IRC chat logs for #ltsp on irc.freenode.net (webchat)


Channel log from 14 February 2013   (all times are UTC)

00:47Phantomas has left IRC (Phantomas!~Phantomas@ubuntu/member/phantomas)
01:02Enslaver has left IRC (Enslaver!~Enslaver@c-98-196-42-169.hsd1.tx.comcast.net, Read error: Connection reset by peer)
01:31adrianorg__ has left IRC (adrianorg__!~adrianorg@177.134.59.187, Ping timeout: 272 seconds)
01:44Phantomas has joined IRC (Phantomas!~Phantomas@ubuntu/member/phantomas)
01:46Enslaver has joined IRC (Enslaver!~Enslaver@c-98-196-42-169.hsd1.tx.comcast.net)
01:50vagrantc has left IRC (vagrantc!~vagrant@freegeek/vagrantc, Ping timeout: 240 seconds)
02:04SmallR2002 has joined IRC (SmallR2002!~quassel@c-98-253-173-240.hsd1.il.comcast.net)
02:19
<Enslaver>
So question, why does the project even do a ltsp-build-client, i mean to have a true thin client image its pretty distro unspecific right?
02:20
It only counts when run fat-clients really, because a thin client is just connecting to a remote desktop, in theory
02:22
I was just thinking of more along the lines of just having a squashfs'd client generic image that we package with the project that is a customized DIY Linux specifically made to be fast over the network and tiny fingerprint
02:23
Then the portability is endless for the 'thin' side. We focus primarily on the server
02:39baptiste has joined IRC (baptiste!baptiste@paul-sud.asso.ups-tlse.fr)
02:39highvoltage has left IRC (highvoltage!~highvolta@ubuntu/member/highvoltage, Ping timeout: 260 seconds)
02:45
<baptiste>
Hello, there was Gabe Newell speaking on stage about streaming games on a home LAN http://techreport.com/news/24338/newell-argues-for-living-room-pcs-local-game-streaming (the video is too long, reading the summary is enough)
02:45
cheap thin clients are specifically mentioned.
02:47
I wonder about the protocol, will it be free or open, or just a proprietary nvidia thing? It would be nice if it's the former, and maybe LTSP could use it and eventually allow 3D gaming (and google earth, etc.) on LTSP.
02:57highvoltage has joined IRC (highvoltage!~highvolta@ubuntu/member/highvoltage)
03:01
<Enslaver>
well they already have dLNA
03:57Parker955 is now known as Parker955_Away
03:57
<baptiste>
isn't dlna some kind of file server
03:57Parker955_Away is now known as Parker955
04:04sep has left IRC (sep!~sep@40.211.jostedal.no, Ping timeout: 276 seconds)
04:12sep has joined IRC (sep!~sep@40.211.jostedal.no)
04:24cyberorg has joined IRC (cyberorg!~cyberorg@opensuse/member/Cyberorg)
04:30
<warren>
Enslaver: <Enslaver> [16:19:59] So question, why does the project even do a ltsp-build-client, i mean to have a true thin client image its pretty distro unspecific right?
04:30
<Enslaver>
si
04:30
<warren>
Enslaver: LTSP4 was actually its own operating system build from source into the chroot, kinda like LFS
04:30
Enslaver: it's a pain to maintain your own OS
04:30
Enslaver: ltsp-build-client is both better and worse
04:30
for obvious reasons
04:31
<Enslaver>
well, why not both worlds?
04:31
<warren>
not sure how that's possible
04:31
<Enslaver>
A) the thin client image would be pretty static, you design one, build a new one every now and again to support new hardware
04:32
B) you have your fat clients, anything above 512mb ram
04:32
<warren>
A) static except you need security updates
04:32
B) not all that different of a problem from thin OS
04:33
<Enslaver>
A) security updates to a static image that is only able to talk to 1 other IP through firewall rules
04:33
<warren>
the work is 99.9% done for you in the OS packages you install into chroots
04:33
Enslaver: I do agree there might be a better way than ltsp-build-client
04:33
<Enslaver>
oh yeah btw, i meant to ask
04:33
do you know of any type of configuration framework?
04:34
<warren>
Enslaver: just consider this project has always suffered from lack of programmers, you do whatever you can deploy a tool as quickly as possible using what you have
04:34
<Enslaver>
basically like a build framework that produces ncurses + gtk+ + bash menus
04:34
<warren>
Enslaver: there's no ltsp standard that I'm aware of
04:34
Enslaver: doing so would be difficult given the distros differ so much
04:34
LTSP4 had one because the chroot was static and identical
04:34
and it sucked
04:34
<Enslaver>
we used ltsp 4.2 happily for years
04:34
I miss the ltsp-config menu
04:35
<warren>
Enslaver: please, think about that stuff only after bringing EL6 and fedora latest to parity
04:36
<Enslaver>
warren are you giving me the shutoffyobrain function call?
04:36
<warren>
Enslaver: think of it this way, get the release done asap, we get the positive press coverage for your company, just maybe they'll give you a little more latitude to invest more time. Just maybe.
04:36
Enslaver: not intentionally, just speaking from experience. I thought about all that stuff myself years ago.
04:37
<Enslaver>
Well i'm not really doing this directly for my company, it helps them out, yes, but i'm doing this work for the community
04:37
<warren>
Enslaver: you're very close to bringing EL6 to parity, and a bit more after that is Fedora. That is low hanging fruit. Other things are a LOT more work.
04:38
Enslaver: by enabling basics to work with minimal up-front effort, sometimes you get useful other people to join
04:38
(hasn't happened for me in the years working on K12 though)
04:38
<Enslaver>
Well if i wanted i could have it fully functional by monday, just not the way i'd like. I really want to kind of standardize everything
04:39
<warren>
Enslaver: anyway, if you're interested in cool things to do with fedora and centrally managed clients, there is a lot more interesting thing to implement than just a new ltsp-config.
04:39
Fedora has all the building blocks to build a complete replacement for LTSP using a VDI model.
04:39
<Enslaver>
I'd love to dive into that whenever
04:40
you talking about spice?
04:40
<warren>
complete with merging the common VDI images in server memory, so you can run several times more virtual machines than the server has RAM.
04:40
<Enslaver>
or qemu/libvirt VDI desktops?
04:40
<warren>
combination of all that
04:40
there just lacks a LTSP-like netboot and automation glue
04:41
<Enslaver>
I dont see VDI being big
04:41
<warren>
future Fedora will have composite and remote 3D
04:41
<Enslaver>
I know oracle/vmware and all that have adopted it
04:41
<warren>
through SPICE
04:41
In the long-term, it's a lot more manageable and secure than LTSP.
04:41
<Enslaver>
My grand idea is more than just desktops, its a self deployment of an enterprise in a box
04:42
<warren>
and properly implemented, actually doesn't use more resources
04:42
are you using 389-ds?
04:42
<Enslaver>
LDAP / SSL / raspi mobile thin clients / squid proxys
04:42
yes
04:42
<warren>
cool
04:42
<Enslaver>
been using ldap since hpux days
04:42
I was the one who setup sprint on ldap
04:42
<warren>
well, I don't want to discourage you from implemneting whatever you want
04:42
I'll help you get it into fedora
04:43
<Enslaver>
Before i forget, back to my question about the menu framework
04:43
i'm looking for something in between cobbler and make menuconfig / xconfig in the kernel
04:43
and grub's menus
04:44
like more of a framework to develop around
04:44
<warren>
grub is a sticky situation, it's going away
04:44
you'll have to support more than one boot loader
04:44
grub1 vs. grub2 vs. efi whatever
04:44
<Enslaver>
i dont mean use grub, i just mean their menu.c3 or whatever
04:45
<warren>
i'll be back later, class in 30 minutes
04:45
<Enslaver>
I have a feeling bootloaders will be in the bios soon enough
04:45
but i wasnt referring to grub / bootloaders
04:51
<baptiste>
Isn't VDI a big waste? so if you have 40 users, you run 40 OS instead of just one. seems like it benefits the VDI vendors mainly
04:54
<cyberorg>
Enslaver, it would be lot easy to setup ltsp if the chroot was standardized, like in ltsp 4.2 but using latest distribution
04:54
Enslaver, here are some examples http://old-en.opensuse.org/LTSP/Other_Distros
04:54
<baptiste>
Though for added fun, you could install LTSP server into VDI images and have the VDI infrastructure manage all your multi-users and single user desktops.
04:55sha_ has joined IRC (sha_!~sha@e177170255.adsl.alicedsl.de)
04:59sha has left IRC (sha!~sha@e177117073.adsl.alicedsl.de, Ping timeout: 255 seconds)
05:01highvoltage has left IRC (highvoltage!~highvolta@ubuntu/member/highvoltage, Read error: Operation timed out)
05:03staffencasa has left IRC (staffencasa!~staffenca@8-220.ptpg.oregonstate.edu, Ping timeout: 255 seconds)
05:15Phantomas has left IRC (Phantomas!~Phantomas@ubuntu/member/phantomas, Read error: Operation timed out)
05:39yalu has left IRC (yalu!~yalu@91.176.238.105, Ping timeout: 256 seconds)
05:40yalu has joined IRC (yalu!~yalu@91.176.206.45)
06:24baptiste has left IRC (baptiste!baptiste@paul-sud.asso.ups-tlse.fr, Ping timeout: 248 seconds)
06:24baptiste has joined IRC (baptiste!baptiste@paul-sud.asso.ups-tlse.fr)
06:32Parker955 is now known as Parker955_Away
06:39gvy has left IRC (gvy!~mike@altlinux/developer/mike, Quit: Leaving)
07:10gvy has joined IRC (gvy!~mike@altlinux/developer/mike)
07:14epoptes_user6 has joined IRC (epoptes_user6!2eaeda08@gateway/web/freenode/ip.46.174.218.8)
07:17
<warren>
baptiste: VDI isn't necessarily a waste. The common pages in the common OS across all running images can be combined in real memory.
07:17
baptiste: it has much greater security isolation between the users, and between the user and server.
07:18
baptiste: also greater portability from one client to another
07:19
<work_alkisg>
Which VDI technology are we talking about?
07:19work_alkisg is now known as alkisg
07:19
<alkisg>
vbox, spice, lxc?
07:19
i.e. any links?
07:23
"Spice server is implemented as a VDI front-end and the Spiced-QEMU provides back-end interfaces" ==> that one?
07:24
In our experience with vbox here, it's way more resource hungry and it performs much worse than LTSP
07:25
We do provide some how-to's though for windows over ltsp + vbox (in VMs, not RDP) for those who really need it, even though it requires 8+ Gb RAM on the server for just a few clients
07:26
Would multiple windows (not server) VMs need less RAM with spice?
07:26
Btw vbox performed much much better than kvm for desktop virtualization
07:30
<warren>
I have never tried vbox
07:30
alkisg: yes, kvm is very good at combining the RAM of identical Windows vm's
07:31
<alkisg>
warren: how? We're using memory ballooning with vbox, but didn't find anything similar with kvm
07:31
<warren>
alkisg: Linux is a little more difficult because the free memory isn't zeroed like Windows. My information is 4 years old though, I'm guessing they would have come up with a solution for that by now.
07:31
alkisg: huh? I have memory ballooning on kvm, I use it all the time with Windows 7 and linux guests.
07:31* alkisg tried kvm a month ago
07:32
<alkisg>
warren: do you need to run the VMs as the same user for that to succeed?
07:33
<warren>
alkisg: all my vm's run via virt-manager
07:33
virt-manager itself kind of sucks, but it wraps libvirt which is very powerful and flexible
07:33
you can manage it from the command line with virsh
07:33
<alkisg>
But in the end all of the VMs run as warren, right?
07:34
<warren>
alkisg: no, some non-warren user
07:34
<alkisg>
I'm wondering if VM memory could be shared between different users...
07:34
<warren>
to connect to the hypervisor from the warren user to use virt-manager, you need to type the root password of the local or remote host
07:35
<alkisg>
Anyways we already implemented all that with a simple LTSP screen script and we're looking at shared authentication + homes now with vbox modules (it has a windows GINA plugin for authentication)...
07:35
<warren>
alkisg: on RH-based distros we have ksm and ksmtuned, both daemons involved in combining the memory of multiple parallel kvm's
07:36
<alkisg>
...what we're missing is the ability to pause the VM and resume it from another machine,
07:36
without the RDP overhead, using the native vbox frontend
07:36
<warren>
is vbox running on the central server or diskless client?
07:36
<alkisg>
Both methods are supported
07:37
<warren>
what remote desktop protocol is used?
07:37
<alkisg>
It's either LTSP "thin" clients or fat clients
07:37
thin ==> they run the VM inside the remote X session
07:37
fats => they use the vbox VM as a local session
07:38
We also tried xfreerdp but (1) it requires windows server, and (2) for some reason it performs worse than the "thins" solution above
07:38
<warren>
"spicy" client allows forwarding of video, sound and raw USB 2.0 protocol over a SSL encrypted connection to a local or remote server.
07:38
<alkisg>
Does the spice graphics system support 2d/3d acceleration + pausing / moving VMs to different clients?
07:38
<warren>
2D yes, 3D not yet
07:38
pausing /moving yes
07:39
<alkisg>
Can we specify that we want unencrypted connection?
07:39
<warren>
yes
07:39
<alkisg>
Sounds cool
07:39
I hope the performance is good
07:39
<warren>
it's a lot better than VNC
07:39
It is NOT for WAN's though
07:39
only LAN
07:40
<alkisg>
VNC is unusable for daily desktop use... but e.g. remote X is fine, one can have 30 fps / HD video full screen with no dropped frames with 5% cpu usage
07:40
xfreerdp is also pretty lame for daily use
07:40
<warren>
Faster than VNC, more efficient and lower bandwidth than X
07:40
<alkisg>
NX claims that too, but it's way worse than X for lan
07:40
<warren>
Youtube can fuck up a LTSP server with only a gigabit ethernet
07:41
spicy is wayyyy better than NX
07:41
<alkisg>
It's much better for WAN, yes, but I've never seen anything better than plain remote X for LAN
07:41* alkisg will give spice a try on first chance
07:41
<warren>
spice is pretty cool, but I'm doubtful it will be relevant for diskless clients in 10 years.
07:41
because client hardware is getting so cheap.
07:43
http://www.amazon.com/Ug802-Android-1-2ghz-Cortex-a9-Rockchip/dp/B009A6P2VC for example, dual core, 1GB RAM, 1920x1080 resolution, for $41.99 at retail prices. With the right firmware you could buy monitors, plug this in the back, and you have fat clients.
07:43
<Enslaver>
warren: irc != bed
07:44
<warren>
Enslaver: just got back from school, yeah, need to sleep
07:44
<alkisg>
True, but it's not easy to do that in a big scale, e.g. for 10000 schools of 20 PCs each
07:44
So it'll have to be gradual
07:44
<Enslaver>
btw i found a project of interest
07:44
Tiny core linux
07:44
<alkisg>
Enslaver: I compared it to e.g. a debian thin client
07:45
I saw no benefit at all for LTSP
07:45
The only benefit is if your local media doesn't fit another distro
07:45
RAM usage was lower with Debian
07:45
More drivers supported, better multilingual support etc etc
07:45
<Enslaver>
benefit now? no, but once pamauth and lightdm are included
07:45
<alkisg>
With tiny core linux I had to ditch the preinstalled xvesa server in order to be able to type greek
07:46
So the RAM usage went from 80Mb to 128+ Mb
07:46
While with Debian/LXDE I had iceweasel open up with 128...
07:46
<warren>
Enslaver: while I am glad that you are excited about different things, I only have time to support you on specific things.
07:46
<alkisg>
..and < 40 MB RAM at LDM
07:47
<Enslaver>
yeah i was discussing the possibility of doing a DIY earlier
07:47
warren: huh?
07:48
<warren>
You keep mentioning lots of different goals and ideas.
07:48
<Enslaver>
I try not to take up your time
07:48
You're the only red hat resource i have atm
07:48
<warren>
Enslaver: did you figure out more about pushing to ltsp-upstream and fedora git?
07:48
<Enslaver>
i kan speek nglish 2u
07:49
warren: It appears its not taking my ssh keys
07:49
<warren>
"It" being what?
07:49
<Enslaver>
git push
07:49
fedpkg
07:49
anything
07:49
<warren>
did you use "fedpkg co -B packagename" to checkout the tree using a fedora-packager-setup environment?
07:50
<Enslaver>
[root@ibmltsp ~]# fedpkg co -B ltsp
07:50
Initialized empty Git repository in /root/ltsp/rpkg.git/
07:50
Permission denied (publickey).
07:50
fatal: The remote end hung up unexpectedly
07:50
<warren>
I think there's a place to upload your ssh pubkey to the Fedora Account System.
07:50
did you do that?
07:51
<Enslaver>
I looked for that
07:51
Thats how launchpad does it
07:51
<warren>
Enslaver: oh, does your local username match your FAS username?
07:51
<Enslaver>
no
07:51
local - joshua
07:51
<warren>
that might be an issue, there's an option for that
07:51
<Enslaver>
i tried specifiying in .ssh/config
07:52
<warren>
.ssh/config is not relevant to fedpkg
07:52
<Enslaver>
right it looks at .fedora.cert right?
07:52
which is a key chainloader
07:52
<warren>
Enslaver: the .cert isn't used for git, only for koji.
07:53
<Enslaver>
i exported that to the differnt formats, hacked fedpkg a little and no go
07:53
<warren>
Enslaver: https://admin.fedoraproject.org/accounts login here, click on "My Account", you should see a thing there to upload your ssh pubkey
07:53
Enslaver: the .cert is separate from the ssh pubkey
07:53
<Enslaver>
Hrm, that sounds too easy
07:54
<warren>
mine has:
07:54
PGP Key:
07:54
Public SSH Key:
07:54
Security question:
07:55dobber has joined IRC (dobber!~dobber@89.190.199.210)
07:56
<Enslaver>
ok pushing specs
07:56* warren looks
07:57
<warren>
el6 only right?
07:57
<Enslaver>
si
07:57
el6->fc11->fc14->fc19
07:57
<warren>
fc14?
07:58
why fc14?
07:58
<Enslaver>
I already have an image for that i did a long time ago
07:58
it was my first working image on ltsp-5.1
07:59
<warren>
It's hardware support is pretty similar to EL6
07:59
no compelling reason to support it, while Fedora 11 does
08:00
you could conceivably rebuild EL6 chroot rpm userspace packages only as i586 and provide a different kernel instead of F11, but that's a lot of work.
08:00
<Enslaver>
you call the shots with fedora, you kinda like made it, plus i really dont mind less work :)
08:00
<warren>
also many of the i686 .src.rpm packages would have dropped i586 support.
08:01
<Enslaver>
but gonna need to move on fc19 fast
08:01
lightdm isnt compiling like i want it to on el6
08:01
<warren>
yeah. I'd make F18 work first though, as it isn't unstable like rawhide.
08:01
once you have everything ported nicely to new-everything, then rawhide should theoretically be a rebuild
08:02
<Enslaver>
by the time i get to fc18 fc19 will be out, so i was just gonna go ahead and grab that up front
08:02
<warren>
It may slow you down because of how unstable it is
08:02
<Enslaver>
all i'll be doing is making the virtual machine for it and grabbit the ks file it makes
08:02
grabbing*
08:03
<warren>
whatever you can make work, soon this will all be yours
08:03
and I will be free
08:03
to run away
08:03
fast
08:03
<Enslaver>
I have the feeling you once found this as exciting as i do currently
08:04
<warren>
I spent 2001-2003 and ~2008-2010 on it.
08:04
don't get me wrong, it's still FUN
08:05
<Enslaver>
I spend every day supporting this at work anyway
08:05
<warren>
that's good
08:05
I never did
08:05
I'm interested in where you go with fat client support.
08:05
<Enslaver>
what brought you into it?
08:05
<warren>
Enslaver: schools
08:06
<Enslaver>
I work with some guys that contract with us through layer3 and we discussed the idea of doing that but wirelessly
08:06
they are big aruba guys
08:06
and do all the schools around here
08:07
<warren>
there was a few years ago a massive LTSP deployment in Quebec
08:07
the central servers were remote, schools reached it via fiber
08:07
I don't think that scales anymore. Youtube remote video fucks up bandwidth these days.
08:07
<Enslaver>
Once of our offices is right outside quebec
08:08
<alkisg>
There's localapps or fat clients for youtube and the like
08:08
<Enslaver>
i'll let those guys know, they'll get a kick out of that
08:08
It took me forever to get local/remote apps working right on el6
08:08
<warren>
really? what was the issue?
08:08
<Enslaver>
I pretty much ripped out the way it was doing it with ldm
08:08
the way it was making the xdg-mime .desktop files
08:08
in 01-localapps
08:09
<warren>
ooh
08:09
<Enslaver>
it was not, 'LSB' friendly :)
08:09
<warren>
is that fix heading upstream?
08:09
<Enslaver>
hard pointing to /usr/local/applications or somthing
08:09
Yessir
08:09
But the issue with that is its in LDM which is going away
08:10
right alkisg?
08:10
to lightdm?
08:10
<alkisg>
Enslaver: the infrastructure will stick around thouhg
08:10
<warren>
Is that certain? I hear only talk without proof of a complete reimplementation that solves the underlying problems.
08:10
<alkisg>
The underlying problem is "maintainance", not anything else specific
08:10
<warren>
yes, we had this debate already
08:11
show the working code is superior
08:11
<alkisg>
*IF* the pam* implementation sbalneav's working on actually does what it promises,
08:11
<Enslaver>
the method we have it deployed is this: client calls launcher bash script-> launcher determines the 'fatness' of the client and runs ltsp-open $bin or $bin itself based on that
08:11
<alkisg>
then yeah LDM will be deprecated so that we maintain one less code tree
08:11
<Enslaver>
and /home is nfs mounted on each client
08:12
so no matter which system the app runs from it grrabs the same config
08:12
<warren>
you found nfs is more reliable than sshfs?
08:12
<Enslaver>
mime-types have been pre-set on the server in the mime.types
08:12
hard coded though
08:12
<warren>
Enslaver: is only the logged in user's /home/$username mounted?
08:12
<Enslaver>
warren: nfs hasnt given us problems, no reason to change
08:12
warren: Yes, through autofs
08:13
<warren>
nfsv3 or nvs4?
08:13
<Enslaver>
running NIS server / Ldap backing
08:13
v3
08:13
<warren>
you know what I mean
08:13
hmm...
08:13
is that spoofable?
08:13meamy has joined IRC (meamy!~hannes@p5DDC053C.dip0.t-ipconnect.de)
08:13
<warren>
a client with root access can mount any user's home dir
08:14
<Enslaver>
a client with root access doesnt apply for us, but the user needs the other users password to mount that 'speciifc' home directory
08:14
<warren>
I assume that's why LTSP preferred sshfs
08:14
oh
08:14
ok
08:14
<Enslaver>
we dont squash user/group into one
08:14
the only 'security' issue is the NIS part
08:15
<alkisg>
Enslaver: how do you do that? E.g. suppose I come there with my laptop and "replace" one of your clients with (fake its mac, get its IP...) and try to mount /home/someuser, what will prevent me from doing that?
08:15
<Enslaver>
if we were to consider that one, but everything is physically secure and our users know nothing about linux
08:15
which helps :)
08:15
<warren>
note, it isn't like LTSP default is any more secure. unencrypted X is huge fail.
08:15
<Enslaver>
alkisg: if you were to get an IP you have to authenticate to the NIS before it will allow you an export
08:16
<alkisg>
It's not unencrypted by default
08:16
<warren>
alkisg: it isn't? it was a few years ago...
08:16
<Enslaver>
x11vnc =)
08:16
<alkisg>
No, LDM_DIRECTX is false since 2007 when I started using LTSP
08:16
<warren>
hmm
08:16
<Enslaver>
in ltsp, but not by default in *nix
08:17
<alkisg>
Enslaver: ah, so NIS protects your NFS exports, nothing LTSP related there, OK, cool
08:17
<Enslaver>
correct
08:17
well, LDAP is the control for it all
08:18
i have custom hooks in the DS
08:18
<alkisg>
Enslaver: err wait, so how do clients mount NFS /home before login? They don't?
08:18
<Enslaver>
correct
08:18
<alkisg>
So it gets unmounted on logout?
08:18
<Enslaver>
yeah, with some issue sometimes
08:18
hung processes/etc..
08:18
<alkisg>
So that too should suffer from the sshfs/ldm issues...
08:18
<Enslaver>
nfslocks
08:19
<warren>
I really like VDI and spice, but that completely cuts out the ability to have hybrid localapps
08:19
<alkisg>
Let's see if the "forcibly kill all local processes on logout" helps in NFS too
08:19
<warren>
the spice protocol is soooo much better than X though
08:19
<Enslaver>
yeah and we MUST have hybrid localapps
08:19
I honestly want to do a application server/fat client/local apps thing
08:20
email/web/db client all on LTSP
08:20
crossover office/cad software etc.. on app server
08:20
<warren>
crossover office works?
08:20
<Enslaver>
loadbalancing across
08:20
yes, very nicely
08:20
<warren>
haven't tried it in years
08:20
what version of office supported?
08:20
<Enslaver>
its at version 12 i believe
08:20
<warren>
2010? 2013?
08:20
<Enslaver>
we run 2010
08:21
<warren>
Enslaver: you're in a position to document real usable RH-based deployments far more than I was
08:21
<Enslaver>
Just be sure to disable all 'Protected' documents :)
08:21
<warren>
given you actually use it
08:21
<Enslaver>
or you'll have a major headache
08:22
<warren>
I'm guessing that tries to access some DRM library in Windows and blows up?
08:22
<Enslaver>
i've always known that the thin client will take over the work and school environment, or at least the methodology of 1 server that pushes out to little desktops
08:23
i.e. IT people dont want to do desktop rollouts any longer
08:23
1 central point of management
08:23
<warren>
That used to be true, except client hardware is way too cheap now. The future will be Chromebook-style vs. Fat client-style
08:24
http://www.google.com/intl/en/chrome/devices/chromebox.html#specs
08:24
<Enslaver>
I consider both fat clients, actually in my paradyme I will consider anything with 512mb of ram or more a fat client
08:24
<warren>
tried this hardware? looks like a good price for dual monitor
08:24
<Enslaver>
yah i got the acer c7
08:24
<warren>
4GB RAM!
08:24
<Enslaver>
$329 tho :/
08:24
<warren>
this box could comfortably run ChromeOS, Fat client or local VDI
08:25
<Enslaver>
no hdd
08:25
<warren>
don't need it
08:25
<Enslaver>
no usb 3.0
08:26
<warren>
that's a lot of RAM for a weak single core CPU
08:26
<Enslaver>
what cpu?
08:26
arch?
08:26
<warren>
Celeron
08:26
<Enslaver>
ghz?
08:26
<warren>
it doesn't say
08:26
<Enslaver>
hmm
08:26
prob 1.4
08:26
<warren>
oh
08:26
1.9GHz dual core
08:26
not too bad
08:27
faster than AMD E-series at least
08:27
<Enslaver>
http://www.amazon.com/Samsung-XE300M22-B01US-Chromebox/dp/B00B3R4W62/ref=br_lf_m_2858603011_1_4_img?ie=UTF8&s=pc&pf_rd_p=1486011422&pf_rd_s=center-2&pf_rd_t=101&pf_rd_i=2858603011&pf_rd_m=ATVPDKIKX0DER&pf_rd_r=0FJ3N9FZNBTQJRZTKDC7
08:27
Better
08:27
Boots in 1 second, HD, 4gb memory, cheaper
08:27
160gb ssd
08:28
<warren>
Enslaver: http://www.amazon.com/Ug802-Android-1-2ghz-Cortex-a9-Rockchip/dp/B009A6P2VC something like this with ethernet and a X driver would be awesome. could easily be $50
08:29
<Enslaver>
I have one
08:29
2 actually
08:29
<warren>
"Rumors are circulating that Acer is planning to unveil a new Chromebox -- a compact desktop computer powered by Google's Chrome OS -- that could retail for as little has $99."
08:29
<Enslaver>
the HDMI is messed up on one of them
08:30
<warren>
Enslaver: yeah, build quality of those chinese no-brand things is low
08:31
<Enslaver>
yeah its junk, comes with a junky remote
08:31
also bought a XIOS
08:31
not liking that either
08:31
Raspi is the only one im happy with
08:32
minus the fact it has no pxe
08:32
<Mava>
btw, any estimation.. how much does virtualization reduce the performance when using ltsp? having an 3ghz dual xeon with 12gigs of ram and scsi disks, and having an idea to install esxi4.0 into it and install ltsp in one virtual machine..
08:32
<warren>
Mava: almost no difference if setup properly
08:32
<Mava>
nice
08:32
<warren>
assuming your ltsp server is within a VM
08:33
<Mava>
currently it is not.. just in a bare metal with ubuntu
08:33
<warren>
no real benefit to moving it in a VM
08:34
<Mava>
but after that I have possibility to install another operating systems to the same hw
08:34
.. which I need...
08:34
<warren>
add more RAM, that box can run lots in parallel
08:34
<Mava>
and this looks good.. lets hit to the business right away, thanks warren =) -->
08:34
<warren>
I have xeon boxes here with 64GB RAM
08:34
RAM is cheap
08:35
Mava: you may want to add more gige cards
08:35
Mava: LTSP can wipe out a gigabit ethernet bandwidth real easily
08:36* warren sleep
08:38
<Enslaver>
Mava: I can send you my perf info, i run 100 thin clients on 1 quad xeon server with 16gb ram
08:39
But i can't recommend running it under a virtual machine
08:39
I've had nothing but problems with desktops served from a virtual machine
08:39
<Mava>
hmm?
08:39
no way?
08:40
are problems mostly performance or ?
08:40
<Enslaver>
yeah we had to do a corporate rollback
08:40
I to this day am still not sure what the heck happened
08:40
lost files, random slowdowns, disappearing printers
08:41
<Mava>
you are brave that you did one, since genre is that rollbacks are not made because of politics
08:41
whoa, nice disaster scenario
08:41
<Enslaver>
We tried for months to pinpoint it
08:41
found LOTS of deep hidden bugs in vsphere
08:43
and the bad thing is, that computer was dedicated to that one virtual machine, we took virtualization hypervizor out of the picture and instantly things were perfect
08:43
the sar on our system shows 91-95% free and 0.1 iowait
08:43
<Mava>
so the virtualization was the main problem.. did you run some vmotion etc on there ?
08:44
<Enslaver>
nope, that was the plan though, 3 servers hooked up iscsi
08:44
we started with 1, no iscsi, basic local storage
08:44
i know it works, ive seen it work out there in the world, it just did not for us
08:46
And everything did work in my lab, even vmotion, which was neat
08:48
<Mava>
that is really neat
08:51
we runned glustered iscsi with esxi in the lab few months ago.. the test was disaster, since we could not make the system free from single point of failure
08:52
seems that the lower in OSI level we created the high availability, the harder and misarble the test went
08:52
<Enslaver>
you turn on jumbo frames?
08:53
<Mava>
did not
08:54
i bet that the hw itself was problem.. while using just linux and consumer electronic devices it was not possible
08:54
we should have had something like Hp EVA etc.
08:55
<Enslaver>
hp makes killer switches
08:55
their procurve line is unbeatabke
08:56
<Mava>
currently they are nice I admit
08:56
<warren>
Enslaver: tried kvm instead?
08:57
<Mava>
are they btw. manufacturing routers/firewalls at all?
08:57
<Enslaver>
warren: no, i want to test it
08:59
<Mava>
try also ganeti with kvm, it should be nice scenario
08:59
<Enslaver>
kvm 64 bit yet?
08:59
<Mava>
should be
09:00
not sure though
09:00
<Enslaver>
i can't stand xen so i stayed away
09:01
<Mava>
it aint that bad.. at least i've liked citrix Xenserver quite a lot. stabile enough and you can do lot of stuff with the cli
09:03
but it is just the easy way instead of running kvm
09:03
currently the companies are quite intrested in guys who knows howto operate with kvm
09:06
<Enslaver>
i'm more about HPC clusters
09:06
<Mava>
hpc?
09:06vmlintu has joined IRC (vmlintu!~vmlintu@cs180030.pp.htv.fi)
09:06
<Enslaver>
i started working with clusters when beowulf linux was out to help frame geophysical data for oil/gas companys
09:07
high performance computing
09:07
<Mava>
aa, nice
09:09
<warren>
xen and kvm are different but not too difficult to manage
09:09epoptes_user6 has left IRC (epoptes_user6!2eaeda08@gateway/web/freenode/ip.46.174.218.8, Quit: Page closed)
09:09
<Enslaver>
Well i didn't like Xen's Dom0 approach
09:10
and its lack of management ability at the time i looked at it
09:10
<meamy>
kvm works realy well over hear with ltsp (around 30 clients)
09:10
<Mava>
d0mm3d..
09:10
<Enslaver>
kvm = qemu ?
09:10
<meamy>
yep
09:11
<warren>
kvm is a type of qemu
09:11
<muppis>
qemu with hw support.
09:11
<warren>
if you setup kvm wrong, it runs qemu with software virt
09:11
which sucks
09:12
<Enslaver>
All my home servers are used up or i'd try it
09:12
I might purchase another, i got my last ibm 3650 for $200 on ebay, lol
09:24
<alkisg>
Ah also one of the main reasons we ditched kvm in favor of vbox is because vbox is way better when hw support is not available, it does binary translation or something and runs the result natively, many times faster than kvm there
09:25
So local win XP VM over LTSP booted in 10 minutes with kvm, 1 with vbox
09:26
<warren>
Enslaver: Dell Optiplex 760 towers with Core 2 Quad are really cheap from surplus shops and ebay
09:27
<Enslaver>
they support cpu vx?
09:31
<muppis>
alkisg, without hw support?
09:31
<baptiste>
beware of the Q8200 lol
09:31
<alkisg>
muppis: yeah, many PCs don't include hw virtualization support
09:31
<baptiste>
CPU should be dependent on configuration at purchase time
09:31
<alkisg>
Unless you purchased the CPU 10 years ago before KVM was invented :P
09:32
Or unless the cpu is very recent, and the school purchased it before switching to LTSP
09:32
...which would be about 100,000 clients or so...
09:32
+150,000 the student atom notebooks...
09:33
<baptiste>
my sempron LE-1100 on AM2 socket had virtualisation support. it's Intel disabling features at random, on purpose, to piss you off
09:34
they have curbed that a lot, now they disable stuff like AVX instead.
09:36
09:23 < warren> That used to be true, except client hardware is way too cheap now. The future will be Chromebook-style vs. Fat client-style
09:36
warren, but could thin clients drop down to something like $30
09:37
<alkisg>
With quad core phones emerging, /me isn't so sure what "thin" vs "fat" will mean wrt hw specs...
09:37
<baptiste>
I could see myself spending more on a keyb+mouse than the hardware cost
09:45
last time I bought a phone it cost 15 euros, I doubt it had more than one core. 15 euros for a whole new phone, that was unbelievable.
09:46
<muppis>
Last time I bought a phone it cost 600€.
09:47
But it got Linux as OS. :)
09:49
(Over 3 years ago and still using it.)
09:52
<baptiste>
does it have a ctrl key :)
09:53
<muppis>
Sure. :)
09:53
Nokia N900
10:13
<knipwim>
Nokia N9 here :)
10:13
<elias_a>
Here as well.
10:21
<muppis>
Maybe my next phone is Linux based aswell. Or hopefully this lasts long enough. :)
10:29
<elias_a>
I am waiting for Jolla mobile to come out with something.
10:33
<muppis>
Me too, but I ain't betting for it. :)
10:39
<baptiste>
I'm waiting for low end smartphones with Firefox OS (and hopefully LTE-Advanced support in case I need it), maybe.
10:42
with firefox OS not being the be all, end all thing but a good start with something more free than Android (with "gonk" as a minimalist linux distro underneath)
10:44
I think the target hardware is cheap ass single core with 1GB ram.
10:53ltspuser_52 has left IRC (ltspuser_52!c31772ca@gateway/web/freenode/ip.195.23.114.202, Quit: Page closed)
11:00staffencasa has joined IRC (staffencasa!~staffenca@8-220.ptpg.oregonstate.edu)
11:01khildin has joined IRC (khildin!~khildin@ip-80-236-212-136.dsl.scarlet.be)
11:11adrianorg__ has joined IRC (adrianorg__!~adrianorg@177.156.225.13)
11:16staffencasa has left IRC (staffencasa!~staffenca@8-220.ptpg.oregonstate.edu, Read error: Connection reset by peer)
11:24
<sha_>
hi, i need to install cupsd in client-chroot and i'm not really sure what's the best approach. should i stop cupsd on server, so i could start it in chroot for installing/configuring printers? or do you think it's possible to just copy the already configured cupsd files from server into chroot? also, is it sufficient to delete client.conf in chroot, or will it be regenerated at some point?
11:24
i should have say "fat-client"
11:29Hyperbyte has left IRC (Hyperbyte!jan@middelkoop.cc, Remote host closed the connection)
11:30Gremble has joined IRC (Gremble!~Ben@cpc35-aztw23-2-0-cust207.18-1.cable.virginmedia.com)
11:31Hyperbyte has joined IRC (Hyperbyte!jan@middelkoop.cc)
11:40Gremble has left IRC (Gremble!~Ben@cpc35-aztw23-2-0-cust207.18-1.cable.virginmedia.com, Quit: I Leave)
12:40alkisg is now known as work_alkisg
12:51
<sha_>
ok so i installed printers in chroot. everything's fine except that /etc/cups/client.conf seems to be generated at every boot, so i have to delete it on a fatclient and restart cups. do you have any clue how i can prevent the generation of client.conf?
12:55
<Enslaver>
sha_: the concept is that your server advertises the printers to the browsing clients
12:56
and the way to remove cups is: sudo ltsp-chroot
12:56
then use your distro's package management
12:56
apt-get remove cups || yum remove cups
12:56
<sha_>
Enslaver: i don't want to remove cups, i just want to set the print server
12:57
<Enslaver>
The print server should be generated and placed into the /etc/cups/client.conf
12:57
<sha_>
yes, but how can i influence that?
12:57
i want the client to not use a remote server
12:58
<Enslaver>
the easy way is to add an entry in /etc/rc.local
12:58
<sha_>
i'm pretty sure there must be an undocumented variable like PRINT_SERVER=""
12:58
<Enslaver>
that reads like this: echo >> /etc/cups/client.conf
12:58
<sha_>
thanks, but that's pretty ugly
13:00
and i'm not really sure if that would work, since /etc/rc.local is executed after cups i guess
13:00
sure, i could do a "restart cups" also in /etc/rc.local etc. but then it gets even uglier
13:01
<Enslaver>
its CUPS_SERVER=""
13:02
<sha_>
oh wow, really? i'm trying that. how did you find it?
13:03
<Enslaver>
cd ltsp-trunk ; find . -exec grep client.conf "{}" \; -print
13:03
something like that
13:04
<sha_>
nice.. thank you
13:08
wow, and it even works! :)
13:08
thank you very much, Enslaver
13:08
i should rethink my "man lts.conf" approach :)
13:09andygraybeal has left IRC (andygraybeal!~andy.gray@obsidian.casanueva.com, Quit: Ex-Chat)
13:15
<Enslaver>
np
13:15meamy has left IRC (meamy!~hannes@p5DDC053C.dip0.t-ipconnect.de, Ping timeout: 276 seconds)
13:25ltspuser_24 has joined IRC (ltspuser_24!d82650dd@gateway/web/freenode/ip.216.38.80.221)
13:26ltspuser_24 has left IRC (ltspuser_24!d82650dd@gateway/web/freenode/ip.216.38.80.221, Client Quit)
13:27meamy has joined IRC (meamy!~hannes@pd95cdee4.dip0.t-ipconnect.de)
13:29andygraybeal has joined IRC (andygraybeal!~andy.gray@obsidian.casanueva.com)
13:51alkisg has joined IRC (alkisg!~alkisg@ubuntu/member/alkisg)
14:14garymc has joined IRC (garymc!~chatzilla@host81-148-18-165.in-addr.btopenworld.com)
14:21gvy has left IRC (gvy!~mike@altlinux/developer/mike, Quit: Leaving)
14:21andygraybeal has left IRC (andygraybeal!~andy.gray@obsidian.casanueva.com, Remote host closed the connection)
14:22andygraybeal has joined IRC (andygraybeal!~andy.gray@obsidian.casanueva.com)
14:39anunnaki has left IRC (anunnaki!~anunnaki@c-174-54-115-236.hsd1.pa.comcast.net, Ping timeout: 260 seconds)
14:45andygraybeal has left IRC (andygraybeal!~andy.gray@obsidian.casanueva.com, Quit: Ex-Chat)
15:09andygraybeal has joined IRC (andygraybeal!~andy.gray@obsidian.casanueva.com)
15:27ltspuser_18 has joined IRC (ltspuser_18!c31772ca@gateway/web/freenode/ip.195.23.114.202)
15:28
<ltspuser_18>
Hi
15:29
How can I re-run ltsp, with new lts.conf, in terminal console (I don't want to reboot the terminal)
15:31
<alkisg>
You cannot do that easily, currently ltsp reads its config only upon boot
15:34
<ltspuser_18>
I need to put a login screen.... and after the user puts his credentials I want to edit the lts.conf and then open the ldm session....
15:35
it's possible?
15:36
<meamy>
ltspuser_18: for testing you could modify /etc/lts.conf (workflow would be logout as normal user, login via consol as root, modify /etc/lts.conf, run getltspcfg -a, login over ldm again. But be warned this could mess up a lot of things )
15:37
<ltspuser_18>
which things?
15:39
<meamy>
ltspuser_18: mm depends what value you modify you have to look into the scripts under /usr/share/ltsp and /usr/share/ldm most of the values are processed there
15:39
<ltspuser_18>
or there's another way to have two steps to login...
15:39
ok
15:40
I only need to change the IP of the ldm or redesktop server...
15:40
rdesktop*
15:52bobby_C has joined IRC (bobby_C!~bobby@85-124-22-227.teleworker.xdsl-line.inode.at)
15:54komunista has joined IRC (komunista!~slavko@adsl-195-168-244-224.dynamic.nextra.sk)
16:01
<alkisg>
As I said, you can just modify /etc/hosts of the client
16:01
You don't need to change lts.conf
16:02
All you need is a pressh script
16:02ltspuser_18 has left IRC (ltspuser_18!c31772ca@gateway/web/freenode/ip.195.23.114.202, Quit: Page closed)
16:04
<ogra_>
a press-h script ? doing virtual keypresses ?
16:04
:)
16:05
<alkisg>
It would constantly press "h" :D
16:07anunnaki has joined IRC (anunnaki!~anunnaki@c-174-54-115-236.hsd1.pa.comcast.net)
16:10
<meamy>
http://www.kongregate.com/games/BlueTopazGames/press-h-button-mash
16:10komunista has left IRC (komunista!~slavko@adsl-195-168-244-224.dynamic.nextra.sk, Quit: Leaving.)
16:10komunista has joined IRC (komunista!~slavko@adsl-195-168-244-224.dynamic.nextra.sk)
16:10komunista has joined IRC (komunista!~slavko@adsl-195-168-244-224.dynamic.nextra.sk)
16:30dobber has left IRC (dobber!~dobber@89.190.199.210, Remote host closed the connection)
16:31anunnaki has left IRC (anunnaki!~anunnaki@c-174-54-115-236.hsd1.pa.comcast.net, Ping timeout: 248 seconds)
16:36anunnaki has joined IRC (anunnaki!~anunnaki@c-174-54-115-236.hsd1.pa.comcast.net)
16:36Phantomas has joined IRC (Phantomas!~Phantomas@ubuntu/member/phantomas)
16:38meamy has left IRC (meamy!~hannes@pd95cdee4.dip0.t-ipconnect.de, Ping timeout: 252 seconds)
16:43highvoltage has joined IRC (highvoltage!~highvolta@ubuntu/member/highvoltage)
16:47shogunx has left IRC (shogunx!~shogunx@rrcs-67-79-182-232.se.biz.rr.com, Remote host closed the connection)
16:49anunnaki has left IRC (anunnaki!~anunnaki@c-174-54-115-236.hsd1.pa.comcast.net, Ping timeout: 248 seconds)
16:51garymc has left IRC (garymc!~chatzilla@host81-148-18-165.in-addr.btopenworld.com, Quit: ChatZilla 0.9.90 [Firefox 18.0.2/20130201065344])
16:54shogunx has joined IRC (shogunx!~shogunx@2001:4978:106:1:1412:5cf:c483:6041)
16:56staffencasa has joined IRC (staffencasa!~staffenca@8-220.ptpg.oregonstate.edu)
17:04vmlintu has left IRC (vmlintu!~vmlintu@cs180030.pp.htv.fi, Ping timeout: 260 seconds)
17:10yalu has left IRC (yalu!~yalu@91.176.206.45, Ping timeout: 256 seconds)
17:11yalu has joined IRC (yalu!~yalu@109.134.141.1)
17:12bobby_C has left IRC (bobby_C!~bobby@85-124-22-227.teleworker.xdsl-line.inode.at, Read error: Operation timed out)
17:13anunnaki has joined IRC (anunnaki!~anunnaki@c-174-54-115-236.hsd1.pa.comcast.net)
17:17Phantomas has left IRC (Phantomas!~Phantomas@ubuntu/member/phantomas, Ping timeout: 255 seconds)
17:32ltspuser_93 has joined IRC (ltspuser_93!c31772ca@gateway/web/freenode/ip.195.23.114.202)
17:32
<ltspuser_93>
Hi
17:33
I need to change the lts.conf and then start all the things with that lts.conf
17:34
but I don't want to reboot the terminal
17:34
how can I do that?
17:34
I tried getltspcfg -a but don't do nothing....
17:35
I need to re open all the sessions...
17:50
<alkisg>
Yeah we answered 2 times already..
17:50
...erm *I* answered 2 times, the others here many more
17:50alkisg has left IRC (alkisg!~alkisg@ubuntu/member/alkisg, Quit: Leaving.)
17:57
<ltspuser_93>
sorry
17:57
but my connection went down
17:57
and I didn't saw
17:57
can you explain one more time?
18:07anunnaki has left IRC (anunnaki!~anunnaki@c-174-54-115-236.hsd1.pa.comcast.net, Ping timeout: 256 seconds)
18:12ltspuser_93 has left IRC (ltspuser_93!c31772ca@gateway/web/freenode/ip.195.23.114.202, Ping timeout: 245 seconds)
18:17vagrantc has joined IRC (vagrantc!~vagrant@75-150-46-245-Oregon.hfc.comcastbusiness.net)
18:17vagrantc has joined IRC (vagrantc!~vagrant@freegeek/vagrantc)
18:24dead_inside has joined IRC (dead_inside!~dead_insi@76.75.3.174)
18:30alkisg has joined IRC (alkisg!~alkisg@ubuntu/member/alkisg)
18:40jammcq has joined IRC (jammcq!~jam@c-69-245-75-255.hsd1.mi.comcast.net)
18:46
<alkisg>
knipwim: This doesn't work for me: date -d "$(date --utc -d '2013/02/25 18:30')"
18:46
This does: date -d '2013/02/25 18:30 +0000'
18:47
And this does too: date -d '2013/02/25 18:30 UTC'
18:47
The first one that doesn't work says: LC_ALL=C date -d "$(date --utc -d '2013/02/25 18:30')"
18:47
Thu Feb 14 00:00:00 EET 2013
18:48sligett has joined IRC (sligett!~chatzilla@vtelinet-66-220-236-183.vermontel.net)
18:48
<alkisg>
Ah, ok, this one does work, but I think the second one I wrote above is simpler...
18:48
date -d "$(LC_ALL=C date --utc -d '2013/02/25 18:30')"
18:49
(all this is about the wiki, http://wiki.ltsp.org/wiki/Meeting:Upcoming)
18:50
Also, I'm not able to add text to that page... could you add "discuss google summer of code, and coding style"?
18:51
<vagrantc>
alkisg: date --utc doesn't work for you?
18:51
weird.
18:51
<alkisg>
vagrantc: it does, but it's output isn't parseable
18:51
<vagrantc>
ah, right.
18:51
:)
18:52
locale issues... got it.
18:52
<alkisg>
Yup
18:52
So it's probably safer written as: date -d '2013/02/25 18:30 UTC'
18:52
<vagrantc>
whatever works most consistantly... i just want a simple way to report meeting times :)
19:20dead_inside has left IRC (dead_inside!~dead_insi@76.75.3.174, Quit: Computer has gone to sleep.)
19:21dead_inside has joined IRC (dead_inside!~dead_insi@76.75.3.174)
19:32Phantomas has joined IRC (Phantomas!~Phantomas@ubuntu/member/phantomas)
19:33sligett has left IRC (sligett!~chatzilla@vtelinet-66-220-236-183.vermontel.net, Ping timeout: 255 seconds)
19:53highvoltage has left IRC (highvoltage!~highvolta@ubuntu/member/highvoltage, Ping timeout: 256 seconds)
20:04
<sbalneav>
vagrantc: Hey! For the upcoming hackathon, what would be the chance of updating libpam-sshauth to the 0.2 version I've got up there now? Here's some benefits:
20:04
1) autogen.sh now uses the autoregen syste,
20:04
2) I've got the naming consistent, so make dist actually produces libpam-sshauth-0.2.tar.[gb]z
20:05
3) man pages up to date
20:05
4) copyright dates up to date
20:05
if there's anything else you need out of me, that would make packaging easier, let me know.
20:06
<vagrantc>
sbalneav: i could give a crack at it, but would only be allowable into debian's experimental archive, since it's in freeze right now.
20:07
<sbalneav>
That's fine.
20:08
The existing packaging should pretty much work out-of-the-box, with the exception of a dch -i
20:18komunista has left IRC (komunista!~slavko@adsl-195-168-244-224.dynamic.nextra.sk, Quit: Leaving.)
20:20shogunx has left IRC (shogunx!~shogunx@2001:4978:106:1:1412:5cf:c483:6041, Ping timeout: 245 seconds)
20:22Parker955_Away is now known as Parker955
20:28anunnaki has joined IRC (anunnaki!~anunnaki@c-174-54-115-236.hsd1.pa.comcast.net)
20:32highvoltage has joined IRC (highvoltage!~highvolta@ubuntu/member/highvoltage)
20:37shogunx has joined IRC (shogunx!~shogunx@2001:4978:106:1:fd70:2b54:1a62:7e33)
20:41ltspuser_37 has joined IRC (ltspuser_37!025536dc@gateway/web/freenode/ip.2.85.54.220)
20:47ltspuser_37 has left IRC (ltspuser_37!025536dc@gateway/web/freenode/ip.2.85.54.220, Quit: Page closed)
20:57
<Enslaver>
Think i'll have any issues with libpam-sshauth on el6?
20:57
i've been struggling a bit with lightdm tho
20:59* vagrantc struggles with lightdm's broken autologin features
21:00
<Enslaver>
at least you have it compiled :/
21:00
<jammcq>
why not use whatever is normally used on that distro?
21:00* vagrantc concurs with jammcq
21:00
<jammcq>
gdm3 for debian, and I dunno what for RH
21:00
<vagrantc>
although "normal" for debian depends on what desktop environment you have installed.
21:01
<jammcq>
maybe it's easiest to focus on getting lightdm working first, but seems like that's where we should end up
21:01
vagrantc: yeah, but if you just do a straight install of the latest debian, you get gnome
21:01
<Enslaver>
Does cinnamon have an auth frontend?
21:01
<jammcq>
btw, when is it gonna be final?
21:01
<vagrantc>
jammcq: it is, believe it or not, an alphabetical sorting issue.
21:01* jammcq likes cinnamon on his french toast
21:02
<jammcq>
mmmm, that sounds good right about now
21:02
<Enslaver>
Looking into this code i see that getting the thin clients working is gonna be a challenge, pretty much a re-write of all the ldm/scripts
21:02
fat*
21:02
<vagrantc>
??
21:03
if it works for multiple versions of debian, ubuntu, gentoo, *suse, even fedora ... what's so different about EL6 that would require a rewrite?
21:03
<Enslaver>
I'm gonna be calling anaconda to do the fat client install, then for local apps all the ldm local/remote ap stuff is gonna need to change
21:03
vagrantc: theres no way
21:04
<vagrantc>
Enslaver: could you be more... specific? :P
21:04
<Enslaver>
yes
21:04
lemme find that script
21:05
looking at X01-remoteapps
21:06
there is no update-mime on rh
21:06
the format that it generates to make menus is completely different
21:06
no /usr/lib/mime directory on rh
21:07
locale's are slightly different
21:08
It's passing null results to other scripts
21:08
its trying to save temporary files to the same folder as the script (screen-x)
21:09
we have no xcompmgr :(
21:10* vagrantc suspects some of those things are optional
21:10
<vagrantc>
but yes, remoteapps is a pretty ugly hack
21:10
<Enslaver>
everything i just mentioned is 'optional'
21:10highvoltage has left IRC (highvoltage!~highvolta@ubuntu/member/highvoltage, Ping timeout: 248 seconds)
21:11
<vagrantc>
admittedly remoteapps and localapps carry quite a few problems...
21:11
<Enslaver>
i can write something that keeps everything kinda standard through LSB
21:11
XDG is pretty standard throughout the distros right?
21:11
freedesktop.org put that out i believe
21:11
<vagrantc>
sure hope so.
21:12
XDG is what's mainly leveraged for localapps ...
21:12
<Enslaver>
and i think alacarte generates menu's for xdg
21:12
So i can use that as a app processor
21:13
<vagrantc>
that looks like a GUI app ... does it work ok from a commandline?
21:13
<Enslaver>
it has both
21:13
pygtk+ frontend and python backend
21:14
and constantly updated
21:14
cross/distro
21:15simpoir has left IRC (simpoir!~simpoir@209.141.57.61, Ping timeout: 272 seconds)
21:20
<alkisg>
Enslaver: local/remote apps need a lot of work, yeah, but plain fat clients should be easy to support in el6, right?
21:20
<Enslaver>
yes, but i wanna get a better understanding of what a 'fat' client is on ubuntu
21:21* vagrantc would focus on thin clients and fat clients, and the rest needs a bit of an overhaul.
21:21
<Enslaver>
when i think fat client, i think of offloading the workload of the server, which means local apps
21:21
<alkisg>
Yes, everything is local
21:21
The server is only used for authentication and as a remote OS + home disk
21:22
OS with NBD or NFS, home with SSHFS orNFS
21:22
<vagrantc>
but it doesn't use the localapps infrastructure.
21:22
<alkisg>
So it's pretty much like a local installation, with just a few tweaks...
21:22
e.g. preventing network manager from messing with the network connection, using ldm and all the lts.conf magic...
21:23
<vagrantc>
homedir mounting is mainly what it shares with localapps
21:23
<alkisg>
And authentication
21:23
<vagrantc>
right
21:23
which needs... a considerable rewrite.
21:23
<alkisg>
(copying the passwd entries from the server etc)
21:24
<vagrantc>
i.e. libpam-sshauth and all that.
21:24
<alkisg>
All those should be overhauled with the libpam* move
21:24
<vagrantc>
and libnss-*
21:24
<alkisg>
And possible the XRANDR* magic will get transformed as well..
21:24
<Enslaver>
So what about large applications, VMware,
21:24
<alkisg>
E.g. preferredmode in xorg.conf instead of "XRANDR_MODE_0"...
21:25
What about them?
21:25
I have a 6 Gb NBD image here for fat clients
21:25
<Enslaver>
Also how do you manage the user processes?
21:25
<alkisg>
With vbox and a lot more inside it, no problems at all
21:25
The user processes? They're local... usually one user per client... so?
21:25
Their only server-side processes are the ssh connections
21:26
<Enslaver>
So when someone's Firefox locks up you'd have to login to their terminal to kill it
21:26
<alkisg>
Ah, if you want to do that you can use epoptes
21:27
!epoptes
21:27
<ltsp>
epoptes: Epoptes is a computer lab administration and monitoring tool. It works on Ubuntu and Debian based labs with LTSP or non-LTSP servers, thin and fat clients, standalone workstations, NX clients etc. More info: http://www.epoptes.org
21:27
<alkisg>
Then it's a "terminal > run" killall firefox away
21:27
<Enslaver>
On el6?
21:27
<alkisg>
Yeah I think cyberorg packaged it for fedora, I assume it won't be much different in el6
21:28
Of course nothing prevents you from just installing ssh to the chroot, and maybe having a script regenerate ssh keys on boot
21:29
<vagrantc>
regenerating ssh keys on boot without any means of verification is sort of pointless... no?
21:29
<Enslaver>
Then you run into issues with who is on what terminal
21:30
so unless a ldap backend handles all the information it's not very easy on the admins
21:30
<alkisg>
vagrantc: to prevent others from listening
21:30
Not for the server to trust the client...
21:31
<vagrantc>
so it prevents a passive sniffing sort of attack, but not an active man-in-the-middle attack...
21:32
although it'd be a pretty active passive sniffing attack anyways...
21:32
<alkisg>
Enslaver: if you don't want / can't use epoptes, then you'd have to write a small script that would check from the server sshd (or output of `w`) who is where...
21:32
<vagrantc>
i guess you could log the packets and decrypt later...
21:32
<Enslaver>
but ldm doesn't register its sessions with wtmp/utmp correctly
21:32
<vagrantc>
it seems to on debian...
21:33
<alkisg>
ldm doesn't run on the server
21:33
sshd registers the sessions fine...
21:33
<Enslaver>
it uses ssh
21:33* vagrantc nods to alkisg
21:33
<Enslaver>
maybe its broken in 5.1
21:33
for el6
21:33
<alkisg>
So the output of `w` doesn't tell you the users + the terminals they've logged in?
21:34
<Enslaver>
no, it only tells us who has a terminal window open
21:34
<alkisg>
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
21:34
alkisg pts/3 localhost 23:34 0.00s 0.43s 0.01s w
21:34
The "FROM" column has the IP for LTSP clients...
21:35
<Enslaver>
w|awk '{ print $1 }'|sort | uniq|wc -l
21:35
35
21:35
<alkisg>
Same for "who"
21:35
<Enslaver>
ps aux|awk '{ print $1 }' | sort| uniq|wc -l
21:35
67
21:35
given of course the <1024
21:35
uid
21:36
we have 35 people just logged in downstairs right now
21:36
<alkisg>
sudo netstat -nap | grep 'ESTABLISHED.*sshd'
21:36
tcp 0 0 127.0.0.1:22 127.0.0.1:33350 ESTABLISHED 28958/sshd: alkisg
21:36
Yet another way, network based
21:37
<Enslaver>
netstat -nap | grep 'ESTABLISHED.*sshd'|wc -l
21:37
756
21:37
Thats just one of our servers
21:38
<alkisg>
Well first you might be having problems with processes that stay alive after logout
21:38
<Enslaver>
we have a cleanup script that runs at 2am
21:38
<alkisg>
But in any case it should still be possible to detect where each user is
21:38
<Enslaver>
it is, we keep a database backend
21:39
<alkisg>
I mean with plain LTSP
21:39
<Enslaver>
anythings possible, I really want to design something that gives ease of management
21:40
<alkisg>
That's why we implemented epoptes :)
21:40
<Enslaver>
i like that http://www.epoptes.org/
21:40
its very nice looking and clean
21:40
gonna download it now and play with it a bit
21:41
it pretty easy to develop for?
21:41
<alkisg>
pygtk + shell, yeah
21:43
<Enslaver>
right now we use a menu system that does a x11vnc tunnel
21:43
<vagrantc>
alkisg: have you used epoptes over a wan?
21:44
<alkisg>
vagrantc: I think I've tried it once, but X over wan is slow,
21:44
ah and I also tried it with x2go multiple times over wan
21:44
It works fine that way
21:44
Meh
21:44
No I haven't tried the clients to be over wan and the epoptes daemon to be local
21:44
That shouldn't be slow, it should run fine...
21:45
<vagrantc>
yeah, i meant local daemon
21:45
<alkisg>
The only problem I see there are the thumbnails
21:46
64k x (number of clients), once every 5 seconds
21:46
<vagrantc>
ouch...
21:46
alkisg: would it make sense to throttle that based on some latency check?
21:47
<alkisg>
vagrantc: Phantomas has implemented thumbnail zooming
21:47
So it'd be easy to request tiny thumbnails,
21:47
...and we should also have some setting for the interval...
21:48
For automatic... I don't know it needs too much thinking + testing, other things have bigger priority (like the ldm+sshfs problem :P)
21:50
Ah, what we already have is "5 seconds after the last thumbnail is successfully transferred"
21:50
So it'll work with low bandwidth too, but if it's too low, it'll consume most of it
21:50
'night all
21:50alkisg has left IRC (alkisg!~alkisg@ubuntu/member/alkisg, Quit: Leaving.)
21:53
<vagrantc>
sbalneav: which branch should i be pulling from? http://bazaar.launchpad.net/~sbalneav/ltsp/libpam-sshauth/ ?
21:55
<sbalneav>
vagrantc: Yes. Gimme one more day, I just found a malloc I'm not freeing :)
21:55
<vagrantc>
free the mallocs.
21:55
<sbalneav>
Yup.
21:56
Malloc()s yearn to be free().
21:56
<vagrantc>
sbalneav: and will any of the libnss-* need updates?
21:56
<sbalneav>
not for now, no.
21:57
<jammcq>
see now, if you'd written it in Cobol, you wouldn't have to worry about freeing the malloc
21:57
<sbalneav>
Wow. "mallocs yearn to be free" has no google hits. I made a brand-new funny.
21:58* jammcq smells a new t-shirt coming "Mallocs yearn to be free"
21:58* vagrantc goes on safari
21:58
<ogra_>
jammcq, but you would have to pay a fortune for maintenance later
21:58* sbalneav googles for cobol libraries for pam
21:58
<jammcq>
ogra_: yeah, part of my evil plan :)
21:58
<ogra_>
haha
21:59
<vagrantc>
sbalneav: i'm not sure about that AC_INIT change ... i think then lintian may then complain about calling it libpam-libpam-sshauth or something.
21:59
<sbalneav>
Well, I'll run lintian on it.
21:59
I did that so make dist actually produces libpam-sshauth.blah-de-blah
22:00
ah! So in C, it's pam_set_data()
22:00
in cobol it's
22:00
store_a_copy_of_a_pointer_that_points_to_data_into_the_pam_handle_retuning_a_status_variable
22:01
<jammcq>
sbalneav: well... yeah, but upper case
22:01
<sbalneav>
Gonna have to shrink the font on my terminal :)
22:01
<jammcq>
and it starts in col 12 and must end before col 72
22:01
end ends with a period
22:02
oh wait. paragraph names are limited to 32 chars, so that'll never work
22:02* vagrantc hopes that period ends soon, yes.
22:03
<vagrantc>
oh, i don't think we have libnss-env in debian yet...
22:03
<sbalneav>
don't need it.
22:03
That was an experiment that didn't work out :)
22:03
Unless you want it for another purpose :)
22:04
<vagrantc>
sbalneav: i wonder if you get get --rsyncable into GZIP_ENV ...
22:04
not that this is probably big enough to matter much
22:07bobby_C has joined IRC (bobby_C!~bobby@85-124-22-227.teleworker.xdsl-line.inode.at)
22:07
<vagrantc>
sbalneav: the "make dist" includes all the autofoo ... i might end up making a tarball without it for debian...
22:08
can cause mostly meaningless diffs between versions, which hinder review of updates.
22:09khildin has left IRC (khildin!~khildin@ip-80-236-212-136.dsl.scarlet.be, Quit: I'm gone, bye bye)
22:10
<sbalneav>
vagrantc: Oh, ok, wonder if there's a way we can exclude that stuff....
22:11
<vagrantc>
it's a fairly standard practice to include it, but in recent years Debian at least has discouraged it...
22:12
just because it makes security updates and freeze exception updates noisier for no real reason ...
22:12
i tend to use dh_autoreconf and tarballs without all the generated autofoo.
22:14
<sbalneav>
Is there a page you can point to that has some appropriate autofoo to exclude most of the autofoo in the dist, per debian's wants?
22:14
I want to make it as easy as I can to package
22:14
<vagrantc>
sbalneav: anything you wouldn't maintain in revision control
22:15
<sbalneav>
ok, I know there's a DIST_EXCLUDE directive. I'll see what that can do...
22:15
<vagrantc>
sbalneav: i.e. after running ./configure ... "bzr di" shouldn't show changes.thing.
22:27dead_inside has left IRC (dead_inside!~dead_insi@76.75.3.174, Quit: Leaving...)
22:42
<warren>
Enslaver: http://www.ebay.com/itm/Lenovo-Thinkpad-X120E-0611-AH9-11-6-3GB-320GB-WiFi-CAM-Bluetooth-Charity-/140874778639
22:42
Enslaver: pretty good deal for clients, except the color =(
22:42
<Enslaver>
they are horrid
22:42
we have a stack of them in our war room :(
22:43
<warren>
horrid in what way? I've had many X100e and X120e's with no problem
22:43
<Enslaver>
we use the t60
22:43
<warren>
I have a T60 too
22:43
<Enslaver>
well, used to
22:43
<warren>
what happened?
22:43
<Enslaver>
ever since lenovo took over ibm's desktop lineup their sub part equipment is not up to spec
22:43
<warren>
most X and T Thinkpads were great
22:43
<Enslaver>
back when IBM owned them they were
22:44
<warren>
well yeah, I used to do the 3 year full price warranty, and made good use of it
22:44
<Enslaver>
warren: got a Q for you, can you point me to some resources for learning to use anaconda, I'm gonna be using that to build the fat clients
22:44
<warren>
lately i've just bought dead laptops cheap for parts
22:44
Enslaver: I don't understand anaconda all that well
22:44
<Enslaver>
I've done the basic google search, nothing helping :(
22:44
<warren>
Enslaver: have you seen the custom anaconda hook that EL6 LTSP uses?
22:45
<Enslaver>
no?
22:45
I know nothing about it
22:45
<warren>
Enslaver: it's used in ltsp-build-client
22:45
<Enslaver>
oh yeah i saw that code
22:45
<warren>
Enslaver: anyway, I doubt it is compatible with Fedora 18
22:45
Enslaver: i recommend figuring out how to replace it with mock
22:45
mock works the same on all RH
22:45
vintages
22:46
<Enslaver>
no wait, that was chroot-creator i was looking at
22:46
<warren>
that's it
22:46
it's a wrapper subclass of anaconda
22:46
<Enslaver>
yeah thats what i started modifying
22:47
<warren>
Enslaver: does it work on fedora 18?
22:47
Enslaver: I suspect RHEL7 will be based on Fedora 19-21-ish
22:47
<Enslaver>
no clue
22:47
I am doing the initial R&D stage right now to figure out what i am gonna use
22:47
<warren>
for maintainability purposes, you will likely want a common installer that works on Fedora 11, EL6 and EL7
22:47
<Enslaver>
yeah, been looking for one
22:48
<warren>
the most certain way to do that is mock
22:48
<Enslaver>
i've gotten used to kickstart
22:49
<warren>
I rebuilt a Thinkpad X120e last week. My friend smashed her LCD. Bought a dead laptop from eBay and fixed it. I'm impressed by the layout inside that thing.
22:49
Taking apart recent Dell laptops, absolutely shitty design.
22:49
<Enslaver>
was it IBM on the brand or lenovo?
22:50
<warren>
Lenovo
22:50
<Enslaver>
bleh
22:50
<warren>
X120e is from 2010
22:50bobby_C has left IRC (bobby_C!~bobby@85-124-22-227.teleworker.xdsl-line.inode.at, Ping timeout: 244 seconds)
22:51
<Enslaver>
I just buy chrome books / MacBooks for laptops depending on budget
22:51piet has joined IRC (piet!~piet@dyndsl-085-016-100-002.ewe-ip-backbone.de)
22:51piet has left IRC (piet!~piet@dyndsl-085-016-100-002.ewe-ip-backbone.de)
22:52
<Enslaver>
any good mock front ends?
22:52
<warren>
not really
22:52
mock is a backend workhorse
22:52
used by koji
22:52
or manually
22:52
in your case you want it to build a chroot but not packages within it
22:53
then ltsp-build-client scripts to configure stuff
22:54
<Enslaver>
build a chroot but not packages?
22:54
<warren>
mock builds a chroot, then builds a .src.rpm within it
22:54
<Enslaver>
ah
22:55
<warren>
anyway, I'd see if chroot-creator works with fedora 18 anaconda first
22:55
maybe it does
22:55
I doubt it
22:56
<Enslaver>
i'll stick with mock, it looks straight forward
22:57
<warren>
that's a good idea for hte long-term
23:04hachque_ has left IRC (hachque_!quassel@2600:3c01::f03c:91ff:fe96:5060, Remote host closed the connection)
23:05stgraber has left IRC (stgraber!~stgraber@ubuntu/member/stgraber, Ping timeout: 245 seconds)
23:05hachque has joined IRC (hachque!quassel@2600:3c01::f03c:91ff:fe96:5060)
23:05stgraber has joined IRC (stgraber!~stgraber@ubuntu/member/stgraber)
23:06mgariepy has left IRC (mgariepy!mgariepy@ubuntu/member/mgariepy, Ping timeout: 276 seconds)
23:08mgariepy has joined IRC (mgariepy!mgariepy@ubuntu/member/mgariepy)
23:17Parker955 is now known as Parker955_Away
23:26
<warren>
Enslaver: btw, if you use bzr on Fedora 18, this is very helpful
23:26
Enslaver: http://wtogami.fedorapeople.org/bzr-gtk/
23:26
Enslaver: convenient visualization
23:29
<Enslaver>
yah i love the visualize mode
23:30
<warren>
Enslaver: any interest in being the Fedora package owner?
23:31
<Enslaver>
lets get ltsp under my belt first
23:35
mock puts a ton of un-needed rpms out there :/
23:35
i see, the configs define the group install params
23:37
<warren>
yeah
23:37
Enslaver: you'll probably want two Fedora 11 configs, one to make a chroot to build Fedora 11 RPMS, another to build the LTSP chroot.
23:39
<Enslaver>
yah, what I'm thinking is keep everything completely separate, the ltsp mock files will be in ltsp-build-client/mock and will install to /opt/ltsp/$target
23:46
<warren>
Enslaver: hmm... somewhere I have a prototype chroot installer even simpler than mock. I called it chrootkit.
23:46riddle has left IRC (riddle!riddle@76.72.170.57, Ping timeout: 252 seconds)
23:46
<warren>
I was trying to be intentionally alarming.
23:47
<Enslaver>
lol i see that
23:47
my chrootkit detectors might not let that pass ;)
23:48
<warren>
It was based on anaconda though
23:48
so mock is better