1187655594 Q * Johnnie Ping timeout: 480 seconds
1187655677 M * fatgoose damn
1187655686 M * Bertl hmm?
1187655768 M * fatgoose just installed 'linux-image-vserver-686' on a brand new server in a DC 5000km away from me
1187655789 M * fatgoose it's day to day operation, but that time the box did not came back
1187655823 M * daniel_hozac serial console + remote reset is all you need... :)
1187655833 M * Bertl fatgoose: maybe it just hit a filesystem check?
1187655904 M * fatgoose hmm maybe, i'll wait and hope :)
1187656007 M * fatgoose wouahhahah ok i'm in
1187656012 M * fatgoose weird
1187656018 M * Bertl :)
1187656163 J * Johnnie ~jdlewis@c-67-163-142-234.hsd1.ct.comcast.net
1187656271 Q * bzed Quit: Leaving
1187657122 M * fatgoose hmm rsync with --rsh="ssh -c arcfour" speed up by ~1.75-2x =)
1187657393 M * Bertl indeed :)
1187657436 M * Bertl depending on the data, network connection and cpu power C and z might help too
1187657980 M * Bertl okay, I'm off to bed now .. have a good one everyone!
1187657986 N * Bertl Bertl_zZ
1187660067 J * friendly12345 ~friendly@ppp121-44-237-56.lns2.mel4.internode.on.net
1187660358 J * DoberMann_ ~james@AToulouse-156-1-13-252.w86-196.abo.wanadoo.fr
1187660469 Q * DoberMann[ZZZzzz] Ping timeout: 480 seconds
1187662561 Q * Piet_ Quit: Piet_
1187670497 Q * ktwilight_ Read error: Connection reset by peer
1187670628 J * ktwilight_ ~ktwilight@194.96-66-87.adsl-dyn.isp.belgacom.be
1187672008 M * Supaplex Bertl_zZ: sweet dreams.
1187672280 Q * balbir Ping timeout: 480 seconds
1187675526 J * sharkjaw ~gab@158.36.44.106
1187676036 N * DoberMann_ DoberMann
1187676528 M * eyck I assume this: "ncontext: vc_net_create(): Invalid argument" means that utils 0.213 is no longer enough?
1187676715 J * duckx ~Duck@tox.dyndns.org
1187676954 J * arekm arekm@carme.pld-linux.org
1187676981 M * arekm hello, is there a way to mount -o bind something from outside vserver into already running vserver?
1187677064 M * arekm ok, there is :-) vnamespace ... mount
1187677239 Q * arekm 
1187678313 N * DoberMann DoberMann[PullA]
1187678711 J * dna ~dna@242-226-dsl.kielnet.net
1187679293 J * arachnist arachnist@088156185052.who.vectranet.pl
1187680433 J * jmcaricand ~jm@d83-179-235-128.cust.tele2.fr
1187681349 J * balbir ~balbir@59.145.136.1
1187683715 M * daniel_hozac eyck: for?
1187683733 M * Supaplex you ;)
1187683743 M * daniel_hozac eyck: most likely it just means you disabled dynamic contexts in the kernel and that you didn't set a static one for the guest.
1187683810 M * eyck daniel_hozac: hmm, I do have dynamic contexts disabled..
1187683911 M * eyck there was no such option in 2.0.3 
1187683915 M * daniel_hozac so, you'll have to configure your guests appropriately.
1187683940 M * daniel_hozac dynamic contexts have been deprecated for years. 2.2 is the first to disable them by default.
1187684078 M * eyck does enabling them back brake anything?
1187684104 M * daniel_hozac well, yes.
1187684135 M * daniel_hozac vserver ... exec/enter will be very... strange.
1187684140 M * eyck even when you're not using them?
1187684179 M * daniel_hozac you realize all you have to do to fix it is to set /etc/vservers/<guest>/context, right?
1187684194 M * daniel_hozac and that this feature has been deprecated for years, and has already been removed from 2.3?
1187684241 M * eyck well, noone is claiming 2.3 is in any way 'stable', so it's quite normal for things to brake..
1187684269 M * daniel_hozac well, if it's removed from 2.3, it means that 2.4 won't have them either...
1187684316 M * eyck I bet you'll require new utils for 2.4...
1187684323 M * eyck why not handle this in userspace?
1187684381 M * eyck daniel_hozac: as to vservers/<guest>/context ... you're assuming all my guests use your experimental new-style configs... which isn't always the case ;)  
1187684396 M * daniel_hozac "experimental"
1187684397 M * daniel_hozac ?
1187684417 M * daniel_hozac it's the only way to actually use all the features.
1187684433 M * eyck that is normal with experimental features :) 
1187684455 M * daniel_hozac you realize the new-style config is all that's tested, right?
1187684466 M * daniel_hozac so unless you're using 0.30, that's the only thing that can be considered stable.
1187684497 M * daniel_hozac guests with legacy configs are screwed either way on 2.2+.
1187684510 M * eyck hmm
1187684514 M * daniel_hozac 2.2 is just the first of many steps to get rid of all the legacy cruft.
1187684515 M * Supaplex o.O
1187684531 M * eyck then why did you tell me that I should move to 2.2, and should not expect problems?
1187684598 M * daniel_hozac because it's assumed everybody's moved to the "new" config by now...
1187684624 M * eyck where can I find a list of those assumptions?
1187684633 M * Supaplex assumptions. glad I didn't down my box to upgrade yet.
1187684654 M * daniel_hozac there is none. use common sense.
1187684665 M * Supaplex not your fault debian takes their time. *sigh*
1187684690 M * eyck hmm
1187684691 M * Supaplex I need to badger the maintainers a little more anyhow.
1187684703 M * Supaplex (just speaking from my exp here)
1187684732 M * eyck you're 'common sense' is way to exotic for me, I would prefer a list
1187684742 M * daniel_hozac so make one :)
1187684786 M * daniel_hozac Supaplex: it's more like you'd need to badger Debian policy... recent versions are already in testing.
1187684794 M * daniel_hozac (and on bp.o)
1187684831 M * Supaplex granted. I still haven't discovered how they weave it into the kernel package hodge podge.
1187684832 M * eyck I don't get it why you're treating server features like desktop toys
1187684862 M * daniel_hozac hmm?
1187684883 M * daniel_hozac legacy configs have been outputting warnings... well, for years.
1187684924 M * eyck but they're the ones that worked well over the years, 
1187684934 M * eyck new style is causing problems time and again...
1187684958 M * eyck  I find it hard to believe that using something so easily broken to be 'common sense'
1187684981 M * daniel_hozac huh?
1187685026 M * daniel_hozac i've not heard anything about your "problems".
1187685087 M * Supaplex old sytle might be a 'baby duck syndrome' issue, but fee free to elaborate on what specific issues you've seen on the new stuff.
1187685094 M * Supaplex fee/feel/
1187685117 J * ema ~ema@fw.galliera.it
1187685144 J * pmenier ~pmenier@LNeuilly-152-22-72-5.w193-251.abo.wanadoo.fr
1187685728 J * yarihm ~yarihm@whitehead2.nine.ch
1187689319 J * meandtheshell ~markus@85.127.105.102
1187689634 Q * michal` Ping timeout: 480 seconds
1187689808 J * Pazzo ~ugelt@reserved-225136.rol.raiffeisen.net
1187690091 J * michal` ~michal@www.rsbac.org
1187692358 J * UukGoblin ~jaa@sr-fw1.router.uk.clara.net
1187692366 M * UukGoblin hi
1187692388 M * daniel_hozac hello
1187692489 M * UukGoblin is it possible to change mounted filesystems for a running vserver (which doesn't have the mount capability)?
1187692514 M * daniel_hozac sure, you just need to enter the guest's namespace.
1187692523 M * daniel_hozac vnamespace -e <guest> mount...
1187692529 M * UukGoblin oh
1187692530 M * UukGoblin cool
1187692532 M * UukGoblin let me see
1187692820 M * UukGoblin that's brilliant! solves half of my life problems! :-)
1187692823 M * UukGoblin thanks a lot :-D
1187692843 M * daniel_hozac you're welcome
1187694203 J * Piet hiddenserv@tor.noreply.org
1187694644 Q * sharkjaw Quit: Leaving
1187695581 Q * jmcaricand Quit: Parti
1187695728 M * nanonyme daniel_hozac, could that vnamespace -e also be used for backupping files from guest to a physical backup storage?
1187695748 M * nanonyme vnamespace -e <guest> rsync ... #that is
1187695807 M * daniel_hozac if the backup is mounted in the namespace.
1187695817 M * nanonyme hmm
1187696364 Q * pmenier Read error: Connection reset by peer
1187696517 Q * quasisane Quit: ERC Version 5.2 (IRC client for Emacs)
1187697688 J * pmenier ~pmenier@LNeuilly-152-22-72-5.w193-251.abo.wanadoo.fr
1187698719 J * ftx ~gerrit@dslb-084-060-224-182.pools.arcor-ip.net
1187699439 M * igraltist hi
1187699469 M * igraltist has someone me the address for the grsecurity patch?
1187699676 M * eyck  www.linux-vserver.org, look at 'grsecurity'
1187699688 M * igraltist yes , thx iam blind
1187699713 M * sid3windr :>
1187699717 M * igraltist the www. not working for me, so i think the address is down
1187699748 M * sid3windr works for me
1187699768 Q * igraltist Remote host closed the connection
1187699771 M * phedny for me too
1187700006 J * igraltist ~user4@kasten-edv.de
1187700200 P * friendly12345 
1187700610 J * hallyn_ ~xa@adsl-75-2-67-183.dsl.chcgil.sbcglobal.net
1187700610 Q * hallyn Read error: Connection reset by peer
1187700673 Q * Piet Ping timeout: 480 seconds
1187700724 J * Piet hiddenserv@tor.noreply.org
1187701260 Q * balbir Ping timeout: 480 seconds
1187702676 J * orzel ~orzel@freehackers.org
1187702741 M * orzel hello. i'm running a kernel 2.6.20-vs2.2.0-gentoo. I have problems making my pci SATA controler card working. Although i have no problems on my other computers.  (running 2.6.21 or 22)
1187702764 M * orzel i looked at kernel.org, and it seems a lot of stuff have changed in the driver. so i guess i need some 2.6.22 vserver kernel
1187702859 M * orzel mmh, that would be 2.2.0.3. gonna try this. 
1187702962 M * orzel mm, and of course, not available in gentoo :-(
1187702968 M * orzel that could not be as simple :)
1187703021 J * balbir ~balbir@59.145.136.1
1187703139 Q * Aiken Remote host closed the connection
1187705035 Q * balbir Ping timeout: 480 seconds
1187705310 Q * Pazzo Quit: ...
1187705491 M * igraltist has someone apply the latest grsecurity patch to kernel 2.6.22 ?
1187706401 J * Julius ~julius@p57B252BE.dip.t-dialin.net
1187706559 Q * orzel 
1187707135 Q * Julius Ping timeout: 480 seconds
1187707489 Q * Piet Remote host closed the connection
1187707562 J * Piet hiddenserv@tor.noreply.org
1187707768 M * Guy- daniel_hozac: did you know that stopping a vserver that has the same IP as the host results in that IP disappearing from the host as well? it was news to me just now :)
1187707794 J * Julius ~julius@p57B252BE.dip.t-dialin.net
1187708410 M * eyck guy:  it's old news.
1187708429 M * eyck ine of the great features of new style config
1187708514 M * eyck you probably have erronous 'common sense', go get it adjusted
1187708654 N * Bertl_zZ Bertl
1187708661 M * Bertl morning folks!
1187709141 M * igraltist this show me uname -a  2.6.210.01-grsec2.1.10-200706182032-vs2.2.0.3  
1187709170 M * igraltist where can i edit so the that appendix not appears
1187709188 M * Bertl inside a guest or for the kernel itself?
1187709221 M * Bertl for the kernel, you probably want to keep that (so that folks know what version you are using)
1187709255 M * igraltist no i dont like it on the host
1187709290 M * igraltist i have use the make-kpgk 
1187709304 M * igraltist so the revision not appaer
1187709307 M * Bertl well, either in the Makefile or in a separate file in the kernel tree, best use grep
1187709319 M * igraltist wher should i know wich kernel are working
1187709372 M * Bertl hmm?
1187709431 M * igraltist oh soory it appears :)
1187709435 M * igraltist i forget -
1187709461 M * igraltist after 2.6.21-0.01  means first test :)
1187709518 Q * ensc Ping timeout: 480 seconds
1187709796 J * orzel ~orzel@freehackers.org
1187709820 M * orzel i've patched my own 2.6.22.2 and this works. I have my sata controller working with vserver. :)
1187709828 M * orzel i burnt a hard disk meanwhile, though :/
1187709971 M * igraltist why?
1187710005 J * ensc ~irc-ensc@p54B4ED6D.dip.t-dialin.net
1187710370 M * igraltist ah in the kernel-tree are the file wich named localversion and there is the entry for the complet kernel name
1187710547 Q * ema Quit: leaving
1187711093 J * IceGuest_7 ~IceChat7@adsl-074-186-026-107.sip.mia.bellsouth.net
1187711141 M * IceGuest_7 how can i have a vserver automatically start after reboot?
1187711781 J * Linus ~linus@bl7-135-94.dsl.telepac.pt
1187711984 Q * yarihm Quit: This computer has gone to sleep
1187712064 M * IceGuest_7 anyone?
1187712364 M * igraltist hmm i must turn on to have the menu for pax 
1187712495 Q * Linus Remote host closed the connection
1187712891 J * bonbons ~bonbons@2001:960:7ab:0:20b:5dff:fec7:6b33
1187713345 M * daniel_hozac Guy-: is it nodev?
1187713378 M * daniel_hozac eyck: yes, how strange that the utils do what their told...
1187713389 M * daniel_hozac +english
1187713956 M * Supaplex i'm alive again!
1187714017 M * daniel_hozac IceGuest_7: echo default > /etc/vservers/<guest>/apps/init/mark
1187714479 M * IceGuest_7 thanks
1187714537 Q * IceGuest_7 Quit: Take my advise. I don't use it anyway
1187714746 M * Bertl daniel_hozac: do you have a guest at hand where you could list me the /dev entries from?
1187714799 M * daniel_hozac http://paste.linux-vserver.org/6275
1187714803 M * Bertl tx
1187715460 J * jmcaricand ~jmcarican@d90-144-91-103.cust.tele2.fr
1187717130 J * bzed ~bzed@dslb-084-059-096-081.pools.arcor-ip.net
1187717646 J * balbir ~balbir@122.167.95.137
1187718563 M * eyck daniel_hozac: you were correct, setting static context id fixes this. Any chance for utils to detect this and report 'static ids are no longer supported' instead of ""ncontext: vc_net_create(): Invalid argument"" ?
1187718676 J * onox ~onox@kalfjeslab.demon.nl
1187718816 N * DoberMann[PullA] DoberMann
1187718963 Q * orzel Remote host closed the connection
1187719051 M * Bertl okay, preparing to fly home now ... should be back in a day or so :)
1187719064 N * Bertl Bertl_oO
1187719167 Q * zLinux Remote host closed the connection
1187719314 M * eyck good luck
1187719329 M * eyck why do you people fly around so much?
1187719752 Q * Julius Remote host closed the connection
1187719766 M * Supaplex it beats walking?
1187719819 M * emtty Supaplex: where is your friend slackie?
1187719836 M * Supaplex pff. heck if I know
1187719847 M * emtty prob using virtuosso now ;)
1187720088 M * daniel_hozac eyck: you're willing to test this, yes?
1187720166 J * Julius ~julius@p57B252BE.dip.t-dialin.net
1187720291 M * eyck yes.
1187720450 M * daniel_hozac http://people.linux-vserver.org/~dhozac/p/uv/delta-static-help01.diff
1187720520 M * bXi daniel_hozac: what does that fix?
1187720542 M * daniel_hozac nothing, it's a help message.
1187721122 M * eyck daniel_hozac: works, thanks.
1187721855 Q * weasel Quit: brb
1187721877 J * weasel weasel@asteria.debian.or.at
1187722331 M * fb vxW: xid=nnn did hit the barrier
1187722353 M * fb i get this warning when i'm doing chcontext --xid nnn ps -ef on the host
1187722359 M * fb what does that mean?
1187722365 M * eyck hmm
1187722366 M * eyck chbind: vc_net_create(): Invalid argument
1187722680 M * daniel_hozac fb: that it hit the barrier. :)
1187722688 M * fb :-)
1187722773 M * daniel_hozac eyck: and, what did you expect?
1187722976 M * eyck oh, I just expected my guest to start. I guess I was unreasonable again.
1187723024 M * daniel_hozac if you want to use the legacy stuff, you're gonna need a legacy capable kernel.
1187723027 M * daniel_hozac i already told you that.
1187723107 M * eyck silly me. so what do you recommend?
1187723139 M * fb daniel_hozac: should i worry about this?
1187723152 M * daniel_hozac fb: as long as you don't get it during normal operation, no.
1187723173 M * fb "normal operation"?
1187723179 M * daniel_hozac eyck: either you enable all of the legacy stuff in the kernel, or you stop using legacy configs.
1187723204 M * fb this was caused by this ps command on the host? 
1187723207 M * daniel_hozac yes.
1187723233 Q * jmcaricand Quit: KVIrc 3.2.4 Anomalies http://www.kvirc.net/
1187723275 M * fb hm
1187723306 M * eyck daniel_hozac: I'm running with legacy enabled, both 'Enable legacy API' ane 'legacy networking'
1187723320 M * daniel_hozac but not dynamic contexts.
1187723326 M * daniel_hozac that's part of the legacy API.
1187723337 M * fb i have the same kernel on another machine (but different arch) and i never noticed such warning before.
1187723355 M * eyck CONFIG_VSERVER_LEGACY=y
1187723355 M * eyck CONFIG_VSERVER_LEGACYNET=y
1187723398 M * daniel_hozac and CONFIG_VSERVER_DYNAMIC_IDS?
1187723416 M * eyck no, I don't use dynamic ids
1187723430 M * daniel_hozac yes you do.
1187723434 M * eyck except for new-style vservers, but we already fixed that
1187723442 M * daniel_hozac legacy configs use dynamic ids for the networking stuff.
1187723455 M * eyck hmm? what? why?
1187723472 M * daniel_hozac (which is going to cause really strange behaviour if you ever vserver ... exec/enter)
1187723494 M * daniel_hozac because the legacy API doesn't have the concept of a nid?
1187723632 M * eyck well, this sux. 
1187723632 M * eyck and we're not fixing this, and instead force people to re-deploy their guests?
1187723632 M * eyck hmm, 
1187723632 M * eyck what about changing legacy networking to use the same context id as guests has configured, is it doable?
1187723680 M * daniel_hozac but there's no concept of that.
1187723699 M * daniel_hozac vc_set_ipv4root accepts a list of IP addresses and netmasks.
1187723717 J * ema ~ema@fw.galliera.it
1187723785 M * eyck hmm, then there's no point to CONFIG_VSERVER_LEGACYNET when dynamic ids are disabled, right?
1187723793 M * daniel_hozac right.
1187723837 M * eyck so going by the path of least resistance we could find the guy responsible for kernel patches and nudge him about that dependancy 
1187723906 M * daniel_hozac if you create the patch, the odds of it happening increase :)
1187724325 M * eyck   vserver@lists.linux-vserver.org
1187724325 M * eyck     retry time not reached for any host after a long failure period
1187724331 M * eyck did we move?
1187724387 M * daniel_hozac list.linux-vserver.org
1187724397 M * daniel_hozac same it's always been.
1187725514 J * Piet_ hiddenserv@tor.noreply.org
1187725938 Q * Piet Ping timeout: 480 seconds
1187726540 J * yarihm ~yarihm@84-75-109-39.dclient.hispeed.ch
1187727060 M * igraltist hi
1187727090 M * igraltist how is this managed in the patch for the vserver with grsecurity and pax?
1187727099 M * igraltist from file mm/mmap.c
1187727101 M * igraltist -       mm->total_vm += len >> PAGE_SHIFT;
1187727129 M * igraltist +       vx_vmpages_add(mm, len >> PAGE_SHIFT);
1187727171 M * igraltist i try only put the pax patch without the grsecurity
1187727206 M * FaUl is 2.3.0.17 usable?
1187727235 M * FaUl i usually was verry successfull with using devel-versions so i'd like to give that one a try
1187727305 Q * Julius Quit: Verlassend
1187727362 M * eyck VSERVER_COWBL ?= VSERVER COWBELL, we might also need VSERVER_MORE_COWBELL option
1187727429 M * FaUl .oO( WTF?!? cowbell?!? )
1187727454 Q * ema Quit: leaving
1187727508 M * eyck more cowbell even..
1187727538 M * daniel_hozac FaUl: you need a couple of patches to use the IPv6.
1187727547 M * daniel_hozac (and very recent utils)
1187727600 M * FaUl daniel_hozac: which do i need/
1187727608 J * slack102 ~Administr@cpe-65-31-3-247.insight.res.rr.com
1187727616 M * slack102 hey Bertl_oO you up ?
1187727631 M * FaUl daniel_hozac: would This program is part of util-vserver 0.30.213
1187727633 M * FaUl work?
1187727641 M * daniel_hozac no.
1187727644 M * slack102 this customer wants openvz very badl but i keep trying to explain that network wise its not quite as good 
1187727646 M * FaUl argh
1187727657 M * slack102 do you have any idea percentage wise  how much better vserver is ?
1187727686 M * daniel_hozac FaUl: no, you need a 0.30.214 snapshot.
1187727693 M * FaUl ok
1187727697 M * FaUl and which patches do i need
1187727698 M * FaUl ?
1187727718 M * FaUl as it is statically build against dietlibc this should not be a problem anyway
1187727727 M * daniel_hozac http://people.linux-vserver.org/~dhozac/p/k/delta-v4rcvsaddr-fix01.diff
1187727732 M * daniel_hozac http://people.linux-vserver.org/~dhozac/p/k/delta-v6rcvsaddr-fix02.diff
1187727736 M * daniel_hozac http://people.linux-vserver.org/~dhozac/p/k/delta-mappedv4-fix01.diff
1187727737 M * daniel_hozac what?
1187727757 M * slack102 or daniel_hozac do you have any idea ?
1187727780 M * daniel_hozac slack102: you're the guru, you tell us....
1187727793 A * slack102 yawns
1187727813 M * slack102 blah 
1187727826 M * eyck that was very enlightening
1187727855 M * FaUl daniel_hozac: so basically v6 is buggy with the new patch? 
1187727868 M * daniel_hozac no, v6 works fine, with the appropriate patches and utils.
1187727884 M * FaUl and without?
1187727895 M * nanonyme doesn't work at all
1187727909 M * nanonyme (in clients, that is)
1187727911 M * daniel_hozac without them you won't be able to successfully bind two guests to ::.
1187727921 M * FaUl ah, ok
1187727930 M * FaUl that would be very bad ;-)
1187727935 M * daniel_hozac yep.
1187727946 M * FaUl ok, thx
1187727948 M * daniel_hozac but 2.3.0.18 should fix all of that, and add a few new features...
1187727957 M * nanonyme <3
1187727960 M * FaUl whats the eta? ;-)
1187727990 M * daniel_hozac i don't know when Bertl_oO gets back to vienna, but i'd guess shortly after he's gotten some sleep :)
1187728002 M * FaUl ah, ok
1187728002 M * FaUl fine
1187728013 M * FaUl is there a special order to apply the patches?
1187728030 M * daniel_hozac as long as mappedv4 is applied last, no.
1187728038 M * daniel_hozac )
1187728043 M * daniel_hozac :+
1187728130 M * FaUl excellent
1187728199 M * FaUl will ipv4 still work with older utils?
1187728230 M * daniel_hozac yep.
1187728243 M * daniel_hozac but not ranges nor networks.
1187728264 M * daniel_hozac (i.e. you can now assign all of x.y.z.0/24 to a guest with a single entry...)
1187728451 M * FaUl ah, i don't need that one
1187728478 M * FaUl usually my vservers have not more then 10 ip-adresses
1187728505 M * FaUl it is not needed as new vservers are very cheap
1187728517 M * FaUl (on hardware-ressources)
1187728539 M * FaUl shall i switch vserver-debugging on?
1187728572 M * daniel_hozac sure...
1187728575 M * FaUl ok
1187728597 M * fb daniel_hozac: do you plan to provide grsec version of 2.3.0.x?
1187728609 M * daniel_hozac i don't plan on touching grsec :)
1187728617 M * daniel_hozac not even with a stick.
1187728629 M * FaUl hihi
1187728653 M * fb daniel_hozac: by you i mean vserver team, not you in person :P
1187728659 M * FaUl if i only had more time ;-)
1187728666 M * FaUl i'd really like to try it out
1187728689 M * daniel_hozac harry is the one who touches grsec.
1187728736 M * fb i'm about to migrate my home stuff, well technically i'm ready, just waiting for a RIGHT MOMENT ;)
1187728748 M * slack102 http://www.paul.sladen.org/vserver/archives/200306/0147.html
1187728753 M * slack102 isnt that dangerous as hell to do ?
1187728813 M * FaUl slack102: depends
1187728859 M * FaUl anyway - anyone with an idea howto get x working without using tcp across multiple vservers - i'd really like to vserverize my firefox
1187728889 M * fb i could switch to 2.3.0.18 but i'd need grsec support too
1187728897 M * daniel_hozac fb: why?
1187728897 M * slack102 my goal is to give my clients ability to change their iptables without having to mess with these little resource eating hacks
1187728950 M * fb i have some shells here for individuals i don't trust ultimately
1187728965 M * daniel_hozac that's what vserver is for, no?
1187729010 M * fb daniel_hozac: yup. But I don't want to provide a new vserver for every single individual i don't trust ;)
1187729023 M * fb it's easier with grsec 
1187729027 M * daniel_hozac what is?
1187729036 M * fb hide others for example
1187729051 M * michal` trust nobody
1187729055 M * michal` mr mulder
1187729093 M * fb limit things they can run
1187729135 M * daniel_hozac and is there a reason you're not using something that's in mainline, e.g. SELinux?
1187729247 M * eyck oh my, someone not from selinux actually recommends selinux, this is new.
1187729282 Q * meandtheshell Quit: Leaving.
1187729284 M * fb i think mainly lack of knowledge/experience
1187729320 M * fb the same that made me stuck with sendmail ;)
1187729626 J * Aiken ~james@ppp121-45-255-55.lns2.bne4.internode.on.net
1187730834 Q * slack102 Read error: Connection reset by peer
1187730858 Q * bonbons Quit: Leaving
1187730972 Q * ftx Ping timeout: 482 seconds
1187731325 Q * duckx Remote host closed the connection
1187731437 Q * yarihm Quit: Leaving
1187733327 M * bzed daniel_hozac: selinux is a way to complicated mess imho. grsecurity has a lot of better functions, it takes care of kernel exploits, an attack vector which is ignored by selinux completely, and if has a proper way to let the rbac stuff learn before you start to mess with the rules manually
1187733624 M * Guy- daniel_hozac: no, it wasn't nodev; I guess the vserver utils did what was asked of them, but maybe an additional failsafe, like "don't remove an IP if this will drop the default route" might not be a bad idea
1187733657 J * ktwilight ~ktwilight@61.76-66-87.adsl-dyn.isp.belgacom.be
1187733949 M * daniel_hozac Guy-: and what if you want that?
1187734007 M * Guy- touch a "yes I want to be stuck without a defaultroute" type config-file, or set a --force-yes-I-want-to-shoot-myself-in-the-foot command line option
1187734010 M * eyck usually people take 'dont remove what you haven't created route',....
1187734037 M * Guy- eyck: of course, it's not easy to tell whether it was util-vserver that created a route
1187734055 M * daniel_hozac but you tell the utils to create and remove that address.
1187734068 M * Guy- well, technically, yes.
1187734068 M * eyck anyhoo, good luck with that discussion
1187734070 Q * ktwilight_ Ping timeout: 480 seconds
1187734109 M * Guy- the effect was nevertheless surprising and potentially pretty damaging
1187734147 M * daniel_hozac note that you should've received a hint when you started the guest.
1187734183 M * daniel_hozac something like RTNETLINK: Cannot assign requested address.
1187734183 M * Guy- could be; it didn't really insinuate itself into my attention
1187734188 M * Guy- yes, that
1187734192 M * Guy- I saw that
1187734214 M * Guy- but it didn't immediately tell me that stopping this vserver would make my public IP and default route go away
1187734248 M * Guy- also, a long time may pass between starting and stopping a vserver
1187734269 M * Guy- and the configuration can be modified in the meantime as well (even if it's a bad practice)
1187734281 M * daniel_hozac yep.
1187734317 M * Guy- I believe that if it can be done in a way that is not very painful to people who actually intend the current behaviour, then some logic should be added that helps avoid shooting ourselves in the foot
1187734344 M * daniel_hozac there's no way to tell whether the default route will be removed.
1187734352 M * daniel_hozac that's entirely automatic inside the kernel.
1187734388 M * Guy- well, yes, it involves some juggling with the contents of the routing table, but sure it can be done
1187734399 M * daniel_hozac personally, i'd rather not reimplement that part of the kernel in bash...
1187734426 M * daniel_hozac but, patches accepted...
1187734428 N * DoberMann DoberMann[ZZZzzz]
1187734438 M * Guy- can you test whether the address to be removed is also present in the host context?
1187734448 M * Guy- maybe that's easier...?
1187734475 M * daniel_hozac uh, you realize that _all_ addresses are present in the host context, right?
1187734485 M * Guy- yes and no
1187734509 M * Guy- I realize the host context gets to see them
1187734518 M * Guy- I didn't phrase my question correctly
1187734595 M * Guy- OK, how about this: warn if the primary IP of the interface with the default route is to be removed
1187734611 M * Guy- this isn't terribly difficult, I can do it in bash
1187734672 M * daniel_hozac go ahead.
1187734682 M * Guy- of course, a simple test can fail with complex setups where more than one interface has the same address and so on
1187734691 M * Guy- OK, what data do I have available to start with?
1187734698 M * Guy- can I assume I have $IFACE and $IP?
1187734759 M * daniel_hozac i'm not sure what good a warning does though, if it's messing up your routing, by the time you see the warning, it's already too late.
1187734797 M * Guy- I imagine something like "You have 30 seconds to press CTRL-C before I mess up your routing"
1187734890 M * daniel_hozac that's ugly.
1187734919 M * Guy- messing up the routing unexpectedly is what's ugly :)
1187734944 M * daniel_hozac i'd much rather have a check on build if the address is already assigned, hinting at using nodev.
1187734960 M * Guy- that's only part of the solution
1187734982 M * Guy- it wouldn't have helped me, because I added the interface manually, after building the guest
1187735029 M * daniel_hozac well, people do stupid things all the time. trying to prevent them all isn't really worth it...
1187735041 M * Guy- I agree
1187735069 M * Guy- however, in this particular case, the consequences of the stupid thing are both severe and unexpected
1187735114 M * Guy- I'd say this warrants some small effort towards prevention
1187735118 M * daniel_hozac unexpected is entirely subjective.
1187735150 M * Guy- certainly. maybe we should have a global poll? ask all sysadmins whether they would expect it?
1187735188 M * Guy- I do have a few years of experience and I didn't expect it (although it immediately made sense afterwards, when it was too late)
1187735296 M * Guy- can you accept for a moment that a potentially substantial portion of the vserver userbase would find this effect to be unexpected?
1187735404 M * Guy- I already suggested a pretty simple way of preventing the accident in the majority of practical cases
1187735411 M * Guy- is there anything specific wrong with that?
1187735412 M * daniel_hozac i don't see the unexpectedness of it.
1187735422 M * daniel_hozac and as i said, patches accepted.
1187735466 M * Guy- in the meantime, you also said it wasn't worth it to prevent users doing stupid things
1187735476 M * eyck yes, 
1187735481 M * eyck only developers can do that.
1187735493 M * Guy- obviously you don't see the unexpectedness of it, because you are neck-deep in the code
1187735529 M * Guy- this doesn't increase your ability to share the perspective of a non-developer
1187735533 Q * gerrit Read error: Connection reset by peer
1187735603 M * eyck I don't think any sensible argument can make a dent here, I believe you're waisting your breath
1187735617 M * daniel_hozac yes, you won't get me to write the code.
1187735642 M * eyck yupp. I think we had that argument ~6 months ago
1187735644 M * Guy- will you help me do it by telling me where to look for the parts that need to be changed?
1187735658 M * daniel_hozac scripts/vserver.functions:disableInterfaces.
1187735699 M * eyck Guy-: good luck.
1187735728 M * Guy- OK, found it
1187735750 M * eyck daniel_hozac: it isn't about forcing you to write the code. It's about making you think before writing the code that brakes people systems.
1187735779 M * Guy- daniel_hozac: I'll look at it tomorrow, but I think I'll have more questions about what is supposed to do what
1187735780 M * daniel_hozac though personally i think it belongs in scripts/vserver.functions:sanityCheck.
1187735807 M * daniel_hozac eyck: does rm prevent rm -fr /?
1187735822 M * daniel_hozac eyck: people break systems. util-vserver only does what people tell it to do.
1187735830 M * eyck daniel_hozac: creating a patch doesn't make much sense when you believe that you've got the right to mess stuff up
1187735830 M * Guy- come now, that's not a good example
1187735839 Q * dna Quit: Verlassend
1187735850 M * eyck daniel_hozac: well, that's your view. and only your. 
1187735852 M * daniel_hozac Guy-: certainly it is. you _never_ want to do that.
1187735855 M * Guy- rm -rf / is like ip route flush
1187735878 M * daniel_hozac eyck: prove me wrong.
1187735883 M * eyck how?
1187735890 M * Guy- whereas in this instance we have something _else_ that does something like ip route flush, without this being necessarily obvious
1187735911 M * Guy- it's as if, under some circumstances, it would be util-vserver that invoked rm -rf /
1187735914 M * eyck daniel_hozac: I say "this behaviour is unexpected and dangerous". You say "no, it isn't". 
1187735936 M * daniel_hozac by showing how it's the utils fault that the administrator specified the host's IP address, didn't enable secondaries promotion, ignored the warning on start, didn't use nodev...
1187735946 M * eyck how can I prove you wrong? multiple people get hurt but this doesn't convince you. what will?
1187735987 M * eyck what you're saying is: "dont use util-vserver until you have read the code"
1187735989 M * daniel_hozac Guy-: the kernel does it for you. util-vserver doesn't do anything like that.
1187735997 M * eyck it doesn't work like that. 
1187736014 M * daniel_hozac eyck: more like, "don't tell util-vserver to do one thing, when you mean the opposite"
1187736014 M * eyck anyhoo, good night. 
1187736044 M * eyck daniel_hozac: tell my exactly, where did I tell the util-vserver to remove my primary ip?
1187736066 M * daniel_hozac when you set dev for the interface, which is what enables the creation/destruction code paths.
1187736074 M * eyck i didn't tell it NOT TO, because I had no idea someone would have the idea to do something like that...
1187736088 M * eyck how can I prevent this from hapenning again? 
1187736105 M * daniel_hozac use nodev.
1187736112 M * eyck  not that.
1187736112 M * daniel_hozac http://www.nongnu.org/util-vserver/doc/conf/configuration.html says all this, and more.
1187736134 M * eyck how can I prevent util-vserver from doing something that YOU believe is obvious, but your users don't
1187736137 M * eyck ?
1187736161 M * daniel_hozac eyck: how do you figure the regular assignment happens?
1187736162 M * daniel_hozac magic?
1187736162 M * Guy- daniel_hozac: actually, I'm looking at that page right now, and it doesn't say this
1187736180 M * eyck Guy-: you're reading it wrong.
1187736183 M * Guy- #  dev
1187736184 M * Guy- The network device.
1187736186 M * daniel_hozac you're right, clarified.
1187736222 M * eyck daniel_hozac: what? I don't understand what you're getting at
1187736234 M * daniel_hozac eyck: so if you use --interface eth0:<some IP address not assigned to the host>/<prefix>, what do you expect to happen?
1187736253 M * daniel_hozac do you expect it to work, or do you expect that you have to configure it on the host first?
1187736271 M * eyck I expect to configure it on host first
1187736286 M * eyck UNLESS i specifically say that I want this automatically created by utils
1187736290 M * daniel_hozac you did,.
1187736297 M * daniel_hozac by specifying the interface.
1187736306 M * Guy- daniel_hozac: where can I have a look at the clarification? the page at nongnu doesn't seem to have changed
1187736306 M * eyck no. you deviced this for me
1187736321 M * eyck decided.
1187736324 M * daniel_hozac Guy-: it's in my local copy for now.
1187736327 M * eyck and you were wrong.
1187736336 M * eyck but I suffered consequences.
1187736343 M * eyck  fun times.
1187736358 M * daniel_hozac eyck: you realize of course that 90% of users don't share the IP address, right?
1187736384 M * daniel_hozac eyck: so yes, you're in the minority, you have to suffer the consequences of telling the utils what you want.
1187736395 M * eyck daniel_hozac: take gun for a moment. 99% of users pulling the trigger want it to fire.
1187736423 M * eyck you designed the tool that fires when you take it out of holster.
1187736439 M * eyck daniel_hozac: everyone is in minority. 
1187736448 M * daniel_hozac yeah, whatever. the utils do what most people expect.
1187736458 M * eyck they do what you expect.
1187736467 M * eyck you don't know what most people expect.
1187736477 M * daniel_hozac i know that this problem comes up very rarely.
1187736481 M * eyck and it doesn't matter, it's server tool.
1187736499 M * eyck because you scare people to death when they come up with it
1187736504 M * daniel_hozac and because it's a "server" tool, users should be elite ninjas in order to configure it?
1187736512 M * eyck uh?
1187736555 M * eyck ie you believe they should read the code before using it?
1187736564 M * daniel_hozac no, that's what you seem to believe.
1187736578 M * eyck interesting.
1187736583 M * eyck what time is it at your end?
1187736589 M * daniel_hozac ?
1187736616 M * eyck I'm wondering if my judgement is more clouded then yours.
1187736631 M * daniel_hozac and time is relevant how?
1187736635 M * eyck time zone might give some clue
1187736658 M * daniel_hozac it's almost 1 am.
1187736664 M * eyck same here.
1187736676 M * daniel_hozac imagine that.
1187736687 M * eyck because I thought I was arguing against tools that require reading their source code 
1187736711 M * daniel_hozac common sense is all that's required.
1187736723 M * eyck common sense?
1187736728 M * daniel_hozac Linux-VServer is IP-based isolation, thus specifying an interface doesn't make any sense.
1187736742 M * eyck so. I upgrade my kernel, and suddenly stopping one of guests kills my default route.
1187736750 M * eyck how is it common sense?
1187736757 M * daniel_hozac eh?
1187736765 M * eyck is it?
1187736767 M * daniel_hozac upgrading the kernel has nothing to do with anything.
1187736801 M * daniel_hozac and yes, it's common sense that removing the addresses will remove the associated routes.
1187736825 M * eyck eeeh
1187736844 M * eyck why would you want to remove the address?
1187736869 M * daniel_hozac because i don't want the host to respond to packets when the guest isn't running?
1187736875 M * eyck why not?
1187736883 M * daniel_hozac because i might have moved it to another host?
1187736903 M * eyck you can't move it without outside interference
1187736908 M * eyck vservers don't move themselves
1187736912 M * eyck  yet.
1187736921 M * daniel_hozac "outside interference"?
1187736980 M * eyck vservers move themselves around these days? 
1187736985 M * daniel_hozac no.
1187736989 M * daniel_hozac they also don't stop themselves.
1187736992 M * eyck hmm
1187736994 M * daniel_hozac so i don't see what your point is.
1187737035 M * eyck obviously the point is that you are smart and flexible and I'm stupid. 
1187737093 M * daniel_hozac okay, i can accept that. :)
1187737111 M * eyck good. we finally agree on something ;) 
1187737124 M * eyck better then nothing, good night then
1187737228 M * daniel_hozac Guy-: http://svn.linux-vserver.org/projects/util-vserver/changeset/2594
1187737266 M * Guy- this is already a lot better :)
1187737366 M * Guy- I'd even add something like "Note that if the guest shares the 'primary' IP of the host, stopping the guest will result in the host losing its IP address, which is probably not what you want. Don't specify 'dev' in these cases."
1187737450 M * daniel_hozac i'm not sure whether i want such specific things in it.
1187737470 M * daniel_hozac i'd prefer having docs on the wiki, and this just being a quick reference.
1187737480 M * daniel_hozac but i'm not entirely decided yet.
1187737484 M * Guy- I think this warning is important
1187737495 M * Guy- it should be there in the quick reference
1187737531 M * daniel_hozac there's nothing about giving additional capabilities. that's even more important.
1187737538 Q * onox Quit: zzzz
1187737547 M * Guy- on a related note, adding pointers to the 'real' documentation would make the reference a lot more useful too
1187737574 M * Guy- well, just because that's even more important doesn't mean you shouldn't add something that's already complete, like the nice warning I wrote above
1187737581 M * daniel_hozac unfortunately, the amount of 'real' documentation is severly limited at this point.
1187737588 M * Guy- I know
1187737724 M * Guy- especially as long as there are no 'real' docs, putting as much info as is available in a written form into the existing docs is very helpful
1187737746 M * Guy- if the reference page grows too big, you can easily split out the overly verbose parts to create 'real' documentation
1187737760 M * daniel_hozac i'd rather you add a util-vserver:Networking page or similar :)
1187737764 M * Guy- if you just dismiss these tidbits, documentation won't happen
1187737794 M * Guy- the problem is that while I have the willingness and the ability to write documentation, I don't have the knowledge
1187737811 M * daniel_hozac if the quick reference has enough hints, there's no incentive to create real documentation.
1187737814 M * Guy- I can create the structure of what I believe would be good documentation on util-vserver networking
1187737829 M * Guy- but I can't really fill it in
1187737842 M * daniel_hozac why not?
1187737849 M * Guy- because I don't know the stuff?
1187737863 M * Guy- at least, not in the kind of detail required
1187737869 M * Guy- anyway, back to incentive
1187737873 M * daniel_hozac you know about dev/nodev, no?
1187737885 M * daniel_hozac that's like the second trickiest part of all the networking stuff util-vserver does.
1187737891 M * Guy- if the qucik reference has enough hints, you can split those hints out into the docs, which are then magically there
1187737915 M * daniel_hozac in that case, why not go straight for real docs?
1187737915 M * Guy- I know something about dev/nodev now, but I don't know all the specifics and details
1187737929 M * Guy- because it's tidbits that are easy to accumulate
1187737931 M * daniel_hozac such as?
1187737952 M * Guy- what is the syntax for specifying a nodev IP for vserver build
1187737958 M * daniel_hozac why not accumulate them on a wiki-page?
1187737970 M * daniel_hozac --interface nodev:... or just --interface <IP>
1187737973 M * Guy- what happens to services that try to bind to the IP while it's not there
1187737974 M * Guy- etc.
1187737987 M * Guy- indeed, why not make this reference page a wiki page?
1187738011 M * daniel_hozac because it's a reference. it should be in the source.
1187738025 M * daniel_hozac otherwise i'd never update it :)
1187738029 M * Guy- you could put a snapshot of the wiki in the source
1187738042 M * Guy- well, I'd be adding stuff to the reference page, were it a wiki page
1187738045 M * Guy- I even did so once
1187738051 M * Guy- but you told me to submit patches instead
1187738083 M * Guy- that puts a lot more burden on me, and since my time and motivation are limited, I don't add documentation to the reference now
1187738102 M * Guy- (it's also harder for you, btw, because you must read the patch and apply it)
1187738135 M * daniel_hozac i think it's more of a burden scrutinizing the wiki.
1187738145 M * Guy- the point I'm trying to make is that you're making it unnecessarily hard for users to write the documentation
1187738157 M * daniel_hozac it's not. just create a wiki-page.
1187738172 M * Guy- then it won't be in the reference
1187738178 M * daniel_hozac nope.
1187738188 M * Guy- I'm not going to create a wiki page for a single sentence I feel belongs in the reference
1187738201 M * Guy- (at least until such time that 'real' documentation becomes available)
1187738202 M * daniel_hozac that's what patches are for..
1187738216 M * daniel_hozac 'real' documentation won't become available until someone writes it :)
1187738230 M * Guy- I'm not going to go through the download-source; edit; diff; send patch cycle for that single sentence eiter
1187738233 M * Guy- either
1187738257 M * Guy- sure, but where I think you are wrong is that you assume that documentation will somehow magically happen if you just wait long enough
1187738269 M * Guy- that someone will sit down and write a comprehensive manual or something
1187738274 M * Guy- this isn't going to happen
1187738282 M * daniel_hozac i don't expect a comprehensive manual.
1187738291 M * Guy- what _might_ happen, with some encouragement, is that people will add bits and pieces
1187738299 M * daniel_hozac exactly.
1187738307 M * daniel_hozac eventually, there'll be enough bits and pieces.
1187738309 M * Guy- and thus documentation will grow organically around the bits that are already there
1187738320 M * Guy- you are impending this process
1187738358 M * Guy- impeding
1187738428 M * Guy- I just attempted to add a bit and a piece, and you said it belonged in the nonexistent documentation
1187738444 M * daniel_hozac yep :)
1187738446 M * Guy- thus relegating it to limbo
1187738461 M * Guy- the documentation it belongs to isn't there, so it can't be added to it
1187738477 M * daniel_hozac no, so you'd have to start from scratch.
1187738478 M * Guy- creating a wiki page with just this sentence is nonsense
1187738493 M * Guy- starting from scratch is exactly what doesn't work.
1187738504 M * daniel_hozac someone has to.
1187738520 M * Guy- starting from the parts that are already there, and restructuring them occasionally, could work, but you are preventing this
1187738524 M * daniel_hozac i'm not a documenter, as you've said yourself, i'm too deep in the code to explain it to others.
1187738548 M * Guy- so then don't prevent me from adding to the documentation?
1187738584 M * daniel_hozac it's a reference. hints about usage should be elsewhere.
1187738599 M * daniel_hozac obviously, when someone writes a networking page, i'll link to it
1187738599 M * Guy- once there is an elsewhere for them to be, yes
1187738622 M * Guy- currently, there is no elsewhere, and there won't be enough bits and pieces to create an elsewhere from, because you reject them individually
1187738648 M * Guy- you are currently in the phase where documentation should be accumulated
1187738657 M * daniel_hozac ... on the wiki.
1187738658 M * daniel_hozac :)
1187738672 M * Guy- hopefully, the time will come when the reference page _does_ become unwieldy
1187738690 M * Guy- this would be the time to split out the non-reference stuff and create the networking documentation from it
1187738705 M * Guy- the reference page would be the seed from which it grows
1187738728 M * Guy- if you prune all growth, this will not happen
1187738730 M * Guy- and there won't be documentation
1187738731 M * daniel_hozac it doesn't make sense to use the flower page as a base for documentation. it's just "this file does this, this file does that"
1187738754 M * Guy- yes, and it's so terse that its usefulness is very limited.
1187738757 M * daniel_hozac documentation should be more like "in order to do task x, you should do y"
1187738783 M * Guy- however, you won't let me expand it to make it more useful and become the basis of the more complete documentation.
1187738799 M * daniel_hozac because i think we should just skip that step.
1187738809 M * Guy- which is what I think cannot be done.
1187738839 M * daniel_hozac i'd rather have someone spend 5 minutes throwing together a wiki-page that i can extend/correct, than have 50 people send me one-sentence changes to the flower page.
1187738840 M * Guy- for the reasons I have explained above, but which you blissfully ignored
1187738850 M * Guy- my point exactly.
1187738857 M * Guy- make the flower page a wiki page.
1187738876 M * daniel_hozac then i likely won't update it.
1187738878 M * Guy- otherwise, it's just too damn hard to add documentation
1187738885 M * Guy- but other people will
1187738897 M * Guy- this way, _only_ you are going to update it
1187738908 M * Guy- if it's in the wiki, others can too
1187738937 M * Guy- you can even have your own, extra-terse, text-only version in the source if you like
1187738948 M * Guy- but let there be a copy on the wiki the community can update and extend
1187739023 M * Guy- I'm sure there'll always be someone to merge the changes from your in-source text version
1187739083 M * daniel_hozac and actually, part of what i'm working on would require that there be some sort of reference for the configuration hierarchy in the source either way, so.... making it a wiki-page is just too much work.
1187739083 M * daniel_hozac and given the amount of changes it saw when it was a wiki-page, i really don't think it would grow to any sort of serious documentation any time soon.
1187739124 M * daniel_hozac in 6 months there was a total of 5 changes.
1187739143 M * Guy- including mine, where you said I shouldn't edit that page?
1187739152 M * daniel_hozac yes.
1187739168 M * Guy- gee, if you dissuade people from adding stuff, they don't add stuff? :)
1187739216 M * daniel_hozac it shows that there just aren't many people adding stuff to it.
1187739234 M * Guy- well, 2-3 would be enough, I think
1187739246 M * Guy- many more than that and the edits get out of hand anyway
1187739376 M * daniel_hozac it's interesting how we probably could've written an entire manual in the time we've been discussing this :)
1187739421 M * Guy- I don't think so, but I hope it wan't a complete waste of time :)
1187739479 M * daniel_hozac definitely could've written a comprehensive guide to networking.
1187739487 M * daniel_hozac that should be like 10 minutes work, tops.
1187739571 M * Guy- it's amazing how developer types are completely unable to estimate how long it takes to write good documentation :)
1187739608 M * Guy- I'd say util-vserver networking could be adequately documented in 2-3 hours by a person who knows all the stuff
1187739665 M * Guy- of course, if a 'comprehensive guide to networking' is just a collection of a few basic sentences like the flower page, then you are almost right :P
1187739669 M * daniel_hozac i think you over-estimate how much of the networking is util-vserver.
1187739699 M * daniel_hozac all util-vserver does is "if dev: add/remove IP; else: noop"
1187739726 M * Guy- ah, but a 'comprehensive guide' would need to cover more
1187739735 M * daniel_hozac sure, vlandev too.
1187739743 M * Guy- interesting example setups
1187739754 M * Guy- many 'what happens if ...' type questions answered
1187739788 M * Guy- vserver vs. netfilter (input or forward or output? nat?)
1187739792 M * Guy- loopback interface
1187739800 M * Guy- 0.0.0.0
1187739805 M * daniel_hozac that's not util-vserver related.
1187739826 M * daniel_hozac that's for the global networking page to document.
1187739852 M * Guy- no, but the user doesn't (and shouldn't really need to) care which part of the vserver project as a whole implements some functionality
1187739862 M * Guy- at least, the documentation shouldn't be split up like that
1187739882 M * Guy- because nobody will be able to find anything
1187739882 M * daniel_hozac so why would vcd users be interested in util-vserver?
1187739910 M * Guy- they wouldn't; subsections would have to deal with the specifics
1187739915 M * daniel_hozac splitting things up in logical sections and then linking them together is the beauty of HTTP...
1187739933 M * Guy- I'm too sleepy to argue about organizing documentation with you now
1187739962 M * daniel_hozac i think 3 separate pages are better than one gigantic page that noone can find the stuff they're looking for in.
1187739968 M * Guy- but I disagree; too much linking creates a mess nobody can follow, especially if the linked pages are edited independently from each other
1187739988 M * Guy- it doesn't have to be gigantic, just top-down instead of bottom-up
1187740005 M * Guy- you want the bottom-up approach because you are a developer
1187740018 M * Guy- you have a clear idea of what component does what and want each documented separately
1187740030 M * daniel_hozac i don't see how a link is different from actually including the content in the page.
1187740050 M * daniel_hozac it just makes the page smaller and more focused.
1187740052 M * Guy- the user, as you have already noted, wants a top-down approach: 'I want to do X; how do I go about it? How do all the pieces fit together? How does it all _work_?'
1187740070 M * Guy- it's different because when you edit the page, you see what's above your edit
1187740078 M * Guy- so you can preserve global text cohesion
1187740088 M * Guy- if you edit a linked page, you don't know what context it was linked from
1187740119 M * daniel_hozac so you think we should just get rid of all these silly pages on the wiki and make one huge page?
1187740124 M * Guy- no
1187740146 M * Guy- but I think documentation shouldn't be organized along the same lines as the source trees
1187740149 M * daniel_hozac and being linked from different contexts is bound to happen.
1187740169 M * daniel_hozac which is another reason to have it separate.
1187740177 M * Guy- you can link to sections
1187740202 M * Guy- but I think moderate-sized pages that deal with a subject, not a component, are what useful documentation is made up of
1187740216 M * Guy- util-vserver is a component; networking is a subject
1187740226 M * daniel_hozac which is why there'd be a util-vserver:Networking page.
1187740242 M * daniel_hozac like http://linux-vserver.org/Capabilities_and_Flags does it.
1187740248 M * Guy- in the bottom-up documentation you imagine, yes
1187740256 M * Guy- that's good for developers who want to hack the source
1187740274 M * Guy- it's not good for users who want a _comprehensive_ look at how the vserver world does networking
1187740295 M * daniel_hozac how vserver does networking would be covered in the global networking page.
1187740311 M * daniel_hozac util-vserver:Networking would just show how to accomplish things when using util-vserver.
1187740354 M * Guy- the global networking page should include enough specifics of util-vserver to allow the reader to grasp how it all fits together
1187740375 M * Guy- util-vserver:Networking can be a reference, but not 'real' documentation
1187740392 M * daniel_hozac if it includes specifics, it's not generic anymore.
1187740401 M * daniel_hozac and vcd users can't really benefit from it.
1187740414 M * Guy- vcd users skip the util-vserver parts and read the vcd parts
1187740420 M * Guy- and vice versa
1187740441 M * Guy- you can't have clean separation like in code and keep the documentation useful
1187740451 M * daniel_hozac so http://linux-vserver.org/Capabilities_and_Flags is not useful then, right?
1187740455 M * Guy- I know this is very hard, perhaps even impossible to accept
1187740471 M * Guy- its usefulness is very limited
1187740494 M * Guy- there isn't enough information
1187740500 M * daniel_hozac and how would usefulness increase by merging in the util-vserver bits?
1187740529 M * daniel_hozac personally, i see it like a docbook, structured like theory first, real-world later.
1187740574 M * daniel_hozac when you get to the end of the theory, you get to the next step, which is applying it to real-world scenarios.
1187740582 M * Guy- "Using util-vserver, you can add a capability to a running guest by saying <command>"
1187740606 M * Guy- yes, that's the way commercial documentation, written to fill a cubic-foot quota, is organized
1187740624 M * daniel_hozac feel free to add that.
1187740644 M * Guy- oh, but that would be mixing 'generic' and 'specific'! baaaaaad!
1187740651 M * daniel_hozac no it wouldn't.
1187740658 M * Guy- no? why?
1187740668 M * daniel_hozac because it'd go on the util-vserver page, obviously.
1187740676 M * Hollow hehehe
1187740689 M * Guy- you just asked me "how would usefulness increase by merging in the util-vserver bits?"
1187740695 M * Guy- that's the question I answered
1187740719 M * daniel_hozac okay, so say we add that to the util-vserver page. what's the difference?
1187740732 M * Guy- in this specific case, a link both ways would suffice
1187740761 M * daniel_hozac so, add that.
1187740774 M * Guy- in the util-vserver docs, a link to the capabilities and flags page, and there, a link to the page that documents util-vserver's behaviour - but even so, a brief summary of what's behind the link should appear on the 'generic' page
1187740792 M * Guy- which util-vserver page are we talking about here, btw?
1187740793 M * daniel_hozac it does.
1187740798 M * daniel_hozac the one linked at the bottom?