[00:00] actually i was annother keyboard [00:00] CJDeCKeR: what did you ment to say ? [00:00] you were a keyboard? [00:00] no i drop a keyboard on the other one for a couple seconde [00:01] LVM supports more than 256G. The limit is 64k chunk. So make bigger chunks (do not remember the exact name) [00:01] sorry for this [00:02] jack: yeah i know, i did that already. Now i just have to copy 162G from the old VG to the new. 19G so far [00:02] @jack interested in doing some network virtualization? [00:03] CJDeCKeR: no problemo,stuff like that happens [00:05] Network virtualisation. Well, if this is doable while keeping speed, yes. Again, the target is to have a vserver behave like a real one [00:05] yeah, I was thinking about doing some tag magic within the stack ... [00:05] jack: sometimes you have to give up speed for security [00:05] or maybe if it is easier to do, separate the stacks ... [00:06] jack: like, you need to make sure that one vserver cant DOS the others [00:06] no, I don't think we have to trade speed/load for security ... [00:06] you can get the same security with on host iptables ... [00:06] Bertl: please explain how [00:06] just setup the required rules on the host ... [00:07] you can tag each packet and route it independantly ... [00:07] even have separate tables for each vserver ... [00:08] Bertl: can you limit their rate ? [00:08] @jack I guess we have to have a look at the network stuff, (probably I more than you) ... and on alexeys solution too ... [00:09] @jon yes, with the queuing disciplines ... [00:09] Bertl: nice [00:10] Bertl: then the speed cost i was talking about is located there rather than in jack's stuff [00:11] basically we should not sacrifice the "at full speed!" ;) [00:11] mhepp (~mhepp@r72s22p13.home.nbox.cz) left irc: Remote host closed the connection [00:12] mhepp (~mhepp@r72s22p13.home.nbox.cz) joined #vserver. [00:12] Bertl: no, but we should NOT open for a DOS either [00:13] you are thinking of vserver DOS on the same host? [00:13] Bertl: what about a tool like top/ps that shows vservers rather than processes ? [00:13] Bertl: yes [00:13] mhepp (~mhepp@r72s22p13.home.nbox.cz) left irc: Remote host closed the connection [00:13] vtop and vps? [00:14] Bertl: i guess i have to try them [00:14] or vserver-stat [00:15] guess that is one issue, I checked the stuff jack wrote about vservers (howto, etc) and it is really detailed and very good ... unfortunately it seems not known to vserver user ... [00:18] Bertl: no, they arent completely what i was thinking [00:18] Bertl: ps and top shows processes [00:18] vserver-stat then? [00:19] what i ment was something that showed a summation of all the processes in a vserver, in one line named by the name of the vserver running those processes [00:19] as a fast way to see which vserver takes up all the cpu and/or memory [00:21] and a vrenice that renices all processes in that vserver, and all future [00:23] we tested sending signals to all processes and other stuff ... so this would be possible ... [00:23] i wonder if such tools need kernel support [00:24] for the renices, no ... not at all ... [00:25] sending a signal to all process need kernel support. I was fighting the other day a vserver which was creating processes and processes and [00:25] killall was simply too slow to pick them as they were created. [00:25] jack: hmm, what about just shutting down that vserveR? [00:26] I was thinking about freezing an entire vserver by _not_ scheduling it's tasks .. ;) [00:26] This is the issue. When you stop a vserver, the vserver script is probing /proc to tell what has to be kill after ending the service. But it was failing [00:26] @jack same is with strict memory limits ;) [00:26] Ok, this is a nice idea [00:27] if you reach out of VM .. you can't stop it from inside ... [00:27] vserver xxx freeze and vserver xxx un-freeze and one day vserver xxx hibernate [00:27] you need to send signals from ctx0/1 [00:27] Bertl: cool [00:27] Sending a signal to context. Someone did that [00:28] me, me ;) [00:28] Add this to the kernel and redo the vserver script in the stop section so it uses it [00:28] well basically we should get the syscall switch up and running ... [00:29] with that, we can add features (read syscalls) for those purposes ... [00:29] I am leaving for the weekend and won't be on the net until monday night or later. Anything I can do this weekend (job for me) ? [00:31] hmm, I would suggest you think about a solution for the network virtualization ... [00:32] and we discuss this next week in detail ... [00:32] I'll finish the syscall switch till then ... [00:38] What about the stuff done by alex [00:39] if you want you can get the kernel and patches from me ... [00:39] Anyone has played with it ? [00:39] yes matt did a lot of tests/debugging ... [00:41] but it is interweaved with the other changes, no splitout ... but for the network this should be obvious ... */net/* [00:42] What is the url for alex patches you have ? [00:44] http://www.freevps.com/download/snapshots/rh-vserver-1065436704.diff.gz [00:44] but you need the kernel-2.4.18-27.7.x RH kernel ... [00:57] netrose (~john877@cc-ubr03-24.171.20.14.charter-stl.com) left irc: Ping timeout: 492 seconds [01:13] Nick change: riel -> unriel [01:13] jack (~jack@206.162.172.138) left #vserver. [02:11] JonB (~jbendtsen@217.157.144.114) left irc: Quit: zzzzz [02:23] shuri (~ipv6@cpu183.adsl.qc.bellglobal.com) left irc: Quit: ipv6 [02:49] netrose (~john877@cc-ubr03-24.171.20.14.charter-stl.com) joined #vserver. [03:23] Nick change: surriel -> riel [04:00] Nick change: riel -> | [04:01] Nick change: | -> riel [04:20] as possible for new code and only converting old code to [05:07] newz (~admin@169-52.34-65.tampabay.rr.com) joined #vserver. [05:08] herbert, you around? [05:08] jup! [05:08] Sweet. [05:08] This is matt, I sent you an e-mail earlier today. [05:09] hmm, regarding what? (~300 mails/day) [05:09] :-) Website [05:34] matta (matta@tektonic.net) left irc: Quit: Hey! Where'd my controlling terminal go? [05:50] SG1 (~sgarner@apollo.quattro.net.nz) joined #vserver. [05:52] Bertl there? [05:52] yup! [05:52] I installed mandrake ;) [05:53] and? do you like it? [05:53] I can't get networking to work :/ [05:53] huh, how's that? [05:53] then how did you get on IRC ? ;) [05:54] I can ping other machines on the network but nothing else can ping the (mandrake) machine [05:54] with his sharp E10 ... running linux of course .. [05:54] with my PC ;) [05:54] what NIC? [05:54] broadcom [05:54] ifconfig eth0 returns what? [05:55] the usual [05:55] I'm interested in the overruns etc? [05:55] all 0 [05:55] RX, TX? [05:55] some packets [05:56] I can ping out... but not in [05:56] can you ssh out? [05:56] and I can't ssh to it :/ [05:56] yep I can ssh out [05:56] it's like it's firewalled, but iptables -L shows nothing [05:56] sounds like some packet filtering, did you select paranoia? [05:56] I selected "highest" - I dunno what that is meant to do ;) [05:57] uh oh ... okay everything is working as expected ;) [05:57] how do I turn it off, heh [05:57] the machine is basically invisible ... [05:57] which mandrake version? [05:58] 9.2 beta 2 [05:58] graphical setup? [05:58] yeah [05:58] there is a control center .. there you have to change the security option ... [05:59] how? [05:59] but you can 'allow' specific machines/services at the highest level too ... [06:00] msec is the security tool in mandrake (commandline) [06:00] draksec is the graphical tool [06:00] aha [06:00] that doesn't do anything [06:00] can be reached through the control center IIRC [06:00] I don't have X [06:01] okay try cchkconfig --list [06:01] to show the services and [06:01] have a look what is started in level 3 ... [06:02] chkconfig --list | grep 3:on [06:03] http://www.mandrakeuser.org/docs/secure/smsec.html [06:03] have a look at the description ... it's quite informative ;) [06:06] hmm [06:11] did you configure urpmi? [06:12] I appear to have it, I dont know what it is ;) [06:12] it is something like apt-get ... [06:12] ok [06:12] if you want to install wget for example ... [06:12] you say urpmi wget [06:13] but it also knows the dependancies ... and there is the urpmf tool ... [06:13] cool [06:13] and what's the best you can configure different sources ... over the network ... [06:14] where do you go for updated pkgs for mdk? [06:15] look at the mandrake.com page there is a list of mirrors ... [06:15] you add them with urpmi.addmedia ... [06:16] a simple urpmi --auto-select does the complete update ... [06:16] I hope there's an updated openssh... this one has the login bug :/ [06:16] which is? [06:16] # urpmi --auto-select [06:16] Everything already installed [06:16] doh [06:16] did you add the update source? [06:17] what is the login bug? [06:17] Ah, 2 second delay on ssh logins... due to bogus authentication failures [06:18] ssh delay without nameservices for example is not a bug ... [06:18] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=192207 [06:20] hmm seems to be a pam issue after all ... [06:23] funny stuff ... [07:11] Ok, which vserver patches should I use? ;) [07:12] what features do you want? [07:12] everything! [07:12] ;) [07:12] experimental stuff too? [07:13] only if it's not too likely to explode ;) [07:13] this will be a production server... [07:13] 2.4.22 or pre23 ? [07:14] 22 I think [07:14] okay, want a quick solution or some testing/etc ...? [07:16] SG1 (~sgarner@apollo.quattro.net.nz) left #vserver. [07:16] SG1 (~sgarner@apollo.quattro.net.nz) joined #vserver. [07:16] opps [07:16] if you want me to test anything under x86_64, now is the time ;) [07:16] http://vserver.13thfloor.at/Stuff/patch-2.4.22-c17f.diff.bz2 [07:17] after that, I would suggest to try some of the enhanced features ... [07:17] like quota hashes or memory/disk limits ... [07:18] ok [07:18] http://vserver.13thfloor.at/Experimental/patch-2.4.22-c17e-rmap15k.diff.bz2 [07:19] actually [07:19] http://vserver.13thfloor.at/Experimental/patch-2.4.22-c17e-rmap15k-mq0.11.diff.bz2 [07:19] and the related stuff ... [07:22] ok I've grabbed them... but I have to go out soon [07:22] I'll talk to you on monday :) [07:22] okay .. cu ... [07:23] ciao! [07:23] SG1 (~sgarner@apollo.quattro.net.nz) left irc: Quit: so long, and thanks for all the fish [07:39] Bertl, you still around? [07:39] yup ... [07:40] What timezone are you in? [07:40] CEST ... [07:40] is GMT+2 [07:40] you're up late. [07:41] I fiddled with that logo a little, wanna check it out and give me some feedback? [07:41] nope, early *G* [07:41] :-D [07:41] url? [07:41] first, disclaimer... [07:41] I got way distracted and pretty much didn't do anything you suggested... Except I do have some blue in there. :-D [07:42] sounds good ;) [07:43] Ackk... I copied it to the wrong server. Just a sec. [07:44] ok, http://newz.gotdns.com/vserver-copy.jpg should work. [07:44] It maybe the wrong mood. You could go "corp-ish" but this is more humor-ish [07:45] hmm looks interesting :) [07:45] What do you think of the blue? [07:45] See what I mean about disregarding your suggestions? [07:45] could be a little more blue and a little less green ... [07:46] ok [07:46] ensc (~ensc@ultra.csn.tu-chemnitz.de) left irc: Ping timeout: 492 seconds [07:47] please post the url on the list ... just explain the idea (different unixes on one server) and wait for some comments ... [07:47] OK, first, your opinion... It doesn't have any "aqua" feel to it at all. Is it something you'd like to see developed, or would you prefer to go back. [07:48] (to the drawing board) [07:49] well it look good, my first impression was different distros ... maybe we should make the virtual context somewhat stronger ... could be by some cubicles where the penguins live ... or something like that ... [07:50] the server itself looks good to me (for a draft) [07:50] Yeah, I'd like more detail there too, the only problem is that on the web you only have a little space. [07:50] the spyglas is a good idear ... [07:50] This is 110 px high, wich is kind of tall. I can make the penguins smaller... there just isn't much room. [07:51] know what I mean? [07:51] maybe you could break up the server (like cutting one edge off, to see inside like on diagrams ... [07:51] you know what I mean? [07:51] Hmmm... That has some merit. [07:52] you could then show some 3 by 3 or 2 by 2 cubicles (horizontal and vertical ... where the penguins live ... [07:52] I could make the looking glass bigger so that the logo takes up more horizontal space... would that frighten you? [07:53] It's almost 300 wide now, and I usually design for 765 wide [07:53] well the logo itself should not be much taller, but you could show only the glass portion (vertically) from the looking glass ... [07:53] That only leaves 465 for the roject name [07:54] ^project [07:54] Yeah, that's true. Also, the handle can cover up part of the server. [07:54] for example if you cut off the right side and reduce to the inner part on top and bottom ... [07:54] The server isn't that important, it's whats inside that matters. [07:55] The problem with cutting the image off is that it limits where and how you can use the logo. [07:56] well we could do a big version and just use the 'important' area for the every page logo ... [07:56] Yeah, that's true. [07:56] big version could be used on a splash page ... [07:58] mdaur_ (mdaur@p509150C1.dip.t-dialin.net) joined #vserver. [07:59] I'm playing with that blue... there's not much green in it at all, let me post another version and take a peek at it. [08:02] http://newz.gotdns.com/vserver-copy2.jpg [08:02] http://newz.gotdns.com/vserver-copy3.jpg [08:03] Do you like either of those better? [08:03] 3 is better 2 has too much saturation ... [08:03] Yeah, I agree. So, 1 or 3, which do you prefer? [08:04] hard choice ... guess I would prefer 1 though ... [08:04] Cool. 3 is a more pure blue, but I think it will be harder to match colors with. [08:04] mdaur_fudd (mdaur@p50917040.dip.t-dialin.net) left irc: Ping timeout: 483 seconds [08:06] I'll send off a quick message to the mailing list and we can see what kind of feedback we get. [08:06] If you're ready? [08:06] perfect with me ... go ahead ... [08:10] done. [08:10] Did this channel ever get a bot? [08:10] there is one ... [08:11] Does he upload anywhere yet? [08:11] you ahve to ask shadow ... [08:12] Alex, does the bot post to the web yet? [08:14] OK, I'm going to bed. Night Y'all. [08:14] night ,... [08:14] newz (~admin@169-52.34-65.tampabay.rr.com) left irc: Quit: Client exiting [08:34] Nick change: Bertl -> Bertl_zZ [11:21] mhepp (~mhepp@r72s22p13.home.nbox.cz) joined #vserver. [12:42] JonB (~jon@kg184.kollegiegaarden.dk) joined #vserver. [14:00] kloo (~kloo@213-84-79-23.adsl.xs4all.nl) joined #vserver. [14:00] hi. [15:38] shadow (~umka@212.86.233.226) left irc: Quit: bye [15:38] hi [16:17] mhepp (~mhepp@r72s22p13.home.nbox.cz) left irc: Remote host closed the connection [17:31] netrose (~john877@cc-ubr03-24.171.20.14.charter-stl.com) left irc: Ping timeout: 492 seconds [17:38] Nick change: Bertl_zZ -> Bertl [17:39] hi all ... [17:50] hey Bertl [17:50] hi jon! [17:54] alekibango (~john@62.245.97.59) joined #vserver. [18:08] hi alekibango! [18:09] hi... [18:09] i am overclocked to 7GHz and it is not enough... [18:11] you can't overclock memory latency ;) [18:11] hmm, too much coffein? [18:12] hi rik! [18:12] morning [18:12] well, latency... yes. erhm :) [18:12] you forgot, 'wait a second' ;) [18:12] wait a second... [18:13] latency: command unknown [18:14] @rik http://vserver.13thfloor.at/Stuff/virtual.{c,h} what do you think? [18:16] looks good, though the mixed case defines aren't quite kernel coding style ;) [18:16] looks good [18:16] hmm, you are right about the mixed case, maybe I should make it all uppercase ... [18:18] hmm, but wait the _NR_new_s_context is mixed case too! [18:20] hehe [18:20] mmmm [18:20] I guess mixed case is fine [18:20] ;) [18:20] mmmm, one addition I would like [18:20] yes? [18:22] or rather, just an idea [18:22] case VCMD_get_version: [18:22] - ret = vc_get_version(id, data); [18:22] + ret = vc_get_version(id); [18:22] this one I'd like ... version get independant of data [18:22] this is just an idea, haven't yet decided whether or not it's a good idea ;) [18:22] case VCMD_new_s_context: [18:22] - ret = vc_new_s_context(id, data); [18:22] + ret = vc_new_s_context(id, (struct vcmd_new_context_v0)data); [18:22] hmm, I was not sure if we should return the version alone ... maybe a struct with creation date etc, could be filled ... [18:23] yeah, the other have to be adapted ... I was thinking about doing get_user() inside the syscall switch ... [18:24] and just pass the struct of the mapped union to the function ... [18:24] but maybe that is overkill ... [18:25] it could also break for really large structures [18:25] you really want the functions to do get_user() themselves [18:26] okay ... [18:26] mmmm wait ... that makes my cast needless and stupid ;) [18:26] never mind that idea [18:26] okay 8-) [19:05] JonB (~jon@kg184.kollegiegaarden.dk) left irc: Quit: Client exiting [19:16] @rik ad syscall switch: should we return -ENOSYS or -EINVAL if the command is not supported? [19:18] JonB (~jon@kg184.kollegiegaarden.dk) joined #vserver. [19:23] Bertl: good question ... [19:23] lets see what sys_ipc and sys_ptrace do [19:23] netrose (~john877@cc-ubr03-24.171.20.14.charter-stl.com) joined #vserver. [19:23] I would opt for -EINVAL because this can be differentiated from -ENOSYS where the syscall is not present at all ... [19:24] agreed [19:24] hmm the set_ipv4root will be fund :( [19:25] s/fund/fun/ [19:25] mhepp (~mhepp@r72s22p13.home.nbox.cz) joined #vserver. [19:26] hi mhepp! [19:28] why ? what's so special about it? [19:28] asmlinkage int sys_set_ipv4root ( [19:28] __u32 ip[], [19:28] int nbip, [19:28] __u32 bcast, [19:28] __u32 mask[]) [19:28] heh ;) [19:28] and ip/mask depend on nbip ;) [19:28] what is nbip ? [19:29] the number of entries in ip/mask (the ips) [19:29] ahh ok [19:29] time to reorder those I guess ;) [19:29] and have nbip be the first item [19:29] what does the __bcast stand for ? [19:29] I'm not sure if I should use a pointer in the struct and have them mapped separately ... [19:30] or reserve space for NB_IPV4ROOT entries ... [19:30] I guess the pointer is the better approach ... [19:31] this is the time to clean up the interface ;)) [19:31] okay, any suggestions for that syscall? [19:32] restrict the virtual host to a series of _networks_ [19:32] not individual addresses [19:32] netblocks, that is [19:32] so you'd assign eg. [1.2.3.0]/24 to a virtual host [19:32] hmm, well that would require reqriting the entire network stuff ... [19:32] and inside that virtual host you can bind to any of the addresses in that range [19:32] because there are 16 slots for now ... [19:33] but it is the right model for recursive vservers [19:33] of course ... [19:33] the question is, should we really do everything at once? [19:34] FYI, jack and I are working/thinking on a true virtual network [19:34] good point [19:34] you're right, we can keep the current interface for now [19:34] and when we change later on, we simply change the version of the vserver kernel/user interface ;) [19:35] that's the idea ;) [19:36] but what we could do, would be reducing the interface to just one address/mask at a time and allow some kind of index ... maybe .. have to talk with enrico to get the userspace perspective ... [19:36] well, you'd want some ipv6 netmasks too ;) [19:37] just to throw them away in the syscall *G* ... [19:37] ;) [19:37] we can add another subcommand for that [19:39] hopefully we'll have structured and separated syscalls for v4 and v6 in the next interface release, don't let me stop you from making good 2.6 suggestions for those structures ;) [19:40] most likely we won't need a different kernel/user interface for 2.4 and 2.6 [19:40] hopefully not ... [19:41] for 2.6 the main thing is that the patch should be MUCH smaller, due to reusing already existing security infrastructure in the kernel [19:41] small is good ;) [19:51] @riel hmm, if we have strictly typed structs, I don't see a reason for using a union anymore? [19:52] indeed [20:05] kloo (~kloo@213-84-79-23.adsl.xs4all.nl) left irc: Read error: Connection reset by peer [20:12] Bertl: what does the union do ? [20:23] well it doesn't do anything now, as I removed it ;) [20:24] HAHA [20:25] Bertl: i ment, how does it work technicaly? [20:26] a union? or the syscall switch? [20:26] union [20:26] does it take extra space ? [20:27] it simply combines different types, one over the other, using max(...types...) space [20:27] hmm, like [20:28] union A B C = ABC or #? [20:28] union gustav { int a, long b }; [20:28] sizeof(union gustav) = sizeof(long) [20:28] Bertl: thanks [20:29] it has two different usage scenarios ... [20:29] Bertl: how does one see which of the members of the union the data really is ? [20:29] Bertl: please elaborate [20:29] a) to work with different/unknown data as in ... [20:30] struct data { int type; union values { int i, float f }}; [20:30] here type says what the union will contain ;) [20:30] b) to access data in different ways like ... [20:31] union { struct {char ah; char al }; short ax; }; [20:33] Bertl: okay, thanks [20:39] netrose (~john877@cc-ubr03-24.171.20.14.charter-stl.com) left irc: Ping timeout: 492 seconds [20:39] shuri (~ipv6@cpu183.adsl.qc.bellglobal.com) joined #vserver. [20:39] hi shuri! [20:40] hi Bertl [20:40] got no problem with c17f [20:41] hey sounds good ;) [20:41] it run on a production server with 7 vserver [20:43] what additional patches would you like to add besides vserver core system on a production system? [20:44] well i need ppp-mppe [20:44] but i dont think it must be in the vserver patch [20:44] hmm, this does what exactly? [20:44] Bertl: memory limitations, scheduler stuff [20:44] no [20:44] pppd encryption [20:44] @all was a general question ;) [20:45] and it applies without any issues I assume? [20:45] yes [20:45] @jon what about non vserver related patches? [20:45] do you know WOLK project? [20:46] of course ... [20:46] got some good patch on it [20:46] lets hear ... [20:46] Bertl: i would patch those myself, but they would proberly be LVM stuff, and extonline resize patch [20:46] wolk ? [20:47] PPP Microsoft encryption/compression (MPPE/MPPC) v0.96 [20:47] http://sourceforge.net/forum/forum.php?forum_id=299419 [20:48] hmm, extonline resize ... [20:48] regarding LVM, what do you patch there? [20:49] i did some bugfixes that wasnt in the kernel (yet) [20:49] interesting, still valid? [20:52] dunno [20:52] I had 1.0.7 and dmapper in my patchsets ... [20:52] they fixed some snapshot issues, but i dont use that any more [20:52] maybe you could include my device mapper target (once i find the memory leak ;-P [20:54] what wolk patches do you require/features do you use? [20:55] Low Latency Fixes [20:55] for my soundcard [20:55] hmm, on your vservers? [20:55] no [20:55] you ask me what i use:P [20:56] okay so I should be more precise, I see ;) [20:56] hehe [20:56] what wolk patches/features would you like to see for vserver hosts? [20:56] grsecurity v1.9.9h [20:57] can be nice [20:57] ReiserFS Quota [20:58] PPP Microsoft encryption/compression (MPPE/MPPC) v0.96 [20:58] Netfilter Addons for IPv4 and IPv6 [20:59] IP Virtual Server support v1.0.10 [21:00] well all depend of what you need for your server [21:00] hmm for what do you need the PPP microsoft encryption? [21:00] vpn [21:00] virtual private network [21:01] hmm, can be done via ssh/ssl? [21:01] well [21:01] cometime [21:01] you need to conenct to a Microsoft VPN server [21:02] from a vserver? [21:02] why not.. [21:02] did you try/do it? [21:02] yes [21:02] you need some caps [21:02] humm a lot [21:02] hehe [21:03] basically everything except CAP_CHOWN ;) [21:03] yep [21:03] so i don"t think it muste be in the vserver patch [21:03] Bertl: you know, your vserver patch ends up being bigger than the kernel [21:04] no,no you got me wrong, I don't ever want to include those patches ;) [21:04] serving (serving@213.186.190.15) joined #vserver. [21:04] Bertl: phew, i just thought [21:04] but there are the patchsets ... and I would like to provide additional, tested and compatible patches where useful ... [21:05] ahh [21:05] Bertl: good idea [21:05] for example the grsec stuff sounds reasonable to me ... [21:05] but why v1.9.9h for example? if there is 1.9.12 [21:10] dont know [21:29] Nick change: CJDeCKeR -> Cmaj [21:30] hmm Cmaj? [21:30] hi [21:30] yup thats me [21:31] so you use debian right? [21:31] yeas i got 3 vserver running debian [21:31] Action: alekibango is running debian, too [21:31] and me [21:31] hey guys, I'm trying to make some conversation ... [21:32] i run now old stx 17 a with 2.4.21 [21:32] ctx17a [21:32] I know that debian is widely used but nobody could tell me about the package details yet ;) [21:33] @cmaj well you should have a look at c17f ;) [21:33] yeas i know [21:33] Bertl: i am fighting with it right now, doing my first ITP into BTS [21:33] Bertl: the package details? [21:33] i stil got a 30 days uptime [21:33] well, some of us had 140++ days ... [21:34] 7:35pm up 167 days, 14:15, 1 user, load average: 0.07, 0.33, 0.38 [21:34] actually ;) [21:34] but i got a mess with my network and firewall i hang or something i could but i always change my kernel [21:34] i lost mine in a power dropout the other week :( [21:34] me too i was 70 days [21:34] :( [21:35] vserver really rules but at first its hard to get it to work [21:39] yeah, usually a kernel update kills the uptime ;) [21:44] kloo (~kloo@213-84-79-23.adsl.xs4all.nl) joined #vserver. [21:46] mcp (~hightower@81.17.110.148) left irc: Ping timeout: 480 seconds [21:53] hi Cmaj [21:54] about your network and firewall hang [21:54] did you test without vserver patched kernel [21:56] mcp (~hightower@wolk-project.de) joined #vserver. [22:14] no cause my server is not functionnal without vserver [22:14] annyway this is my home sever [22:15] sewer [22:15] eee [22:16] ahh, you private dungeon, then ;) [22:16] ahaah yeas [22:17] ok [22:18] next ill go agressive try a dev kernel :) [22:27] test c17f :P [22:31] netrose (~john877@cc-ubr03-24.171.20.14.charter-stl.com) joined #vserver. [22:31] anybody interested in testing the grsec stuff? [22:32] Bertl: maybe Cmaj? [22:32] Bertl: the problem with grsec and vservers is, once you've enabled the acl subsystem it cannot be disabled [22:32] Bertl: at least that was the problem I had some time with wolk [22:32] Bertl: therefore wolk has vservers selectable via config =) [22:33] well I just rediffed the 1.9.12 to .23-pre7 ... and if this works (what I expect) then I'll try to merge with c17f ... [22:33] i am ready to test it... [22:33] on my TEST server only local IP [22:34] Bertl: p.s.: it would be nice to see incremental patches from vserver to vserver version [22:34] Bertl: so c17f to c17g or 1.0.0 [22:34] I can assure you, there will be incrementals ;) [22:34] once its out [22:34] great [22:34] then I merge 17f now [22:35] they are called delta- and already done for 17b/c [22:35] naming it delta is /"/((&§&/( [22:35] ;) [22:35] good to hear that you agree to that nomenglature 8-) [22:35] hehe [22:36] when do you expect 1.0.0? [22:36] hmm, I need some feedback from the different platforms ... [22:36] but if the syscall stuff is okay for them, there is nothing else to do than release it ;) [22:37] @shuri http://vserver.13thfloor.at/Stuff/patch-2.4.23-pre7-grsec-1.9.12.diff.bz2 [22:38] Bertl: is anyone testing on ppc? [22:38] not that I know of ... [22:38] ok i compile it [22:38] maybe I should make some wiki page where the testers can enter their platform/results? [22:41] @mcp do you intend to merge the patch or the differences, for c17f? [22:41] hmm, i always wanted to get a ppc machine [22:41] Bertl: I don't think that there are incrementals from 17 to a and b and c and so on so I merge it from scratch [22:42] okay, in this case, could you merge each of the splitted out versions independantly? [22:42] yes. why? [22:42] because separated by base,syscall,ili,sched and net would be a GoodThing(tm) [22:43] hehe [22:43] sched will be left out because of O(1) scheduler [22:43] no, I'm interested in some subparts ... [22:43] hmm, so you simply drop the scheduler part then? [22:43] yes [22:44] do you have a 'good' version of the O(1) scheduler as standalone patch? [22:45] Bertl: I use the one from -aa which is benched best compared to all the other 'incarnations' floating around [22:45] how much additional garbage will this need on let's say 2.4.23-pre7? [22:45] additional garbage? [22:46] ahem, I mean additional functionality ;) [22:46] I can't follow your question :) [22:46] last time I checked for O(1) I endet up using the whole -aa tree ... [22:47] too many dependancies for the scheduler patches ... [22:47] ah yes [22:47] optimally I would expect the patch to modify */sched.[hc] and nothing else ... [22:48] well, that can't be done :) [22:49] why not? [22:50] nice() is different, processor is cpu and so on [22:51] hrm ... [22:51] to only modify sched.c and .h you have to rewrite the o(1) scheduler [22:52] Bertl about patch-2.4.23-pre7-grsec-1.9.12.diff.bz2 [22:52] yes? [22:52] i aply patch-2.4.23-pre7 first on 2.4.22 [22:52] then patch-2.4.23-pre7-grsec-1.9.12.diff.bz2 ? [22:52] yes, exactly ... [22:53] ok and no ctx patch [22:53] nope, not yet ... [22:53] ok [22:53] no chunk on apply [22:53] i compile it [22:53] please reporty any warnings and/or errors ... [22:54] ok [22:54] gcc: Warning, project leader appears hungry and thirsty, send him a pizza and a coke [22:54] :) [22:55] hmm, probably the coke will be allright after the ground shipping, but the pizza 8) [22:56] thanks anyway ... [22:56] @mcp I just refuse to add 150 patches from the -aa tree to get a O(1) scheduler (yet) [22:56] Bertl: www.domino.at ? [22:57] Bertl: but home made is better [22:57] I had a good frying/roast? this evening ... [22:57] Bertl: okay [22:58] what kind of coke are you talking :P [22:58] hehe the one and only (CocaCola) [22:58] i see [22:59] kernel-hackers don't need drugs, they have the kernel to sniff ... [22:59] Action: JonB cant drink cola :( [23:00] Action: shuri cant sniff kernel :( [23:00] @jon well it isn't a strict requirement for a good programmer, coffee should be sufficient ... [23:01] Bertl: that tastes awfull [23:01] what? coffee? well in this case no coffeine no programming skill ;) [23:02] lol [23:02] Bertl: hmm, that explains the memory leak [23:24] JonB says "i think i can handle one little memory leak" [23:25] Bertl says "no, your machine is already dead" [00:00] --- Sun Oct 12 2003