Time Nick Message 13:30 pdurbin played with vagrant for the first time last night. i'm sold 13:30 pdurbin agoddard: http://crankstations.com/vagrant was helpful. thanks 13:30 agoddard pdurbin: awesome, glad to hear it :) 13:31 pdurbin looking for a centos base box. i guess i could build my own: Creating a CentOS 6.2 base box for Vagrant | Ricbra's Blog - http://blog.vandenbrand.org/2012/02/21/creating-a-centos-6-2-base-box-for-vagrant/ 13:31 agoddard ^ use veewee (what I should have blogged about next) 13:31 agoddard https://github.com/jedi4ever/veewee 13:31 pdurbin hmmmm? 13:32 agoddard also, now you got the vagrant crankin, you can have a play with a test instance of sensu :D https://github.com/sensu/sensu-chef/blob/master/examples/Vagrantfile 13:32 pdurbin mmm, sensu. yum. still haven't looked at it 13:33 agoddard ^ (you'll need to clone that repo and vagrant up in the examples directory 'cause it needs the cookbook) 13:33 pdurbin veewee vbox define 'myubuntubox' 'ubuntu-10.10-server-i386' 13:33 pdurbin that veewee looks pretty simple 13:33 pdurbin https://github.com/jedi4ever/veewee/blob/master/doc/vagrant.md 13:33 agoddard ya, it's awesome 13:33 pdurbin agoddard: do you ever use vagrant with window vm's? 13:34 * agoddard shudders 13:34 agoddard ;) nope 13:34 pdurbin ok 13:35 SEJeff http://blog.chromium.org/2012/05/tale-of-two-pwnies-part-1.html This is a really impressive hack 13:35 pdurbin vagrant does headless by default. i assume i can still use virtual box to make a windows vm independent of vagrant 13:36 agoddard ya, and you can also make it not headless 13:38 pdurbin i'll keep playing with it 13:38 pdurbin still need to set up this fedora box and switch from the centos box i'm typing on 13:39 pdurbin SEJeff: "With these two bugs Pinkie was able to install and run his own NPAPI plug-in that executed outside the sandbox at full user privilege". scary 13:42 SEJeff pdurbin, Yes, but look at the effort it took 13:42 SEJeff Clearly Chrome is a step above the competition 13:42 SEJeff They use proactive vs reactive security 13:42 SEJeff which is one of my primary reasons for saying Redhat/Fedora (and variants) is better on a server than Debian (and variants) 13:55 pdurbin SEJeff: here we go with the holy wars again ;) 13:56 SEJeff Like before, I backed it up 100% with technical reasons that were not refuted by anyone :) 14:02 pdurbin :) 14:02 pdurbin Issue #79: koan --virt-image-type ? · cobbler/cobbler - https://github.com/cobbler/cobbler/issues/79#issuecomment-5873608 14:03 pdurbin still want this 15:15 gridiron So...when you work for a company that was put on a "hit list" by a group of 14 year old children using LOIC... would it be immoral to set up a varnish server that redirects all the problematic IP's back to their IRC server? 15:15 SEJeff gridiron, Thats hilarious 15:16 SEJeff You might setup a few perhaps load balance the varnish servers with keepalived or something 15:16 gridiron I am tempted... 15:16 SEJeff How did you draw the wrath of anonymous^Wpre-pubescent bored males 15:17 gridiron No idea. I think we are fairly innocuous compared to say...BOA 15:18 gridiron but then... most governments are small next to them 15:18 SEJeff touche 17:33 * pdurbin had to google for http://en.wikipedia.org/wiki/Low_Orbit_Ion_Cannon 17:39 SEJeff LOIC wasn't near as bad until they added hive mode or whatever they call it 17:39 * SEJeff doens't have a windows box to run LOIC on nor would I 17:40 SEJeff The script kids were also using this service named gigaloader, but it was taken down when it was used to take down scientology 17:58 pdurbin "Razor is the first solution to dynamically provision hardware using auto-discovered, real-time inventory data, eliminating inefficient, error-prone manual processes and speeding the delivery of deployed applications for DevOps environments." -- http://puppetlabs.com/company/news/press-releases/puppet-labs-announces-next-generation-provisioning-solution/ 18:06 pdurbin http://forge.puppetlabs.com/puppetlabs/razor 18:07 SEJeff Much better post: http://nickapedia.com/2012/05/21/lex-parsimoniae-cloud-provisioning-with-a-razor/ 18:07 SEJeff I love how it conveniently doesn't support RHEL/Cent*/Fedora, or any of the derivatives 18:08 pdurbin SEJeff: yes. thanks. huh, it runs on node.js 18:08 SEJeff And with this release it fully supports VMware’s ESXi 5, Centos 6, openSUSE 12, Ubuntu Oneiric & Precise, and Debian Wheezy with our first release. 18:08 SEJeff and mongodb. Makes me think they couldn't figure out how to make ruby scale 18:08 SEJeff Kind of sad looking at it so far 18:08 pdurbin SEJeff: you'll switch from cobbler 18:09 SEJeff doubtful 18:09 pdurbin :) 18:10 pdurbin had lunch with ventz the other day. told him about how you equated cobbler with bash :) http://irclog.perlgeek.de/crimsonfu/2012-04-24#i_5488902 18:10 SEJeff Remind me who ventz is? 18:11 SEJeff cobbler has plenty of warts no doubt. I can name a large number of them, but it does what it was designed to do very well. 18:12 pdurbin ventz: you just lurking again? 18:18 pdurbin those security guys are pretty quiet 18:19 pdurbin that reminds me. i just started following these guys on twitter: http://masshackers.org https://twitter.com/masshackers 18:33 pdurbin i like cobbler well enough. but per above, i think vagrant is the way for now for quick testing with VMs 18:33 pdurbin but cobbler for real deployments. absolutely 18:33 SEJeff Yeah different beast altogether 18:33 pdurbin and maybe razor some day. who knows 18:33 SEJeff cobbler is too much for local machine testing 18:33 SEJeff Yup 18:34 pdurbin there's even a vagrant rpm :) 18:34 pdurbin which works fine on fedora 16 anyway 18:34 pdurbin http://downloads.vagrantup.com/tags/v1.0.3 18:34 pdurbin windows installer. crazy! 18:35 SEJeff Well virtualbox runs on every platform under the sun 18:35 pdurbin yeah 18:35 SEJeff Innotek did a really good job 18:35 pdurbin can i run virtualbox and kvm on my fedora laptop? 18:35 pdurbin or is that just a terrible idea? 18:35 SEJeff They both try to use the HW virt extensions 18:36 SEJeff which only 1 can use at a time 18:36 SEJeff I think kvm just says no thanks 18:37 pdurbin in practice i didn't uninstall anything. i just ran `service libvirtd stop` 18:44 ventz hmm? 18:44 ventz (sorry, really busy today -- what's up? 18:47 pdurbin ventz: SEJeff was wondering you are :) 18:48 pdurbin ventz: didn't you say you have some open source code? a git server or something? 18:50 ventz git.vpetkov.net 18:50 ventz enjoy everything - don't hold me responsible for anything 18:50 ventz SEJeff: hi, i am ventz :) 18:51 SEJeff hi :) 18:52 ventz i work in the security group btw, and before that i worked in the unix group 18:52 ventz you? 18:53 pdurbin so it's linkable from the irc log: http://git.vpetkov.net 18:53 ventz pdurbin: here's some more: https://svn.vpetkov.net/projects/ 18:53 pdurbin ventz: thanks 18:53 SEJeff Systems Engineer for a "High Frequency Trading" finance firm. I <3 Linux and most things open source 18:53 pdurbin ventz: don't forget, crimsonfu is not a harvard thing :) 18:53 ventz ss = squadron scramble game (in svn) 18:53 ventz ghost = ghost letter game 18:54 ventz this is my beautiful nqueens solution: https://git.vpetkov.net/?p=projects.git;a=tree;f=nqueens;h=f0e5bdff8671855ccb4d9fc98da51daf69c428c8;hb=HEAD 18:54 ventz :) 18:56 SEJeff ventz, You know... startssl.com will give you free *valid* ssl certs for 1 year. I've worked with them a lot. 18:56 pdurbin SEJeff: fine, but how much after that? 18:56 SEJeff free 18:56 SEJeff and free 18:57 pdurbin so free for a year and free forever 18:57 SEJeff It is legit. I've spoken on the phone for their CTO to verify my Class 2 registration 18:57 SEJeff for 1 year 18:57 SEJeff If you want > 1 year validity on your certs, you need a Class 2 18:57 SEJeff http://www.startssl.com/?app=1 18:58 SEJeff ventz, You familar with the digitanotar ssl CA hack? 19:00 ventz i am not 19:00 SEJeff http://www.informationweek.com/news/security/attacks/231601037 19:00 ventz SEJeff: i use self-signed b/c i am usually the only one who access these. I have some amazing deal via godaddy for $10 ssl certs, but just not point 19:01 SEJeff Well long story short... A 1/2 dozen SSL Cert Authorities were hacked by some state sponsored hackers. Comodo called out Iran and said that they were behind it all. They issued themselves valid ssl certs for domains like gmail, twitter, hotmail, etc to put down dissidents 19:01 SEJeff StartSSL was on the list of orgs to be hacked, but they foiled it even after the hackers managed to get inside their network. It is a good read 19:05 pdurbin shuff has some ssl solution he likes, but he's on here today apparently 19:05 SEJeff You can't beat intense israeli security (it is in their dna) and free ssl certs for 1 year at a time. I've worked with Eddy Nigg, for GNOME 19:06 SEJeff They gave GNOME free wildcard certs after we got 1 person (me) to validate to class 2 and the organization verified, which required everything but fingerprints from the executive director. It was a 6 week process with all of the back and forth 19:46 pdurbin s/on/not/ #crazyweek 20:14 pdurbin wow this actually works: virsh -c 'esx://vmwarehypervisor1.example.com' list 20:15 pdurbin just need port 443 open, as i was making noise about yesterday: http://irclog.perlgeek.de/crimsonfu/2012-05-22#i_5623929 20:17 SEJeff libvirt ftw 20:19 pdurbin no kidding! 20:19 pdurbin one step closer to virt-v2v 20:22 ventz pdurbin: ohh yea 20:22 ventz this is how i manage everything :) 20:23 pdurbin ventz: i though you used that ubuntu thing. not virt-v2v 20:24 pdurbin virt-goodies from ubuntu 20:26 ventz oh i was commenting about virsh -c 'esx://...' 20:26 ventz we have a vmware env. here (for somethings, you need vmware -- stats is one) 20:27 ventz the lab i pushed to have kvm 20:27 ventz which makes sense since we don't have to pay, and we don't need stats/live storage vmotion/etc... 20:30 SEJeff ventz, What exactly do you mean by stats? 20:30 pdurbin yeah but kvm is catching up :) 20:31 ventz SEJeff: vmware (imo) is good (and better for "enterprise") in only 2 ways 20:31 ventz 1.) vcenter 20:31 ventz 2.) massive stats -- as in historical data on cpu, mem, networking, bursting, etc... 20:31 SEJeff You know ovirt was released by redhat not so long ago, right? 20:31 ventz there are some tools for kvm, and a ton of home grown things, but nothing is as complete and as nice 20:31 ventz :nod: 20:31 ventz but it's not there just yet 20:32 ventz (oh, the other thing, storage vmotion -- kvm needs this really badly) 20:38 pdurbin no storage vmotion for kvm, huh? sadness 20:45 SEJeff ventz, oVirt (aka RHEVM 3.x) supports live migration 20:45 SEJeff I'm not familar with storage vmotion 20:45 SEJeff But think you're likely right 20:46 ventz live migration or storage? 20:47 ventz ex: host A & host B --> both on NFS, i move VM from one to the other 20:47 ventz vs 20:47 ventz only host A, -> NFS and local disk, i need to move a VM from nfs to local 20:47 SEJeff Ah nice 20:47 SEJeff the latter 20:47 ventz hmm 20:47 ventz that's interesting 20:47 ventz wonder how they are doing it 20:47 ventz i mean they have to come out with something 20:47 SEJeff http://ovirt.org 20:47 SEJeff They have it :D 20:48 ventz i really like in KVM the ability to force restrict mac + IP to prevent VM from spoofing 20:48 ventz for that feature you need a whole suite of tools in vmware 20:48 SEJeff Can't you also do that with svirt? 20:48 SEJeff And just label all network traffic coming out of that vm using SELinux? 20:48 SEJeff Which is well integrated with libvirtd 20:59 ventz :nod: 20:59 ventz the mac address functionality is the "coolness" factor basically 20:59 ventz you can also do this with iptables and some extension (some mac guard thing) 20:59 ventz but it was dirty 21:07 ventz http://forums.pinstack.com/content/5387-xbox_360_banned_u_s_violating_patents.html 21:07 ventz ^^ ignore "insecure" warning. Someone was posting spam in the forums and it 'blacklisted' the site 21:07 ventz anyway, i wanted to point out, clearly that judge has never played on an xbox