change the name, otherwise we would have even more confusion 1163222997 M * Bertl maybe this helps? http://ftp.riken.go.jp/pub/Linux/debian/debian/pool/main/l/linux-2.6/ 1163223064 M * Bertl or this: http://kernel-archive.buildserver.net/debian-kernel/pool/main/l/linux-2.6/ 1163224472 J * besonen__ ~besonen@dsl-db.pacinfo.com 1163224770 Q * besonen_ Ping timeout: 480 seconds 1163226362 M * Bertl okay, guess I'm off to bed again .. cya! 1163226368 N * Bertl Bertl_zZ 1163228074 J * bronson ~bronson@c-71-198-75-160.hsd1.ca.comcast.net 1163228673 Q * Aiken Quit: Leaving 1163228831 J * Aiken ~james@tooax6-169.dialup.optusnet.com.au 1163229584 Q * derjohn2 Ping timeout: 480 seconds 1163229622 J * derjohn2 ~aj@dslb-084-058-211-063.pools.arcor-ip.net 1163231684 Q * Daniel15 Quit: Timeout 1163232776 Q * Aiken Quit: Leaving 1163232784 Q * ||Cobra|| Server closed connection 1163232795 J * ||Cobra|| ~cob@pc-csa01.science.uva.nl 1163232986 Q * Hollow Server closed connection 1163232997 J * Hollow ~hollow@styx.xnull.de 1163234781 J * Aiken ~james@tooax6-169.dialup.optusnet.com.au 1163235649 J * dna_ ~naucki@130-204-dsl.kielnet.net 1163235896 J * DavidS ~david@chello062178045213.16.11.tuwien.teleweb.at 1163237015 Q * Skram charon.oftc.net oxygen.oftc.net 1163237015 Q * Loki|muh charon.oftc.net oxygen.oftc.net 1163237015 Q * brcc charon.oftc.net oxygen.oftc.net 1163237015 Q * Borg- charon.oftc.net oxygen.oftc.net 1163237015 Q * mugwump charon.oftc.net oxygen.oftc.net 1163237015 Q * anonc charon.oftc.net oxygen.oftc.net 1163237015 Q * ex charon.oftc.net oxygen.oftc.net 1163237015 Q * almak charon.oftc.net oxygen.oftc.net 1163237015 Q * bragon charon.oftc.net oxygen.oftc.net 1163237015 Q * trippeh charon.oftc.net oxygen.oftc.net 1163237015 Q * [PUPPETS]Gonzo charon.oftc.net oxygen.oftc.net 1163237015 Q * Greek0 charon.oftc.net oxygen.oftc.net 1163237015 Q * nebuchadnezzar charon.oftc.net oxygen.oftc.net 1163237015 Q * borgfish charon.oftc.net oxygen.oftc.net 1163237015 Q * nayco_work charon.oftc.net oxygen.oftc.net 1163237015 Q * Medivh charon.oftc.net oxygen.oftc.net 1163237015 Q * node charon.oftc.net oxygen.oftc.net 1163237015 Q * ntrs_ charon.oftc.net oxygen.oftc.net 1163237015 Q * Dimmu charon.oftc.net oxygen.oftc.net 1163237015 Q * daniel_hozac charon.oftc.net oxygen.oftc.net 1163237015 Q * cehteh charon.oftc.net oxygen.oftc.net 1163237015 Q * neuralis charon.oftc.net oxygen.oftc.net 1163237113 J * Skram ~mark@HERCULES.sentiensystems.net 1163237113 J * trippeh atomt@x.vx.no 1163237113 J * almak ~almak@willers.employees.org 1163237113 J * ex ex@81.219.196.129 1163237113 J * anonc ~anonc@staffnet.internode.com.au 1163237113 J * mugwump ~samv@watts.utsl.gen.nz 1163237113 J * nebuchadnezzar ~nebu@zion.asgardr.info 1163237113 J * Borg- borg@cube.benet.uu3.net 1163237113 J * Greek0 ~greek0@85.255.145.201 1163237113 J * [PUPPETS]Gonzo arrakaij@langweiligneutral.deswahnsinns.de 1163237113 J * brcc bruce@i.am.someasshole.com 1163237113 J * bragon ~weechat@sd866.sivit.org 1163237113 J * Loki|muh loki@satanix.de 1163237176 J * borgfish ~bla@141.12.9.118 1163237176 J * nayco_work ~nayco@proxy2.laroche.univ-nantes.fr 1163237176 J * Medivh ck@paradise.by.the.dashboardlight.de 1163237176 J * node ~dwindsor@stanford.columbia.tresys.com 1163237176 J * ntrs_ ~ntrs@68-188-55-120.dhcp.stls.mo.charter.com 1163237176 J * Dimmu cliff@dropkick.oisec.net 1163237176 J * cehteh ~ct@pipapo.org 1163237176 J * daniel_hozac ~daniel@c-2c1472d5.010-230-73746f22.cust.bredbandsbolaget.se 1163237176 J * neuralis ~krstic@solarsail.hcs.harvard.edu 1163237923 J * meandtheshell ~markus@85-124-37-1.dynamic.xdsl-line.inode.at 1163239876 Q * derjohn2 Quit: Verlassend 1163240217 J * bonbons ~bonbons@83.222.36.93 1163244541 N * Bertl_zZ Bertl_oO 1163245245 Q * Aiken Ping timeout: 480 seconds 1163245510 Q * Skram Server closed connection 1163245511 J * Skram ~mark@HERCULES.sentiensystems.net 1163246722 N * sebastian_Zz sebastian 1163246734 M * sebastian good morning folks 1163246829 M * sebastian and bb in some hours :) cya 1163246832 Q * sebastian 1163246915 J * dna___ ~naucki@130-204-dsl.kielnet.net 1163247305 Q * dna_ Ping timeout: 480 seconds 1163248013 Q * borgfish Server closed connection 1163249029 J * Piet hiddenserv@tor.noreply.org 1163249687 J * kugg kugg@illvilja.org 1163251382 M * kugg Hi Im using 2.6.17.13-grsec2.1.9-vs2.0.2.1 and I have removed chroot security option for some experiomenting, even though Ive dine this I can still not for instance mount inside my guest system nor create devices and so on. Any ideas what Ive done to deserve this? 1163251414 M * daniel_hozac uh, you're using vserver? 1163251433 M * kugg yeoo vs2.0.2.1 1163251435 M * daniel_hozac if guests had the ability to create device nodes, you're screwed. 1163251443 M * kugg true 1163251455 M * daniel_hozac and mounts can cause the kernel to stall. 1163251479 M * kugg oh so its disabled in vserver then? 1163251508 M * daniel_hozac yes, of course. 1163251544 M * kugg Allrigt so then I'll just mount from the host then. 1163251614 M * doener kugg: not that namespaces are in use 1163251628 M * doener http://oldwiki.linux-vserver.org/Namespaces 1163251673 M * kugg Huh I'll heck it out. 1163251992 J * sebastian ~sebastian@p54A96456.dip.t-dialin.net 1163252489 M * Hollow that sucks .. http://www.heise.de/newsticker/meldung/80876 (german only) 1163252496 M * Hollow they did not publish our announcement 1163252529 M * Hollow though they're both devel releases 1163252740 M * kugg Thanks for the help guys! 1163253554 Q * nayco_work Server closed connection 1163253566 J * nayco_work ~nayco@proxy2.laroche.univ-nantes.fr 1163254038 Q * Piet Remote host closed the connection 1163254101 M * cehteh Hollow: ping 1163254109 M * Hollow cehteh: pong 1163254113 M * cehteh ping 1163254125 M * Hollow pong 1163254126 M * Hollow :) 1163254132 M * cehteh hehe 1163254135 A * phreak`` pokes Hollow and cehteh 1163254142 M * Hollow uh 1163254148 M * Hollow lazy b* 1163254149 M * Hollow :) 1163254152 M * cehteh did you read the backlog about antospam for the wiki? 1163254162 M * Hollow no? 1163254163 M * cehteh antispam 1163254178 M * Hollow i'm currently reading idle time explanations from february irc logs :P 1163254183 M * cehteh the moinmoin wiki maintains a blacklist 1163254188 M * Hollow we do to 1163254213 M * cehteh yes .. but it is maintained by 10000 worker bees :) 1163254226 M * cehteh so maybe you want to integrate theirs into ours 1163254290 M * Hollow yeah, if it helps.. i already use two big lists 1163254400 M * cehteh http://moinmoin.wikiwikiweb.de/BadContent 1163254435 J * comfrey ~comfrey@194.158.46.141 1163254479 M * cehteh moinmoin work the way that there is a centralised big list (that one above) whcih is not edited normally (and wikis update it from the moinmaster) and a LocalBadContent wich is personal to each wiki 1163254518 M * cehteh uf you find new spam you add it to the moinmaster's LocalBadContent and the admins will review it and put it on the global list if it is reasonable 1163254552 M * cehteh that way works quite good ... except that my wiki got spamed right now :( (first time since years) 1163254625 M * Hollow yeah, works quite the same in mediawiki 1163254630 M * Hollow but will add that list too 1163255197 Q * comfrey Quit: Lost terminal 1163255893 J * comfrey ~comfrey@194.158.46.141 1163256549 Q * Loki|muh oxygen.oftc.net osmosis.oftc.net 1163256549 Q * brcc oxygen.oftc.net osmosis.oftc.net 1163256549 Q * Borg- oxygen.oftc.net osmosis.oftc.net 1163256549 Q * mugwump oxygen.oftc.net osmosis.oftc.net 1163256549 Q * anonc oxygen.oftc.net osmosis.oftc.net 1163256549 Q * ex oxygen.oftc.net osmosis.oftc.net 1163256549 Q * almak oxygen.oftc.net osmosis.oftc.net 1163256549 Q * bragon oxygen.oftc.net osmosis.oftc.net 1163256549 Q * trippeh oxygen.oftc.net osmosis.oftc.net 1163256549 Q * [PUPPETS]Gonzo oxygen.oftc.net osmosis.oftc.net 1163256549 Q * Greek0 oxygen.oftc.net osmosis.oftc.net 1163256549 Q * nebuchadnezzar oxygen.oftc.net osmosis.oftc.net 1163256626 J * trippeh atomt@x.vx.no 1163256626 J * almak ~almak@willers.employees.org 1163256626 J * ex ex@81.219.196.129 1163256626 J * anonc ~anonc@staffnet.internode.com.au 1163256626 J * mugwump ~samv@watts.utsl.gen.nz 1163256626 J * nebuchadnezzar ~nebu@zion.asgardr.info 1163256626 J * Borg- borg@cube.benet.uu3.net 1163256626 J * Greek0 ~greek0@85.255.145.201 1163256626 J * [PUPPETS]Gonzo arrakaij@langweiligneutral.deswahnsinns.de 1163256626 J * brcc bruce@i.am.someasshole.com 1163256626 J * Loki|muh loki@satanix.de 1163256626 J * bragon ~weechat@sd866.sivit.org 1163256914 Q * daniel_hozac helium.oftc.net oxygen.oftc.net 1163256914 Q * cehteh helium.oftc.net oxygen.oftc.net 1163256914 Q * Dimmu helium.oftc.net oxygen.oftc.net 1163256914 Q * ntrs_ helium.oftc.net oxygen.oftc.net 1163256914 Q * node helium.oftc.net oxygen.oftc.net 1163256914 Q * Medivh helium.oftc.net oxygen.oftc.net 1163256914 Q * neuralis helium.oftc.net oxygen.oftc.net 1163257025 N * sebastian sebastian_eu 1163257060 J * Piet hiddenserv@tor.noreply.org 1163257158 J * Medivh ck@paradise.by.the.dashboardlight.de 1163257158 J * node ~dwindsor@stanford.columbia.tresys.com 1163257158 J * ntrs_ ~ntrs@68-188-55-120.dhcp.stls.mo.charter.com 1163257158 J * Dimmu cliff@dropkick.oisec.net 1163257158 J * cehteh ~ct@pipapo.org 1163257158 J * daniel_hozac ~daniel@c-2c1472d5.010-230-73746f22.cust.bredbandsbolaget.se 1163257158 J * neuralis ~krstic@solarsail.hcs.harvard.edu 1163257163 J * Steph ~thorsten@c186153.adsl.hansenet.de 1163257215 A * Steph says hello! 1163257275 M * Steph is anybody of the vserver team online? 1163257508 Q * sebastian_eu Ping timeout: 480 seconds 1163257608 J * sebastian_eu ~sebastian@p54A94F56.dip.t-dialin.net 1163257799 M * bonbons Steph: just ask your question, the one who knows will answer whenever he reads the question 1163257978 M * Steph i would like to use fuse inside of one of my vguests. i compiled/loaded the kernel module in the server. sshfs works on the server. on guests all i get is "fusermount: mount failed: Operation not permitted". do i need special caps on my guests to use fuse? 1163258242 M * bonbons What caps does your guest have? At what point does it fail when mounting the sshfs? 1163258522 M * Steph how can i found which caps are set? 1163258564 M * Steph for the given guest no extra caps are set in the config 1163258630 M * Steph sshfs: it asks for the password and then fails with the given error msg. i used -d and -ossh_debug options, but no extra info was given 1163258712 M * cehteh you would say you need capabilities to mount things ... 1163258731 M * cehteh but you can try to start sshfs under strace 1163258756 M * Steph gimme 1 min, will try 1163258809 M * cehteh i only tried the opposite sshfs mount a vserver on my laptop .. but not sshfs inside a vserver 1163258854 M * cehteh strace will tell you more 1163258871 M * cehteh strace -o log -f sshfs ..... 1163258980 M * cehteh be careful that the log might contain confidental data (password etc..) 1163259044 M * Steph yup. got the log. its a little bit lengthy... ;) 1163259093 Q * comfrey Ping timeout: 480 seconds 1163259118 M * Steph the problem seems to be call to mount: mount("sshfs#tho.. 1163259148 M * Steph it returns: -1 EPERM (Operation not permitted) 1163259245 M * cehteh ok .. try to start the vserver with CAP_SYS_ADMIN ...thats a bad solution and only a test 1163259266 M * cehteh you called sshfs manually, not from fstab? 1163259303 M * cehteh i dont really know how permission checks are handled in vserver ... (are user mounts allowed .. maybe not) 1163259316 M * Steph i called it from the command line with mounttarget and mountpoint 1163259392 M * cehteh yeah vserver likely disables all kinds of mounts in the guest .. Bertl prolly knows more 1163259467 M * bonbons from my knowledge, there are two vserver guest caps (guest caps) that allow some limited mounting for the guests 1163259500 M * Steph i will take a look at the iki 1163259529 A * cehteh never mounted stuff from a guest, i cant tell 1163259546 M * Steph i wanted to use fuse to avoid cap_sys_admin due to the security problems 1163259569 M * Steph (in opposite to "normal" mounts" 1163259572 M * Steph ) 1163259759 M * daniel_hozac mounts of any kind are potential security problems. 1163259803 M * bonbons one of those caps is VXC_SECURE_MOUNT, the other one is VXC_BINARY_MOUNT 1163259849 M * Steph where do i have to put them bcaps or ccaps? 1163259858 M * daniel_hozac ccapabilities. 1163261609 M * Steph hm. i tried from ccaps: secure_mount/remount, binary_mount. no success. nevertheless it works with bcap SYS_ADMIN. 1163261760 M * bonbons then there is no direct support yet for fuse, at least I've found no reference to it in vserver patch... 1163262061 M * Steph i am using the stable branch. so chances to make this work without SYS_ADMIN seems to be quite low for me. anyway, thanks 4 u help! 1163262186 M * bonbons np, if you want it you may either write the patch, or push someone to do so 1163262373 M * Steph ;) yup. but i have no c coding skills. i will think about it. 1163262681 J * m4z_ m4z@bastard-operator.from-hell.net 1163262681 Q * m4z Read error: Connection reset by peer 1163262684 N * m4z_ m4z 1163262743 M * Skram m4z: nice rdns 1163262808 Q * Hollow Read error: Connection reset by peer 1163262853 J * Hollow ~hollow@styx.xnull.de 1163262898 Q * phreak`` Remote host closed the connection 1163263389 J * phreak`` ~phreak``@styx.xnull.de 1163263524 Q * Steph Remote host closed the connection 1163263848 J * gerrit ~gerrit@c-67-160-146-170.hsd1.or.comcast.net 1163264641 N * Bertl_oO Bertl 1163264648 M * Bertl evening folks 1163264839 J * Steph ~thorsten@c186153.adsl.hansenet.de 1163264845 Q * Steph 1163265715 Q * FireEgl Ping timeout: 480 seconds 1163266535 M * nebuchadnezzar hi 1163266823 M * daniel_hozac hello 1163266986 M * sid3windr Skram: he stole mine :p 1163266998 M * sid3windr hmm, but mine seems bork :) 1163267013 M * sid3windr 163.166.160.195.in-addr.arpa domain name pointer bastard-operator.from-hell.be. 1163267013 M * sid3windr ;-) 1163268001 M * FaUl mh 195.160.166? i have 105.160.168.0/23 ;-) 1163268008 M * FaUl 195.160.168.0 even 1163268074 M * Skram :) 1163268092 M * FaUl so we are some kind of neighbours ;-) 1163268105 M * Skram right on 1163268123 M * Skram bofh.net 1163268123 M * Skram heh 1163268995 J * adamm ~adamm@polaris.galacticasoftware.com 1163269005 M * Bertl welcome adamm! 1163269067 M * adamm Is it possible to setup vserver to allow some /proc files to be visible in context X but not in other contexts? 1163269100 M * Bertl in theory yes, which files do you want to differentiate 1163269126 M * adamm /proc/mtrr and /proc/bus/* :) 1163269147 M * Bertl hmm, what do you need them for in a guest? 1163269160 M * adamm I want to run xserver 1163269198 M * adamm with Mythtv. I want to split it from the main one because of non-standard packages. And chroot is more messy to maintain. 1163269220 M * Bertl well, there is a project called moreubuntu which does that (obviously with ubuntu :) 1163269248 M * Bertl i.e. it runs different X servers with keyboard and mouse in different guests 1163269251 M * adamm I tried assigning context 1, but that didn't work. 1163269268 M * Bertl not quite unexpected, 1 is the so called spectator context 1163269269 M * adamm ubuntu is like Debian which is what I run. 1163269272 M * Skram we may use MoreUbuntu at school 1163269275 M * Skram it'll be cool 1163269310 M * adamm I was looking at the moreubuntu, it is just a config which doesn't address my problem http://oldwiki.linux-vserver.org/MoreUbuntu 1163269320 M * adamm it unhides /proc files to all contexts 1163269334 M * adamm How can I do that with only one context? 1163269428 M * Bertl yes, it is not implemented yet to do that 1163269486 M * adamm Hmmm, ok. I guess I could live with unhidding these files to all vservers. After all, it is not a public machine just my local box... 1163269491 M * Bertl but basically everything you need to unhide certain entries for a single guest is there 1163269516 M * adamm Since guest or all guests? 1163269518 M * Bertl i.e. would not require more than a little hacking/improvement 1163269548 M * Bertl for a single guest, the spectator and the admin context, independantly controllable 1163269593 M * Bertl as I said, basicalloy all is in place for that to work, it's just not there because nobody needed it (until now :) 1163269633 M * adamm ohh!!! /etc/vservers/.defaults/apps/vprocunhide 1163269702 M * adamm maybe that will work. 1163269725 M * adamm oh right. That's for all... blah. 1163269843 M * Bertl but running X (with hardware access) inside adds some insecurity anyways 1163269859 M * Bertl i.e. X requires much more than just proc access 1163269877 M * Bertl typically it messes with pci space and I/O ports 1163269925 Q * hardwire Ping timeout: 480 seconds 1163269988 M * adamm Yes, yes it does. The issue here is not about security. It is about usability. The assumtion would be that X running vserver is a trusted environment, while an apache running one is not. And both could be on the same machine. 1163270024 M * adamm Unhiding some proc entries may not be a good thing for the apache running vserver while it is ok for the x running vserver. 1163270048 M * Bertl ah, i.c. your problem there 1163270085 Q * doener Quit: Lost terminal 1163270107 M * Bertl well, a trivial 'hack' here would be to simply modify the visibility checks to allow access in a single 'fixed' context 1163270132 M * Bertl (e.g. 666) and use that for X11 1163270149 M * adamm Maybe instead of having the vprocunhide in .defaults/apps it could be moved to /apps.. 1163270153 J * doener ~doener@host.magicwars.de 1163270157 M * adamm Yes, single context is good too 1163270185 M * Bertl what kernel/patches do you plan to use? 1163270193 M * adamm For me at least. Moving the unhide config file is more flexible. 1163270211 M * adamm I just use the Debian vserver package (2.6.18-2-vserver-k7) 1163270215 M * Bertl yeah, just the problem there is that it would make the in kernel data explode :) 1163270239 M * Bertl now we have a mask for each proc entry which controls visibility with 3 flags 1163270269 M * Bertl when you make that per context, you have N*3 flags where N is the number of contexts 1163270287 M * Bertl and that for each proc entry ... 1163270308 M * adamm How about 4 flags - one flag indicates that the file is special and should be looked up in a linked list or something. 1163270315 M * adamm Then you have N*3 for special files only. 1163270321 M * adamm like /proc/mtrr 1163270442 J * Wonka produziert@chaos.in-kiel.de 1163270447 M * Bertl feel free to submit a patch :) 1163270449 M * adamm Or, 3 flags and a pointer to link list with contexts that have the file visible in different state than default. For example, default has it invisible, then the link list, if not null, would have the list of all context where file is visible. 1163270592 M * adamm That would only add one boolean comparison per file if file has default visibility in all contexts... Maybe a sorted list would be better... :) 1163270722 M * Bertl looking forward to your patch 1163270751 M * adamm I'll have to add that to a very long TODO list... 1163270814 M * Wonka re 1163270822 M * Wonka back from repairing my vserver. 1163270829 M * Wonka some weird ext3 error... 1163270836 M * adamm hmm. if /context is empty file, vserver doesn't start... If it is an empty line, it does.. 1163270882 Q * doener Quit: brb 1163270942 M * daniel_hozac why would you want it empty in the first place? 1163270946 M * daniel_hozac you should use static xids. 1163270968 M * adamm why would I want to use static xids? 1163270979 J * trash ~trash@databerlin.org 1163271005 M * daniel_hozac because dynamic ones are going away. 1163271027 M * trash hiho, are 2.0.2 vserver compatible to 2.1 or higher? 1163271034 M * daniel_hozac what do you mean? 1163271078 M * daniel_hozac all of the APIs in 2.0.2 are present in 2.1.1. a lot of them will be dropped from 2.2.0+. 1163271080 M * trash I'm running a host with 2.0.2 patches. I want to setup a new server and also upgrade to 2.1 1163271098 M * daniel_hozac as long as you configure it in a similar way, you shouldn't even notice it. 1163271102 J * doener ~doener@host.magicwars.de 1163271103 M * trash ah, so it shouldn't be a problem. 1163271123 M * trash thank you. 1163271197 M * daniel_hozac so what killer feature of 2.1.1 are you after? :) 1163271272 M * trash well, I setup a whole new server (even hardware). so why shouldn't I take the newest version? ;) 1163271319 Q * doener Read error: Connection reset by peer 1163271333 Q * sebastian_eu Ping timeout: 480 seconds 1163271364 J * sebastian_eu ~sebastian@p54A94F56.dip.t-dialin.net 1163271404 J * doener ~doener@host.magicwars.de 1163271492 M * trash or are there some serious bugs with 2.1? 1163271510 M * daniel_hozac wouldn't we have fixed them already if we knew about them? :) 1163272072 N * sebastian_eu sebastian 1163272691 M * daniel_hozac Bertl: could you refresh my memory about the priority bias for the scheduler? what does it do, and when does it do it? 1163272765 Q * mnemoc Ping timeout: 480 seconds 1163272822 M * Bertl the priority is calculated accroding to normal linux rules, adjusted with the prio scheduler according to the TB level (if priority scheduling is activated) and the bias is added to the result 1163272837 M * daniel_hozac ok, so the bias is always used. 1163272846 M * Bertl this allows to give guests and advantage over others by raising the priority 1163272888 M * Bertl I think we made it unconditional, but it might be tied to the hard cpu scheduler being selected and/or priority scheduler being activated 1163272905 M * Bertl give me a few seconds to check that 1163273094 J * tebe ~tebe@190.38.104.174 1163273104 M * Bertl welcome tebe! 1163273127 M * daniel_hozac we call it "advancing idle time", right? 1163273127 M * tebe hola alguien habla español?? 1163273156 M * Bertl non habla espanol :) english :) 1163273169 M * tebe a have a problem 1163273187 M * Bertl go ahead! 1163273212 M * tebe is very dificul 1163273257 J * dna_ ~naucki@130-204-dsl.kielnet.net 1163273259 M * tebe bot i not espeak english good 1163273329 M * Bertl np, if we (or you) do not understand, we rephrase 1163273329 M * tebe i have a modher board asus a8m-vn 1163273386 M * Bertl okay 1163273399 M * tebe and not run the sound and red in debian 1163273425 M * Bertl hmm, I telling from that, you are looking for a different channel 1163273439 M * tebe yes 1163273459 M * Bertl have you tried #debian or so? 1163273512 M * tebe what is "tried"" i'not understand 1163273520 M * Bertl sec 1163273536 J * mnemoc ~amery@kilo105.server4you.de 1163273547 M * tebe a have 2 so 1163273579 M * tebe windows and debian intalig in my computer 1163273622 M * tebe in windows it's ok 1163273634 M * Bertl please wait a moment 1163273639 M * tebe ok 1163273695 M * Bertl ah, found it, please try: /server irc.debian.org and then /join #debian 1163273700 Q * dna___ Ping timeout: 480 seconds 1163273718 M * daniel_hozac Bertl: http://people.linux-vserver.org/~dhozac/p/uv/experimental/configuration.html#global-fill-rate anything you'd like different? 1163273718 M * Bertl I'm sure they can help you more than we can 1163274022 T * * http://linux-vserver.org/ <- new and shiny | latest stable 2.02.1, exp 2.02.2-rc6, devel 2.1.1, 2.2.0-pre2, stable+grsec 2.0.2.1, devel+grsec 2.1.1 | util-vserver-0.30.211 | libvserver-1.0.2 & vserver-utils-1.0.3 | He who asks a question is a fool for a minute; he who doesn't ask is a fool for a lifetime -- share the gained knowledge on the iki, and we'll forget about the minute ;) 1163274022 T * Bertl - 1163274033 J * sladen paul@starsky.19inch.net 1163274039 J * AndrewLee ~andrew@tnlug.linux.org.tw 1163274043 Q * sebastian Ping timeout: 480 seconds 1163274054 J * gdm ~gdm@www.iteration.org 1163274054 J * harry ~harry@d54C2508C.access.telenet.be 1163274057 J * FaUl immo@shell.chaostreff-dortmund.de 1163274059 M * Bertl note, the prio bias can be negative too, but it is within some range (have to check that), also the explanation sounds weird 1163274062 J * bonbons ~bonbons@83.222.36.93 1163274062 J * bronson ~bronson@c-71-198-75-160.hsd1.ca.comcast.net 1163274062 J * vasko ~vasko@unreal.rainside.sk 1163274062 J * kir ~kir@swsoft-mipt-nat.sw.ru 1163274062 J * pusling pusling@195.215.29.124 1163274062 J * mire ~mire@136-167-222-85.adsl.verat.net 1163274062 J * SNy f7643bc1ab@bmx-chemnitz.de 1163274062 J * kevinp ~kevinp@ny.webpipe.net 1163274062 J * waldi ~waldi@bblank.thinkmo.de 1163274062 J * Zaki ~Zaki@88.213.43.2 1163274062 J * Vudumen 40b5d46da6@perverz.hu 1163274062 Q * SNy Remote host closed the connection 1163274068 J * SNy 5246479b39@bmx-chemnitz.de 1163274074 Q * tebe Quit: http://www.esdebian.org 1163274077 M * daniel_hozac yeah, i'm really not happy with the priority-bias description. 1163274079 Q * Vudumen Remote host closed the connection 1163274080 J * sebastian ~sebastian@p54A94F56.dip.t-dialin.net 1163274091 J * Vudumen 30d4c074b0@perverz.hu 1163274102 M * daniel_hozac got anything better in mind? 1163274116 M * Bertl give me a second, still searching for the relevant code :) 1163274144 M * daniel_hozac include/linux/vs_sched.h:vx_adjust_prio 1163274149 M * daniel_hozac AFAICT. 1163274159 M * Bertl ah, I knew I did hide it somewhere :) 1163274214 M * Bertl I wonder why cscope can't find it 1163274247 M * Bertl ah, because it has two different names 1163274255 M * Bertl prio_bias vs priority_bias 1163274291 M * Bertl yeah, the bias is added unconditionally with or without hardcpu or prio scheduling enabled 1163274299 M * Bertl well, maybe something like this: 1163274420 M * Bertl priority-bias: bias added to each priority assigned within a guest (result is clamped to -20/+19) 1163274439 M * Bertl maybe s/assigned/calculated/ 1163274610 M * daniel_hozac Bias added to priorities calculated within the guest (result is clamped to -20/+19)? 1163274611 Q * Johnnie Remote host closed the connection 1163274620 M * Bertl perfect 1163274625 M * daniel_hozac ok, thank you. 1163274632 M * Bertl np 1163274655 M * daniel_hozac on to the networking parts now then :) 1163274725 M * Bertl ah, good point 1163274746 M * Bertl let me ask a few stupid questions regarding future networking setup 1163274754 M * daniel_hozac ok 1163274780 M * Bertl but first, the concept I have in mind for the bind/collision checks 1163274821 M * Bertl let's assume, we have a 'function' deciding if an ipv4/6 address is part of a guest 1163274842 M * Bertl let's further assume all collision/visibility checks are based on that one 1163274897 M * Bertl I'd like to 'build' the rules for the checks in a simple, but powerful way, which should be explicit to userspace 1163274940 M * Bertl the basic building block would be a 'match block' which can hold an address plus a mask and a few flags 1163274971 M * daniel_hozac flags? what for? 1163274972 M * Bertl with two results (like an if/then/else) for match and no match 1163275006 M * Bertl the flags control how the match is done 1163275022 M * Bertl e.g. inversion, range, limit, mask 1163275026 M * daniel_hozac ah, right. 1163275061 M * Bertl now, I'd like userspace to be able to manipulate those match blocks 1163275077 M * Bertl without breaking back compatibility completely 1163275092 M * Bertl and I think I figured a good way to do so 1163275115 M * Bertl the current interfaces are (please correct me if I'm wrong) 1163275130 M * Bertl - set N ips (atomic, legacy) 1163275151 M * Bertl - add (up to 4) ips (new) 1163275162 M * Bertl - remove (currently one?) ip 1163275181 M * Bertl - remove (up to 4 ipv4 ips) 1163275208 M * daniel_hozac is IP removal implemented yet? 1163275208 M * Bertl that's it, aside for the flags on the network context 1163275224 M * Bertl yes, that should work under certain circumstances 1163275244 M * daniel_hozac hmm, not in 2.1.1 at least. 1163275253 M * daniel_hozac bonbons' patch adds that though. 1163275277 M * daniel_hozac on 2.1.1 you can just remove all the IP addresses. 1163275289 M * Bertl okay, np 1163275305 M * Bertl I think we can easily map that to the match blocks 1163275321 M * Bertl by adding (with the add command) single ip matches 1163275346 M * Bertl and by removing those single ip matches when requested 1163275371 M * Bertl the legacy interface is not an issue, we'll simply drop it :) 1163275375 M * daniel_hozac sure. 1163275376 M * daniel_hozac hehe. 1163275397 M * Bertl so, what the new interface needs is a way to prepare the matching structure 1163275422 M * Bertl and I thought the easiest way would be to allow userspace the following commands 1163275445 M * Bertl - instantiate a match block (gets: values, returns: handle) 1163275471 M * Bertl - connect two match blocks (gets: handle1, handle2, yes/no) 1163275507 M * Bertl - remove a match block (gets: handle, yes/no (parent)) 1163275525 M * daniel_hozac what exactly is a match block? struct { address, mask, flags }? 1163275545 M * Bertl from userspace, you see the 'values' 1163275551 M * Bertl which would be: 1163275590 M * Bertl - one address ipv4 or ipv6 (different commands) 1163275606 M * Bertl - second address or mask (ipv4 or ipv6) 1163275628 M * Bertl - type and flags 1163275643 M * daniel_hozac what would connect do? 1163275647 M * Bertl maybe we should simply use 2 adresses + mask for the interface 1163275676 M * daniel_hozac struct { address1; union { address2; mask; }; type; flags; }? 1163275681 M * Bertl the conenct combines two blocks by attaching one block to the YES or NO edge of the other 1163275697 M * daniel_hozac ah, so it's about building a binary tree? 1163275703 M * Bertl daniel_hozac: either that or adress1, adress2, mask 1163275716 M * daniel_hozac in which case would we want all three? 1163275722 M * bonbons Bertl: what would addr1, addr2, mask mean? 1163275748 M * Bertl daniel_hozac: yep, you basically build the tree, and then attach it to the context as 'atomic' operation 1163275765 M * daniel_hozac ok. 1163275787 M * Bertl bonbons: the 'meaning' of those depends on the type and flags 1163275823 M * bonbons for what case would 2 addresses and a mask be useful? 1163275849 M * Bertl basically the blocks do not need to be destroyed, but I think we should add a command to explicitely purge one or all of them 1163275860 M * Bertl bonbons: well, for exsample a 'masked' range 1163275867 M * Bertl -s 1163275907 M * Bertl bonbons: doesn't mean that we really want/need that, but there is no point in reducing the user interface 1163275909 M * bonbons mask range... isn't that a normal range + mask on the Yes/No branch? 1163275937 M * Bertl yes, of course it could be decomposed 1163275962 M * Bertl but no point in walking the tree if we have a single, efficient check (but it was just an example) 1163275988 M * Bertl if we figure, all we need is 2 addresses or 1 addr and 1 mask# 1163275994 M * Bertl that is fine with me too ... 1163276010 M * daniel_hozac would save us 128 bits per structure :) 1163276059 M * Bertl we'll use slabs for the nodes, two different slabs actually 1163276074 M * daniel_hozac slabs? 1163276085 M * Bertl this will keep fragmentation low and avoid special casing and cache misses 1163276087 M * bonbons in my eyes 2 addr or 1 addr + 1 mask would be sufficient... 1163276098 M * Bertl bonbons: np 1163276108 M * Bertl i.e. implementation details :) 1163276138 M * Bertl the life span of those 'match blocks' is basically the life span of the network context 1163276148 M * Bertl i.e. they get auto disposed on exit 1163276162 M * daniel_hozac makes sense. 1163276175 M * Bertl a call to get rid of unused blocks seems useful to me 1163276187 M * daniel_hozac shouldn't they be gotten rid of automatically? 1163276191 M * daniel_hozac or what do you mean by unused? 1163276194 M * bonbons regarding the trees, would they be marked as 'frozen' once associated to a context? 1163276197 M * Bertl if userspace decides to dynamically adjust the tree 1163276224 M * Bertl we cannot release blocks immediately when unused, otherwise you could not connect them 1163276246 M * Bertl would require special 'tie' nodes and additional logic 1163276258 M * daniel_hozac ah, true. 1163276276 J * Johnnie ~jdlewis@jdlewis.org 1163276283 M * Bertl so you basically can get a bunch of them, let's say 64k 1163276296 M * Bertl and interconnect them to your likings 1163276316 M * Bertl we allow you to shoot yourself in the foot with circular trees too 1163276338 M * Bertl but we will limit the 'depth' of search 1163276362 M * Bertl i.e. after e.g. 256 blocks, we drop a warning and ignore the ip 1163276393 M * Bertl leaf nodes are results 1163276405 M * Bertl for the tree walk 1163276415 M * Bertl while edge nodes decide the outcome 1163276460 M * Bertl in typical scenarios we wont need to check more than two blocks at most 1163276536 M * Bertl s/leaf/branch/ ; inversion is only relevant on edge nodes 1163276554 M * Bertl hmm, let me get my nomenclature right here 1163276563 M * Bertl :) 1163276579 M * Bertl branch/edge nodes will decide the flow 1163276594 M * Bertl leaf nodes give the decision result (basically) 1163276605 M * Bertl inversion is only relevant for leaf nodes 1163276618 M * Bertl (for branch nodes, you can switch YES with NO) 1163276640 M * daniel_hozac hmm? 1163276673 M * daniel_hozac won't switching yes with no never produce results? 1163276700 M * Bertl nope, works within the tree, on the leafs, it requires the inversion 1163276720 M * Bertl note, a match block with only one connected block is a leaf node 1163276788 M * Bertl A(Y-B,N-C) B(Y-D,) C(,) 1163276791 M * daniel_hozac hmm, how does it work within the tree? if the first block is 192.168.0.0/16, and the second block connected to that's yes side is 192.168.1.0/24, while 10.0.0.0/8 is on the no side, how would it still work if they switched sides? 1163276836 M * Bertl the inversion of 192.168.0.0/16 would mean, a match on everything outside, right? 1163276863 M * daniel_hozac right, but 192.168.0.0/16 isn't a leaf node, is it? 1163276876 M * Bertl nope, in this case not 1163276887 M * Bertl so simply switching the yes and no would give 1163276890 M * daniel_hozac so 21:23 < Bertl> inversion is only relevant for leaf nodes 1163276912 M * Bertl yes 1163276937 M * Bertl look, let's make it a little more abstract (trust me, it's easier there :) 1163276952 M * daniel_hozac hehe, ok 1163276956 M * Bertl take the tree I depicted above with the A,B,C and D nodes 1163276979 M * Bertl we do not care about the D node in this example, but you might assume D(,) too 1163276995 M * daniel_hozac ok. 1163277008 M * Bertl now the Y/N is just to clarify, it would not be required in this notation 1163277036 M * Bertl so, it would read A(B,C) B(D,) C(,) D(,) 1163277065 M * Bertl now let's assume A is true, then B is checked 1163277078 M * Bertl if A is false, C is checked 1163277101 M * Bertl with A' being the inversion of A, we can simply say 1163277121 M * Bertl with A' true, A is false, so we check C 1163277134 M * Bertl and A' false gives A true and we check B 1163277159 M * Bertl or in the notation: A'(C,B) B(D,) C(,) D(,) 1163277187 M * daniel_hozac right. 1163277188 M * Bertl as there is no final ruling in A (not a leaf node) we do not need to invert anything 1163277204 M * Bertl now let's see for B (because there it is different :) 1163277234 M * Bertl if B is true, we go to D 1163277243 M * Bertl if B is false, we terminate with 'false' 1163277276 M * Bertl let B' be the ivnersion of the check, then we have 1163277279 N * sebastian sebastian_kucaf 1163277291 M * Bertl if B' is true, B is false and we return 'false' 1163277306 M * Bertl if B' is false, B is true and we continue with D 1163277327 M * Bertl this requires a switch in B'(,D) _and_ the inversion 1163277358 Q * kugg Quit: leaving 1163277365 M * Bertl for D, we simply have D'(,) with inversion 1163277403 M * daniel_hozac ok, i think i see your point. 1163277405 M * Bertl although I seriously doubt that folks will get that complex :) 1163277434 M * daniel_hozac and expressing that in any sort of sane way without direct API access isn't going to be fun either ;) 1163277457 M * Bertl actually I think it is quite trivial 1163277488 M * Bertl the directory config 'tree' (got it) basically suggests to use something like that 1163277513 M * daniel_hozac hehe. 1163277518 M * Bertl we could even implicitely avoid recursion that way 1163277519 M * daniel_hozac but that's just an array. 1163277541 M * Bertl give it another dimension and be done 1163277570 M * daniel_hozac hmm, now you lost me. how do you express a tree in a two-dimensional array? 1163277587 M * Bertl i.e. interfaces// as now 1163277588 M * daniel_hozac [x][0/1]? 1163277593 M * Bertl okay? 1163277596 M * daniel_hozac right. 1163277601 M * Bertl the ip now becomes a dir 1163277610 M * Bertl let's call it 'match' 1163277628 M * Bertl and this contains flags and match attributes, plus 1163277640 M * Bertl two optional subdirs, calles Yes and No :) 1163277656 M * Bertl /calles/called/ 1163277671 M * Bertl each dir can contain the flags and match attributes again 1163277692 M * Bertl you simply walk the config tree and build the nodes 1163277703 M * Bertl nothing more, nothing less, trivial to configure 1163277727 M * daniel_hozac right, ok. 1163277790 M * Bertl okay, so does that (all in all) make sense to you? 1163277809 M * daniel_hozac sure. 1163277822 M * Bertl okay, the hard part is the collision detection 1163277829 M * Bertl for ANY/ANY 1163277852 M * Bertl but I think if we choose the blocks carefully, we can cheat there 1163277918 M * Bertl and in any case we can precompute the result and store the N*(N-1) values 1163277940 M * Bertl or at least cache them when required 1163277996 M * Bertl and a general configuration time speedup would be to simply ignore collisions 1163278068 M * Bertl once thing I haven't decided yet is: 1163278087 M * Bertl - shall we allow to manipulate the tree in place or 1163278111 M * Bertl - shall we 'lock' the match blocks used when 'switched to' 1163278129 M * Bertl with an RCU kind structure I see no need for the locking 1163278190 M * adamm AGGHH!! My vserver just rebooted out of nowhere! 1163278214 M * Bertl out of nowhere? 1163278223 M * adamm spontenously 1163278232 M * Bertl the host or guest? 1163278239 M * adamm the host 1163278256 M * Bertl controlled shutdown/reboot or just *bang* 1163278262 M * adamm just bang 1163278274 M * daniel_hozac panic=10? 1163278295 M * adamm the problem is that this happened before as well. 1163278298 M * Bertl and you are sure that you didn't issue a sys_reboot() or magic sysrq (which can be issues via proc too) 1163278316 M * adamm two days ago, after 130 days uptime, sudden reboon 1163278321 M * adamm suden 1163278332 M * adamm Then again.. 1163278337 M * Bertl sounds like hardware issues 1163278341 M * Bertl maybe overheating? 1163278358 M * adamm I made it work again by not removing kernel modules like iptables.. worked for a bit now 1163278374 M * adamm now I got mythtv working, kindof, and it rebooted again 1163278389 M * adamm Maybe xorg messed it up? 1163278415 M * Bertl could be, do you use any binary only modules (like nvidia driver or ATI hal?) 1163278434 M * adamm no... 1163278443 M * adamm I have a S3 Savage 2000 in it :) 1163278468 M * Bertl okay, maybe overclocked CPU/GPU? 1163278473 M * adamm CPU Diode: +37°C 1163278483 M * adamm mobo at +25°C 1163278494 M * Bertl looks fine 1163278507 M * adamm I run memtest86 on it for a while and that seemed fine 1163278508 Q * virtuoso Ping timeout: 480 seconds 1163278511 M * Bertl well, you are using the debian kernels right now, yes? 1163278535 M * Bertl what kernel did you use last time it crashed? and what before? 1163278536 M * adamm With memory issues (had it before) it resulted in some FS corruption and not reboots like now. 1163278557 M * adamm Last time it was 2.6.18-1-vserver-k7 and now it is the 2.6.18-2-vserver-k7 1163278611 M * adamm But it was running fine with the -1-vserver one... I had about 5 vservers on there at that time. Now I have 20 and now it is more erratic. 1163278650 M * adamm I kind of need my Postgres 8.0, 8.1 and 8.2 :) 1163278684 M * Bertl well, spontaneous reboots are almost always a hardware issue 1163278706 M * Bertl on software issues, you get a stack trace and a panic 1163278730 M * adamm power supply? 1163278736 M * adamm +12V: +10.75 V (min = +10.82 V, max = +13.18 V) ALARM 1163278738 M * adamm oh oh 1163278770 M * adamm damn cheap $10 ps 1163278781 M * Bertl yeah, looks like a new PSU 1163278818 M * adamm I need a new one. I got this case for about $50 last year. 1163278855 M * Bertl but that matches the 'more activity' more issues pattern 1163278871 M * adamm yes... 1163278903 M * adamm Maybe it is the super 6 year old S3 Savage video card... 1163279004 M * adamm now when it is powering off +5V: +4.76 V (min = +4.76 V, max = +5.25 V) ALARM 1163279022 M * adamm +12V: +10.88 V 1163279051 M * adamm And this PS supposedly has 18A on 12V rail! 1163279053 M * adamm doubt it 1163279059 Q * sladen Ping timeout: 480 seconds 1163279154 J * Aiken ~james@tooax8-138.dialup.optusnet.com.au 1163279154 Q * Aiken 1163279165 M * adamm it's off now. So I'll have to check the PS. Had 3 over the years blow up and 1 cought fire. All cheap generics. A server PS failed and it just turned off (Compaq). 1163279178 M * adamm no DNS until it gets back up.. 1163279219 J * Aiken ~james@tooax8-138.dialup.optusnet.com.au 1163279228 J * sladen paul@starsky.19inch.net 1163279920 M * adamm I thought that maybe it was a shortcircuit or some ultra-low resistive load in the box so I hooked up a Kill-A-Watt meter to the wall. The box booted and in BIOS it says +10.4V on 12V and +4.5 on 5V... The wall load reads as 100W so this is definatelly the PS fault. A short with max load on 12V rail (18A) would be >250W or >300W at the wall, not mere 100W.... I guess this is not vserver's fault... 1163280906 M * bonbons Bertl: I would say in-place manipulation of the tree is dangerous... could provide some annoying race-conditions without locking 1163280927 M * Bertl RCU should handle that quite fine, even for recursion 1163280934 M * bonbons RCU is? 1163280936 M * Bertl s/recursion/cycles/ 1163280941 M * Bertl read copy update 1163281006 M * bonbons replacing the tree is not an issue as the reference to the root can be copied without cost, but changes inside the structure... 1163281170 M * Bertl it's a kernel mechanism ensuring race freeness without locking (if used properly :) 1163281204 M * bonbons ok, let's hope we use it correctly then :) 1163281261 M * Bertl yeah! 1163281514 M * bonbons will there be some 'list of blocks' available to user-space, so all blocks can be queried to rebuild the tree on user-space side (for interactive updates, e.g. with GUI) 1163281567 M * bonbons especially useful to reuse blocks across contexts, or even reuse trees/parts of trees, just switching them from yes to no 1163282096 M * Bertl yes, I guess we can do that 1163282189 M * bonbons will the IPv4 and IPv6 block be handled totally separated, or will they be 'merged'? I think about those IPv6 mapped IPv4 addresses... 1163282248 M * bonbons or do we just disallow those on the IPv6 side, and in IPv6 collision check at socket binding extract the IPv4 address of mapped ones for checking against IPv4-tree? 1163282435 M * bonbons those mapped addresses are a pain because they put IPv4 and IPv6 into the same socket (on merged sockets IPv6 :: listeners conflict with IPv4 0.0.0.0 listeners) 1163282598 Q * meandtheshell Quit: Leaving. 1163283036 J * meandtheshell ~markus@85-124-232-234.work.xdsl-line.inode.at 1163283735 M * Bertl will have to think about that a little more ... I already figured the overlapping, maybe we check them with ipv4 blocks 1163283874 M * bonbons I am taking into consideration to call IPv4 code with the IPv4 address extracted from those mapped IPv6 addresses... 1163283928 M * bonbons disallowing mapped addresses and mixed sockets would indirectly mean disallowing java apps to bind to any (I guess that would not be accepted...) 1163284011 Q * qb_ Quit: leaving 1163284013 M * bonbons in Java you can't bind to ::, IPv6 only and 0.0.0.0, IPv4 only <-- IMHO really anoying! the JavaVM does bad assumption there 1163286818 Q * bonbons Quit: Leaving