*** xfaf has joined #openstack | 00:06 | |
*** mischer has quit IRC | 00:07 | |
alekibango | nicht? hitler is dead, long live obama | 00:09 |
---|---|---|
alekibango | :) | 00:09 |
Orman_ | Yeah I have different political views | 00:19 |
Orman_ | :P | 00:19 |
rds__ | hi guys | 00:23 |
Orman_ | hey | 00:23 |
rds__ | i'm just installed nova | 00:23 |
rds__ | with nova.sh on ubuntu 10.10 | 00:23 |
rds__ | i have nova up and running | 00:24 |
Orman_ | Ok | 00:24 |
rds__ | i have generated one key | 00:25 |
rds__ | and lanched one instance, but i can't connect | 00:25 |
rds__ | i get this error | 00:26 |
rds__ | Host key verification failed. | 00:26 |
Orman_ | Really? | 00:27 |
rds__ | yes :( | 00:27 |
alekibango | rds__: very strange | 00:28 |
Orman_ | Have you checked the host? | 00:28 |
alekibango | plz put it on pastebin | 00:29 |
Orman_ | Yes it might be bug. | 00:29 |
Orman_ | Would love to see it. | 00:29 |
rds__ | i can ping the vm | 00:29 |
rds__ | but i can't connect via ssh | 00:29 |
rds__ | just after ssh -i key.pem root@10.0.0.3 | 00:30 |
Orman_ | Hmmm weird | 00:30 |
alekibango | try ssh -vvvv | 00:30 |
alekibango | :) | 00:30 |
alekibango | but that is not the problem | 00:30 |
alekibango | is the machine having 10.0.0.3 | 00:30 |
alekibango | is it running really? | 00:30 |
rds__ | yes i can ping the machine | 00:31 |
Orman_ | Good | 00:32 |
*** Cybodog has joined #openstack | 00:37 | |
rds__ | i tried ssh -vvvv | 00:38 |
rds__ | i get this | 00:38 |
rds__ | http://pastebin.com/L5AwTK5S | 00:38 |
rds__ | any idea? :) | 00:39 |
Orman_ | Thanks for pasting it. | 00:40 |
Orman_ | :) | 00:40 |
Orman_ | will look at it. | 00:40 |
rds__ | thanks | 00:41 |
alekibango | rds__: what if you say 'y' | 00:44 |
alekibango | yes i mean | 00:44 |
alekibango | debug3: Not a RSA1 key file key.pem. ???? | 00:45 |
*** Ryan_Lane|away has quit IRC | 00:45 | |
rds__ | i get Host key verification failed | 00:47 |
*** Cybodog has quit IRC | 00:48 | |
rds__ | i have the key.pem key | 00:48 |
*** Ryan_Lane|away has joined #openstack | 00:49 | |
rds__ | generated with euca-add-keypair key > key.pem | 00:50 |
alekibango | you didnt type yes, did you | 00:50 |
rds__ | yes i did | 00:52 |
alekibango | didnt :) | 00:52 |
alekibango | yes - not y | 00:52 |
rds__ | ok not on pastebin :) | 00:53 |
alekibango | please paste all :) | 00:53 |
alekibango | or edit your ~/.ssh/known_hosts | 00:53 |
alekibango | and remove offending line | 00:53 |
Orman_ | In order for us to see your problem yoo are having we need to see the code. ;D | 00:54 |
alekibango | this more likely sounds like ssh key problem | 00:54 |
alekibango | unrelated to openstack | 00:54 |
Orman_ | Right | 00:54 |
Orman_ | Key seems to be the problem or the host. | 00:56 |
Orman_ | ssh. | 00:56 |
*** anneg has joined #openstack | 01:03 | |
Orman_ | Hey anneg | 01:03 |
Orman_ | ;D | 01:03 |
*** khussein has quit IRC | 01:05 | |
rds__ | sorry for the delay | 01:06 |
rds__ | i'm having some copy/paste problem with screen | 01:06 |
rds__ | http://pastebin.com/1YpWdHfU | 01:06 |
alekibango | rds__: you are in | 01:07 |
alekibango | type ps faxwww | 01:07 |
alekibango | and see | 01:08 |
alekibango | congrats :) | 01:08 |
alekibango | try ls /home | 01:08 |
alekibango | or getent passwd | 01:08 |
rds__ | yes i'm in :) | 01:09 |
Orman_ | Cool | 01:09 |
rds__ | i feel a little bit stupid :) | 01:09 |
Orman_ | Good job alekibango!!! | 01:09 |
Orman_ | ;D | 01:09 |
alekibango | rds__: thats ok. we all are stupid in our own way | 01:10 |
Orman_ | lol | 01:10 |
Orman_ | So true. | 01:10 |
rds__ | thank you very much | 01:11 |
alekibango | np | 01:12 |
rds__ | but i don't understand | 01:13 |
alekibango | was glad to do something good after strange discussion on #turbogears | 01:13 |
rds__ | it's the same think i have done all day :) | 01:13 |
alekibango | rds__: you need to accept the key when you are connecting for the first time | 01:13 |
alekibango | by typing yes | 01:13 |
alekibango | (not y) | 01:13 |
alekibango | not enter | 01:13 |
rds__ | yes i see :) | 01:15 |
*** ChrisAM has quit IRC | 01:17 | |
*** xtoddx has quit IRC | 01:17 | |
rds__ | thanks anyway | 01:17 |
*** devcamcar has quit IRC | 01:17 | |
*** anotherjesse has quit IRC | 01:18 | |
alekibango | rds__: just try to help someone else | 01:18 |
alekibango | :) | 01:18 |
*** devcamcar has joined #openstack | 01:18 | |
*** vishy has quit IRC | 01:18 | |
rds__ | yes, i hope | 01:18 |
*** vishy has joined #openstack | 01:19 | |
rds__ | i like this project | 01:19 |
*** xtoddx has joined #openstack | 01:19 | |
alekibango | rds__: (joke) they say that nova means: no other viable alternative | 01:19 |
*** anotherjesse has joined #openstack | 01:20 | |
*** ChrisAM1 has joined #openstack | 01:20 | |
rds__ | and i'm thinking to spend the next three month studying and contributing | 01:20 |
alekibango | good | 01:20 |
rds__ | :) | 01:21 |
rds__ | ok, it's bed time in Italy | 01:23 |
rds__ | thanks again | 01:23 |
alekibango | cz here :) | 01:23 |
alekibango | gn8 | 01:23 |
rds__ | good night | 01:24 |
Orman_ | Night. rds. ;D | 01:44 |
*** rds__ has quit IRC | 01:59 | |
Orman_ | alekibango: I'm adding more to the notes. | 01:59 |
*** anneg has quit IRC | 02:10 | |
*** anneg has joined #openstack | 02:13 | |
Orman_ | alekibango: http://nova.openstack.org/nova.html#module-nova.crypto | 02:14 |
Orman_ | Could help us when we are writing the Unencrypted Communications Section. | 02:16 |
Orman_ | anneg: Hey | 02:19 |
notmyname | hotel wifi connections are so bad | 02:27 |
alekibango | Orman_: will look later :) | 02:27 |
Orman_ | I know just telling you. | 02:27 |
Orman_ | I just want to make sure I am highlighting what needs to be documented in the notes. | 02:28 |
notmyname | I really don't get the need for the web proxy that hijacks my connection until I click a button to agree to something I didn't read about not cracking other people's computers or whatever | 02:28 |
*** sebastianstadil has quit IRC | 02:29 | |
alekibango | thats just to let you know you are watched | 02:29 |
Orman_ | Crypto needs to be used more and new things needs to be developed to help encrypt the communications. | 02:30 |
*** kevnfx has joined #openstack | 02:31 | |
alekibango | and it needs to survive partition | 02:37 |
alekibango | of the network | 02:37 |
alekibango | Orman_: but really, is that needed? | 02:38 |
alekibango | when we do not allow them to touch the network devices | 02:38 |
alekibango | they will nt be able to listen | 02:38 |
Orman_ | True | 02:38 |
Orman_ | I guess I am just too paranoid. ;D | 02:38 |
*** kevnfx has quit IRC | 02:38 | |
alekibango | well it might have sense in some cases | 02:39 |
alekibango | distributed cloud | 02:39 |
alekibango | having clusters in different cities | 02:39 |
alekibango | yet connected | 02:39 |
Orman_ | Right, I agree. | 02:41 |
Orman_ | I am just trying to add new ideas to the table of encryption security. | 02:42 |
Orman_ | First priority is to document the holes that are in the communications that are unencrypted. | 02:45 |
alekibango | you need to see who is able to listen to what communication | 02:45 |
alekibango | where can atacker get wire to listen to it | 02:45 |
Orman_ | Right and then go from their. | 02:46 |
alekibango | 2) analyze what they can get | 02:46 |
alekibango | prepare some obstacles :) | 02:46 |
Orman_ | Do you think the Nova Auth Docs would help us? | 02:46 |
Orman_ | I believe they would. | 02:47 |
Orman_ | I first have to find the obstacles. | 02:47 |
Orman_ | ;) | 02:47 |
*** khussein has joined #openstack | 02:53 | |
*** jdmaturen has quit IRC | 02:59 | |
*** anneg has quit IRC | 03:13 | |
*** sophiap has quit IRC | 03:26 | |
*** sophiap has joined #openstack | 03:26 | |
*** miclorb_ has joined #openstack | 03:35 | |
*** miclorb_ has quit IRC | 03:40 | |
*** ivan has quit IRC | 03:49 | |
*** ivan has joined #openstack | 03:51 | |
*** sophiap has joined #openstack | 04:10 | |
*** sophiap has quit IRC | 04:19 | |
*** sophiap has joined #openstack | 04:23 | |
*** sophiap_ has joined #openstack | 04:26 | |
*** sophiap has quit IRC | 04:27 | |
*** sophiap_ is now known as sophiap | 04:27 | |
*** Orman_ has quit IRC | 04:59 | |
*** kirkland has quit IRC | 05:09 | |
*** kirkland has joined #openstack | 05:18 | |
*** Orman has joined #openstack | 05:18 | |
*** sophiap has quit IRC | 05:24 | |
Orman | alekibango: You still here? | 05:42 |
alekibango | y | 06:02 |
Orman | Just wondering. | 06:07 |
alekibango | :) | 06:07 |
Orman | I am trying to find some auth bugs. | 06:07 |
Orman | Can't find any that anyone filed. | 06:08 |
alekibango | first we imho should talk about architecture | 06:08 |
alekibango | which network where who can get what | 06:08 |
Orman | Permissions. | 06:08 |
alekibango | this will be very arch related | 06:08 |
alekibango | yes, rights, permissions | 06:09 |
alekibango | right != permission :) | 06:09 |
Orman | :) | 06:09 |
alekibango | permission may be given, right is there from beginning | 06:10 |
Orman | So first we develop the architecture for the Authentication and then list the problems we've found. | 06:10 |
alekibango | and everyone has right for privacy | 06:10 |
alekibango | ! | 06:10 |
Orman | Right privacy is key here. | 06:10 |
alekibango | imho we need some architecture design schemas first | 06:10 |
alekibango | and test installs ... | 06:11 |
alekibango | its good to monitor network uising wireshark or something | 06:11 |
alekibango | or ngrep | 06:11 |
Orman | Just so we're on the same page we are talking about Security architecture right? | 06:11 |
alekibango | or whatever | 06:11 |
alekibango | ? | 06:11 |
alekibango | page? | 06:11 |
Orman | Well I mean Authentication | 06:11 |
Orman | archtitecture | 06:12 |
alekibango | i meant network architecture | 06:12 |
alekibango | how those machines will be connected | 06:12 |
Orman | Ok | 06:12 |
alekibango | and those clusters | 06:12 |
alekibango | then we can build security architecture on top of that | 06:12 |
Orman | Oh haha I was thinking Authentication. | 06:12 |
alekibango | and test it | 06:12 |
Orman | haha I am tired | 06:12 |
alekibango | me too | 06:12 |
Orman | Ok now I got you | 06:12 |
alekibango | it was very long night for me | 06:13 |
Orman | Passion comes before sleep for me. ;) | 06:13 |
alekibango | i even got on ignore list of someone today | 06:13 |
Orman | lol | 06:13 |
Orman | Really? | 06:13 |
alekibango | for asking questions | 06:13 |
Orman | What that's dumb. | 06:14 |
alekibango | and pressing something | 06:14 |
alekibango | like failure in project management | 06:14 |
Orman | ? | 06:14 |
Orman | : | 06:14 |
Orman | :( | 06:14 |
alekibango | well, that made me totally out tonight | 06:14 |
Orman | Yeah just shake it off. | 06:14 |
alekibango | very looong night | 06:14 |
Orman | ;) | 06:14 |
alekibango | Orman: i dont feel down, just tired | 06:15 |
alekibango | maybe the project might be down soon... | 06:15 |
alekibango | which makes me sad | 06:15 |
Orman | alekibango: I know and I am just trying to lghiten the mood. | 06:15 |
alekibango | well, i must say openstackis really exceptional | 06:16 |
Orman | Yeah it is | 06:16 |
Orman | I love the community. You all welcomed me in. | 06:17 |
alekibango | i hope it will keep being this way | 06:17 |
Orman | Me too. | 06:17 |
Orman | Smart people working together for the greater good. ;D | 06:18 |
Orman | So for the Nova notes we will first start out with the network architecture and then move towards securing the stack. | 06:19 |
alekibango | we might even need more archs | 06:19 |
Orman | :) | 06:19 |
alekibango | it differs for 4 servers | 06:19 |
alekibango | and for 50 | 06:19 |
Orman | To do that we will need more help. | 06:19 |
alekibango | and for distributed one | 06:19 |
alekibango | yes | 06:19 |
alekibango | thats what we need | 06:19 |
Orman | I just need an outline to what we need to first write about. | 06:20 |
Orman | I have Unencrypted as the first one in the notes below everything else. | 06:21 |
alekibango | i think we might even delete the last paragraph :) | 06:22 |
alekibango | as we need input from devs here | 06:22 |
alekibango | we need to really define what is what, what needs protection | 06:22 |
alekibango | and how imporant it is | 06:22 |
alekibango | and in what network architecture setup it is | 06:23 |
alekibango | only then we might come with reasonable solutions | 06:23 |
Orman | Right | 06:23 |
alekibango | Orman: imagine those different networks - vlans, flat, flat with dhcp | 06:23 |
alekibango | different needs! | 06:23 |
Orman | Ok | 06:24 |
Orman | Different security solutions. | 06:24 |
alekibango | yes | 06:24 |
alekibango | thats why we need architecture pictures | 06:24 |
alekibango | schemas | 06:24 |
Orman | Visio should help. ;D | 06:24 |
alekibango | ouch | 06:25 |
alekibango | no ms! | 06:25 |
Orman | lol | 06:25 |
alekibango | blindio | 06:25 |
Orman | Yeah | 06:25 |
Orman | Developers should give us the in depth network info we need for the different networks. | 06:26 |
Orman | Only then can we move on. | 06:26 |
Orman | I am going to delete the last paragraph. | 06:27 |
alekibango | see those 3 cliparts http://www.openclipart.org/search/?query=dexMilano | 06:27 |
alekibango | very nice for making comp netwrok pictures | 06:28 |
alekibango | using for example inkscape | 06:28 |
alekibango | (very nice app) | 06:28 |
Orman | Yeah | 06:28 |
alekibango | you can import those libs from menu | 06:29 |
alekibango | just search dex | 06:29 |
alekibango | :) | 06:29 |
Orman | Code would really be nice to have along with those diagrams. | 06:29 |
alekibango | or the other way around | 06:29 |
alekibango | :) | 06:29 |
Orman | ;) | 06:29 |
alekibango | Orman: those diagrams should be in deployment docs | 06:29 |
Orman | Ok | 06:30 |
alekibango | i might draw them when someone will help me | 06:30 |
Orman | So can I delete the first paragraph? | 06:30 |
Orman | I sthat fine with you? | 06:30 |
alekibango | last? :) | 06:30 |
alekibango | there is always history | 06:30 |
Orman | the Unencrypted one I wrote. | 06:30 |
alekibango | dont worry much | 06:30 |
alekibango | save revision | 06:31 |
Orman | Ok well I just want to get off to the right step. | 06:31 |
alekibango | ? | 06:31 |
alekibango | Orman: maybe the right step should be the one which brings you to bed :))) | 06:31 |
alekibango | or some tea | 06:32 |
Orman | lol | 06:32 |
alekibango | you are starting to talk in penglish | 06:32 |
alekibango | :) | 06:32 |
Orman | I'm such a geek. | 06:32 |
alekibango | (as much as i do heh) | 06:32 |
Orman | Yeah tired. | 06:32 |
alekibango | we need automated cert. generation | 06:33 |
alekibango | thats done by the nove crypto, right? | 06:33 |
Orman | Sorry about speaking penglish. | 06:33 |
Orman | hehe. | 06:33 |
alekibango | np | 06:33 |
alekibango | ingleeze | 06:33 |
alekibango | Orman: best what i learned from english was that when you speak too well | 06:34 |
alekibango | you cant talk to locals | 06:34 |
alekibango | in egypt for example | 06:34 |
alekibango | imagine guy standing just near pyramids | 06:34 |
alekibango | calling loudly "WANDALA KOLA" | 06:34 |
Orman | Right I was looking at the nova crypto earlier. | 06:35 |
alekibango | what would you do? | 06:35 |
alekibango | our best english speaker was not able to understand him | 06:35 |
Orman | Ok | 06:35 |
alekibango | but we penglishersh knew immediatelly that he is selling cola for 1 dollar each | 06:35 |
Orman | Right | 06:36 |
alekibango | and from the time, i dont care much about grandma :) | 06:36 |
alekibango | gramma i mean | 06:36 |
Orman | Ok | 06:37 |
Orman | Diagrams will help and especially developers. | 06:38 |
alekibango | we need somehow to make them interested | 06:38 |
alekibango | maybe when they do not sleep | 06:38 |
alekibango | :D | 06:38 |
Orman | lol | 06:38 |
alekibango | which is in some 8 hours? | 06:39 |
*** pvo has quit IRC | 06:39 | |
Orman | Yeah it would help to have at least one or two to start. | 06:39 |
Orman | Developers are the key. ;) | 06:40 |
alekibango | try bugging hys!^ (name written upside down from right to left) | 06:41 |
alekibango | (: uewjo | 06:42 |
Orman | alekibango: His name is hys!? | 06:44 |
*** khussein has quit IRC | 06:44 | |
alekibango | you missed ^ = v | 06:45 |
Orman | Ok | 06:45 |
alekibango | you are uewjo. | 06:45 |
Orman | hys!^: Would you be interested in working on the Nova Security Notes? http://etherpad.openstack.org/NovaSecurityNotes | 06:47 |
alekibango | hehe Orman you do not read me :) | 06:47 |
alekibango | i tried to avoid his name by turning it upside down | 06:47 |
alekibango | talk to him when he is alive | 06:47 |
alekibango | (v!ishy) | 06:47 |
Orman | Not reading sleeping | 06:47 |
Orman | haha | 06:47 |
Orman | Sorry | 06:48 |
Orman | penglish | 06:48 |
Orman | hehe | 06:48 |
alekibango | i should go bed too | 06:48 |
alekibango | soon | 06:48 |
Orman | Wow I messed up there. | 06:49 |
alekibango | we all do :D | 06:49 |
alekibango | you just need to fail better each and every day | 06:49 |
Orman | Thanks makes me feel better | 06:49 |
alekibango | :D | 06:50 |
Orman | What time is it their | 06:50 |
Orman | ? | 06:50 |
alekibango | usa eastern | 06:51 |
Orman | Hehe mine too. | 06:51 |
alekibango | sun came up here hour ago | 06:51 |
Orman | Wow | 06:52 |
Orman | Well I'll let you go. I am going to get some sleep so I can fuel up for tomorrow if indeed we collaborate with other people. ;D | 06:54 |
alekibango | well, in sunday its sleepy here | 06:57 |
alekibango | weekends -> ppl dont work much | 06:58 |
Orman | Yeah me too | 06:58 |
Orman | So I guess we just wait for developers to start working with us right? | 06:59 |
alekibango | Orman: its better to be proactive | 07:00 |
alekibango | that makes you win wars | 07:00 |
Orman | I know,but I mean to have more depth on the people side. | 07:00 |
alekibango | define the place of the fight | 07:00 |
alekibango | yes i a gree | 07:00 |
alekibango | but not passive waiting | 07:00 |
Orman | Right. | 07:01 |
Orman | I love Technical writing. | 07:01 |
alekibango | maybe try to install it on 2-4 servers | 07:01 |
alekibango | :D | 07:01 |
alekibango | do you have some? | 07:01 |
Orman | Well, no. | 07:02 |
Orman | I do have my people though. | 07:03 |
Orman | ;) | 07:03 |
alekibango | do you want some | 07:03 |
alekibango | i could give you 2 for a week | 07:03 |
Orman | What type of servers are they? | 07:04 |
alekibango | 8core xeons | 07:04 |
Orman | hmmm | 07:04 |
alekibango | 16 gb ram, 2 network cards | 07:04 |
alekibango | etc | 07:04 |
alekibango | 2 disks | 07:04 |
alekibango | but maybe i rather should finally make them install from fai :) | 07:05 |
Orman | Are running anything on them right now? | 07:05 |
alekibango | Orman: not atm | 07:05 |
Orman | I'll think about it. | 07:05 |
Orman | Sounds like they're awesome. ;) | 07:06 |
alekibango | but maybe i should rather install 4 server clusters on all 4 | 07:06 |
alekibango | Orman: i would give you access so you could test with me | 07:07 |
Orman | Testing OpenStack right or am I off? | 07:07 |
alekibango | yes | 07:07 |
alekibango | i would like to test it well | 07:08 |
Orman | Ok | 07:08 |
Orman | Right | 07:08 |
alekibango | for few weeks -- and develop some improvements | 07:08 |
alekibango | heh, i should write some blueprint today | 07:08 |
alekibango | for my scheduler | 07:08 |
Orman | The only thing is I am not the best at coding. | 07:08 |
alekibango | Orman: so do some python tutorials when you wake up | 07:09 |
alekibango | it can be learned in 2-5 hours | 07:09 |
Orman | ;) | 07:09 |
alekibango | no jokes | 07:09 |
alekibango | my 7 year old son is coding using it | 07:09 |
Orman | I know | 07:09 |
Orman | Yeah you told me that. Genius. | 07:10 |
alekibango | so you can too | 07:10 |
Orman | Yeah I will try some tutorials. | 07:10 |
alekibango | Orman: he is more likely good piano player :) | 07:10 |
Orman | Well it's good to have many talents. | 07:10 |
alekibango | Orman: i am teaching him jazz! | 07:11 |
Orman | I like Jazz. | 07:11 |
Orman | Nice music. | 07:12 |
alekibango | Orman: he wants to play music like the one in transport tycoon | 07:12 |
alekibango | do you know? | 07:12 |
alekibango | http://www.transporttycoon.net/music | 07:12 |
Orman | You mean the game? | 07:12 |
alekibango | really sweet music | 07:12 |
alekibango | yes | 07:12 |
alekibango | i think in 1-2 years he will be playing like that | 07:13 |
Orman | Not bad sound | 07:13 |
Orman | TT Deluxe Theme. | 07:13 |
Orman | ;) | 07:13 |
alekibango | i consider buying this for him http://www.playpianotoday.com/blues/ | 07:13 |
Orman | That can come in handy. | 07:14 |
alekibango | maybe next year, when he will have his own laptop :) | 07:14 |
Orman | So he really would like to be musician in the future? | 07:15 |
alekibango | yep | 07:15 |
Orman | Nice! | 07:15 |
alekibango | he is playing in public already :) | 07:15 |
Orman | Good get the buttefly's off. | 07:16 |
Orman | Confidence | 07:16 |
Orman | Have you seen the movie Catch me if you can? | 07:16 |
alekibango | well, he needs to learn loosing | 07:16 |
alekibango | yes i have | 07:16 |
Orman | Ok | 07:16 |
alekibango | nice one | 07:17 |
alekibango | but lying a bit :) | 07:17 |
Orman | That's an excellent example of how hacker works. | 07:17 |
Orman | in the movie at the end I mean. | 07:17 |
alekibango | no, thats cracker :) social engeneering | 07:17 |
Orman | Well yeah | 07:17 |
alekibango | i know. i study that | 07:17 |
alekibango | psychology, the art of war, history etc | 07:18 |
Orman | Both could be tied to that I mean that bad hackers work for security companies. | 07:18 |
Orman | Right | 07:18 |
alekibango | the art of war is very important to understand | 07:18 |
alekibango | because we are in middle of many wars | 07:18 |
Orman | Yeah | 07:18 |
alekibango | Orman: all wars are based on deception! | 07:19 |
Orman | Ok | 07:19 |
alekibango | and you can bet deception means someone trying to control you, its war | 07:19 |
Orman | Out wit your opponent. | 07:19 |
alekibango | Orman: its not about opponents sometimes | 07:20 |
alekibango | the worst war is inside your mind and heart | 07:20 |
Orman | Right | 07:20 |
Orman | Mental | 07:20 |
Orman | Those are the toughest I find personally. | 07:20 |
alekibango | not only mental... heart really | 07:21 |
alekibango | and stomach | 07:21 |
Orman | So those servers would be test dummies to analyze the stack/ | 07:22 |
Orman | ? | 07:22 |
alekibango | well i have 4 servers to play with | 07:22 |
alekibango | just for os | 07:22 |
Orman | Better then none. | 07:22 |
Orman | Xeon's are a brand. | 07:23 |
alekibango | well. memory is low, only 16gb | 07:23 |
Orman | *good. | 07:23 |
alekibango | i would like to have at least twice | 07:23 |
alekibango | i would like to start public cloud soon | 07:23 |
Orman | Put the clusters up like you said | 07:23 |
alekibango | ok will try asap tomorrow | 07:24 |
Orman | Let me know what the status is. | 07:24 |
alekibango | on/off | 07:24 |
alekibango | :) | 07:24 |
Orman | Yeah | 07:24 |
Orman | Trial and error. | 07:24 |
Orman | If you put the clusters together then you should be fine. | 07:25 |
alekibango | well not really. its still somehow young a lot | 07:25 |
alekibango | but i will feel better thats sure | 07:26 |
alekibango | :D | 07:26 |
Orman | Yeah | 07:26 |
Orman | Run security tests on them as well. | 07:26 |
alekibango | can be | 07:26 |
Orman | I have to get a some stuff done tomorrow on the Nova Security Notes. | 07:27 |
Orman | Well I should hit the hay. | 07:29 |
alekibango | :D | 07:30 |
Orman | 3:29AM here in Florida. | 07:30 |
Orman | Youl will be on tomorrow right? | 07:30 |
alekibango | sure | 07:30 |
Orman | Ok | 07:30 |
Orman | Well till then my friend God bless you | 07:31 |
Orman | Have a good night. ;D | 07:31 |
Orman | By the way I will look at the Python tutorials. | 07:33 |
Orman | ;) | 07:33 |
Orman | See ya | 07:34 |
*** Orman has quit IRC | 07:34 | |
*** allsystemsarego has joined #openstack | 07:48 | |
*** eldarnugaev has joined #openstack | 08:55 | |
*** anneg has joined #openstack | 09:10 | |
*** anneg has quit IRC | 09:14 | |
*** stewart has quit IRC | 09:32 | |
*** gaveen has joined #openstack | 09:36 | |
*** aimon has quit IRC | 09:56 | |
*** aimon has joined #openstack | 09:56 | |
*** sagactor has joined #openstack | 10:02 | |
sagactor | any homosexuals in here | 10:03 |
sagactor | i hate queers...and blacks...and all minorities | 10:04 |
*** sagactor has quit IRC | 10:04 | |
*** miclorb has joined #openstack | 10:05 | |
*** kashyapc has joined #openstack | 10:23 | |
*** aimon_ has joined #openstack | 10:23 | |
*** aimon has quit IRC | 10:26 | |
*** aimon_ is now known as aimon | 10:26 | |
*** eldarnugaev has quit IRC | 10:38 | |
*** stewart has joined #openstack | 10:41 | |
*** vladdy has joined #openstack | 10:42 | |
*** eldarnugaev has joined #openstack | 10:56 | |
*** tomo_bot has quit IRC | 10:59 | |
*** eldarnugaev has quit IRC | 11:05 | |
*** vladdy has quit IRC | 11:20 | |
*** vladdy has joined #openstack | 11:22 | |
*** tomo_bot has joined #openstack | 11:22 | |
*** gaveen has quit IRC | 11:24 | |
*** vladdy is now known as perestrelka | 11:25 | |
*** omidhdl has joined #openstack | 11:30 | |
*** omidhdl has joined #openstack | 11:32 | |
*** miclorb has quit IRC | 11:41 | |
*** krish has joined #openstack | 11:45 | |
*** ctennis has quit IRC | 11:50 | |
*** krish has quit IRC | 12:07 | |
*** krish has joined #openstack | 12:19 | |
*** ctennis has joined #openstack | 12:40 | |
*** arcane has quit IRC | 12:47 | |
*** arcane has joined #openstack | 12:48 | |
*** ctennis has quit IRC | 12:56 | |
*** gaveen has joined #openstack | 12:58 | |
*** gaveen has joined #openstack | 12:58 | |
*** pvo has joined #openstack | 13:03 | |
*** ChanServ sets mode: +v pvo | 13:03 | |
*** gaveen has joined #openstack | 13:07 | |
*** ctennis has joined #openstack | 13:08 | |
*** ctennis has joined #openstack | 13:08 | |
*** omidhdl has left #openstack | 13:18 | |
*** xfaf has quit IRC | 13:23 | |
*** sophiap has joined #openstack | 13:28 | |
*** pvo has quit IRC | 13:29 | |
*** sophiap_ has joined #openstack | 13:35 | |
*** sophiap has quit IRC | 13:35 | |
*** sophiap_ is now known as sophiap | 13:35 | |
*** pvo has joined #openstack | 14:19 | |
*** pvo has joined #openstack | 14:19 | |
*** ChanServ sets mode: +v pvo | 14:19 | |
*** pvo has quit IRC | 14:21 | |
*** coredump|br has quit IRC | 14:35 | |
*** gondoi has joined #openstack | 14:43 | |
*** kevnfx has joined #openstack | 14:44 | |
*** kevnfx has quit IRC | 14:45 | |
*** coredump|br has joined #openstack | 14:51 | |
*** gondoi has quit IRC | 14:56 | |
*** ChrisAM1 is now known as ChrisAM | 15:05 | |
*** sophiap has quit IRC | 15:15 | |
*** sophiap has joined #openstack | 15:27 | |
*** xfaf has joined #openstack | 15:37 | |
*** eldarnugaev has joined #openstack | 15:43 | |
*** burris has joined #openstack | 15:51 | |
*** anneg has joined #openstack | 16:12 | |
*** Orman has joined #openstack | 16:19 | |
*** burris has quit IRC | 16:21 | |
Orman | Hello all, | 16:24 |
Orman | ;) | 16:24 |
Orman | Any developers want to help us out on the Nova Security Notes? http://etherpad.openstack.org/NovaSecurityNotes | 16:25 |
Orman | We would love the help. | 16:25 |
*** anneg has quit IRC | 16:28 | |
Orman | alekibango: Hey | 16:30 |
*** eldarnugaev has quit IRC | 16:41 | |
*** anneg has joined #openstack | 16:51 | |
*** anneg has quit IRC | 17:00 | |
*** dagger has quit IRC | 17:06 | |
*** dagger has joined #openstack | 17:08 | |
*** dagger has joined #openstack | 17:08 | |
*** jdmaturen has joined #openstack | 17:33 | |
*** Orman has quit IRC | 17:36 | |
*** krish has quit IRC | 18:17 | |
alekibango | :) | 18:28 |
*** anneg has joined #openstack | 18:33 | |
*** Orman has joined #openstack | 18:42 | |
Orman | Hello | 18:42 |
Orman | Any developers online? | 18:43 |
notmyname | based on your earlier comments, I assume you're looking for nova devs? ;-) | 18:44 |
*** anneg has quit IRC | 18:44 | |
Orman | notmyname: Yes I am looking for Nova devs to help with the Nova Security Notes. | 18:46 |
Orman | I hope I am not bugging people to much. | 18:46 |
notmyname | you certainly aren't bugging me. security notes sound like a good thing | 18:47 |
Orman | notmyname: Really any devs,but yes Nova devs especially. ;D | 18:48 |
notmyname | but if you have any questions about swift, I'll try to help | 18:48 |
alekibango | notmyname: that might help too | 18:48 |
alekibango | we started looking on nova, but the same for swift should be done | 18:48 |
Orman | We have not started the Swift Security Notes yet. | 18:48 |
alekibango | please see the etherpad :) | 18:48 |
*** eldarnugaev has joined #openstack | 18:49 | |
alekibango | and make copy | 18:49 |
Orman | Here's what we have so far http://etherpad.openstack.org/NovaSecurityNotes | 18:49 |
alekibango | make swift one :) | 18:49 |
alekibango | we need to uderstand possible architectures | 18:49 |
Orman | Just need more devs to help us outline it. | 18:49 |
alekibango | and to see what needs protecting and from what | 18:49 |
alekibango | thats what wee need devs for | 18:49 |
alekibango | to help us to draw some nice pictures of possible network designs | 18:50 |
alekibango | and from those designs we need to identify what could be problem | 18:50 |
Orman | Yeah | 18:50 |
notmyname | one of the nice things about swift is that users can't execute any code. so threats go way down | 18:50 |
alekibango | this can differ for small clouds (<4 machines) and for big ones | 18:50 |
alekibango | (where it can be distributed on different places) | 18:51 |
Orman | Yeah if we have different clouds then we might have different security problems. | 18:51 |
alekibango | but you need to be sure it will be safe when you will have swift installed in 2 cities in one cloud | 18:52 |
alekibango | if thats possible | 18:52 |
notmyname | sure it's possible | 18:52 |
alekibango | you do not want someone to intercept what is moving around | 18:52 |
alekibango | or change it | 18:52 |
creiht | leave security to the security professionals :) | 18:52 |
alekibango | those guys with guns? :) | 18:53 |
Orman | Yeah if they can intercept data going around then that could be a huge problem. | 18:53 |
notmyname | right. but the traffic can be easily segregated into local and not-local. local traffic is anything between the storage nodes and should be protected (see your friendly neighborhood net sec professional) | 18:53 |
Orman | Yeah if we're talking local then it should stay local which would put the threat of security down. | 18:54 |
notmyname | but local is "logically local" | 18:55 |
Orman | Right | 18:55 |
Orman | alekibango: Let's be productive. ;D | 18:55 |
notmyname | and that depends on VPN or ssl tunnels or firewall rules or routing tables or whatever | 18:55 |
alekibango | i cant right now, still fighting with some prbolem | 18:56 |
Orman | alekibango: What's the problem? | 18:56 |
alekibango | creiht, notmyname: network schemas, possible architecture diagrams can never harm | 18:56 |
Orman | A lot to consider for security I know. | 18:56 |
alekibango | Orman: my very own, local :) | 18:56 |
Orman | alekiango: Did you try clustering? | 18:57 |
alekibango | Orman: i am under pressure now, plese let me work :) | 18:58 |
Orman | alekibango: Oh sorry man realize. :D | 18:59 |
Orman | *didn't | 18:59 |
Orman | +notmyname: I will make a Swift Security Notes one soon. | 18:59 |
Orman | +notmyname: Would love to have a Swift dev work on it. | 19:02 |
*** gaveen has quit IRC | 19:02 | |
notmyname | aren't you the security expert? ;-) | 19:03 |
notmyname | but, yes, when you make it, I'm sure some of us will look at it (including myself) | 19:04 |
Orman | +notmyname: Well, I am more like security student. Still though I would like any dev help I can get. | 19:05 |
Orman | +notyname: Thanks for the complement though. | 19:05 |
Orman | ;P | 19:05 |
*** ArdRigh has quit IRC | 19:05 | |
alekibango | notmyname: problem is that even security expert needs lots of time for checking the code and understanding the architecture | 19:05 |
alekibango | we need to help make this clear | 19:06 |
Orman | Right thanks alekibango. | 19:06 |
Orman | We need devs to help as well on the Nova one. | 19:06 |
alekibango | i am kind of security expert - older hacker, knowing much about the art of war and teacher of close combat, hehe | 19:07 |
Orman | :) | 19:07 |
Orman | I just would like to find some Nova devs today which could help. | 19:08 |
Orman | However it's the weekend. | 19:08 |
alekibango | tomorrow, cca 19 hours from now | 19:08 |
alekibango | they will come here in numbers | 19:08 |
Orman | :( | 19:09 |
* alekibango is back to his work | 19:09 | |
Orman | I guess in the mean time just keep on writing the outlines and architecture. | 19:10 |
alekibango | Orman: yes that what we did with nova manuals -- and it worked for the start | 19:10 |
Orman | Ok | 19:11 |
Orman | alekibango: Even though I'd love to have the devs work on it we need to keep on moving forward with it. | 19:12 |
*** gaveen has joined #openstack | 19:15 | |
notmyname | anyone ever used dnspython? (http://www.dnspython.org/) | 19:21 |
Orman | Developers are one of the keys. ;D | 19:22 |
Orman | No | 19:22 |
notmyname | or know of a better set of DNS tools? | 19:22 |
notmyname | specifically, I need to follow a CNAME chain when given a host | 19:24 |
Orman | +notmyname: I know you're Swift dev,but do you know Nova well? | 19:26 |
notmyname | not at all | 19:26 |
Orman | Ok | 19:27 |
Orman | Trying to find a dev that knows. | 19:27 |
Orman | Not easy. ;D | 19:27 |
Orman | Architure for Nova I guess would go first. | 19:32 |
Orman | The outline is already made | 19:32 |
notmyname | creiht: I'm not adding my domain remapping middleware to the proxy pipeline in the example proxy-server.conf. Seems that these are optional (but nice to have) features. do you think they should be added? | 19:32 |
Orman | I think for the Nova notes we should start with Authorization. | 19:37 |
Orman | Everyone's busy. ;D | 19:51 |
*** jaypipes has quit IRC | 20:03 | |
Orman | See ya later guys | 20:11 |
*** Orman has quit IRC | 20:11 | |
*** eldarnugaev has quit IRC | 20:12 | |
*** metoikos has joined #openstack | 20:37 | |
*** sophiap has quit IRC | 20:55 | |
*** anneg has joined #openstack | 20:59 | |
*** sophiap has joined #openstack | 21:01 | |
*** pothos_ has quit IRC | 21:07 | |
*** anneg has quit IRC | 21:07 | |
*** anneg has joined #openstack | 21:08 | |
*** pothos has joined #openstack | 21:09 | |
*** joearnold has joined #openstack | 21:11 | |
patri0t | anyone know about security design of openstack, and where we should start to read? | 21:16 |
*** kevnfx has joined #openstack | 21:29 | |
*** joearnold has quit IRC | 21:33 | |
*** allsystemsarego has quit IRC | 21:36 | |
*** joearnold has joined #openstack | 21:39 | |
*** joearnold has quit IRC | 21:52 | |
*** joearnold has joined #openstack | 21:52 | |
*** joearnold has quit IRC | 21:59 | |
*** perestrelka has quit IRC | 22:01 | |
*** perestrelka has joined #openstack | 22:01 | |
*** anneg has quit IRC | 22:10 | |
*** Orman has joined #openstack | 22:13 | |
Orman | Hey | 22:13 |
*** miclorb_ has joined #openstack | 22:15 | |
Orman | Network security architecture | 22:17 |
*** joearnold has joined #openstack | 22:21 | |
*** ArdRigh has joined #openstack | 22:24 | |
*** ArdRigh has joined #openstack | 22:24 | |
Orman | Nova devs on? I doubt it though because it's the weekend .;D | 22:26 |
*** joearnol_ has joined #openstack | 22:30 | |
*** joearnold has quit IRC | 22:33 | |
*** joearnol_ has quit IRC | 22:35 | |
*** joearnold has joined #openstack | 22:35 | |
*** joearnold has quit IRC | 22:40 | |
Orman | I guess I will develop and design the network architecture first. | 22:54 |
Orman | Then developers could collaborate with it if they are interested. | 22:55 |
*** Cybodog has joined #openstack | 22:57 | |
*** Cybodog has quit IRC | 23:01 | |
*** matiu has joined #openstack | 23:13 | |
*** gaveen_ has joined #openstack | 23:19 | |
*** gaveen has quit IRC | 23:22 | |
*** eldarnugaev has joined #openstack | 23:47 | |
*** eldarnugaev has quit IRC | 23:54 |
Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!