User Tools

Site Tools


2015-04:day-2015-04-23

3rd ΞX2Go Development Meeting

Organisation

Availibility
Real name1pm - 2pm UTC+01:002pm - 3pm UTC+01:003pm - 4pm UTC+01:00unavailable
Mihai Moldovan2016-01-08 18:37:092016-01-08 18:37:092016-01-08 18:37:09 
Mike Gabriel   2016-01-11 18:37:06
Michael DePaulo2016-01-12 00:56:46   
Heinz-M. Graesing2016-01-18 12:21:39   
 3111

Timezone: UTC+01:00

Topics

Retrospective

Planning

Changes

Next Meeting

Organisation

Availibility_4th
Real name2015-04-302015-05-142015-05-21
Mihai Moldovan2015-05-16 03:35:152015-05-16 03:35:152015-05-16 03:35:15
Michael DePaulo2015-04-23 12:15:582015-04-23 12:15:582015-04-23 12:15:58
Mike Gabriel2015-04-24 08:06:522015-04-24 08:06:52 
 332

Raw Chat Log

(14:04:14) Heinz-M. Graesing: Welcome to our 3rd ΞX2Go Development Meeting 2015
(14:04:23) Heinz-M. Graesing: Please respect that this chatroom will be used as conference room for the next hour and make sure that this communication will not be disturbed by any questions until the meeting is over!
(14:04:39) Heinz-M. Graesing: For our participants: please make sure that a statement/post of a person won't be interrupted! There will be one active spokesman at once and he will tell when his post will be completed (EOS - End Of Statement).
(14:05:03) Heinz-M. Graesing: Our topics today: http://wiki.x2go.org/doku.php/2015-04:day-2015-04-23
(14:05:37) Heinz-M. Graesing: I want to inform you first about my experience with echoplexus and our blog site
(14:06:20) Heinz-M. Graesing: in very short words: echoplexus won't be a solution for IRC chat augmentation in the near future due to performacne issues
(14:06:57) Heinz-M. Graesing: and about our blog page: I've installed the dokuwikis own blog engine:
(14:07:00) Heinz-M. Graesing: http://wiki.x2go.org/doku.php/playground:start?&#still_hidden_pages
(14:07:22) Heinz-M. Graesing: I'll convert all articles on the old blog to our new engine soon!
(14:08:02) Mihai Moldovan: is dokuwiki really a good engine for a blog?
(14:08:05) Heinz-M. Graesing: at the moment the shown page is hidden, but it will be available for logged in people and part of a group 
(14:09:08) Heinz-M. Graesing: Ionic: it will help to have everything looking the same, it will be maintained automatically, because we also maintain dokuwiki and it will make it very easy to reference any content inside the wiki
(14:09:33) Heinz-M. Graesing: and - nobody is using the old blog system at the moment... (or maintaining it)
(14:10:15) Mihai Moldovan: yeah, but it doesn't look blog-like and it has no comments support (unless there is a way to integrate other stuff like disqus or whatever those commenting services are called)
(14:10:25) Heinz-M. Graesing: Ok,... I'll be available for ideas later and in the following days, but lets continue with our todays topics
(14:10:43) Heinz-M. Graesing: Ionic: comments will be added - this is working!
(14:11:11) Heinz-M. Graesing: Ionic: even social media things can be applied
(14:11:16) Mihai Moldovan: ok
(14:11:44) Alex: It looks good for me...
(14:12:07) Heinz-M. Graesing: Ionic: can tell us something about dte reworked Buildscripts?
(14:12:48) Mihai Moldovan: everything relevant was already included in my email, if I remember correctly
(14:13:32) Mihai Moldovan: basically the changes make it possible to add custom repositories to RPM build systems (OBS for *SUSE, mock for Fedora/EPEL/RH)
(14:14:18) Mihai Moldovan: for that, the base config file in /etc/mock/distroname-distroversion-arch.cfg will be automatically merged with some /etc/mock/$REPONAME.repo file
(14:14:58) Mihai Moldovan: depending on whether it's a nightly or release build, the nightly or release repos are enabled from that $REPONAME.repo file
(14:15:21) Mihai Moldovan: everything is written to a temporary file... which currently slows mock things down, but that's an inconvenience only
(14:15:39) Mihai Moldovan: I need to implement caching to get rid of that overhead
(14:16:06) Mihai Moldovan: more general improvements were adding cleanup measures to both RPM and DEB build scripts
(14:16:26) Mihai Moldovan: the temporary build directory is now always deleted, no matter whether the build was successful or not
(14:17:15) Mihai Moldovan: jenkins accumulated a lot of build-failure temp directories (which I also cleaned while I was at it)
(14:18:33) Mihai Moldovan: (EOS?)
(14:19:21) Alex: one of my customers said, that he has dependencies problem installing x2go server on SLES. The packages perl-Try-Tiny perl-Capture-Tiny perl-X2Go-Server perl-X2Go-Server-DB are not installed automatically. Could a changes you made be a reason for this problem?
(14:20:01) Mihai Moldovan: nope, what SLES version exactly?
(14:20:46) Mihai Moldovan: especially as perl-X2Go-Server and perl-X2Go-Server-DB are *our* packages
(14:20:53) Alex: I don't remember. I'll ask him and I'll write a E-Mail. Should I put it to dev ML ?
(14:21:17) Mihai Moldovan: perl-Try-Tiny and perl-Capture-Tiny may be part of the extras repository, which he needs to add as well
(14:21:29) Mihai Moldovan: yes, please do, for reference
(14:21:37) Mihai Moldovan: I can't fix what I don't know
(14:22:18) Mike#2: Alex|2, IIRC, EL5 has similar problems
(14:22:20) Mihai Moldovan: *fix
(14:22:33) Mike#2: and I was working on 3 fixes, but didn't complete all of them.
(14:22:50) Mike#2: http://lists.x2go.org/pipermail/x2go-user/2015-January/002746.html
(14:22:54) Mihai Moldovan: mikedep333: did they just not use the "extras" repository maybe?
(14:23:17) Mike#2: Ionic, on CentOS 5, adding "extras" was not sufficient
(14:23:22) Mihai Moldovan: Alex|2: also please make sure to include zypper output
(14:24:31) Mihai Moldovan: mikedep333: but that person there also adds other repositories, so it's entirely possible that perl-DBI was installed from another 3rd-party repo, but incompatible with what we expect (i.e., too old)
(14:27:00) Mike#2: Ionic, IIRC, we can make our code compatible with the EL5 version of perl-DBI with some small changes to our code
(14:27:02) Alex: ok, I just figured it out, beacuse x2godbagent wrote error, that module perl-Try-Tiny not found. I'll ask him for all installation procedure he did and will post message to DEV ML, so we will know more
(14:27:22) Stefan Baur: +1 for keeping x2go-dev in the loop, Alex
(14:27:57) Heinz-M. Graesing: ok - as we are covering a perl topic... what are your opinions about Use perl -T (taint) with x2goserver scripts?
(14:28:18) Mihai Moldovan: especially on older suse versions, we provide our own version of perl-Try-Tiny and other stuff, becaue the system-provided ones are too old
(14:28:45) Mihai Moldovan: oh, no, we don't do that for perl-Try-Tiny
(14:28:59) Mihai Moldovan: http://packages.x2go.org/sle/11.2/extras/x86_64/
(14:29:13) Mihai Moldovan: h1Org: I'm all for it
(14:29:33) Alex: btw, My customer's Distribution is Sles11sp3
(14:29:54) Mihai Moldovan: but that requires work, it's not just a matter of adding the -T flag
(14:30:16) Mike#2: I will brb, important phone call.
(14:30:21) Heinz-M. Graesing: Ionic: true - but it was the name of the topic on our wiki page...
(14:30:42) Mihai Moldovan: Alex|2: we're probably just missing a perl-Try-Tiny dependency
(14:31:29) Alex: Yes, I think so. We installed this packages wit zypper and everything starts to work
(14:32:01) Mihai Moldovan: ok, no biggy, I'll add the required packages if you tell me what is required exactly and where
(14:32:14) Mihai Moldovan: h1Org: I know. I back taint mode.
(14:33:38) Heinz-M. Graesing: So this topic will be discussed further on our dev list?
(14:33:55) Alex: Guys, I'm so sorry, but I really need to go. Crazy day :( I'll read a log later. Have a nice day...
(14:34:16) Heinz-M. Graesing: Alex|2: Please tell us your opnion about the New help output system for X2Go Client
(14:34:21) Heinz-M. Graesing: if it is possible...
(14:34:27) Mihai Moldovan: I don't think it needs to be discussed any further. why would it? as far as I've seen, all devs were in favor
(14:34:37) Heinz-M. Graesing: because it is adressed to x2goclient and will change a feature!
h1mg h1Org 
(14:35:51) Mihai Moldovan: on that note, I still need to make the output look nice in the GUI, but that's not a big deal
(14:36:07) Stefan Baur: I don't see what negative impact (with regards to backward compatibility etc.) it could bring.
(14:36:20) Mihai Moldovan: and maybe tweak the algorithm to break up long lines when no terminal is used
(14:38:23) Heinz-M. Graesing: I didn't like the output too, but we don't know if somebody is using it for something we don't even know about.
(14:39:07) Mihai Moldovan: any change would have broken it in that case
(14:39:15) Stefan Baur: +1 Ionic
(14:39:22) Mihai Moldovan: so that's a moot argument
(14:39:25) Mihai Moldovan: even typo fixes
(14:39:39) Heinz-M. Graesing: I would say: please ionic finish your work and we'll have a look on it again. But for sure - it is something that needs to be done
(14:40:07) Heinz-M. Graesing: typos... 
(14:40:11) Heinz-M. Graesing: ouch...
(14:40:25) Heinz-M. Graesing: mikedep333: are you availabe agin? (phone)
(14:40:33) Heinz-M. Graesing: again
(14:40:40) Mihai Moldovan: or bad language/grammar or whatever
(14:42:30) Heinz-M. Graesing: ok - then we'll move on - but to anser the question about etckeeper: yes - it is agood idea, but it needs to be done carefully: I don't want to add hidden credentials to a git archive
(14:42:47) Mike#2: yes
(14:42:51) Mike#2: until I am no longer on hold
(14:43:13) Heinz-M. Graesing: mikedep333: so the answer is YES, but I'll just need some time!
(14:43:24) Heinz-M. Graesing: mikedep333: is that OK for you?
(14:43:36) Mike#2: I am on hold right now. I probably have time.
(14:43:49) Mihai Moldovan: h1Org: what is your specific problem?
(14:44:01) Mihai Moldovan: we can make it use localhost only
(14:44:01) Mike#2: so can you think of anything that would store credentials under /etc/?
(14:44:29) Heinz-M. Graesing: Ionic: if you put the content of /etc inside a VCS, you should be aware which content...
(14:44:57) Mihai Moldovan: isn't that for *all* content?
(14:45:06) Heinz-M. Graesing: .../etc/shadow /etc/passwd are bad ideas...
(14:45:09) Mihai Moldovan: why?
(14:45:12) Mike#2: we use .gitignore
(14:45:36) Mihai Moldovan: especially for those it's a good idea to have revertable snapshots
(14:46:07) Mihai Moldovan: we do not need (or should) publish the repository
(14:46:13) Mike#2: yeah, the /etc/.git directory has 700 permissions
(14:46:15) Mike#2: Ionic, yup
(14:46:19) Mihai Moldovan: it will be a local git repo on japsand
(14:46:22) Stefan Baur: Unlikely to happen here, but e.g. samba shares listed in /etc/fstab allow you to specify credentials - not only in fstab, but also in a file with a path and file name of your choice. 
(14:46:39) Mihai Moldovan: I just read "shice" instead of "choice"
(14:47:16) Stefan Baur: Ionic: That is pretty much my impression of the day, but that's not a topic for this meeting. ;)
(14:47:23) Mihai Moldovan: h1Org: etckeeper is a "backup" means, to easily be able to revert to a previous state
(14:47:54) Heinz-M. Graesing: Also, since version control systems don't keep track of the mode of files like the shadow file, it will check out world readable, before etckeeper fixes the permissions.
(14:48:15) Mihai Moldovan: this is not true
(14:48:26) Mihai Moldovan: git has file permissions support
(14:48:36) Mihai Moldovan: which is even *problematic* on windows
(14:48:41) Mike#2: Ionic, yeah
(14:48:48) Heinz-M. Graesing: Ionic: true - but as there are some limitation (acls, tags), I really want to make up my mind before using it.
(14:49:05) Heinz-M. Graesing: Ionic: https://github.com/joeyh/etckeeper (section security warnings)
(14:49:40) Heinz-M. Graesing: (the actual /etc/ is rsynced at the moment)
(14:49:56) Heinz-M. Graesing: but a history would be much better - true
(14:50:39) Mihai Moldovan: h1Org: to where? on a daily basis? are multiple snapshots available? can we just revert to an older one?
(14:51:00) Mihai Moldovan: ACL's should be used on /etc/, otherwise that might be a problem
(14:51:12) Heinz-M. Graesing: Ionic: mike#1 and I are syncing - I'm pulling every second day
h1mg h1Org 
(14:51:36) Mihai Moldovan: the security notes are valid, but basically saying that your git directory shall be unreadable by other users but root
(14:52:01) Stefan Baur: Heinz, are you aware that you can have a versioned backup using rsync and --link-dest? If not, ping me by mail for a sample backup script.
(14:52:04) Heinz-M. Graesing: but there is a hetzner backup space - this is used - as far as I know - every day
(14:52:07) Mike#2: phone call is over :)
(14:52:55) Mihai Moldovan: h1Org: but only you have access to that, and if BLITZEN meets power line, we're screwed.
(14:53:07) Mihai Moldovan: or TREE meets power line
(14:53:15) Heinz-M. Graesing: MyNameIsRetro: Yes - I'll have a look to the Backupspace of Hetzner, because those snaps could be done n times a day
(14:53:50) Heinz-M. Graesing: Ionic: if my backup is broken, the next one is in Kiel! 
(14:54:04) Mihai Moldovan: h1Org: the point is that you may not be available.
(14:54:11) Heinz-M. Graesing: Ionic: but yes - we should improve those strategies
(14:54:24) Stefan Baur: Heinz, the neat trick is the --link-dest, you can point it to a previous backup and it will hardlink unchanged files == saves disk space and you still see the full tree in each backup
(14:54:56) Heinz-M. Graesing: Ionic: but I really hope Mike# is available then - ore anybody with japsand acces - because those credentials can accress the Hetzner Backup space
(14:55:21) Mihai Moldovan: ah, ok, if anyone with root access can do that, that's fine
(14:55:48) Mihai Moldovan: but, re: security: using a hetzner backup space for private data is an even more stupid idea when it comes to security...
(14:56:21) Heinz-M. Graesing: Ionic: Stefan has asked if Alex can pull a backup too - I think he will do that in future too. This will be in Nuremberg then
(14:56:27) Mihai Moldovan: you have no idea who could read or change those files
(14:57:05) Heinz-M. Graesing: Ionic: ther are some secuirty measures taken by hetzner - but as time is running out...
(14:57:38) Mihai Moldovan: sure, let's move on
(14:57:44) Heinz-M. Graesing: I'll be availabe next thursday! And I'll be longer available!
(14:58:00) Mihai Moldovan: OS X 10.6 support will be dropped
(14:58:11) Heinz-M. Graesing: but... please lets talk about the RPI 
(14:58:13) Stefan Baur: Yes, especially since no one screamed "NOOOO"
(14:58:16) Mihai Moldovan: ok
(14:58:18) Mike#2: is this the last version with PPC support?
(14:58:23) Mihai Moldovan: mikedep333: yes
(14:58:24) Heinz-M. Graesing: Ionic: I'm ok with that!
(14:58:33) Mike#2: how long has it been since Apple provided security patches?
(14:58:35) Mike#2: roughly?
(14:58:37) Mihai Moldovan: h1Org: unless someone wants a support contract
(14:58:37) Heinz-M. Graesing: mikedep333: Ionic: I've bought a RPI2
(14:58:48) Mihai Moldovan: mikedep333: x years, with x = "WAYTOOLONG"
(14:58:53) Mike#2: h1Org, cool, I have 2.
(14:59:00) Mike#2: Ionic, OK, sounds good to me.
(14:59:13) Heinz-M. Graesing: mivaho: Ionic: it is much faster than RPI1 - and you can use -j3
(14:59:22) Mihai Moldovan: h1Org: I am awaiting your raspi2
(14:59:26) Mike#2: -j4, right?
(14:59:28) Mihai Moldovan: didn't get anything so far
(14:59:29) Mike#2: it has 4 cores
(14:59:41) Stefan Baur: OS X 10.6 is no longer receiving security updates by Apple since
(14:59:41) Stefan Baur: February 2014.
(14:59:44) Heinz-M. Graesing: Ionic: it is already inside a box, which will be send to you today
(15:00:00) Stefan Baur: For OS X 10.5 we dropped support 6 months after Apple ended support
(15:00:02) Mike#2: MyNameIsRetro, thanks
(15:00:14) Mike#2: btw, we had an email from MyNameIsRetro's customer I think about which distro to build on for the RPi
(15:00:22) Mike#2: (or which distro to test with at least)
(15:00:25) Heinz-M. Graesing: So - we want to build packages for RPI - there were some questions about where and how
(15:00:34) Stefan Baur: mikedep333: Err, we did?
(15:00:44) Mike#2: 1 sec, let me find it
(15:00:46) Mihai Moldovan: MyNameIsRetro: niuco mentioned something
(15:00:52) Mihai Moldovan: in the "colorful" thread
(15:00:56) Stefan Baur: aah, that
(15:00:59) Heinz-M. Graesing: mikedep333: there is a jessie image, which I use for my use cases...
(15:01:08) Mike#2: Office NextITLevel GmbH <office@nextitlevel.de>
(15:01:12) Mike#2: was the sender
(15:01:33) Mihai Moldovan: h1Org: the problem is: how do we get built packages from the raspi2 to packages.x2go.org *in a sane, safe and secure way*
(15:01:53) Mike#2: "Minibian" (mini Debian)
(15:02:04) Heinz-M. Graesing: Ionic: in future: VPN
(15:02:11) Mike#2: but the builds are compatible with raspbian it sounds like
(15:02:31) Stefan Baur: mikedep333: They're not customers, they are another company trying to make money with X2Go - by providing RPis as ThinClients with X2go preloaded. They did the Stuttgart Demo/Presentation together with me and Ionic
(15:02:32) Heinz-M. Graesing: Ionic: I really think there will be the need of an developer VPN in future...
(15:03:31) Heinz-M. Graesing: There will be packages build outside japsand and *@hetzner and *@eu...
(15:03:42) Stefan Baur: mikedep333: And they also donated on RPi 1 to the project. Which I'm currently using for X2Go demos.
(15:03:48) Mike#2: MyNameIsRetro, thanks for clarifying
(15:03:50) Stefan Baur: s/on/one/
(15:03:54) Mihai Moldovan: h1Org: are there?
(15:04:27) Mihai Moldovan: a VPN doesn't sound like a bad idea, but it will need to be set up
(15:04:57) Heinz-M. Graesing: Ionic: I belive, that the number of devices of that kind will be increasing - and even if there is a chance to get them inside a university, you don't want to have them inside their public networks
(15:05:07) Mike#2: btw, if you need to limit the VPN to Germany or the EU, I will understand.
(15:05:26) Mihai Moldovan: although I do not see the benefit of a VPN, really
(15:05:38) Mihai Moldovan: ssh will be used anyway
(15:05:41) Mike#2: Ionic, yeah. Isn't SSH flexible enough?
(15:06:26) Heinz-M. Graesing: mikedep333: about the trademark things: I'll have some talks with somebody who is an expert on that field...
(15:06:34) Mihai Moldovan: I am not aware of a method to restrict a user to a specific (VPN) IP address
(15:06:38) Mike#2: there are open source utilities like autossh to maintain an SSH tunnel
(15:06:53) Mihai Moldovan: mikedep333: well, the point is that SSH access is public anyway
(15:06:56) Mike#2: h1Org, I forgot what the trademark issue was.
(15:06:58) Heinz-M. Graesing: as we wan't to start with that topic - yes - it is ok for me to start with ssh - but again with named keys.
(15:07:21) Mihai Moldovan: so how would a VPN improve the situation?
(15:07:23) Heinz-M. Graesing: mikedep333: it is only about the name "x2go" and the logos/mascot
(15:07:44) Heinz-M. Graesing: Ionic: protecting the developer network
(15:08:00) Heinz-M. Graesing: knowing about the devices...
(15:08:05) Mihai Moldovan: h1Org: *how* is it doing that, if ssh is open to everyone?
(15:08:21) Mihai Moldovan: unless you restrict users to specific IP addresses, which may not be possible
(15:08:50) Mihai Moldovan: well, seems like openssh can do that
(15:09:11) Heinz-M. Graesing: Ionic: we are running a dyndns alike service at our workplace for that issue
(15:09:13) Mihai Moldovan: so that would be helpful indeed
(15:09:52) Heinz-M. Graesing: but for the start - no there is no such service on japsand at the moment - so again: ok lets start by using ssh
(15:10:41) Mihai Moldovan: ssh to upload into a "spool" dir and a cron job that automatically pushes stuff on to ymir
(15:11:48) Heinz-M. Graesing: Ionic - maybe with an diff check about the filnames? -> sounds good to me...
(15:12:06) Heinz-M. Graesing: but... I'm sorry to say: I need to get back to work now...
(15:12:23) Mihai Moldovan: a "diff check"?
(15:12:38) Heinz-M. Graesing: the telephone is ringing and the first persons are entering my room...
(15:13:43) Heinz-M. Graesing: Ionic: send a mail about the new files (and maybe the changed)
(15:14:16) Heinz-M. Graesing: so that you might see a file named bad_influence_on_japsand_and_ymir.sh
(15:14:19) Mihai Moldovan: that's not how it works. the old files are deleted anyway.
(15:14:38) Mihai Moldovan: (before uploading the new files)
(15:14:48) Mihai Moldovan: we do not keep an archive of packages on ymir
(15:15:37) Heinz-M. Graesing: Ionic: Ok - let's find a solution on that topic on this IRC channel later (or x2go-project) 
(15:15:51) Heinz-M. Graesing: so thank you again for joining and sharing your wisdom!
(15:15:51) Mihai Moldovan: will you be available later?
(15:15:57) Heinz-M. Graesing: I'll close now this times meeting and hope to see you again soon!
(15:16:38) Heinz-M. Graesing: Ionic: I'll be on the train at 19:35 - to 20:25 and online
(15:16:59) Heinz-M. Graesing: Ionic: CET .. 
(15:17:01) Mihai Moldovan: you know how well that works, right? but okay...
(15:17:14) Mihai Moldovan: I'll be there anyway
(15:17:55) Mihai Moldovan: we shall see
(15:19:18) Heinz-M. Graesing: Ionic: if not possible on IRC, we should fall back to x2go-project
(15:19:50) Mike#2: right now, I need to get going to work
(15:20:01) Mike#2: (unless you have something to say to me quickly)
(15:21:38) Heinz-M. Graesing: to * developers: I'll be available on next weeks Thursday - I'll add my entry to the form on the page after I'll can see who'll be available too:
(15:21:45) Heinz-M. Graesing: http://wiki.x2go.org/doku.php/2015-04:day-2015-04-23
2015-04/day-2015-04-23.txt · Last modified: 2015/04/23 13:44 by ionic