IRC chat logs for #ltsp on irc.libera.chat (webchat)


Channel log from 9 September 2009   (all times are UTC)

00:03tarbo_ has quit IRC
00:05tarbo has joined #ltsp
00:06try2free has left #ltsp
00:13alkisg has quit IRC
00:18elias_a has joined #ltsp
00:21lucascoala_ has joined #ltsp
00:33lucascoala has quit IRC
00:35lucascoala_ is now known as lucascoala
00:38elias_a has left #ltsp
00:39elias_a has joined #ltsp
00:48tarbo_ has joined #ltsp
00:54map7 has joined #ltsp
00:55tarbo has quit IRC
01:19Ahmuck has quit IRC
01:34nubae|work has joined #ltsp
02:01map7 is now known as map7|away
02:48frederickjh has joined #ltsp
02:49mikkel has joined #ltsp
02:58Selveste1 has joined #ltsp
03:06Selveste1 has quit IRC
03:29alkisg has joined #ltsp
03:29frederickjh has quit IRC
03:33
<alkisg>
Good morning
03:47ftherese has joined #ltsp
03:48
<ftherese>
does anyone know if there is a setting in the lts.conf file that allows you to deny internet access to specific mac addresses?
03:48
or does that have to be set in the dhcp file?
03:49
03:50
03:51
03:52
bueno, puedo mandar en espanol tambien si alguien puede contestarme
03:57
<Appiah>
dont see how to block that in the lts.conf or in the dhcp.conf
03:58
dont ee how that would be possible
03:58
<alkisg>
ftherese: localapps or normal ltsp?
03:59
localapps => you could set dns_server=127.0.0.1 in lts.conf
03:59
normal ltsp => iptables, ufw etc
04:00
<ftherese>
well, the clients will be using localapps version of firefox, so I could maybe do it that way right? but there are a few proggies that wouldn't be localapps
04:00
It might just be easier to do it by the router... don't you think?
04:01
<alkisg>
Does the router support user-based filtering?
04:01
<ftherese>
ahhh... yeah that is a problem
04:01
<alkisg>
I think iptables and squid are your best bets for user-based filtering
04:02
<ftherese>
and if I just set certain mac addresses as blocked in the router's firewall?
04:02
four WAN
04:02
for*
04:03
<alkisg>
So how will you block user1 that *doesn't run a localapp* from teacher1? They'll both go out with the server mac address
04:03
<ogra>
no, the AMC will always be the servers
04:03
*MAC
04:03
you need userbased filtering
04:04
<ftherese>
ok... I'll look into it
04:04
thank you
04:06ftherese has quit IRC
04:10F-GT has quit IRC
04:22F-GT has joined #ltsp
04:37Anon1216 has joined #ltsp
04:43Selveste1 has joined #ltsp
04:59Anon1216 has quit IRC
05:03garymc has joined #ltsp
05:07
<garymc>
anyone help me find out why my sound card stops working after about ten use's?
05:07
in my thin client?
05:24pmatulis has joined #ltsp
05:30F-GT has quit IRC
05:39ltspbot` has joined #ltsp
05:39elias_a has quit IRC
05:39ogra__ has quit IRC
05:39wietze has quit IRC
05:39ltspbot has quit IRC
05:39stgraber has quit IRC
05:39Appiah has quit IRC
05:39lejo has quit IRC
05:39gentgeen__ has quit IRC
05:39nubae has quit IRC
05:42pmatulis has quit IRC
05:45Selveste1_ has joined #ltsp
05:45Selveste1 has quit IRC
05:48Selveste1_ has quit IRC
05:48Selveste1 has joined #ltsp
05:51elias_a has joined #ltsp
05:51ogra__ has joined #ltsp
05:51wietze has joined #ltsp
05:51gentgeen__ has joined #ltsp
05:51lejo has joined #ltsp
05:51Appiah has joined #ltsp
05:51stgraber has joined #ltsp
06:05ftherese has joined #ltsp
06:15
<garymc>
ok will the sound have something to do with my Thin clients sound carD?
06:16
<Appiah>
when does it stop working?
06:39pmatulis has joined #ltsp
06:40
<ftherese>
alkisg: I am looking at the documentation, and it seems you can block individual users using only iptables, why did you also suggest squid?
06:41
<alkisg>
Because squid can also do that? I.e. as an alternative?
06:41
<ftherese>
ok
06:42
is there one you would recommend?
06:43
<alkisg>
Well... squid can also block other things, so if you want more filtering, it would come handy to set it up as a transparent proxy.
06:43
<ftherese>
ok
06:44
<alkisg>
If you just want to cut all the web access for some users, well, then iptables would suffice...
06:44
ftherese: but those are general linux questions, you'd get better answers in #ubuntu or such.
06:44
<garymc>
Appiah : it just randomly stops working
06:46
after about 5 - 10 uses (eg songs played/ videos) then when i check system > prefrences> sound> I click test buttons and instead of a sound i get an erroro message
06:46
<ftherese>
alkisg: true, I guess the question began having to do with a ltsp specific setup, just in case there was a way to do it already through the lts.conf file
06:46
<Appiah>
and the error messages says what
06:47
<garymc>
Error Message "audiotestsrc wave=sine freq=512 ! audioconvert ! audioresample ! gconfaudiosink profile=chat:failed to connect: Connection Refused
06:48ftherese has quit IRC
06:49sene has quit IRC
06:54
<garymc>
yeah not much info in google on this either
07:04The_Code has joined #ltsp
07:05F-GT has joined #ltsp
07:05
<Appiah>
check the clients logs
07:13bieb has joined #ltsp
07:20otavio_ has joined #ltsp
07:21otavio has quit IRC
07:24
<garymc>
Appiah : where will i find the clients logS?
07:25
<Appiah>
log onto the client with ssh
07:25
set a root password first
07:25
then check dmesg and /var/log/messages and such
07:25
<garymc>
the thin client has no hard drive?
07:25
<Appiah>
but it got a client image
07:25
...
07:26
<garymc>
ermm maybe then i dont kno0w
07:26
<Appiah>
you're clients are pxebooting right?
07:26
<garymc>
yes
07:29otavio_ has quit IRC
07:29otavio has joined #ltsp
07:30otavio has quit IRC
07:31otavio has joined #ltsp
07:31
<garymc>
Also anyone know why Evolution keeps asking for default keyring to unlock?
07:31
and how do i stop it asking for it
07:32Lns has quit IRC
07:42vvinet has joined #ltsp
07:50cyberorg has joined #ltsp
07:55otavio_ has joined #ltsp
07:57
<garymc>
ok i also go an issue with Flash in firefox
07:57
how do i uninstall my current version and put the correct one on?
08:07bobby_C has joined #ltsp
08:10shawnp0wers has joined #ltsp
08:15otavio has quit IRC
08:17
<Appiah>
current version of flash?
08:18
apt-get remove name-of-flash-package
08:18
I'm just taking a wild guess that you're running ubuntu
08:18
<garymc>
how do i find out what flash version i have?
08:18
Iam ubuntu 9.04
08:18
ltsp server
08:18cyberorg has quit IRC
08:19
<garymc>
and whats the best flash package to use. I found the actuall adobe one was rubbish
08:19
<Appiah>
apt-cache policy nameofpackage
08:19
<garymc>
i dont understand ^^
08:19
<Appiah>
type it in a terminal
08:20
<garymc>
name of package: flash?
08:20
<Appiah>
or go to system -> admin -> synaptic
08:20
search for flash
08:20
look what package and version you have installed
08:21Lumiere has quit IRC
08:21ftherese has joined #ltsp
08:21
<pmatulis>
garymc: to find your installed flash program => dpkg -l '*flash*'
08:22Lumiere has joined #ltsp
08:23
<garymc>
all i find in synaptic is flashplugin-nonfree-extrasound
08:23
pmatulis : that command didnt work
08:24
<Appiah>
do : sudo apt-get update
08:24
then check in synaptic again
08:24
<pmatulis>
garymc: does over here ;)
08:25jammcq has joined #ltsp
08:25
<jammcq>
good morning friends
08:26
<garymc>
i get error Appiah "could not get lock" Unable to lock admin directory is another program using it
08:26
<Appiah>
close down synaptic first...
08:27
<ftherese>
I am using iptables to restrict internet access to certain ltsp clients, but now they are not loading X, does X work via tcp packets?
08:28
<garymc>
installing updates
08:28
do i need to restart the server after this?
08:28
<pmatulis>
ftherese: you should be filtering on the server's external interface
08:28
<_UsUrPeR_>
sbalneav: ping?
08:28
<jammcq>
ftherese: yes, it uses ports up in the 6000 range
08:28
and, if you are using LTSP-5, it uses ssh, which is port 22
08:29
and there's probably other ports it uses as well
08:30
<ftherese>
darn it, so I have to add a second interface?
08:31
<jammcq>
ftherese: you are trying to restrict Internet? the typical LTSP setup runs the webbrowser on the server
08:31
so in that case, restricting the client won't help
08:32
<ftherese>
jammcq: well, they would be using the webbrowser via localapps, but there are other applications that are not
08:33
<jammcq>
ah
08:33
ftherese: you could use squid to proxy all web access, and then restrict individual users/terminals in the squid config
08:34
<ogra>
make sure nbd (or nfs), tftp, ssh and dhcp are accessible
08:34
<ftherese>
orga: right
08:35
<ogra>
if you use LDM_DIRECTX also XDMCP
08:35
if not, ssh suffices
08:36
<ftherese>
ogra: thanks, I am using DIRECTX
08:37
<jammcq>
ogra: XDMCP ???
08:37
XDMCP is port 177. are you thinking 'X' ?
08:38
LCM_DIRECTX doesn't cause GDM to be used, does it?
08:38
<ogra>
well, whatever "export DISPLAY=blah" uses
08:38
<jammcq>
yeah, that's just port 6000
08:38
<ogra>
i thought that defaults to xdmcp
08:38
ah
08:39
<jammcq>
XDMCP is the protocol used to negotiate a logon and session. that's what GDM/KDM/XDM do. once the session is setup, then it's just plain old X protocol
08:40
<pmatulis>
GDM? i thought we're using LDM
08:40
<jammcq>
in our case, with LTSP-5, the login is handled via SSH, even with DIRECTX terned on
08:40
pmatulis: with LTSP-5 yes
08:40
s/terned/turned/
08:40mikkel has quit IRC
08:42
<garymc>
Appiah : Ok I updated and im back in syanptic Package Manager. I search flash and again all diff files
08:42
<Appiah>
and you find no package that is marked installed?
08:43
<garymc>
yeah two
08:44
swfdec-mozilla & libswfdec-0.8.0
08:44
<Appiah>
then thats what you got installed
08:44
<garymc>
so whats the best flash package to have?
08:44
for my Ubuntu Jaunty 9.04 LTSP server
08:46
<alkisg>
garymc: sudo apt-get purge swfdec-mozilla libswfdec-0.8.0 && sudo apt-get install ubuntu-restricted-extras
08:51
<garymc>
alkisg is there more than flash with the ubuntu-restricted-extras ?
08:52
i just checking youtube now and the speech sync is way off
08:53
and Firefox just went off after 30 seconds of playing the video
08:53
<alkisg>
Yes, there are the "recommented" codecs there.
08:53
Which codecs did you have installed?
08:53
<garymc>
well this version of flash just made my browser dissapear
08:53
I dont know
08:54
i take it i need to remove that flsh as its not right for my system?
08:55
it also stopped all the sound on my thin client working again
08:55
So im thinking the issues I have with sound on my thin client have some relation to flash
08:57
<alkisg>
08:58
<sbalneav>
!flash
08:58
<ltspbot`>
sbalneav: "flash" is Yes, flash sucks. Make sure you have LDM_DIRECTX=True in your lts.conf file, or if it's just youtube you're after, try the HQtube plugin. Install greasemonkey for firefox, and see http://userscripts.org/scripts/show/24999
08:59Selveste1 has quit IRC
09:00* ogra shades his eyes
09:00
<ogra>
so many flashes
09:01
<sbalneav>
Morning ogra!
09:01
heh
09:01
<ogra>
:)
09:01
<sbalneav>
It's like the freaking paparazzi in here
09:01
<nubae|work>
hood one
09:01
good even
09:01* ogra is happy ... having solved a weird weird bug he was hunting for weeks
09:01
<ogra>
well, not solved but identified
09:01
<_UsUrPeR_>
sbalneav: got a question for you about sabayon
09:02
<sbalneav>
<gijoe>And knowing is half the battle!</gijoe>
09:02
_UsUrPeR_: Shoot
09:02
<jammcq>
sbalneav: Scotty !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
09:02
<ogra>
well, not sure its solvable :)
09:02
but i know what it is at least
09:02
<sbalneav>
Morning jammcq!
09:02
Well, lots of battles are lost
09:02
<_UsUrPeR_>
sbalneav: I am trying to put icons on the top bar/desktop with click-and-drag in the editor. Doesn't seem to be working too well.
09:03
Is there a way to add icons to the top bar?
09:03
<sbalneav>
Sure
09:03
right click on the menu item, select "Add launcher to panel"
09:04
I'm not surprised click and drag doesn't work.
09:04
<_UsUrPeR_>
oh, nice
09:04primeministerp has joined #ltsp
09:04
<_UsUrPeR_>
yeah, I was too
09:04
<sbalneav>
I think Xephyr's blocking some X events.
09:04
<alkisg>
!s
09:04
<ltspbot`>
alkisg: "s" is Scotty!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
09:04
<alkisg>
!o
09:04
<ltspbot`>
alkisg: "o" is o is for ogra!!!!!!!!!
09:04
<ogra>
!a
09:04
<alkisg>
I wonder why sbalneav has more ! than ogra... ;)
09:04
<ltspbot`>
ogra: "a" is Awesome Ahmuck
09:04
<ogra>
heh
09:05
<sbalneav>
!ja
09:05
<ltspbot`>
sbalneav: Error: "ja" is not a valid command.
09:05
<sbalneav>
!ja
09:05
<ltspbot`>
sbalneav: Error: "ja" is not a valid command.
09:05
<sbalneav>
!j
09:05
<ltspbot`>
sbalneav: "j" is jammcq!!!!!!!!!!!!!!!!!!!!!!!
09:05
<jammcq>
scotty is still the winner
09:05
<sbalneav>
I dunno, whoever added mine liked !'s
09:05
A winnar is me
09:06
<jammcq>
neuralis used to comment that he could judge the mood of the channel by how many '!'s would show up with scotty logged in
09:06
wonder how ole neuralis is doing. he's like some bigwig guy working on Apple's security these days
09:07bobby_C has quit IRC
09:08
<Lumiere>
!!
09:08
<ltspbot`>
Lumiere: Error: "!" is not a valid command.
09:08
<Lumiere>
darn :)
09:08
<jammcq>
hey Lumi
09:08
<Lumiere>
!learn ! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
09:08
<ltspbot`>
Lumiere: Invalid arguments for learn.
09:08
<Lumiere>
lol
09:08
hi!
09:08
<jammcq>
jeez, we're only missing Mistik1 now
09:08* Lumiere is here to haunt jammcq
09:08
<jammcq>
and chupacabra
09:08
<Lumiere>
or lurk
09:08
one of the two
09:09
<garymc>
I just want the best plugin for all sites using FLASH...Flash..flashflash
09:10
<Lumiere>
garymc: tell them to shove the flash up their................
09:10
<garymc>
well what am i gonna use instead as most websites ask for flash plugin
09:11
<Lumiere>
what are they doing that requires a flash plugin?
09:11
<garymc>
youtube etc
09:11
also use other sites too not just youtube
09:14alside has joined #ltsp
09:14
<alside>
hello
09:14
i have a problem during boot of LTSP client : nfs mount root filesystem : you must specify the filesystem type. the /dev/ram1 mount works well. but it seems that the mount command for the root mount system misses the mount options and mount target. in debug mode i can mount it without any problem. an idea ? PLEASE HELP
09:15
<sbalneav>
garymc: the hqtube plugin can be applied to specific sites. So, you can use hqtube for youtube, and the "regular" flash plugin for others.
09:15
<garymc>
right, i was just hoping for one for all type
09:15
<johnny>
blame adobe
09:15
<sbalneav>
You hope in vain
09:16
<garymc>
how do i install the hqtube one then?
09:16
<alkisg>
alside: is that debian? what do you have in pxelinux.cfg/default ?
09:16
<sbalneav>
!flash
09:16
<ltspbot`>
sbalneav: "flash" is Yes, flash sucks. Make sure you have LDM_DIRECTX=True in your lts.conf file, or if it's just youtube you're after, try the HQtube plugin. Install greasemonkey for firefox, and see http://userscripts.org/scripts/show/24999
09:16
<sbalneav>
alside: Yeah, tell us a little more about your setup.
09:16
<_UsUrPeR_>
sbalneav: another sabayon question for you
09:17
sbalneav: when locking down an environment, the first that I would do is remove access to the System>Preferences and System>Administration menus
09:17
however, when I do that, I no longer have the ability to make any changes to the menus
09:17
is there a way to make those changes elsewhere in sabayon?
09:17
<johnny>
how did you remove them?
09:17
via alacarte?
09:18
<alside>
this is on opensuse11.1, with kiwi-ltsp
09:18
<sbalneav>
_UsUrPeR_: So.... remove them as the last thing you do? :)
09:18
<_UsUrPeR_>
johnny: System>preferences>Main Menu
09:18
<alkisg>
alside: better ask in #kiwi-ltsp
09:18
<alside>
sbalneav: this is on opensuse11.1, with kiwi-ltsp
09:18
<johnny>
that should be alacarte ...
09:19
iirc
09:19
<alside>
alkisg: i know, but noone's awake there
09:19
<sbalneav>
alside: Ah, yeah, ask #kiwi-ltsp
09:19
<_UsUrPeR_>
sbalneav: heh. If only that were a salable option.
09:19
<sbalneav>
_UsUrPeR_: And why ISN'T it an option?
09:19
<garymc>
ok after installing that package earlier "ubuntu restriced extras" it has now fuked all my sound right up
09:19
pardon my french
09:19
<sbalneav>
garymc: language please
09:19
<alside>
ok. thanks. i'll wait
09:20
<garymc>
yes sory bout that
09:20
<alkisg>
alside: hmmm not many here know about kiwi-ltsp... it's a little different than standard ltsp
09:20
<_UsUrPeR_>
because once the "final" change is made, you cannot make any more changes to the profile. There's gotta be a better way.
09:20
<sbalneav>
_UsUrPeR_: nope.
09:20
<_UsUrPeR_>
maybe an option to at least re-allow access or something?
09:20
<garymc>
alkisg : after installing that recommedation from you my sound keeps breaking very quickly
09:20
<_UsUrPeR_>
:/
09:21
<alkisg>
garymc: well, I asked you what codecs you already had installed, but you didn't answer...
09:21
<garymc>
i told you i didnt know
09:21
<alkisg>
garymc: anyway, these are general os/ubuntu questions, better ask in #ubuntu
09:21
<garymc>
oh thanks
09:21
<sbalneav>
_UsUrPeR_: You know you can base a profile on another profile, right?
09:21
<alkisg>
garymc: and, it's easy to remove the restricted extras if you don't want them
09:21
<garymc>
so you tell me to install package it messes up and now go ask elsewhere
09:22
<alside>
alkisg: ok. no problem. i tought that someone here could help cause my problem concern nfs mount. but it migth be different between kiwi-ltsp and ltsp. i don't know
09:22
<garymc>
just apt-get remove
09:22
<sbalneav>
So, create a "working" profile that contains most of your mods, EXCEPT disabling those menus.
09:22
Then, when you think you have the profile right, copy is to, say, profile_PROD
09:22
Remove menu items.
09:23
<alkisg>
alside: can you locate and see what the kernel parameters are?
09:23
<sbalneav>
Then, if you need to make changes, go back to the working one... make changes, save
09:23
re-copy the prod one, remove menu.
09:23
<_UsUrPeR_>
ok, ok I got it
09:23
<sbalneav>
Hey you want an answer or no? :)
09:25
Sabayon isn't doing anything more fancy than launching a gnome session in a subwindow, and keeping track of what you change.
09:25
<alside>
alksig : append initrd=boot/initrd-ltsp vga=791 splash=silent showopts kiwiserver=192.168.0.11 kiwiservertype=tftp
09:25
<johnny>
kiwiserver lol
09:25
why must they be so weird
09:25
<alside>
soory for my kiwiserver :p
09:26
<alkisg>
johnny: that's not a bad option to have, though.... I also wanted a server=<ip> param :)
09:26
<johnny>
hopefully they will adopt standard too
09:26
alkisg, hmm? don't we already have that?
09:26
what do you mean for it to do? maybe i miss the point
09:26
<sbalneav>
Don't we ?
09:26
<alkisg>
Not with the same semantics. It just overrides next-server
09:26
We have nbd server, nfs server etc, similar but not quite the same
09:26
<johnny>
what are you expecting?
09:27
so you want server=ip and servertype=nbd then ?
09:27
<alkisg>
Nevermind let's not get into that, no big deal....
09:27
No, just server=ip, for broken dhcp servers :)
09:27
<johnny>
alkisg, would be neat if there was a mini avahi client in there..
09:28
alkisg, and the ltsp server said what it did
09:28
<alside>
ok thanks again. i've already asked on #kiwi-ltsp. i'll wait for reply
09:28
<alkisg>
alside: Google a bit to see if an nfsroot=server:/path is also needed in that command line
09:28
<johnny>
alside, yes..try google "nfs mount suse initrd"
09:28
<_UsUrPeR_>
sbalneav: I was not aware that profiles could be used as templates when I started this conversation. It works fine the way it is.
09:28
<alkisg>
johnny: I think there's service discovery in the pxe specification
09:28
<alside>
k
09:29
<johnny>
alkisg, using zeroconf?
09:29
<alkisg>
johnny: but noone implements it :)
09:29
<johnny>
alkisg, i doubt we can rely upon it
09:29
<alkisg>
johnny: no, it's part of the pxe protocol.
09:29
<johnny>
well.. then it is useless to us :)
09:29
<sbalneav>
_UsUrPeR_: You're limited in certain ways by how Gnome functions.
09:29
<alkisg>
Well, a weird part of the spec called "proxydhcp" was there in all the cards I"ve seen
09:29
<johnny>
alkisg, i was suggesting a way that might work for all
09:29
<alkisg>
johnny: ah, you mean the old etherboot clients? cause other clients would work..
09:30
<_UsUrPeR_>
sbalneav: yeah. I see how that goes now.
09:30
<johnny>
no.. i'm talking about stuff that happens AFTER you get the tftp
09:30
since i don't believe we can rely on the BEFORE
09:30
<alkisg>
Ah, an avahi client in the initramfs, then?
09:30
<nubae|work>
what was the suse question exactly?
09:30
<johnny>
that's what i said earlier exactly :)
09:31
<sbalneav>
_UsUrPeR_: One of my next tasks will be to get the sabayon documentation up to date. It's woefully inadequate.
09:31
<alkisg>
johnny: Yeah, I'm just asking to see if I got it right
09:31
<johnny>
alkisg, i think it could also remove need for ldminfod
09:31
oh wait.. i don't know if we could pass load info that way :(
09:31
which we will still need
09:31
<alkisg>
We could do it the other way around, though
09:32
Broadcast a request for ltsp server discovery, and ldminfod would answer
09:32
<johnny>
/me discovers alkisg
09:32
hehe
09:33
<alkisg>
Heh
09:33
<johnny>
give me a greek from #ltsp Result: [alkisg]
09:33
<alkisg>
lol! :D
09:34nelson_ has joined #ltsp
09:34nelson__ has joined #ltsp
09:34
<alkisg>
"Gimme an ltsp server that has flash installed" => ip
09:34
"Gimme the ltsp server with the minimum load" => ip....
09:35
<sbalneav>
Give me liberty or give me death!
09:35* sbalneav expires
09:35
<johnny>
alkisg, have you looked at dracut btw?
09:35
it seems to be pretty good
09:35
<alkisg>
Nope. Can I try it in ubuntu?
09:36
<johnny>
probably.. but not worth the hassle
09:36
<alkisg>
In debian?
09:36
<johnny>
since you already have initramfs-tools
09:36
<alkisg>
Ah
09:36
<johnny>
but it beats what is in gentoo,and what existed in fedora (or any distro that uses mkinitrd)
09:36chupacabra has quit IRC
09:37chupacabra has joined #ltsp
09:37
<johnny>
it might be better than initramfs-tools.. but i don't know if ubuntu will consider it worthwhile to swtich
09:37
<alkisg>
So now the initrd.img is smaller? Or it just standarized the way to create it?
09:37
<johnny>
alkisg, i was only recommending that you look at what hooks it supports out of the box
09:37
you can browse the src to see
09:38
like iscsi, aoe, nbd, nfs
09:38
<alkisg>
Sounds good...
09:38
<johnny>
it seems to be a step up from modularity of initramfs-tools.. but initramfs-tools has suprised me before
09:39
<dberkholz>
i hope they just get that thing shipped with the kernel
09:39
that's where it oughta be
09:39
<johnny>
dberkholz, smart idea
09:39
<dberkholz>
not mine =)
09:39
<johnny>
hmm.. didn't know that
09:39
did you read it in lwn?
09:39
or elsewhere
09:39
lwn is a quality publication
09:40
<alkisg>
Except for a small bug, I was able to do remote booting with nfs & nbd with the standard ubuntu initramfs. So I don't think it's missing much....
09:41
Having such cross distro tools sounds nice, though
09:42
<ogra>
definately ... the thing is that they need to understand ways of intergration and offer the same flexibility as initramfs-tools
09:43
<johnny>
ogra, have you looked at it lately?
09:43
<ogra>
if dracut can do that ubuntu might switch
09:43
<johnny>
seems pretty good
09:43
<ogra>
no, but i know some of my colleagues look at it and wait for it to improve in the right direction to swich ubuntu over
09:44
<johnny>
well.. i hope they are talking to each other
09:44
that is all we can hope for
09:44
<ogra>
i'm pretty sure they do
09:44bobby_C has joined #ltsp
09:44
<ogra>
we're attempting 10s boottimes in karmic+1 ...
09:45
switching to dracut if it adds speed improvements might be an option
09:47
<johnny>
so.. any of you folks seen oddjob?
09:47
it's a way to setup events that you want triggered
09:49
<ogra>
for what ?
09:50Egyptian[Home] has quit IRC
09:50
<johnny>
here's an example
09:50
http://dpaste.com/91446/
09:51
for forcing a cron
09:51
<ogra>
heh, looks like a bad clone of upstart with ugly xml added
09:52
<johnny>
well it was written by redhat developers.. perhaps it was started before upstart.. or meant as a replacement until we actually use native upstart files
09:52
<ogra>
upstart will replace cron, syslog and a good bunch of other stuff in ubuntu
09:52
and i guess in redhat too
09:52Egyptian[Home] has joined #ltsp
09:52
<ogra>
since they are using upstart since a while
09:52
<johnny>
so.. either it covers something upstart SHOULDNT do.. or was started before hand
09:53
perhaps it is meant to be a generic place to put stuff that no init file exists for
09:53
i haven't seen that part of upstart yet.. only the old sysv init style
09:53
hoping to see it soon tho :)
09:53
<ogra>
or redhat suffers from NIH once again :)
09:53
<johnny>
that would be odd.. considering they adopt upstart..
09:53
<ogra>
and contribute a lot to it too
09:53
<johnny>
yes
09:54
so it must be old.. or for something else.. or just POC
09:54
guess we'll see in the next distro releases
09:54
<ogra>
heh, yeah
09:54mikkel has joined #ltsp
09:55
<johnny>
ogra, would be nice to replace atd too :)
09:56
<ogra>
i think thats on the list as well
09:59
<johnny>
brb.. upgrading transport
09:59johnny has left #ltsp
10:01johnny has joined #ltsp
10:07alkisg has quit IRC
10:09staffencasa has joined #ltsp
10:17
<cor3>
Hi all
10:34
<garymc>
anyone know how I can test my sound in my ltsp as it works for a little while then stops working until i reboot the thin client
10:36
<_UsUrPeR_>
garymc: how are you testing sound right now?
10:37
<sbalneav>
garymc: Is it dying when you run flash apps?
10:37
<_UsUrPeR_>
garymc: are you running localapps?
10:37
<garymc>
im just playing sounds off the ltsp server through my thin clinet
10:38
<sbalneav>
garymc, be more specific.
10:38
PLAYING SOUNDS IN WHAT?
10:38
Flash, rythmbox, esdplay, etc etc etc
10:38
<garymc>
i took the bin bit out
10:39
i play sounds in my thinclient looks like movieplayer of some kind also flash too
10:39
<_UsUrPeR_>
are you running localapps?
10:39
<garymc>
what is localapps
10:40
<_UsUrPeR_>
that answers that :)
10:40
localapps = running programs from the client instead of the server. It plays havoc with sound without the proper settings
10:40
<sbalneav>
ok, so, if you play sounds in JUST the movie player, does that kill the sound, or when you play sounds in JUST flash, does that kill it?
10:40
<garymc>
they all kill it after a few goes
10:41
<sbalneav>
So if you JUST play sounds in the movie player?
10:41
Have you tried that?
10:41
Not touching flash at all?
10:41
<garymc>
yes
10:41
it stops working after a few goes
10:43din_os has joined #ltsp
10:43
<sbalneav>
What are you playing? MP3's?
10:44
<garymc>
.wavs
10:44
any sounds
10:44
when i load up the sound is a bit scratchy too
10:44vvinet has quit IRC
10:44
<garymc>
the loading sound that is
10:45
<sbalneav>
What kind of hardware is in the thin client? Probably probably pulse is crashing there.
10:45
<garymc>
you think
10:45
im not sure
10:46
im using Sony Vaio as thin clients
10:48
<sbalneav>
Usually, when spulse crashes like this, it's normally the flash program that kills it.
10:49
<cor3>
hello fellow pegger
10:50
<sbalneav>
regular gstreamer apps don't usually crash itm
10:51nubae|work has quit IRC
11:16din_os has quit IRC
11:20otavio_ has quit IRC
11:20otavio has joined #ltsp
11:21Lns has joined #ltsp
11:22
<garymc>
yeah just been away came back and sound is still working
11:22
its a mystery
11:23garymc has quit IRC
11:26ftherese has quit IRC
11:48alkisg has joined #ltsp
11:50
<cor3>
Whats the best way to get involved with the ltsp project?
11:51
I've successfully deployed a handful of servers under gentoo/debian/ubuntu
11:52
<alkisg>
gento is getting very close^W^W^W^Wis there! :)
11:54fotanus has joined #ltsp
12:04
<cliebow>
or redhat suffers from NIH once again :)..ok i give up..someone want to decipher?
12:05
cor3:looks like you Are involved 8~)
12:05
<cor3>
lol
12:05
I guess so simply by using
12:05
<cliebow>
cor3:what would You like to see?
12:05
<cor3>
I just wanted to give back to the community
12:06
I've used LTSP for years now
12:06
thought its about time I contribute in some fashion
12:06shawnp0wers has quit IRC
12:06
<cor3>
I'd like to see a nice clean way to integrate kerberose and ldap
12:07
<cliebow>
this is a Great group of people!! ogra is Mr. Edubuntu..Gadi contributes a lot of code..
12:07
<cor3>
have yet to successfully do that
12:07
<cliebow>
i use openldap
12:07
Scottie..Lord..everyone has their piece
12:08
jammcq!!!!
12:08johnny has left #ltsp
12:08
<cliebow>
cor3:where are you from?
12:08
<cor3>
Winnipeg
12:08
I've met scott once actually
12:08
<cliebow>
hell..sbalneav is right there!
12:08
<cor3>
yep
12:09
I took a tour of the legal aid
12:09
it was neat to see
12:09
<cliebow>
we all get together in Maine in the Fall
12:10
<cor3>
nice
12:11
Grrr fighting with zimbra -> funambol integration currently
12:11
not ltsp related I know
12:14
On the LDAP front I have one server authenticating against an active directory server using ldap and kerberose
12:16Blinny has joined #ltsp
12:21cor3 has left #ltsp
12:36nelson_ has quit IRC
12:36nelson__ has quit IRC
12:40vvinet has joined #ltsp
12:41Blinny has quit IRC
12:46otavio has quit IRC
12:46artista_frustrad has joined #ltsp
12:47otavio has joined #ltsp
12:55shawnp0wers has joined #ltsp
13:02Ahmuck has joined #ltsp
13:05otavio has quit IRC
13:05otavio has joined #ltsp
13:20alside has quit IRC
13:27
<jammcq>
cliebow: howdie
13:36spectra has joined #ltsp
13:40bieb has quit IRC
13:46garymc has joined #ltsp
13:47
<garymc>
Hi, I know that my thin clients sound is stopping to work. Its a Sony Vaio that im using as a thin client. Do I just have to put up with the sound not working properly? As it is obvious to me that its something to do with the soundcard in the Viao
13:47
not the server
13:53cnc has joined #ltsp
14:01
<cliebow>
jammcq:did you see ogra booked tickets to come?
14:02bieb has joined #ltsp
14:07
<cnc>
exit
14:07cnc has quit IRC
14:14
<jammcq>
ogra: yeah, pretty cool
14:35lax has joined #ltsp
14:36
<lax>
hi guys
14:36lax is now known as cnc
14:36
<cnc>
i'm running ubuntu 9.04 and using rdesktop, the caps lock button isn't working
14:37
in the rdesktop command I tried -k common which someone suggested, any other ideas?
14:41cnc has quit IRC
14:49staffencasa has quit IRC
14:54lns_ has joined #ltsp
15:03cliebow has quit IRC
15:08pmatulis has quit IRC
15:12staffencasa has joined #ltsp
15:15garymc has quit IRC
15:20vvinet has quit IRC
15:22mikkel has quit IRC
15:25ftherese has joined #ltsp
15:26
<ftherese>
well after a day of trying to set up a squid proxy... I have discovered that it wasn't what I wanted
15:27
I think I am looking for a work around at this point
15:27
imagine you have ltsp clients connecting with a sort of "guest" account
15:28
for three given mac addresses, they will automatically login with the same guest account
15:28
but they will not have access to the internet
15:29
squid pops up an authentification dialogue box, but that will be for everyone on the network
15:30
so if the users have the password and username that they need to log into the proxy
15:30
they can still do it
15:30
but if there is just one username "guest" who should not have internet access, how are you going to accomplish that?
15:31
it seems like there should be a set of permissions that could be set for that user
15:32
without killing the ability to connect to X
15:32
ssh
15:32
tftp
15:32
etc.
15:37
<sbalneav>
So, you're only wanting certain workstations to connect to squid?
15:38
and others on the same ltsp server should have unlimited access?
15:38
<ftherese>
yes
15:38
or iptables
15:38
which, I have had much more success with up to this point
15:38
<sbalneav>
Well, here's what I'd do:
15:39
For the hosts that you want squid access, make sure they're in DHCP with static IP addresses defined.
15:39
<ftherese>
ok
15:39
<sbalneav>
Then just do iptables web forwarding for only those ip's
15:40
<ftherese>
so give static ip's to the mac addresses
15:41
of like three computers
15:41
which should only be used for typing and offline consultation
15:42
and when I block those three ip' addresses they can't connect to the x server anymore
15:43
or did I get the process backwards
15:43
you want me to assign static ip address for the remaining 30 computers
15:43
is squid necessary in this picture or only iptables?
15:46
<sbalneav>
ftherese: Well, just block the web ports.
15:47
Ah, wait sorry, that won't work.
15:48
NM
15:48
<alkisg>
(11:27:55 μμ) ftherese: for three given mac addresses, they will automatically login with the same guest account ==> simultaneous logins with the same account is a problem
15:48
<sbalneav>
Yeah, that's another issue.
15:49
I can't remember: can iptables block by uid?
15:49
<ftherese>
sbalneav: no
15:49
<sbalneav>
yes
15:49
--uid-owner userid
15:49
Matches if the packet was created by a process with the given effective user id.
15:49
<ftherese>
sbalneav: that is where the whole squid foolishness started
15:49
<alkisg>
I think so, rjune had posted a line for that
15:50lucascoala has quit IRC
15:50
<alkisg>
Also, squid is another way to do per-user blocking: http://www.deckle.co.za/squid-users-guide/Access_Control_and_Access_Control_Operators#Username
15:50
<sbalneav>
So, you could just do it that way as well.
15:50
<alkisg>
Select one of them... I don't know which is best
15:50
<sbalneav>
Race 'em and see who wins :)
15:51Selveste1 has joined #ltsp
15:53
<sbalneav>
ftherese: So, you could do something like:
15:53
iptables -A OUTPUT -p tcp --dport 80 -m owner ! --uid-owner root -j REJECT
15:54
iptables -A OUTPUT -p tcp --dport 80 -m owner --uid-owner guest -j REJECT
15:54
sorry, second line's better.
15:54
paraphrasing from a web page I found
15:54
http://www.linuxjournal.com/article/6091
15:54
<ftherese>
sbalneav: --dport 80
15:54
sbalneav: that is the part I needed
15:55
<sbalneav>
I'd also block a couple of other "common" web ports
15:55
8080 and 8000
15:55
Oh, and the ssl port too, 443, iirc
15:55
<ftherese>
sbalneav: if i can just set up the right ports, and not the ones that ltsp client needs than it will work fine
15:56
<sbalneav>
right.
15:56
Even BETTER would be to block ALL ports, and just open up the ones an ltsp server needs.
15:56
<ftherese>
ok
15:58
so I can just use the ports does not equal, and list the ports that ltsp needs
15:58
do you know where i could find a list of the ports that ltsp needs?
15:59
<sbalneav>
heh, no.
15:59
Be nice for the doco, wouldn't it? :)
15:59
But, off the top of my head:
16:00
dhcp, tftp, our nbd ports (2000), pulseaudio, ssh, X ports if doing directx, etc.
16:00
<ftherese>
is drop better or just the same as reject?
16:01Egyptian[Home] has quit IRC
16:04
<sbalneav>
drop silently drops the packet on the floor, leaving some things "spinning", reject actually rejects, so they'll get a message (rejected).
16:04bieb has left #ltsp
16:05
<sbalneav>
So, define "better"
16:05
:)
16:05
I prefer reject myself
16:05
<ftherese>
ok
16:05
that makes sense
16:11spectra has quit IRC
16:11bobby_C has quit IRC
16:13
<lns_>
ftherese: reject definitely would make sense to me too in this case..drop is useful if you want to mask things to potential intruders (i.e. you don't want them to know you have a firewall rejecting packets, that the service simply is not responding; less information)
16:19shawnp0wers has quit IRC
16:23
<ftherese>
22(ssh) 34(RF), 35(Printer), 39(RLP), 41(Graphics), 42(ARPA/WINS - needed for network shares?), 67-69(BOOTP-TFTP),115(SFTP), 135-139 (NetBIOS stuff), 170(printer,network postscript), 177(XDMCP), 389(LDAP), 445(Active Directory, SMB), 513 (login), 540 (UUCP), 546,547(DHCP), 556(RFS), 631(IPP), 636(LDAPS), 647(DHCP failover), 989,990(FTPS), 991(NAS?), 2049(NFS), 6000,6001(X11)
16:23
so are there any missing?
16:23
could I dispense with any?
16:23
well, there is 2000 which you already mentioned
16:28alkisg has quit IRC
16:28pmatulis has joined #ltsp
16:31
<ftherese>
I'm not sure which one is for pulse audio
16:48
hmmm... it is blocking me from loging in now
16:49
<lns_>
ftherese: 22 is used by ldm to login via ssh (even w/ldm_directx=true)
16:49
from client->server
16:50
<ftherese>
I have 22 enabled
16:50
the ones I listed are the ones I enabled
16:50
<lns_>
oooh
16:50
uhm...which one is for ldminfod?
16:52
ftherese: 9571 stream tcp nowait nobody /usr/sbin/tcpd /usr/sbin/ldminfod
16:54
<ftherese>
sorry... what's that exactaly
16:54
is 9571 a port or a process
16:54
<lns_>
port
16:55
ldm needs it
16:55
enable it :)
16:55
<ftherese>
i'll enable it and see what happens
16:57
darn it... I am wondering how the rule order works
16:57
it won't let me define all the ports into one rule, so I have to separate them into different rules
16:58
<lns_>
ftherese: what dist. you using?
16:58
<ftherese>
ubuntu jaunty
16:58
<lns_>
i hear ufw is a good tool that simplifies iptables
16:58
<ftherese>
I am using webmin
16:58
which simplifies it
16:58* lns_ twitches
16:58
<lns_>
ok
16:59
<ftherese>
you don't like it?
16:59
<lns_>
meh...i could never get used to webmin, no matter how many times i tried
16:59
that's just me though
16:59
<ftherese>
it isn't that friendly, but friendlier than the conf files
16:59
<lns_>
some of the plugins were just horrible
16:59
<ftherese>
agreed
16:59artista_frustrad has quit IRC
16:59
<ftherese>
at any rate, there is a limit to the number of individual ports that can be included in a rule
16:59
<lns_>
well..why spend the time to learn webmin config stuff when you could learn config file stuff itself and be more portable?
17:00
<ftherese>
I never intended to learn anything
17:00
<lns_>
ftherese: i think you can specify a range, but not more than one out of range with another..?
17:00
heh
17:00fotanus has quit IRC
17:00artista_frustrad has joined #ltsp
17:00
<lns_>
THAT was a bad assumption, wasn't it.. ;)
17:00
<ftherese>
yup
17:00
<lns_>
ftherese: look at ufw
17:00
<ftherese>
I am just trying to get this working before friday
17:01
I think I am going to back up and enable all ports
17:01
and just close off the worst offenders
17:01
<lns_>
https://wiki.ubuntu.com/UbuntuFirewall
17:02
ftherese: you could do that but any firewall administrator is going to scoff at you for doing that
17:02
<ftherese>
well... I until I have the definative list of ports...
17:03
I could be hacking at this all night
17:04
<lns_>
what i don't get is why you're filtering ports that go TO the server and not forward from it onto the net
17:04
There are different chains for each intended destination...
17:04
<ftherese>
oops... to many layers of complexity... I don't understand
17:05
<lns_>
ufw ufw ufw :)
17:05
if you dn't want to learn anything, you don't need to be messing around with iptables...
17:06
<ftherese>
But I already know what I need to do with IP tables, it just has limitations on the amount of ports you can specify per rule
17:06
<lns_>
why do you need 1 single rule??
17:06
<ftherese>
and I don't know how it interprets the rules
17:06
well for example
17:07MRH2 has joined #ltsp
17:07
<ftherese>
the first rule will reject anything that is not ports 22-50
17:07
lets just pretend
17:08
except they are specific ports, so they are seperated by commas
17:08
that means, if it is looking for port 9170 or whatever, which ldm needs
17:08
it never knows it is allowed, because it never reads the rest of the ruls
17:09
<MRH2>
hi anyone know why my logs from remote logins have 2 entries like:
17:09
user ws029:0 ws029 Wed Sep 9 09:13 - 17:30 (08:16)
17:09
user ws029:0 Wed Sep 9 09:13 gone - no logout
17:09
<lns_>
ftherese: you always have a default action of allow, reject or deny, after the rules have been traversed
17:10
<ftherese>
the default action is allow
17:10
<lns_>
or forward/mangle/some other crazy stuff too i think
17:10
<ftherese>
yeah... it is set to filter
17:10
<lns_>
well why wouldn't it allow it if default is to allow?
17:10
and you dn't specifically deny 9571?
17:12
<ftherese>
ok... I'll try it... I was just hesitating because I didn't connect with the default allow thingy
17:12Q-FUNK has joined #ltsp
17:12zklaus has joined #ltsp
17:12
<Q-FUNK>
re
17:12
<ftherese>
testing...
17:13
rejected
17:13
where can I see a list of the firewall log?
17:14
I checked messages... but there is nothing significant there
17:14
<lns_>
ftherese: /var/log/messages probably
17:14
kern.log?
17:14
<zklaus>
Hello. I stumbled upon the something which I think is a bug, but I am not quite able to categorize it well: Setup: Ubuntu 9.04 ltsp-server-standalone. The resolv.conf get's messed up on boot on the clients.
17:14
<lns_>
afaik you need the -L (log) option in your iptables commands too
17:15
<zklaus>
This is due to apparmor induced inability of dhclient-script to update it properly. But if I allow it, dhclient-script will bring down the interface in PREINIT so that the machine locksup.
17:16
So should PREINIT only bring the interface up, if it had been down before? Or is this the wrong approach?
17:16
<lns_>
ftherese: sorry not -L
17:16jammcq has quit IRC
17:16
<ftherese>
lns_: the only thing that iptables puts in the log file is MARK
17:17
<lns_>
ftherese: that's not iptables
17:17
that's syslog
17:19
<ftherese>
ok then... the only thing iptables outputs is : Sep 9 21:39:01 server3 kernel: [10811.061551] ip_tables: (C) 2000-2006 Netfilter Core Team
17:20
<lns_>
ftherese: you need to specify LOG as a target in your rules
17:21
<ftherese>
/sbin/iptables -A OUTPUT -m limit --limit 15/minute -j LOG \
17:21
--log-level 7 --log-prefix "Dropped by firewall: "
17:21
I am reading about that as we speek
17:21
<lns_>
ah
17:21
well there ya go =)
17:27lns_ has quit IRC
17:30lns_ has joined #ltsp
17:30
<ftherese>
now we're getting somewhere
17:33
it looks like it is still blocking port 22 though
17:34
odd
17:36
861, and 875 appear to be two key players as well
17:37
137 and 631 both appear to be blocked as well, and those are two ports I enabled
17:39
how annoying
17:46
<lns_>
137=microsoft filesharing, 631=cups
17:46
could they simply be blocked further up the line?
17:50Selveste1 has quit IRC
17:52MRH2 has quit IRC
17:52
<ftherese>
testing again
17:57Sarten-X has joined #ltsp
18:00Sarten-X2 has quit IRC
18:09zklaus has quit IRC
18:10lns_ has quit IRC
18:11staffencasa has quit IRC
18:24avena has joined #ltsp
18:27ftherese has quit IRC
18:33vagrantc has joined #ltsp
18:47Lns has quit IRC
18:47tstafford_ has quit IRC
18:48pmatulis has quit IRC
19:12artista_frustrad has quit IRC
19:20johnny has joined #ltsp
19:36Sarten-X has quit IRC
19:44Sarten-X has joined #ltsp
19:44vvinet has joined #ltsp
20:07pem725 has quit IRC
22:54ltspbot has joined #ltsp
22:54sbalneav has joined #ltsp
22:54
<sbalneav>
Evening all
23:00try2free has joined #ltsp
23:06try2free has left #ltsp
23:07alexqwesa has quit IRC
23:28yanu has quit IRC
23:28yanu has joined #ltsp
23:31* vagrantc waves to sbalneav
23:40alkisg has joined #ltsp