Sunday, 2010-10-31

*** xfaf has joined #openstack		00:06
*** mischer has quit IRC		00:07
alekibango	nicht? hitler is dead, long live obama	00:09
alekibango	:)	00:09
Orman_	Yeah I have different political views	00:19
Orman_	:P	00:19
rds__	hi guys	00:23
Orman_	hey	00:23
rds__	i'm just installed nova	00:23
rds__	with nova.sh on ubuntu 10.10	00:23
rds__	i have nova up and running	00:24
Orman_	Ok	00:24
rds__	i have generated one key	00:25
rds__	and lanched one instance, but i can't connect	00:25
rds__	i get this error	00:26
rds__	Host key verification failed.	00:26
Orman_	Really?	00:27
rds__	yes :(	00:27
alekibango	rds__: very strange	00:28
Orman_	Have you checked the host?	00:28
alekibango	plz put it on pastebin	00:29
Orman_	Yes it might be bug.	00:29
Orman_	Would love to see it.	00:29
rds__	i can ping the vm	00:29
rds__	but i can't connect via ssh	00:29
rds__	just after ssh -i key.pem root@10.0.0.3	00:30
Orman_	Hmmm weird	00:30
alekibango	try ssh -vvvv	00:30
alekibango	:)	00:30
alekibango	but that is not the problem	00:30
alekibango	is the machine having 10.0.0.3	00:30
alekibango	is it running really?	00:30
rds__	yes i can ping the machine	00:31
Orman_	Good	00:32
*** Cybodog has joined #openstack		00:37
rds__	i tried ssh -vvvv	00:38
rds__	i get this	00:38
rds__	http://pastebin.com/L5AwTK5S	00:38
rds__	any idea? :)	00:39
Orman_	Thanks for pasting it.	00:40
Orman_	:)	00:40
Orman_	will look at it.	00:40
rds__	thanks	00:41
alekibango	rds__: what if you say 'y'	00:44
alekibango	yes i mean	00:44
alekibango	debug3: Not a RSA1 key file key.pem. ????	00:45
*** Ryan_Lane\|away has quit IRC		00:45
rds__	i get Host key verification failed	00:47
*** Cybodog has quit IRC		00:48
rds__	i have the key.pem key	00:48
*** Ryan_Lane\|away has joined #openstack		00:49
rds__	generated with euca-add-keypair key > key.pem	00:50
alekibango	you didnt type yes, did you	00:50
rds__	yes i did	00:52
alekibango	didnt :)	00:52
alekibango	yes - not y	00:52
rds__	ok not on pastebin :)	00:53
alekibango	please paste all :)	00:53
alekibango	or edit your ~/.ssh/known_hosts	00:53
alekibango	and remove offending line	00:53
Orman_	In order for us to see your problem yoo are having we need to see the code. ;D	00:54
alekibango	this more likely sounds like ssh key problem	00:54
alekibango	unrelated to openstack	00:54
Orman_	Right	00:54
Orman_	Key seems to be the problem or the host.	00:56
Orman_	ssh.	00:56
*** anneg has joined #openstack		01:03
Orman_	Hey anneg	01:03
Orman_	;D	01:03
*** khussein has quit IRC		01:05
rds__	sorry for the delay	01:06
rds__	i'm having some copy/paste problem with screen	01:06
rds__	http://pastebin.com/1YpWdHfU	01:06
alekibango	rds__: you are in	01:07
alekibango	type ps faxwww	01:07
alekibango	and see	01:08
alekibango	congrats :)	01:08
alekibango	try ls /home	01:08
alekibango	or getent passwd	01:08
rds__	yes i'm in :)	01:09
Orman_	Cool	01:09
rds__	i feel a little bit stupid :)	01:09
Orman_	Good job alekibango!!!	01:09
Orman_	;D	01:09
alekibango	rds__: thats ok. we all are stupid in our own way	01:10
Orman_	lol	01:10
Orman_	So true.	01:10
rds__	thank you very much	01:11
alekibango	np	01:12
rds__	but i don't understand	01:13
alekibango	was glad to do something good after strange discussion on #turbogears	01:13
rds__	it's the same think i have done all day :)	01:13
alekibango	rds__: you need to accept the key when you are connecting for the first time	01:13
alekibango	by typing yes	01:13
alekibango	(not y)	01:13
alekibango	not enter	01:13
rds__	yes i see :)	01:15
*** ChrisAM has quit IRC		01:17
*** xtoddx has quit IRC		01:17
rds__	thanks anyway	01:17
*** devcamcar has quit IRC		01:17
*** anotherjesse has quit IRC		01:18
alekibango	rds__: just try to help someone else	01:18
alekibango	:)	01:18
*** devcamcar has joined #openstack		01:18
*** vishy has quit IRC		01:18
rds__	yes, i hope	01:18
*** vishy has joined #openstack		01:19
rds__	i like this project	01:19
*** xtoddx has joined #openstack		01:19
alekibango	rds__: (joke) they say that nova means: no other viable alternative	01:19
*** anotherjesse has joined #openstack		01:20
*** ChrisAM1 has joined #openstack		01:20
rds__	and i'm thinking to spend the next three month studying and contributing	01:20
alekibango	good	01:20
rds__	:)	01:21
rds__	ok, it's bed time in Italy	01:23
rds__	thanks again	01:23
alekibango	cz here :)	01:23
alekibango	gn8	01:23
rds__	good night	01:24
Orman_	Night. rds. ;D	01:44
*** rds__ has quit IRC		01:59
Orman_	alekibango: I'm adding more to the notes.	01:59
*** anneg has quit IRC		02:10
*** anneg has joined #openstack		02:13
Orman_	alekibango: http://nova.openstack.org/nova.html#module-nova.crypto	02:14
Orman_	Could help us when we are writing the Unencrypted Communications Section.	02:16
Orman_	anneg: Hey	02:19
notmyname	hotel wifi connections are so bad	02:27
alekibango	Orman_: will look later :)	02:27
Orman_	I know just telling you.	02:27
Orman_	I just want to make sure I am highlighting what needs to be documented in the notes.	02:28
notmyname	I really don't get the need for the web proxy that hijacks my connection until I click a button to agree to something I didn't read about not cracking other people's computers or whatever	02:28
*** sebastianstadil has quit IRC		02:29
alekibango	thats just to let you know you are watched	02:29
Orman_	Crypto needs to be used more and new things needs to be developed to help encrypt the communications.	02:30
*** kevnfx has joined #openstack		02:31
alekibango	and it needs to survive partition	02:37
alekibango	of the network	02:37
alekibango	Orman_: but really, is that needed?	02:38
alekibango	when we do not allow them to touch the network devices	02:38
alekibango	they will nt be able to listen	02:38
Orman_	True	02:38
Orman_	I guess I am just too paranoid. ;D	02:38
*** kevnfx has quit IRC		02:38
alekibango	well it might have sense in some cases	02:39
alekibango	distributed cloud	02:39
alekibango	having clusters in different cities	02:39
alekibango	yet connected	02:39
Orman_	Right, I agree.	02:41
Orman_	I am just trying to add new ideas to the table of encryption security.	02:42
Orman_	First priority is to document the holes that are in the communications that are unencrypted.	02:45
alekibango	you need to see who is able to listen to what communication	02:45
alekibango	where can atacker get wire to listen to it	02:45
Orman_	Right and then go from their.	02:46
alekibango	2) analyze what they can get	02:46
alekibango	prepare some obstacles :)	02:46
Orman_	Do you think the Nova Auth Docs would help us?	02:46
Orman_	I believe they would.	02:47
Orman_	I first have to find the obstacles.	02:47
Orman_	;)	02:47
*** khussein has joined #openstack		02:53
*** jdmaturen has quit IRC		02:59
*** anneg has quit IRC		03:13
*** sophiap has quit IRC		03:26
*** sophiap has joined #openstack		03:26
*** miclorb_ has joined #openstack		03:35
*** miclorb_ has quit IRC		03:40
*** ivan has quit IRC		03:49
*** ivan has joined #openstack		03:51
*** sophiap has joined #openstack		04:10
*** sophiap has quit IRC		04:19
*** sophiap has joined #openstack		04:23
*** sophiap_ has joined #openstack		04:26
*** sophiap has quit IRC		04:27
*** sophiap_ is now known as sophiap		04:27
*** Orman_ has quit IRC		04:59
*** kirkland has quit IRC		05:09
*** kirkland has joined #openstack		05:18
*** Orman has joined #openstack		05:18
*** sophiap has quit IRC		05:24
Orman	alekibango: You still here?	05:42
alekibango	y	06:02
Orman	Just wondering.	06:07
alekibango	:)	06:07
Orman	I am trying to find some auth bugs.	06:07
Orman	Can't find any that anyone filed.	06:08
alekibango	first we imho should talk about architecture	06:08
alekibango	which network where who can get what	06:08
Orman	Permissions.	06:08
alekibango	this will be very arch related	06:08
alekibango	yes, rights, permissions	06:09
alekibango	right != permission :)	06:09
Orman	:)	06:09
alekibango	permission may be given, right is there from beginning	06:10
Orman	So first we develop the architecture for the Authentication and then list the problems we've found.	06:10
alekibango	and everyone has right for privacy	06:10
alekibango	!	06:10
Orman	Right privacy is key here.	06:10
alekibango	imho we need some architecture design schemas first	06:10
alekibango	and test installs ...	06:11
alekibango	its good to monitor network uising wireshark or something	06:11
alekibango	or ngrep	06:11
Orman	Just so we're on the same page we are talking about Security architecture right?	06:11
alekibango	or whatever	06:11
alekibango	?	06:11
alekibango	page?	06:11
Orman	Well I mean Authentication	06:11
Orman	archtitecture	06:12
alekibango	i meant network architecture	06:12
alekibango	how those machines will be connected	06:12
Orman	Ok	06:12
alekibango	and those clusters	06:12
alekibango	then we can build security architecture on top of that	06:12
Orman	Oh haha I was thinking Authentication.	06:12
alekibango	and test it	06:12
Orman	haha I am tired	06:12
alekibango	me too	06:12
Orman	Ok now I got you	06:12
alekibango	it was very long night for me	06:13
Orman	Passion comes before sleep for me. ;)	06:13
alekibango	i even got on ignore list of someone today	06:13
Orman	lol	06:13
Orman	Really?	06:13
alekibango	for asking questions	06:13
Orman	What that's dumb.	06:14
alekibango	and pressing something	06:14
alekibango	like failure in project management	06:14
Orman	?	06:14
Orman	:	06:14
Orman	:(	06:14
alekibango	well, that made me totally out tonight	06:14
Orman	Yeah just shake it off.	06:14
alekibango	very looong night	06:14
Orman	;)	06:14
alekibango	Orman: i dont feel down, just tired	06:15
alekibango	maybe the project might be down soon...	06:15
alekibango	which makes me sad	06:15
Orman	alekibango: I know and I am just trying to lghiten the mood.	06:15
alekibango	well, i must say openstackis really exceptional	06:16
Orman	Yeah it is	06:16
Orman	I love the community. You all welcomed me in.	06:17
alekibango	i hope it will keep being this way	06:17
Orman	Me too.	06:17
Orman	Smart people working together for the greater good. ;D	06:18
Orman	So for the Nova notes we will first start out with the network architecture and then move towards securing the stack.	06:19
alekibango	we might even need more archs	06:19
Orman	:)	06:19
alekibango	it differs for 4 servers	06:19
alekibango	and for 50	06:19
Orman	To do that we will need more help.	06:19
alekibango	and for distributed one	06:19
alekibango	yes	06:19
alekibango	thats what we need	06:19
Orman	I just need an outline to what we need to first write about.	06:20
Orman	I have Unencrypted as the first one in the notes below everything else.	06:21
alekibango	i think we might even delete the last paragraph :)	06:22
alekibango	as we need input from devs here	06:22
alekibango	we need to really define what is what, what needs protection	06:22
alekibango	and how imporant it is	06:22
alekibango	and in what network architecture setup it is	06:23
alekibango	only then we might come with reasonable solutions	06:23
Orman	Right	06:23
alekibango	Orman: imagine those different networks - vlans, flat, flat with dhcp	06:23
alekibango	different needs!	06:23
Orman	Ok	06:24
Orman	Different security solutions.	06:24
alekibango	yes	06:24
alekibango	thats why we need architecture pictures	06:24
alekibango	schemas	06:24
Orman	Visio should help. ;D	06:24
alekibango	ouch	06:25
alekibango	no ms!	06:25
Orman	lol	06:25
alekibango	blindio	06:25
Orman	Yeah	06:25
Orman	Developers should give us the in depth network info we need for the different networks.	06:26
Orman	Only then can we move on.	06:26
Orman	I am going to delete the last paragraph.	06:27
alekibango	see those 3 cliparts http://www.openclipart.org/search/?query=dexMilano	06:27
alekibango	very nice for making comp netwrok pictures	06:28
alekibango	using for example inkscape	06:28
alekibango	(very nice app)	06:28
Orman	Yeah	06:28
alekibango	you can import those libs from menu	06:29
alekibango	just search dex	06:29
alekibango	:)	06:29
Orman	Code would really be nice to have along with those diagrams.	06:29
alekibango	or the other way around	06:29
alekibango	:)	06:29
Orman	;)	06:29
alekibango	Orman: those diagrams should be in deployment docs	06:29
Orman	Ok	06:30
alekibango	i might draw them when someone will help me	06:30
Orman	So can I delete the first paragraph?	06:30
Orman	I sthat fine with you?	06:30
alekibango	last? :)	06:30
alekibango	there is always history	06:30
Orman	the Unencrypted one I wrote.	06:30
alekibango	dont worry much	06:30
alekibango	save revision	06:31
Orman	Ok well I just want to get off to the right step.	06:31
alekibango	?	06:31
alekibango	Orman: maybe the right step should be the one which brings you to bed :)))	06:31
alekibango	or some tea	06:32
Orman	lol	06:32
alekibango	you are starting to talk in penglish	06:32
alekibango	:)	06:32
Orman	I'm such a geek.	06:32
alekibango	(as much as i do heh)	06:32
Orman	Yeah tired.	06:32
alekibango	we need automated cert. generation	06:33
alekibango	thats done by the nove crypto, right?	06:33
Orman	Sorry about speaking penglish.	06:33
Orman	hehe.	06:33
alekibango	np	06:33
alekibango	ingleeze	06:33
alekibango	Orman: best what i learned from english was that when you speak too well	06:34
alekibango	you cant talk to locals	06:34
alekibango	in egypt for example	06:34
alekibango	imagine guy standing just near pyramids	06:34
alekibango	calling loudly "WANDALA KOLA"	06:34
Orman	Right I was looking at the nova crypto earlier.	06:35
alekibango	what would you do?	06:35
alekibango	our best english speaker was not able to understand him	06:35
Orman	Ok	06:35
alekibango	but we penglishersh knew immediatelly that he is selling cola for 1 dollar each	06:35
Orman	Right	06:36
alekibango	and from the time, i dont care much about grandma :)	06:36
alekibango	gramma i mean	06:36
Orman	Ok	06:37
Orman	Diagrams will help and especially developers.	06:38
alekibango	we need somehow to make them interested	06:38
alekibango	maybe when they do not sleep	06:38
alekibango	:D	06:38
Orman	lol	06:38
alekibango	which is in some 8 hours?	06:39
*** pvo has quit IRC		06:39
Orman	Yeah it would help to have at least one or two to start.	06:39
Orman	Developers are the key. ;)	06:40
alekibango	try bugging hys!^ (name written upside down from right to left)	06:41
alekibango	(: uewjo	06:42
Orman	alekibango: His name is hys!?	06:44
*** khussein has quit IRC		06:44
alekibango	you missed ^ = v	06:45
Orman	Ok	06:45
alekibango	you are uewjo.	06:45
Orman	hys!^: Would you be interested in working on the Nova Security Notes? http://etherpad.openstack.org/NovaSecurityNotes	06:47
alekibango	hehe Orman you do not read me :)	06:47
alekibango	i tried to avoid his name by turning it upside down	06:47
alekibango	talk to him when he is alive	06:47
alekibango	(v!ishy)	06:47
Orman	Not reading sleeping	06:47
Orman	haha	06:47
Orman	Sorry	06:48
Orman	penglish	06:48
Orman	hehe	06:48
alekibango	i should go bed too	06:48
alekibango	soon	06:48
Orman	Wow I messed up there.	06:49
alekibango	we all do :D	06:49
alekibango	you just need to fail better each and every day	06:49
Orman	Thanks makes me feel better	06:49
alekibango	:D	06:50
Orman	What time is it their	06:50
Orman	?	06:50
alekibango	usa eastern	06:51
Orman	Hehe mine too.	06:51
alekibango	sun came up here hour ago	06:51
Orman	Wow	06:52
Orman	Well I'll let you go. I am going to get some sleep so I can fuel up for tomorrow if indeed we collaborate with other people. ;D	06:54
alekibango	well, in sunday its sleepy here	06:57
alekibango	weekends -> ppl dont work much	06:58
Orman	Yeah me too	06:58
Orman	So I guess we just wait for developers to start working with us right?	06:59
alekibango	Orman: its better to be proactive	07:00
alekibango	that makes you win wars	07:00
Orman	I know,but I mean to have more depth on the people side.	07:00
alekibango	define the place of the fight	07:00
alekibango	yes i a gree	07:00
alekibango	but not passive waiting	07:00
Orman	Right.	07:01
Orman	I love Technical writing.	07:01
alekibango	maybe try to install it on 2-4 servers	07:01
alekibango	:D	07:01
alekibango	do you have some?	07:01
Orman	Well, no.	07:02
Orman	I do have my people though.	07:03
Orman	;)	07:03
alekibango	do you want some	07:03
alekibango	i could give you 2 for a week	07:03
Orman	What type of servers are they?	07:04
alekibango	8core xeons	07:04
Orman	hmmm	07:04
alekibango	16 gb ram, 2 network cards	07:04
alekibango	etc	07:04
alekibango	2 disks	07:04
alekibango	but maybe i rather should finally make them install from fai :)	07:05
Orman	Are running anything on them right now?	07:05
alekibango	Orman: not atm	07:05
Orman	I'll think about it.	07:05
Orman	Sounds like they're awesome. ;)	07:06
alekibango	but maybe i should rather install 4 server clusters on all 4	07:06
alekibango	Orman: i would give you access so you could test with me	07:07
Orman	Testing OpenStack right or am I off?	07:07
alekibango	yes	07:07
alekibango	i would like to test it well	07:08
Orman	Ok	07:08
Orman	Right	07:08
alekibango	for few weeks -- and develop some improvements	07:08
alekibango	heh, i should write some blueprint today	07:08
alekibango	for my scheduler	07:08
Orman	The only thing is I am not the best at coding.	07:08
alekibango	Orman: so do some python tutorials when you wake up	07:09
alekibango	it can be learned in 2-5 hours	07:09
Orman	;)	07:09
alekibango	no jokes	07:09
alekibango	my 7 year old son is coding using it	07:09
Orman	I know	07:09
Orman	Yeah you told me that. Genius.	07:10
alekibango	so you can too	07:10
Orman	Yeah I will try some tutorials.	07:10
alekibango	Orman: he is more likely good piano player :)	07:10
Orman	Well it's good to have many talents.	07:10
alekibango	Orman: i am teaching him jazz!	07:11
Orman	I like Jazz.	07:11
Orman	Nice music.	07:12
alekibango	Orman: he wants to play music like the one in transport tycoon	07:12
alekibango	do you know?	07:12
alekibango	http://www.transporttycoon.net/music	07:12
Orman	You mean the game?	07:12
alekibango	really sweet music	07:12
alekibango	yes	07:12
alekibango	i think in 1-2 years he will be playing like that	07:13
Orman	Not bad sound	07:13
Orman	TT Deluxe Theme.	07:13
Orman	;)	07:13
alekibango	i consider buying this for him http://www.playpianotoday.com/blues/	07:13
Orman	That can come in handy.	07:14
alekibango	maybe next year, when he will have his own laptop :)	07:14
Orman	So he really would like to be musician in the future?	07:15
alekibango	yep	07:15
Orman	Nice!	07:15
alekibango	he is playing in public already :)	07:15
Orman	Good get the buttefly's off.	07:16
Orman	Confidence	07:16
Orman	Have you seen the movie Catch me if you can?	07:16
alekibango	well, he needs to learn loosing	07:16
alekibango	yes i have	07:16
Orman	Ok	07:16
alekibango	nice one	07:17
alekibango	but lying a bit :)	07:17
Orman	That's an excellent example of how hacker works.	07:17
Orman	in the movie at the end I mean.	07:17
alekibango	no, thats cracker :) social engeneering	07:17
Orman	Well yeah	07:17
alekibango	i know. i study that	07:17
alekibango	psychology, the art of war, history etc	07:18
Orman	Both could be tied to that I mean that bad hackers work for security companies.	07:18
Orman	Right	07:18
alekibango	the art of war is very important to understand	07:18
alekibango	because we are in middle of many wars	07:18
Orman	Yeah	07:18
alekibango	Orman: all wars are based on deception!	07:19
Orman	Ok	07:19
alekibango	and you can bet deception means someone trying to control you, its war	07:19
Orman	Out wit your opponent.	07:19
alekibango	Orman: its not about opponents sometimes	07:20
alekibango	the worst war is inside your mind and heart	07:20
Orman	Right	07:20
Orman	Mental	07:20
Orman	Those are the toughest I find personally.	07:20
alekibango	not only mental... heart really	07:21
alekibango	and stomach	07:21
Orman	So those servers would be test dummies to analyze the stack/	07:22
Orman	?	07:22
alekibango	well i have 4 servers to play with	07:22
alekibango	just for os	07:22
Orman	Better then none.	07:22
Orman	Xeon's are a brand.	07:23
alekibango	well. memory is low, only 16gb	07:23
Orman	*good.	07:23
alekibango	i would like to have at least twice	07:23
alekibango	i would like to start public cloud soon	07:23
Orman	Put the clusters up like you said	07:23
alekibango	ok will try asap tomorrow	07:24
Orman	Let me know what the status is.	07:24
alekibango	on/off	07:24
alekibango	:)	07:24
Orman	Yeah	07:24
Orman	Trial and error.	07:24
Orman	If you put the clusters together then you should be fine.	07:25
alekibango	well not really. its still somehow young a lot	07:25
alekibango	but i will feel better thats sure	07:26
alekibango	:D	07:26
Orman	Yeah	07:26
Orman	Run security tests on them as well.	07:26
alekibango	can be	07:26
Orman	I have to get a some stuff done tomorrow on the Nova Security Notes.	07:27
Orman	Well I should hit the hay.	07:29
alekibango	:D	07:30
Orman	3:29AM here in Florida.	07:30
Orman	Youl will be on tomorrow right?	07:30
alekibango	sure	07:30
Orman	Ok	07:30
Orman	Well till then my friend God bless you	07:31
Orman	Have a good night. ;D	07:31
Orman	By the way I will look at the Python tutorials.	07:33
Orman	;)	07:33
Orman	See ya	07:34
*** Orman has quit IRC		07:34
*** allsystemsarego has joined #openstack		07:48
*** eldarnugaev has joined #openstack		08:55
*** anneg has joined #openstack		09:10
*** anneg has quit IRC		09:14
*** stewart has quit IRC		09:32
*** gaveen has joined #openstack		09:36
*** aimon has quit IRC		09:56
*** aimon has joined #openstack		09:56
*** sagactor has joined #openstack		10:02
sagactor	any homosexuals in here	10:03
sagactor	i hate queers...and blacks...and all minorities	10:04
*** sagactor has quit IRC		10:04
*** miclorb has joined #openstack		10:05
*** kashyapc has joined #openstack		10:23
*** aimon_ has joined #openstack		10:23
*** aimon has quit IRC		10:26
*** aimon_ is now known as aimon		10:26
*** eldarnugaev has quit IRC		10:38
*** stewart has joined #openstack		10:41
*** vladdy has joined #openstack		10:42
*** eldarnugaev has joined #openstack		10:56
*** tomo_bot has quit IRC		10:59
*** eldarnugaev has quit IRC		11:05
*** vladdy has quit IRC		11:20
*** vladdy has joined #openstack		11:22
*** tomo_bot has joined #openstack		11:22
*** gaveen has quit IRC		11:24
*** vladdy is now known as perestrelka		11:25
*** omidhdl has joined #openstack		11:30
*** omidhdl has joined #openstack		11:32
*** miclorb has quit IRC		11:41
*** krish has joined #openstack		11:45
*** ctennis has quit IRC		11:50
*** krish has quit IRC		12:07
*** krish has joined #openstack		12:19
*** ctennis has joined #openstack		12:40
*** arcane has quit IRC		12:47
*** arcane has joined #openstack		12:48
*** ctennis has quit IRC		12:56
*** gaveen has joined #openstack		12:58
*** gaveen has joined #openstack		12:58
*** pvo has joined #openstack		13:03
*** ChanServ sets mode: +v pvo		13:03
*** gaveen has joined #openstack		13:07
*** ctennis has joined #openstack		13:08
*** ctennis has joined #openstack		13:08
*** omidhdl has left #openstack		13:18
*** xfaf has quit IRC		13:23
*** sophiap has joined #openstack		13:28
*** pvo has quit IRC		13:29
*** sophiap_ has joined #openstack		13:35
*** sophiap has quit IRC		13:35
*** sophiap_ is now known as sophiap		13:35
*** pvo has joined #openstack		14:19
*** pvo has joined #openstack		14:19
*** ChanServ sets mode: +v pvo		14:19
*** pvo has quit IRC		14:21
*** coredump\|br has quit IRC		14:35
*** gondoi has joined #openstack		14:43
*** kevnfx has joined #openstack		14:44
*** kevnfx has quit IRC		14:45
*** coredump\|br has joined #openstack		14:51
*** gondoi has quit IRC		14:56
*** ChrisAM1 is now known as ChrisAM		15:05
*** sophiap has quit IRC		15:15
*** sophiap has joined #openstack		15:27
*** xfaf has joined #openstack		15:37
*** eldarnugaev has joined #openstack		15:43
*** burris has joined #openstack		15:51
*** anneg has joined #openstack		16:12
*** Orman has joined #openstack		16:19
*** burris has quit IRC		16:21
Orman	Hello all,	16:24
Orman	;)	16:24
Orman	Any developers want to help us out on the Nova Security Notes? http://etherpad.openstack.org/NovaSecurityNotes	16:25
Orman	We would love the help.	16:25
*** anneg has quit IRC		16:28
Orman	alekibango: Hey	16:30
*** eldarnugaev has quit IRC		16:41
*** anneg has joined #openstack		16:51
*** anneg has quit IRC		17:00
*** dagger has quit IRC		17:06
*** dagger has joined #openstack		17:08
*** dagger has joined #openstack		17:08
*** jdmaturen has joined #openstack		17:33
*** Orman has quit IRC		17:36
*** krish has quit IRC		18:17
alekibango	:)	18:28
*** anneg has joined #openstack		18:33
*** Orman has joined #openstack		18:42
Orman	Hello	18:42
Orman	Any developers online?	18:43
notmyname	based on your earlier comments, I assume you're looking for nova devs? ;-)	18:44
*** anneg has quit IRC		18:44
Orman	notmyname: Yes I am looking for Nova devs to help with the Nova Security Notes.	18:46
Orman	I hope I am not bugging people to much.	18:46
notmyname	you certainly aren't bugging me. security notes sound like a good thing	18:47
Orman	notmyname: Really any devs,but yes Nova devs especially. ;D	18:48
notmyname	but if you have any questions about swift, I'll try to help	18:48
alekibango	notmyname: that might help too	18:48
alekibango	we started looking on nova, but the same for swift should be done	18:48
Orman	We have not started the Swift Security Notes yet.	18:48
alekibango	please see the etherpad :)	18:48
*** eldarnugaev has joined #openstack		18:49
alekibango	and make copy	18:49
Orman	Here's what we have so far http://etherpad.openstack.org/NovaSecurityNotes	18:49
alekibango	make swift one :)	18:49
alekibango	we need to uderstand possible architectures	18:49
Orman	Just need more devs to help us outline it.	18:49
alekibango	and to see what needs protecting and from what	18:49
alekibango	thats what wee need devs for	18:49
alekibango	to help us to draw some nice pictures of possible network designs	18:50
alekibango	and from those designs we need to identify what could be problem	18:50
Orman	Yeah	18:50
notmyname	one of the nice things about swift is that users can't execute any code. so threats go way down	18:50
alekibango	this can differ for small clouds (<4 machines) and for big ones	18:50
alekibango	(where it can be distributed on different places)	18:51
Orman	Yeah if we have different clouds then we might have different security problems.	18:51
alekibango	but you need to be sure it will be safe when you will have swift installed in 2 cities in one cloud	18:52
alekibango	if thats possible	18:52
notmyname	sure it's possible	18:52
alekibango	you do not want someone to intercept what is moving around	18:52
alekibango	or change it	18:52
creiht	leave security to the security professionals :)	18:52
alekibango	those guys with guns? :)	18:53
Orman	Yeah if they can intercept data going around then that could be a huge problem.	18:53
notmyname	right. but the traffic can be easily segregated into local and not-local. local traffic is anything between the storage nodes and should be protected (see your friendly neighborhood net sec professional)	18:53
Orman	Yeah if we're talking local then it should stay local which would put the threat of security down.	18:54
notmyname	but local is "logically local"	18:55
Orman	Right	18:55
Orman	alekibango: Let's be productive. ;D	18:55
notmyname	and that depends on VPN or ssl tunnels or firewall rules or routing tables or whatever	18:55
alekibango	i cant right now, still fighting with some prbolem	18:56
Orman	alekibango: What's the problem?	18:56
alekibango	creiht, notmyname: network schemas, possible architecture diagrams can never harm	18:56
Orman	A lot to consider for security I know.	18:56
alekibango	Orman: my very own, local :)	18:56
Orman	alekiango: Did you try clustering?	18:57
alekibango	Orman: i am under pressure now, plese let me work :)	18:58
Orman	alekibango: Oh sorry man realize. :D	18:59
Orman	*didn't	18:59
Orman	+notmyname: I will make a Swift Security Notes one soon.	18:59
Orman	+notmyname: Would love to have a Swift dev work on it.	19:02
*** gaveen has quit IRC		19:02
notmyname	aren't you the security expert? ;-)	19:03
notmyname	but, yes, when you make it, I'm sure some of us will look at it (including myself)	19:04
Orman	+notmyname: Well, I am more like security student. Still though I would like any dev help I can get.	19:05
Orman	+notyname: Thanks for the complement though.	19:05
Orman	;P	19:05
*** ArdRigh has quit IRC		19:05
alekibango	notmyname: problem is that even security expert needs lots of time for checking the code and understanding the architecture	19:05
alekibango	we need to help make this clear	19:06
Orman	Right thanks alekibango.	19:06
Orman	We need devs to help as well on the Nova one.	19:06
alekibango	i am kind of security expert - older hacker, knowing much about the art of war and teacher of close combat, hehe	19:07
Orman	:)	19:07
Orman	I just would like to find some Nova devs today which could help.	19:08
Orman	However it's the weekend.	19:08
alekibango	tomorrow, cca 19 hours from now	19:08
alekibango	they will come here in numbers	19:08
Orman	:(	19:09
* alekibango is back to his work		19:09
Orman	I guess in the mean time just keep on writing the outlines and architecture.	19:10
alekibango	Orman: yes that what we did with nova manuals -- and it worked for the start	19:10
Orman	Ok	19:11
Orman	alekibango: Even though I'd love to have the devs work on it we need to keep on moving forward with it.	19:12
*** gaveen has joined #openstack		19:15
notmyname	anyone ever used dnspython? (http://www.dnspython.org/)	19:21
Orman	Developers are one of the keys. ;D	19:22
Orman	No	19:22
notmyname	or know of a better set of DNS tools?	19:22
notmyname	specifically, I need to follow a CNAME chain when given a host	19:24
Orman	+notmyname: I know you're Swift dev,but do you know Nova well?	19:26
notmyname	not at all	19:26
Orman	Ok	19:27
Orman	Trying to find a dev that knows.	19:27
Orman	Not easy. ;D	19:27
Orman	Architure for Nova I guess would go first.	19:32
Orman	The outline is already made	19:32
notmyname	creiht: I'm not adding my domain remapping middleware to the proxy pipeline in the example proxy-server.conf. Seems that these are optional (but nice to have) features. do you think they should be added?	19:32
Orman	I think for the Nova notes we should start with Authorization.	19:37
Orman	Everyone's busy. ;D	19:51
*** jaypipes has quit IRC		20:03
Orman	See ya later guys	20:11
*** Orman has quit IRC		20:11
*** eldarnugaev has quit IRC		20:12
*** metoikos has joined #openstack		20:37
*** sophiap has quit IRC		20:55
*** anneg has joined #openstack		20:59
*** sophiap has joined #openstack		21:01
*** pothos_ has quit IRC		21:07
*** anneg has quit IRC		21:07
*** anneg has joined #openstack		21:08
*** pothos has joined #openstack		21:09
*** joearnold has joined #openstack		21:11
patri0t	anyone know about security design of openstack, and where we should start to read?	21:16
*** kevnfx has joined #openstack		21:29
*** joearnold has quit IRC		21:33
*** allsystemsarego has quit IRC		21:36
*** joearnold has joined #openstack		21:39
*** joearnold has quit IRC		21:52
*** joearnold has joined #openstack		21:52
*** joearnold has quit IRC		21:59
*** perestrelka has quit IRC		22:01
*** perestrelka has joined #openstack		22:01
*** anneg has quit IRC		22:10
*** Orman has joined #openstack		22:13
Orman	Hey	22:13
*** miclorb_ has joined #openstack		22:15
Orman	Network security architecture	22:17
*** joearnold has joined #openstack		22:21
*** ArdRigh has joined #openstack		22:24
*** ArdRigh has joined #openstack		22:24
Orman	Nova devs on? I doubt it though because it's the weekend .;D	22:26
*** joearnol_ has joined #openstack		22:30
*** joearnold has quit IRC		22:33
*** joearnol_ has quit IRC		22:35
*** joearnold has joined #openstack		22:35
*** joearnold has quit IRC		22:40
Orman	I guess I will develop and design the network architecture first.	22:54
Orman	Then developers could collaborate with it if they are interested.	22:55
*** Cybodog has joined #openstack		22:57
*** Cybodog has quit IRC		23:01
*** matiu has joined #openstack		23:13
*** gaveen_ has joined #openstack		23:19
*** gaveen has quit IRC		23:22
*** eldarnugaev has joined #openstack		23:47
*** eldarnugaev has quit IRC		23:54

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!