Friday, 2015-06-26

*** jian5397 has quit IRC00:10
*** sdake_ has joined #openstack-security00:17
*** sdake has quit IRC00:21
*** markvoelker has joined #openstack-security00:24
*** sdake_ has quit IRC00:27
*** markvoelker has quit IRC00:30
*** sdake has joined #openstack-security01:00
*** tmcpeak1 has quit IRC01:15
*** tmcpeak has joined #openstack-security01:18
*** markvoelker has joined #openstack-security02:14
*** markvoelker has quit IRC02:18
*** nkinder has quit IRC02:37
*** keren1 has joined #openstack-security03:27
*** keren1 has left #openstack-security03:28
*** tmcpeak has quit IRC03:28
*** markvoelker has joined #openstack-security04:02
*** elo has quit IRC04:03
*** markvoelker has quit IRC04:07
*** dave-mccowan has quit IRC05:05
*** dave-mcc_ has quit IRC05:05
*** sdake has quit IRC05:35
*** markvoelker has joined #openstack-security05:51
*** markvoelker has quit IRC05:56
*** sdake has joined #openstack-security06:00
*** sdake has quit IRC06:16
*** sdake has joined #openstack-security06:19
*** shohel has joined #openstack-security06:29
openstackgerritMerged openstack/security-doc: Fix malformed sentence in security-guide
*** shohel has quit IRC06:33
*** browne has quit IRC06:37
*** sdake has quit IRC06:41
*** sdake has joined #openstack-security06:41
*** sdake has quit IRC06:41
*** shohel has joined #openstack-security06:47
*** markvoelker has joined #openstack-security09:29
*** markvoelker has quit IRC09:33
*** shohel has quit IRC10:01
*** shohel has joined #openstack-security10:05
*** tkelsey has joined #openstack-security10:20
*** shohel has quit IRC10:38
*** tkelsey has quit IRC11:01
*** markvoelker has joined #openstack-security11:17
*** markvoelker has quit IRC11:22
*** shohel has joined #openstack-security11:34
*** markvoelker has joined #openstack-security12:00
*** edmondsw has joined #openstack-security12:32
*** dave-mccowan has joined #openstack-security12:35
*** bknudson has quit IRC12:50
*** bknudson has joined #openstack-security13:19
*** singlethink has joined #openstack-security13:32
*** browne has joined #openstack-security13:41
*** tmcpeak has joined #openstack-security13:47
*** singleth_ has joined #openstack-security13:57
*** singlethink has quit IRC14:01
*** salv-orl_ has quit IRC14:01
*** deepika has joined #openstack-security14:07
*** browne has quit IRC14:10
*** browne has joined #openstack-security14:16
*** localloop127 has joined #openstack-security14:18
*** sigmavirus24_awa is now known as sigmavirus2414:19
*** jhfeng has joined #openstack-security14:27
*** jhfeng has quit IRC14:33
*** voodookid has joined #openstack-security14:36
*** deepika has quit IRC14:53
*** shohel has quit IRC14:59
*** salv-orlando has joined #openstack-security15:05
*** salv-orlando has quit IRC15:14
elmikoDaviey: hey, i'm curious about your thoughts on the sec-guide bugs. got a moment to chat?15:18
*** zul has quit IRC15:28
*** singleth_ has quit IRC15:32
*** zul has joined #openstack-security15:33
*** sdake has joined #openstack-security15:52
elmikotmcpeak: you around here?15:58
*** singlethink has joined #openstack-security16:02
Davieyelmiko: Hiya.16:02
tmcpeakelmiko: hey, what's up?16:03
elmikolol, wow.16:03
elmikowasn't expecting that16:04
tmcpeakboth of us woke up at the same time? :)16:04
tmcpeakjust noticed my Adium guy freaking out ;)16:04
elmikotmcpeak: i was trying to find the proper wording to recommend the change you talked about for OSSN004916:04
elmikoi think i may have found it though.16:04
tmcpeakahh ok cool16:04
elmikoi feel its just odd to recommend code modifications in an ossn, i feel like there need to be several caveats16:05
tmcpeakyeah, I hear you16:05
elmikoDaviey: hi, i was curious about your suggestion for the sec-guide bugs. i.e. how to improve the triaged ones16:05
Davieyelmiko: So, we have 58 sec-guide bugs in non-fixed status, right?16:05
elmikosounds about right16:06
elmiko60, but yea.16:06
DavieyOh, dunno why my search found 58.16:06
elmikohehe, i just reloaded the page and now it's 59... lol16:07
Davieyelmiko: But looking through them, very few of them are "Triaged".16:07
DavieyWhat do we consider Triaged to be?16:07
elmikoDaviey: we meet on mondays in here at 1:00 eastern for the sec-doc.16:08
elmikousually we go throught the new ones16:08
elmikoand once we have decided priority and severity (and any open questions), we mark as triaged16:08
Davieyelmiko: Ah, i didn't know there was a seperate meeting16:08
elmikoi took it from your comments that maybe we should add more specific remarks to the bugs, to help guide folks interested in fixing?16:08
elmikothe meeting is less formal than the sec-group meeting.16:09
Daviey(phone call, brb)16:10
Davieyelmiko: Sorry, back now.  I didn't mean to come across as overly critical.. Apologies if i did!16:15
Davieyelmiko: I was just scanning through the bugs, and many of them felt not ready to wordsmith as the problems were still undefined.16:16
elmikoDaviey: you weren't overly critical at all, i took it that you wanted to help improve the state of things =)16:17
DavieySo of them felt more project centric, rather than general security focussed - meaning a first attempt by the project might be a better idea, with hardening by ossg?16:17
elmikoi think that's accurate16:17
elmikomany of them will require direct action from people who know the projects in question16:17
Davieyelmiko: Do you know if there has been much interest from the projects involved?16:17
elmikosome, but it has not been overwheling ;)16:18
elmikowe probably need to reach out to the CPLs if we want more engagement16:18
Davieyelmiko: Ie, bug 1329606 is screaming for cinder to write some notes on this16:18
openstackbug 1329606 in openstack-manuals "Security Guide does not document cinder wiping behavior" [High,Confirmed]
elmikoDaviey: yea, exactly16:19
Davieyi'm guessing none of the generic ossg members can touch that16:19
elmikowe just need someone who knows it well enough16:19
elmikoyea, that's kinda the issue with some of these16:19
tmcpeakthat would be a deep-dive for a OSSG member, but if there was somebody in Cinder that knew it, it could be a 30 minute writing exercise16:19
Davieybug 1455926 seems very blocked on neutron right now16:20
openstackbug 1455926 in openstack-manuals "Security Guide - Networking services - Incorrect Information" [Critical,Confirmed]
elmikoDaviey: yea, if there is one thing we need it's more engagement from the project CPLs16:20
Davieytmcpeak: could even be a 10 mins notes from the SME and 20 mins from ossg docs16:20
Davieyie, wordsmithed by us..16:20
tmcpeakDaviey: yeah, for sure.  Do we have any Cinder security embeds?16:20
elmikoDaviey: in an ideal world, yes =)16:20
DavieyMight i suggest, we pick 5 blocked on SME's each week and jump on projects asking them to write some notes?16:22
elmikothat's a great idea16:22
tmcpeakthat sounds good, even cranking through a couple a week would be good progress16:23
elmikoi might start a little smaller, maybe 3, but just because there are only so many of us ;)16:23
Davieyfair point.  Okay, how about we pick one each.. Baggsy the cinder one.16:23
elmikosure, i'll make sure to bring it on monday at the meeting16:24
elmikoi also linked this convo to sicarie16:24
Davieyelmiko: Hmm, i can't see the meeting on the calendar?16:26
elmikoyea, it's informal so far16:26
elmikowe don't have an "official" meeting... yet ;)16:26
DavieyPerhaps we should 'document' the meeting? :)16:26
elmikoagreed, i think at some point we should work towards having an official meeting with meetbot and everything16:27
elmikocurrently the eavesdrop logs are the only method of review16:27
elmikoa little background,16:27
elmikothis has been a growing effort over the last cycle or so (6-8 months), in terms of meeting and generating a larger team16:27
elmikoalthough the guide itself is much older16:28
elmikoi think as we get more folks interested in helping, our velocity is increasing, we definitely will need to organize more16:28
DavieyYeah, i thought the security guide was more of a static document now.. I only learned last cycle it is still being improved.16:29
DavieySo 13:00 ET Monday, 18:00 UK time ?16:29
DavieyMuch better.16:30
elmikosince we are currently under the domination of daylight savings time ;)16:30
elmikowhere i am, at least16:30
Davieysame here16:31
elmikoi dunno how it is in the UK, but here some states don't observe it. fun times16:32
DavieySome people in Scotland did suggest *they* drop DST, which would have been fun.16:33
*** shohel has joined #openstack-security16:35
openstackgerritMichael McCune proposed openstack/security-doc: Add OSSN-0049
elmikotmcpeak: curious about your thoughts ^^16:35
tmcpeakelmiko: cool, I'll check it out16:35
*** janonymous_ has joined #openstack-security16:36
elmikoDaviey: thanks for the feedback, i'm optimistic we can improve the process =)16:36
* elmiko heads off to lunch16:37
janonymous_Hi , could somebody help me out with ERROR: InvocationError:16:38
janonymous_when running tox for bandit16:38
janonymous_tox -ebandit16:38
tmcpeakjanonymous_ : can you put the contents of your tox.ini and the error in a pastebin and drop the link here?16:38
janonymous_Complete tox or just bandit section16:40
tmcpeakone sec16:44
tmcpeakjanonymous: what happens when you run the Bandit command manually?16:45
tmcpeakrun this from command line: "bandit -c bandit.yaml -r swift -n5 -p swift_conservative"16:45
janonymous_yes i am doing this only16:46
janonymous_is there a  dependency on oslo that would be required ?16:46
tmcpeakjanonymous_: no16:47
*** singleth_ has joined #openstack-security16:47
tmcpeakI mean what happens when you run Bandit without tox16:47
tmcpeakswitch into the tox virtual env and try to run the Bandit command manually16:47
tmcpeakit should give you more of a clue what the problem is16:47
janonymous_ok, please hold on a sec16:48
janonymous_Yes, you are right runnig " bandit -c bandit.yaml -r swift -n5 -p swift_conservative"   simple  doesn't  raise an error16:50
tmcpeakok so must be something isn't set up correctly in the tox environment16:50
*** singlethink has quit IRC16:50
*** singleth_ has quit IRC16:51
tmcpeakjanonymous_: looks like you're missing something in your tox.ini - check out Keystone's
janonymous_deps = -r{toxinidir}/test-requirements.txt    part was already set in deps of testenv16:54
tmcpeakKeystone's also set that, and they set it again in Bandit, maybe try it?16:57
tmcpeakI'm not a tox expert, but I imagine they wouldn't have put it if it wasn't required16:57
janonymous_ohh i see , please hold on sec again , i am running the tests16:58
*** browne has quit IRC16:59
janonymous_It' still failing :(17:00
tmcpeakelmiko: this is great! I really like adding the relevant code blurb in here17:00
tmcpeakjanonymous_: ok- so just to check.  If you run the Bandit command manually, it works?  is this inside or outside of the tox virtualenv?17:01
janonymous_outside virtual env17:01
tmcpeakwell try it inside the virtual env that Bandit tox is creating to ensure that the virtual env has been created properly17:02
tmcpeakrm -rf .tox/bandit and run with tox again17:02
tmcpeakit's something wrong with virtual environment/tox for sure, because it works when you run it manually17:03
janonymous_Yes you are right , i'll debug tox then...17:06
tmcpeakok cool17:06
tmcpeakI'll be back in a bit17:06
tmcpeakgood luck with it17:06
tmcpeakthere might be a verbose option for tox that can help you17:06
janonymous_something is wrong for sure with tox env setup17:06
*** elo has joined #openstack-security17:10
*** sigmavirus24 is now known as sigmavirus24_awa17:27
*** browne has joined #openstack-security17:37
*** sigmavirus24_awa is now known as sigmavirus2417:41
*** bpokorny has joined #openstack-security17:45
*** singlethink has joined #openstack-security17:52
*** Canaima_kawaii has joined #openstack-security17:52
*** Canaima_kawaii has quit IRC17:53
*** Canaima_kawaii has joined #openstack-security17:54
*** Canaima_kawaii has left #openstack-security17:55
*** Canaima_kawaii has joined #openstack-security17:58
*** bpokorny has quit IRC18:00
*** bpokorny has joined #openstack-security18:01
Canaima_kawaiiSe ha solicitado una sesión de mensajería musical. Por favor, seleccione el icono de MM para aceptarla.18:06
Canaima_kawaiiSe ha solicitado una sesión de mensajería musical. Por favor, seleccione el icono de MM para aceptarla.18:06
*** Canaima_kawaii has left #openstack-security18:06
*** bpokorny_ has joined #openstack-security18:08
elmikoi don't get where these things are coming from...18:09
*** bpokorny_ has quit IRC18:10
*** bpokorny has quit IRC18:11
tmcpeakSpain bro18:12
*** sdake has quit IRC18:13
*** singleth_ has joined #openstack-security18:13
tmcpeak"Has requested a session ? N of messaging ? A musical. Please select the MM icon to accept ."18:14
elmikoyea, so random...18:16
*** bpokorny has joined #openstack-security18:16
*** singlethink has quit IRC18:17
*** sdake has joined #openstack-security18:38
*** shohel has quit IRC18:46
*** shohel has joined #openstack-security18:47
tmcpeakshohel - what's up, long time18:48
*** shohel has quit IRC18:48
*** singleth_ has quit IRC19:04
localloop127anybody seen a fresh bandit install not find anything when running against the examples?19:10
elmikolocalloop127: like, when running the tests?19:11
localloop127i've tried with 0.11.0, master, and 0.10.1. installed with pip install --user . from within the cloned repo.19:12
localloop127yep, bandit -r ./examples/* returns "No issues identified."19:12
elmikoi'll try, 1sec19:13
elmikoooh, i get an error... hmm19:13
localloop127if your error about plugin assert not found?19:13
*** janonymous_ has quit IRC19:14
elmikoi'm getting a keyerror19:14
localloop127ok. i was also getting python path issues when running in a virtual env, so i stopped trying to use it that way19:14
elmikoyea, i'm getting all sorts of weirdness19:16
elmikotmcpeak: ^^19:16
elmikohe may know19:16
elmikolocalloop127 is having some bandit issues, and mine seems to be totally broken =(19:17
tmcpeakok, which first?19:18
tmcpeaklocalloop127: what's the —user? I haven't seen that19:18
elmikolocal install, to avoid sudo iirc19:19
elmiko(got mine working btw)19:19
localloop127elmiko what did you do to fix19:19
elmikoi removed the venv i created, and recreated it19:19
*** markvoelker has quit IRC19:20
elmikoi'm getting all sorts of output for `bandit -r ./examples`19:20
elmikolike, issues that is19:20
tmcpeaklocalloop127: Bandit doesn't require sudo19:20
localloop127using the bandit.yaml from the repo?19:20
tmcpeakI did git clone from stackforge19:20
tmcpeak(make sure all other Bandit is uninstalled)19:20
elmikosame here, clone from stackforge19:20
tmcpeakthen "pip install ."19:20
tmcpeakthen bandit -r examples19:21
tmcpeakand got usual output19:21
localloop127tmcpeak: it does to install if you're on OS X and not in virtual env and don't use the pip install --user19:21
tmcpeakI'm in OSX no virtual env19:21
elmikointeresting that it doesn't need sudo on OSX19:22
localloop127o.O seriously? i got all sorts of permission denied writing to /Library...19:22
tmcpeakmine didn't install to /Library, it installed to /usr/local/bin/bandit19:22
tmcpeakare you using latest? we used to try to put config in /etc which definitely required sudo, but now we don't do that anymore19:24
tmcpeaklocalloop127: ^19:24
localloop127tmcpeak: did you install python from homebrew?19:26
localloop127i wonder if your python site packages are a different place from mine19:26
*** markvoelker has joined #openstack-security19:26
localloop127i did try latest. tried master, 0.11.0 and 0.10.1 tags19:27
tmcpeaklocalloop127: yeah looks like it19:28
tmcpeakMacBook-Pro:bandit travismcpeak$ python19:28
tmcpeakPython 2.7.9 (default, Jan  7 2015, 11:49:12)19:28
tmcpeak[GCC 4.2.1 Compatible Apple LLVM 6.0 (clang-600.0.56)] on darwin19:28
tmcpeakType "help", "copyright", "credits" or "license" for more information.19:28
tmcpeak>>> import site; site.getsitepackages()19:28
tmcpeak['/usr/local/Cellar/python/2.7.9/Frameworks/Python.framework/Versions/2.7/lib/python2.7/site-packages', '/usr/local/Cellar/python/2.7.9/Frameworks/Python.framework/Versions/2.7/lib/site-python', '/Library/Python/2.7/site-packages']19:28
localloop127ok i'll try switching to homebrew python19:29
tmcpeakelmiko: you still having problems too?19:30
elmikonope, mine works now =)19:30
tmcpeakcool, one down19:30
elmikoi just hadn't used it in awhile and my venv was stale, clean install fixed it19:31
tmcpeaklocalloop127: I don't remember installing Python? maybe it has just always been here?19:31
*** sigmavirus24 is now known as sigmavirus24_awa19:31
tmcpeakahh cool19:31
*** markvoelker has quit IRC19:32
*** markvoelker has joined #openstack-security19:32
elmikoyea python is installed by default on OSX19:34
elmikoi haven't used OSX in awhile but /usr/local/Cellar/... doesn't seem familiar to me, maybe they changed the default paths at some point19:34
tmcpeakyeah, that's where brew puts the stuff19:35
elmikoah, ok19:35
elmikothat makes sense19:35
elmikoi never got too deep into brew, i had been using macports until i switched to linux for my dev machine19:36
localloop127ok tons of results19:36
localloop127we may need to put in the readme: apple's python sucks19:37
tmcpeakyeah, definitely19:37
tmcpeakthis is a good find19:37
localloop127ok, in nicer terms, but apples python sucks19:37
elmikoagreed, good find19:37
tmcpeaklocalloop127: would you mind adding it to the README and wiki?19:37
localloop127nope, dont mind at all19:38
tmcpeakawesome, thank you19:38
tmcpeakyou can save the next person this pain :D19:38
*** sigmavirus24_awa is now known as sigmavirus2419:38
*** markvoelker_ has joined #openstack-security19:38
openstackgerritNathaniel Dillon proposed openstack/security-doc: Adding hypervisor and issue handling section to compute chapter
*** markvoelker has quit IRC19:40
sigmavirus24elmiko: if I do `tox -re 27 --notest` and then `.tox/py27/bin/bandit -r examples` it looks fine to me19:41
sigmavirus24oh yo ufigured it out19:41
sigmavirus24stupid Bouncer not giving me the entire history19:41
elmikogood to know about the tox usage, i wasn't sure if i could use it that way19:42
elmikoi usually just run a non-tox venv19:42
*** markvoelker has joined #openstack-security19:44
*** markvoelker_ has quit IRC19:45
*** bpokorny_ has joined #openstack-security19:49
openstackgerritNathaniel Dillon proposed openstack/security-doc: Adding hypervisor and issue handling section to compute chapter
*** bpokorny has quit IRC19:52
*** markvoelker has quit IRC19:54
*** markvoelker has joined #openstack-security19:58
*** singlethink has joined #openstack-security20:06
*** markvoelker_ has joined #openstack-security20:09
*** markvoelker has quit IRC20:11
*** markvoelker_ has quit IRC20:12
*** browne has quit IRC20:15
*** tmcpeak1 has joined #openstack-security20:20
*** tmcpeak has quit IRC20:21
*** tmcpeak1 has quit IRC20:31
*** tmcpeak has joined #openstack-security20:46
*** markvoelker has joined #openstack-security20:51
sigmavirus24elmiko: you can also always have tox generate it for you and then do `source .tox/py27/bin/activate`20:53
elmikoyea, i knew that one. i just get so caught up in all the venvs i create lol20:55
* elmiko is a venv addict20:55
sigmavirus24elmiko: yeah so am I20:56
sigmavirus24I've also fallen into the practice of abusing tox like openstack does20:56
elmikoyea, i'm starting to do that20:56
sigmavirus24I feel kind of conflicted about it20:56
elmikohow so?20:57
sigmavirus24On the one hand it works well20:57
sigmavirus24On the other hand tox is for testing20:57
elmikoyea... lol, not generating docs, and running small microstuffs, and ....20:57
sigmavirus24and cutting releases21:02
elmikoooh, creative ;)21:03
elmikosigmavirus24: i need to ask you questions about twine at some point. really about signing packages to pypi, i'd like to do it for sahara but i'm still ramping up on the effort.21:06
*** bknudson has quit IRC21:06
*** browne has joined #openstack-security21:08
*** markvoelker has quit IRC21:19
*** sigmavirus24 is now known as sigmavirus24_awa21:23
*** openstack has joined #openstack-security21:26
*** keren has joined #openstack-security21:26
tmcpeakwhat's up keren21:28
*** markvoelker has joined #openstack-security21:28
kerenhablen en ingles21:29
tmcpeakyeah, what's up?21:29
*** markvoelker has quit IRC21:30
tmcpeakgreat, yes, espanol21:30
kerenhablen español21:32
kerenxq no21:34
tmcpeakkeren - do you have something you want to say?21:34
kerenno te entiendo21:34
tmcpeakpor qué estás aquí?21:35
kerenxq quiero hablar21:35
kerenpero en español21:35
tmcpeakeste no es el canal correcto21:36
kerendime uno21:36
kerenque no sea ni #canaima-social21:36
kerenni #Canaima21:36
kerendime ps21:36
kerenque sea de la canaima21:37
kerenque este en lalista de lacanaima21:37
tmcpeakeste no es un canal español21:39
kerenque este en la lista de la canaima21:39
kerenlista de la canaima21:39
tmcpeakpor favor deja de decir que , esto es para la seguridad de OpenStack , si sigues hablando fuera de tema Te voy a quitar de este canal21:40
kerencomo quitame21:41
kerenestoy esperando21:42
*** ChanServ sets mode: +o tmcpeak21:43
*** keren was kicked by tmcpeak (keren)21:43
*** ChanServ sets mode: -o tmcpeak21:44
elmikolol, that's enough machine learning for one day ;)21:44
tmcpeaklol, yeah, got bored of Spanish lessons21:44
tmcpeakI wonder if somebody trolled us and added us to some bogus list21:46
elmikoi can only imgaine21:46
elmikoi never see that spam on other channels though21:47
*** bknudson has joined #openstack-security21:47
tmcpeakwhat can I say, we're kind of a big deal in Spanish speaking countries21:47
elmikohave a good weekend tmcpeak, i'm out21:50
tmcpeakelmiko: cool man, you too21:51
*** localloop127 has quit IRC22:05
*** edmondsw has quit IRC22:08
*** edmondsw has joined #openstack-security22:08
*** edmondsw has quit IRC22:08
*** dave-mcc_ has joined #openstack-security22:10
*** singleth_ has joined #openstack-security22:11
*** dave-mccowan has quit IRC22:12
*** singlethink has quit IRC22:13
*** singleth_ has quit IRC22:15
*** singlethink has joined #openstack-security22:27
*** voodookid has quit IRC22:46
*** sdake_ has joined #openstack-security23:21
*** sdake has quit IRC23:25
*** singlethink has quit IRC23:26
*** bpokorny has joined #openstack-security23:34
*** bpokorny_ has quit IRC23:37
*** sdake_ has quit IRC23:42
*** synk has joined #openstack-security23:46
*** synk has left #openstack-security23:46

Generated by 2.14.0 by Marius Gedminas - find it at!