Conversation with #inferno at Sun Feb 15 16:38:33 2009 on powerman-asdf@irc.freenode.net (irc) (17:09:55) KillerX [n=anant@gentoo/developer/KillerX] entered the room. (17:40:42) ModusTollensUnit [n=tom@62.30.173.7] entered the room. (17:57:13) Fish [n=Fish@ASte-Genev-Bois-151-1-7-44.w82-121.abo.wanadoo.fr] entered the room. (18:10:12) ModusTollensUni1 [n=tom@77-97-79-37.cable.ubr12.live.blueyonder.co.uk] entered the room. (18:15:47) ModusTollensUnit left the room (quit: Read error: 110 (Connection timed out)). (18:16:17) sqweek: not that i'm aware of (19:20:06) m_m [n=none@ghillsrb1-pool1-20.mtco.com] entered the room. (20:31:41) KillerX left the room (quit: ). (22:18:12) m_m left the room (quit: Read error: 54 (Connection reset by peer)). (23:25:20) newmanbe left the room (quit: Read error: 104 (Connection reset by peer)). (00:06:52) Fish left the room (quit: Remote closed the connection). (00:37:55) powerman: wow. inferno svn (135MB) packed by gzip = 40MB, bzip2 = 30MB, 7z = 14MB (!!!) (00:57:47) anothy_x: text compresses very well. (00:58:26) anothy_x: now, going out. later. (01:33:32) KillerX [n=anant@gentoo/developer/KillerX] entered the room. (02:43:27) hotaru2k3 [n=hotaru@cpe-24-29-193-226.neo.res.rr.com] entered the room. (04:42:26) newmanbe [n=btdn@138.74.131.25] entered the room. (05:28:01) underspecified left the room (quit: ). (06:07:09) KillerX left the room (quit: ). (06:24:56) underspecified [n=eric@isa7-dhcp-116-154.naist.jp] entered the room. (06:48:35) newmanbe left the room (quit: Read error: 104 (Connection reset by peer)). (07:18:47) underspecified left the room (quit: ). (07:25:42) underspecified [n=eric@isa7-dhcp-116-154.naist.jp] entered the room. (07:28:48) underspecified left the room (quit: Client Quit). (07:30:07) underspecified [n=eric@isa7-dhcp-116-154.naist.jp] entered the room. (07:30:54) underspecified left the room (quit: Client Quit). (07:34:09) underspecified [n=eric@isa7-dhcp-116-154.naist.jp] entered the room. (07:35:21) underspecified left the room (quit: Client Quit). (07:37:24) underspecified [n=eric@isa7-dhcp-116-154.naist.jp] entered the room. (09:29:58) eno__ [n=eno@adsl-70-137-132-217.dsl.snfc21.sbcglobal.net] entered the room. (09:36:50) eno left the room (quit: Read error: 104 (Connection reset by peer)). (11:59:11) gualteri [n=unknown@crespins.disca.upv.es] entered the room. (14:24:11) underspecified left the room (quit: ). (15:07:38) underspecified [n=eric@softbank220043052007.bbtec.net] entered the room. (15:23:35) KillerX [n=anant@gentoo/developer/KillerX] entered the room. (15:38:32) mycroftiv left the room (quit: Read error: 104 (Connection reset by peer)). (16:47:28) hotaru2k3 left the room (quit: "ChatZilla 0.9.84 [Firefox 3.1b2/20081201080242]"). (17:00:30) mycroftiv [n=infernus@h69-128-47-243.mdsnwi.dedicated.static.tds.net] entered the room. (18:03:33) eno__ left the room (quit: "leaving"). (18:09:27) eno__ [n=eno@adsl-70-137-132-217.dsl.snfc21.sbcglobal.net] entered the room. (18:10:34) eno__ left the room (quit: Client Quit). (18:57:23) gualteri left the room (quit: "leaving"). (19:05:45) ModusTollensUni1 left the room. (19:14:02) KillerX left the room (quit: ). (19:26:43) mdx [n=depth@unaffiliated/mdx] entered the room. (19:44:22) eekee left the room (quit: "Caught sigterm, terminating..."). (19:53:32) eekee [n=notyou@cpc3-lanc4-0-0-cust273.brig.cable.ntl.com] entered the room. (20:57:54) eekee left the room (quit: "Caught sigterm, terminating..."). (21:48:17) eekee [n=notyou@cpc3-lanc4-0-0-cust273.brig.cable.ntl.com] entered the room. (22:42:29) powerman: is there exists file service like 'ramfile', but which will export empty dir with user-defined name instead of file? (22:42:55) powerman: I need it to use as mount point. (22:44:51) C-Keen: something like /n? (22:45:34) powerman: hmm. /n is just static dir, afaik (22:46:46) powerman: see, inferno installed system-wide in /usr/inferno, and all files belongs to user "inferno". now I try to start emu by user "powerman". there no /usr/powerman directory. and I (user "powerman") can't create it because /usr belongs to "inferno" and have 0755 rights. (22:47:37) powerman: so, I need to create virtual /usr/powerman dir, and then I'll mount #U*/home/powerman there and start working in usual way (22:48:58) powerman: I can't create real file/dir in /usr, but I can run some file server and mount it in /usr. This file server should export single empty directory named "powerman" (I'll give dir name as param to this file server). (22:51:08) C-Keen: powerman-asdf: I know but the driver that is attached to /n usually creates a mount point upon request (22:51:13) C-Keen: that's the whole point (22:51:44) powerman: ; bind /usr /n/usr (22:51:44) powerman: bind: /n/usr: '/n/usr' does not exist (22:51:55) powerman: I don't know about such a driver... (22:52:08) C-Keen: slashn it is for plan9 (22:53:02) powerman: and there no inferno analog for it? (22:54:55) C-Keen: and why don't you just create the directory and then chown it to you? (22:56:54) powerman: because it require root perms to create /usr/inferno/usr/powerman (22:57:11) powerman: and because it should be done by root for each user which wish to use inferno (22:57:15) powerman: i.e. this suxx :) (22:57:40) mdx left the room (quit: ). (23:02:17) soul9: powerman-asdf: slashn is smntgen in inferno if that's what you're asking about (23:02:40) soul9: mount {mntgen} /n is the usage iirc (23:06:13) powerman: yeah, thanks, it's working :) (23:08:09) powerman: I think in my case `memfs -b /usr` is better than `mount -b {mntgen} /usr` (23:08:26) soul9: ok (23:08:30) soul9: :-) (23:08:46) soul9: nothing from the stupid manpage zipping (23:08:58) powerman: no surprise (23:08:59) soul9: i had the same in arch, but i could hack it with postinst prerm (23:09:12) soul9: not in gen2 :-( (23:09:46) powerman: ? (23:09:58) powerman: in gentoo postinst+prerm works... (23:10:06) soul9: oh? (23:10:15) powerman: yeah, I used it in my ebuild (23:10:17) soul9: hm, ok (23:13:20) soul9: 132 ebuilds to go.. (23:13:21) soul9: :-( (23:23:17) ***C-Keen is having a look at this couchdb thingy (23:24:19) soul9: ? (23:24:33) soul9: what is couchdb? (23:24:59) C-Keen: some hyped replicating key value storage. (23:25:09) C-Keen: I am htinking about using it as a venti server (23:28:20) soul9: :-) (23:28:56) C-Keen: the nice thing as I see it atm is that you can easily replicate it and it can sync itself (23:29:19) C-Keen: so "all" it needs is a translating layer for the venti protocol (23:29:21) ***soul9 google (23:29:23) soul9: +s (23:29:41) C-Keen: you will find tons of stuff it is really hyped among a lot of people (23:30:03) C-Keen: where is the 9fs support in the linux kernel config? (23:30:09) C-Keen: s/9fs/9p/ (23:32:48) soul9: filesystems=>network filesystems (23:32:51) soul9: or fuse (23:33:27) soul9: this couchdb looks actually interesting.. (23:34:00) C-Keen: see? :) (23:34:09) soul9: heh (23:34:35) C-Keen: maintaining a plan9 venti server has turned out to be pure pain (23:34:43) C-Keen: but I love this idea (23:35:13) C-Keen: ah it is in networking support (23:35:17) C-Keen: stupid linux (23:36:02) soul9: yeah (23:36:09) soul9: i just lost my fossil (again) (23:36:21) C-Keen: I got tired of this (23:36:24) soul9: with a venti server (23:36:28) soul9: heh (23:36:35) C-Keen: inferno's emu makes a great backup tool (23:36:36) soul9: but i can't recover the last hash (23:36:58) C-Keen: soul9: have you tried the printroot command from cmd/venti/words (stupid location) (23:37:22) soul9: err wow (23:37:23) soul9: no (23:38:25) C-Keen: then do it :) (23:38:27) C-Keen: good luck (23:38:51) soul9: heh (23:38:55) C-Keen: I had to do this way too many times (23:38:57) soul9: what will it give me? (23:39:02) C-Keen: all root hashes (23:39:08) soul9: niiice!! (23:39:10) soul9: oko, got it (23:39:12) C-Keen: you need to find out which one is the latest though (23:39:17) soul9: that was what i was looking for awesome (23:39:22) soul9: yeah lol (23:39:58) soul9: make a backup tool that runs fossil/last on fscons and saves that to a floppy or something ;-) (23:40:07) C-Keen: soul9: one problem I and others have found that if you use vbackup or vac to store to a venti server the tools will happily give you hashes even if they could not store everything (23:40:37) soul9: :-) (23:40:55) soul9: the last root is borken (23:40:57) soul9: no /bin (23:40:58) soul9: :-( (23:41:01) C-Keen: so your backup command runs happily for months before you find out the hard way that the data is not there and these hashes are invalid (23:41:05) soul9: fossil/last (23:41:15) soul9: C-Keen: no, fossil knows (23:41:25) C-Keen: yeah fossil knows (23:41:31) soul9: you just print the fingerprint of the top fossil root (23:41:33) C-Keen: if it does not blast itself into oblivion (23:41:39) soul9: yeah (23:41:40) soul9: lol (23:41:48) soul9: that happens very frequently (23:41:50) soul9: :(' (23:42:04) C-Keen: fossil is not a filesystem it is a hope this works cache (23:42:13) C-Keen: good night! (23:42:16) soul9: nite (23:42:19) soul9: heh (23:46:42) KillerX [n=anant@gentoo/developer/KillerX] entered the room. (02:33:21) newmanbe [n=btdn@138.74.131.25] entered the room. (03:07:09) KillerX left the room (quit: ). (03:11:03) hotaru2k3 [n=hotaru@cpe-24-29-193-226.neo.res.rr.com] entered the room. (03:35:15) eno__ [n=eno@adsl-70-137-132-217.dsl.snfc21.sbcglobal.net] entered the room. (03:36:35) eno__ is now known as eno (04:12:15) underspecified left the room (quit: ). (04:13:46) underspecified [n=eric@softbank220043052007.bbtec.net] entered the room. (04:14:33) underspecified left the room (quit: Client Quit). (04:28:31) hotaru2k3 left the room (quit: "ChatZilla 0.9.84 [Firefox 3.1b2/20081201080242]"). (04:31:22) newmanbe left the room (quit: Read error: 104 (Connection reset by peer)). (04:31:51) newmanbe [n=btdn@138.74.131.25] entered the room. (05:28:58) hotaru2k3 [n=hotaru@cpe-24-29-193-226.neo.res.rr.com] entered the room. (07:26:29) newmanbe left the room (quit: "Leaving"). (08:04:40) jas [n=jas@adsl-69-215-39-41.dsl.chcgil.ameritech.net] entered the room. (08:05:57) eno__ [n=eno@adsl-70-137-132-217.dsl.snfc21.sbcglobal.net] entered the room. (08:10:28) eno left the room (quit: Nick collision from services.). (08:10:37) eno__ is now known as eno (08:16:39) underspecified [n=eric@naist-wavenet126-021.naist.jp] entered the room. (09:05:07) underspecified left the room (quit: ). (09:05:54) underspecified [n=eric@naist-wavenet126-021.naist.jp] entered the room. (09:21:37) underspecified left the room (quit: ). (10:15:47) underspecified [n=eric@isa7-dhcp-116-127.naist.jp] entered the room. (10:41:43) underspecified left the room (quit: ). (10:42:49) underspecified [n=eric@isa7-dhcp-116-127.naist.jp] entered the room. (11:12:19) underspecified left the room (quit: ). (12:00:43) underspecified [n=eric@isa7-dhcp-116-127.naist.jp] entered the room. (12:04:24) underspecified left the room (quit: Client Quit). (12:13:12) hotaru2k3 left the room (quit: "ChatZilla 0.9.84 [Firefox 3.1b2/20081201080242]"). (12:44:12) underspecified [n=eric@isa7-dhcp-116-127.naist.jp] entered the room. (13:11:12) gualteri [n=unknown@crespins.disca.upv.es] entered the room. (15:54:55) underspecified left the room (quit: ). (16:04:07) ModusTolensUnite [n=nickson@pub-nat.csc.liv.ac.uk] entered the room. (17:25:20) underspecified [n=eric@softbank220043052007.bbtec.net] entered the room. (17:26:07) gualteri left the room (quit: "leaving"). (17:38:18) powerman: is anybody here use inferno to serve production styx services? (17:39:45) powerman: I wonder is it better to run separate emu instance for each service (if there many such services on single host) or it's safe to run multiple services in same emu instance? (17:41:02) powerman: Is there any soft of service supervising needed (to restart failed services)? Do you use supervising to restart emu itself? (17:44:00) powerman: Right now I'm going to run multiple emu instances - one per each service. And supervise only emu itself (using runit/runsv) for now, without supervising services inside emu (if service will fail emu should exit and be restarted by runsv). (17:45:45) powerman: This way I got some additional management headaches - for example, to control running services I need to run rstyx in each emu, and use different ports for all these rstyx because they run on same host. (17:49:27) mjl-: powerman-asdf: i run a few "daemons" from inferno. httpd, a few scgid's, some styx services (17:49:44) mjl-: i just use unix screen with a few emu instances (17:49:59) mjl-: no automatic restarts or anything. if it breaks, i fix it so it won't break again. (17:51:12) anothy_x: i've run inferno services (styx and otherwise) in both ways. there's tradeoffs. (17:51:34) powerman: in production, if it breaks (on some corner case) - it must be restarted and admin must be notified. this way service will continue working (in hope next corner case happens not right now) while developers will fix this issue (17:52:17) anothy_x: on the most involved project i was on using inferno, we had many services running inside inferno. we had a little watchdog-type program within inferno that did things like check on services, restart failed ones, and notify admins of failure. (17:53:17) powerman: anothy_x: is that watchdog open? can you share it with me? (17:53:19) anothy_x: the emu instance as a whole was (IIRC) started by cpurc and just left running. i later added a simple monitoring program that mailed admins if something went down, but we didn't have automatic restart. (17:53:48) anothy_x: mmm... i'm not sure, actually. it would require minor archeology to uncover, at a minimum. (17:54:19) anothy_x: it also required to participation of the applications being monitored. it wasn't hard, but they needed to generate a "heartbeat", which might not be what you want. (17:55:53) powerman: yeah, but it's interesting anyway. it's ease enough to write it myself, but I'm not really experienced in inferno, so take a look at some other source is educational and good for me. (17:57:24) anothy_x: on the most recent semi-production (we only got through tech trials and alpha before the whole project died for management reasons) inferno project i was on, we had one emu instance sitting around in the background running a single daemon that presented a styx interface. web requests to an apache server would make styx/9p connections to it. all the apache stuff only survived for the length of the connection, but the inferno daemon persisted. we had no restart (17:59:46) uriel: anothy_x: can I ask when was that? just curious when was the last time anyone tried to use inferno in production (18:01:27) anothy_x: that last one ended about a year and a half ago. (18:03:03) uriel: i see (18:03:16) powerman: I've live large enough project, split to several servers and lot of small sub-projects doing rpc between them. (Each of these sub-projects run on separate unix account and usually have dedicated domain name.) So, when I inject inferno here, this usually mean I've to add some inferno process to many existing projects. So, running emu manually in screen and restart something manually if shit happens is not an option at all - that's simple impossible to manage manually. I need to install it, check it works and forget about it until it email me about problems. (18:04:20) anothy_x: while () {start-inferno ; echo 'it died' | mail admin@example.com} (18:04:42) anothy_x: stick that in /etc/rc.whatever-the-hell-unix-calls-it (18:04:45) powerman: yeah, something like this. except I use runsv to monitor services instead of sh. (18:05:04) anothy_x: no idea what runsv is, but you get the idea. (18:05:15) powerman: but need to run rstyx in each and on unique port made me wonder is there better way (18:05:37) powerman: runsv is improved "supervise" tool from djb's daemontools package (18:06:14) anothy_x: ah, okay. (18:06:39) anothy_x: i've read about supervise, but never used it, so i can't provide a better example. (18:08:40) powerman: uriel: can you recommend styx C/C++ unix implementation which is reliable, support inferno auth, and leave actual I/O to user (so it's possible to use it withing non-blocking I/O and event loop in user code)? (18:10:18) powerman: I've tried Lib::IXP perl module, but it crash on ixp_write(). I've developed my own libixp wrapper for perl which don't crash, but I need non-blocking I/O and auth, so... (18:12:32) sqweek: libixp doesn't block on i/o (18:13:01) powerman: sqweek: are you sure? (18:13:17) powerman: I think it support threads, but that doesn't mean it won't block on I/O. (18:13:25) sqweek: ixp_serverloop() is essentially select() (18:13:51) powerman: oh, server. no, I ask about client. (18:14:45) powerman: and as for select() - that's good for ixp, but bad for user if user have own file handles which should do I/O in parallel with libixp (for example, if user code downloading some web pages in parallel to serving styx) (18:15:35) powerman: it's better to leave I/O to user and have only packet handling in library which implement some network protocol (18:16:17) C-Keen: powerman-asdf: well the functions doing so aren't static so you already can do that no? (18:17:29) powerman: C-Keen: you mean I can reuse some functions from libixp to handle packets without calling function which doing I/O? (18:17:41) C-Keen: yes (18:18:51) sqweek: powerman-asdf: see ixp_listen (18:19:29) powerman: oh. that's probably ok if I write in C. but for perl wrapper things become much more complex when you need to handle complex C struct. converting them to/from perl is prone to bugs and so segfaults... and segfault isn't something I love to see in perl. ... and libixp doesn't support auth anyway. (18:19:42) sqweek: of course it supports i/o on other fds also, how else would wmii maintain communication with X? (18:20:36) powerman: probably auth can be added manually with mountfd() after auth... no sure. (18:21:45) sqweek: nicest way to do auth is probably extend p9p's srv to support inferno auth (18:22:37) sqweek: then have it post a pre-authenticated socket in /tmp and connect to it with any 9p client (18:23:20) sqweek: (which is what it already does for p9sk1) (18:25:02) sqweek: (and well, "nicest" in the community sense - would be handy if p9p and inferno could play nice together) (18:25:56) powerman: it doesn't sounds like complex task, but it doesn't done yet... so maybe nobody really need it (18:27:21) powerman: also afaik there some issues with inferno auth. trust everybody who have cert from same CA as me is not really flexible (18:28:04) powerman: handle user names from certificates manually in each app add similar code and lot of management complexity (18:49:13) anothy_x: but how's what you just said different from other auth mechanisms? (18:49:24) anothy_x: instead of "same CA as me", you have "same auth server as me". (18:49:33) anothy_x: (in p9sk1, for example) (18:53:13) powerman: anothy_x: you know, there things like ACL, user groups, etc. - different complex things invented to control user access to resources (18:53:41) powerman: sometimes this functionality needed, sometimes it's too complex and can be avoided (18:53:53) anothy_x: mostly the later. ;-) (18:53:57) powerman: yeah (18:54:13) anothy_x: but regardless, those are *authorization* questions, which are different from *authentication* questions. (18:54:23) powerman: not really (18:54:30) anothy_x: yes, really. (18:54:34) anothy_x: or: how so? (18:55:17) powerman: while I can add ACL support on some service which use inferno auth to get user name, I still need to add this user on CA used by this service, and user have to getauthinfo from it (18:55:39) powerman: this way user account details live in two different places (18:56:15) anothy_x: i don't understand what ACLs have to do with it at all. (18:56:23) powerman: and so it more complex to manage than in usual way with 'members' database which contain all info about all members (18:56:28) anothy_x: don't you have exactly the same problem if all you have is owner? (18:57:03) powerman: maybe it's ease to explain using some example (18:57:06) anothy_x: "jack" signed by CA1 might not be the same as "jack" signed by CA2 (18:57:23) powerman: as I said, I've many servers, each have many user accounts, each run some services (18:57:41) powerman: at first, they ain't in local network - it's usual co-lo servers open to inet (18:57:52) powerman: at second, some services public while others are not (18:58:12) anothy_x: what does "public" mean there? unauthenticated? (18:58:20) powerman: and last, I don't like to allow access from one service to ALL other services (18:58:41) powerman: I'd like to limit access from that service only to some services which it really use. (18:59:19) anothy_x: which is an authorization question. (18:59:32) powerman: because anything can be hacked. and I unlike situation with security hole in one small service result in giving hacker access to _all_ our internal services (18:59:40) powerman: that's all (19:00:11) anothy_x: so each service runs as a different effective user? (19:00:16) powerman: public mean they used from inet, not just from our servers - so I can't protect them using firewall (19:00:25) powerman: yep. different users. (19:00:27) anothy_x: or otherwise has the credentials of a different effective user. (19:00:43) anothy_x: okay, so still: authentication and authorization are different concepts. (19:01:09) powerman: moreover, they developed by different developers and each developer has ssh access only to account on servers used by services he develop, and not all account on all servers (19:01:46) anothy_x: but i still don't see the theoretical problem with inferno auth. (19:01:55) powerman: because developer's workstations also can be hacked :) (19:02:29) powerman: with inferno, it sounds like I have to create _one_ auth service for all our network/services (19:02:40) powerman: get cert from this CA for each service (19:03:27) powerman: and then ... either all services will have access to all other services, or I've to do add some username checking on each service, applying some ACL, etc. (19:04:00) anothy_x: that last bit's where you're confusing things. (19:04:14) anothy_x: in *any* sort of auth mechanism, you're going to need authorization checks to do what you want. (19:04:43) powerman: another solution - set a lot of CA. and when I can "a lot" - I mean really "a lot", because there will be many auth "domains": if service A have access to services B and C, but service B have access only to service C - I need to CA just for them. and I've much more than 3 services here... (19:05:18) powerman: can->say (19:05:21) anothy_x: no no no. one CA is plenty here, as far as i can see. (19:05:48) anothy_x: regardless of what you do, you're going to need service A to know that it will talk to service B, C, and M, right? (19:06:48) anothy_x: where "talk to" means "allow connections from" or something functionally similar. (19:06:49) powerman: ok, then please give me idea, how to prevent hacker who owned service Z from using rstyx into service Y (running on another physical server) and using then 'os' command to get access to host OS on that server? (19:07:45) anothy_x: first, does service Y need to present the 'os' interface for its normal function? (19:08:26) powerman: all services run in separate emu instance, and I need rstyx in them to monitor/manage them (19:08:51) powerman: probably issue with rstyx can be solved using two CA - one for services, and another for rstyx service (19:10:43) powerman: but, anyway. there some sensitive info provided by service A. only services B and C have access to A. but there a lot other services which have access to B or C. I mean, to be sure information on service A is safe, I have to audit only code of services A, B and C. not all existing services which got cert from our CA. (19:11:29) anothy_x: the CA doesn't change that. (19:12:10) powerman: see, if somebody hack service X, and all services have cert from single CA - the hacker will be able to mount and use _all_ our resources (19:12:16) powerman: I think this is a problem. (19:12:25) powerman: Maybe I'm wrong here. That's always possible. (19:13:03) powerman: I'd like to know, if X was hacked, then hacked got access only to _some_ resources (used by service X), not _all_. (19:13:03) anothy_x: i think i'm missing an unspoken requirement on your part that all your services not be required any information about who's authorized. (19:13:08) anothy_x: that seems... weird to me. (19:15:15) powerman: If you know about things like SeLinux, GrSecurity, etc. - they provide ability to limit resources for some process. So, if that process will be owned, then hacker anyway will not be able to do anything unusual to this process. For example, owning web server will give hacker ability to read only files in /etc/apache2/, /var/www/ and write to /var/log/apache2/. Bind listening socket on port 80. Nothing else. (19:16:29) anothy_x: because the OS is enforcing *authorization* constraints. that mitigates the damage of someone having compromised your *authentication* mechanism. (19:17:51) anothy_x: you have services A, B, C, and D. A is authorized to use B, C is authorized to use D. (19:17:52) powerman: yeah. at least if we call buffer overflow "compromising authentication mechanism", which is quite unusual but probably correct :) (19:18:55) anothy_x: it is. you have an attacker tricking your code into executing arbitrary code on his behalf. that's an upstream authentication compromise. (19:18:57) anothy_x: but anyway.. (19:19:20) anothy_x: in the example, B and D need to know who's allowed to use them. right? (19:20:08) anothy_x: that's true regardless of the *authentication* mechanism used. (19:21:18) anothy_x: so model it for me with *any* authentication mechanism, like ssh, where you have constraints that you don't have with a CA. (19:27:32) powerman: ease. I put public key of A to ~B/.ssh/authorized_keys2, and public key of C to ~D/.ssh/authorized_keys2 (19:29:18) powerman: and in case D is authorized to use B I put public key of D to ~B/.ssh/authorized_keys2 (in addition to A's key) (19:29:38) powerman: this way, if hacked own C - he get access to D, but not B or A. (19:30:34) powerman: after he get (authorized!) access to D, he have to hack D (i.e. found another buffer overflow in D, after he found it in C) before he get access to B. (19:31:38) anothy_x: okay, good. so in this case, you're adding the user of A (in the form of his key) to an authorization list (in the form of authorized_keys) on B. (19:32:57) anothy_x: so what's the difference between that, and doing it by adding A's username to a list maintained by B? (19:33:42) uriel: 16:02 < powerman-asdf> uriel: can you recommend styx C/C++ unix implementation which is reliable, support inferno auth, and leave actual I/O to user (so it's possible to use it withing non-blocking I/O and event loop in user code)? (19:33:49) uriel: no such thing exists afaik (19:33:51) anothy_x: (ssh, being at the user level, conflates these two ideas, because all it really advertises is one "authorization": login access. it punts to the OS for finer-grained authorization) (19:33:58) uriel: non-blocking I/O is stupid (19:34:19) powerman: uriel: stupid, but only effective way to do I/O in perl, because there no threads in perl (19:34:21) uriel: inferno auth, I have no clue, supposedly there is an implementation of inferno-auth for factotum, but I have no clue where it is (19:34:32) uriel: probably has been bit-rotting for the last two years since gsoc produced it (19:35:06) uriel: (but then, other than p9p and inferno, I'm not sure any 9p libs can use factotum) (19:35:25) uriel: powerman-asdf: afaik you can do fork in perl (19:36:11) powerman: fork? hehe.. think 10000 connections... perl rss about 3-5 MB RAM... :) (19:36:30) uriel: then don't use perl ;P (19:36:36) powerman: :) (19:36:42) uriel: inferno should hae no problem with 10000 threads (19:37:27) C-Keen: it also has blocking i/o. coincidence? (19:37:35) powerman: Yeah, I've already tested this. :) And what I'm doing now is moving our services from perl to limbo. (19:37:45) anothy_x: good man. :-) (19:38:13) uriel: powerman-asdf: idea: why not do it locally via a unix socket or so, then you dont' need auth (19:38:42) uriel: (or if you need remote resources, you can proxy them via a local inferno instance) (19:38:51) powerman: Sadly, but with 10000 threads there some other issues in Inferno: http://code.google.com/p/inferno-os/issues/detail?id=147 :-( (19:39:07) C-Keen: didn't you try it? (19:39:30) powerman: unix socket doesn't help with services distributed between different servers. and inferno doesn't support unix sockets now. (19:39:31) uriel: well, I will not say anything about inferno's reliability and product quality, just to think of it makes me sick in my stomach (19:39:47) uriel: powerman-asdf: I say you run inferno locally (19:39:58) uriel: if you want to access remote hosts, you can proxy them via the local inferno (19:41:15) uriel: you can then mount them with v9fs or such (19:41:46) uriel: and perl can do io whatever way it usually does it (although I'm not sure if v9fs can handle async io, and its reliability is about as laughable as inferno's) (19:41:54) mjl- left the room (quit: Read error: 104 (Connection reset by peer)). (19:42:00) uriel: but it *might* work... (19:48:47) powerman: anothy_x: yeah, it look similar, but there some important differences - from management view. (19:48:51) powerman: look (19:48:59) uriel: (I think there is some way to do unix sockets from inferno (probably not out of the box, because that would make too much sense) (19:49:12) uriel: and you can use a fifo otherwise (19:49:14) powerman: in usual case, when user A want to get access to service B, we've to do _2_ things: (19:49:26) ModusTolensUnite left the room (quit: "Leaving."). (19:49:34) powerman: 1. add account for user on that service, set his rights, etc (19:49:45) powerman: 2. send access details to user (19:50:00) uriel: powerman-asdf: I don't understand your problem, and I don't understand inferno auth, but I think you are wrong (19:50:01) powerman: in inferno, we've to do _3_ things: (19:50:09) powerman: uriel: :) (19:50:16) powerman: 1. add user account on CA (19:50:17) uriel: you can have 1 service, one user (19:50:24) uriel: many services, many users, one CA (19:50:27) powerman: 2. register user's rights on service (19:50:38) powerman: 3. user have to get his cert from CA (19:50:42) uriel: if one users is compromised, the other users in the CA still are ok (19:51:02) powerman: anothy_x: so, things become more complex, than in usual way (19:51:39) powerman: and additional complexity added because user and service must use same CA (19:51:40) uriel: what is 'the usual way'? (19:51:48) anothy_x: powerman-asdf: that is true. ssh has some built in assumptions that allow you to combine the steps of creating the account and authorizing access. (19:52:00) powerman: uriel: the usual way is registering user in GMail (19:52:09) anothy_x: no, that's not where the complexity comes from. (19:52:13) uriel: (19:52:15) uriel: ? (19:52:32) anothy_x: the steps are always there. ssh implicitly combines them. (19:52:50) powerman: uriel: in usual way we've two points to manage - service's database (GMail, for example), and login/pass on user side (19:53:00) uriel: also, afaik inferno can do decentralized auth with spki, but I'm not smart enought to understand that stuff (19:53:19) uriel: I still dont' get what you mean (19:54:26) uriel: anyway, I would ask charles, I doubt anyone else understands inferno auth (19:54:27) powerman: anothy_x: if CA in inferno will be the point to set ACL for users - who can access which services, then we back to 2 points of management: adding new user will require updating CA database and sending cert to user (19:55:01) anothy_x: which you just said you do anyway. (19:55:21) anothy_x: the point is, look at your step 1 in the ssh case. doesn't that even *read* like a compound operation? (19:56:12) powerman: uriel: I wanna say, if I wish to restrict access between many services, so each service will have access _only_ to few other services it really need and no more, then in inferno it's harder to set up than in traditional way (where we don't have CA and each service just have own database with it users) (19:56:28) anothy_x: you said, edited for clarity: add account for user on that service, *AND* set his rights, *AND* do other stuff (19:57:01) anothy_x: there is an extra step on service creation. but it's not less functional, or less secure. (19:57:16) anothy_x: you don't have any added risk of compromise, which was your original stated concern. (19:57:54) powerman: anothy_x: yeah, I don't say inferno is less secure. I say it harder to manage. (19:57:59) uriel: powerman-asdf: I'm not sure you are right, but then I don't quite understand the problem, and certainly don't understand inferno auth (19:58:12) anothy_x: uriel: then why are you talking? (19:58:42) uriel: ok, whatever (19:59:05) ***uriel doubts anyone else here really understands inferno auth, last I heard charless even said it was not fully implemented, whatever he had in mind I have no clue (20:00:34) anothy_x: powerman-asdf: if you're comparing it to a situation where you get to punt more functionality to other things, sure. (20:00:44) anothy_x: but that's not really a reasonable comparison. (20:01:23) powerman: probably this 'management' issue can be solved by running separate service which will check authorization for all users and services. and run it somewhere near svc/auth. and have wrapper script which will do both auth/changelogin and configure access rights for that user. (20:02:21) anothy_x: it's that last part that's key: "configure access rights". that's the part that's decoupled in a significant way from ssh. (20:02:37) anothy_x: keyring->auth doesn't do any of that for you. (20:03:33) powerman: I see. but that decoupling, while being generally good thing, this time made some things more complex to manage. (20:04:10) powerman: You know. It's like inferno sh. It doesn't have history and doesn't support "Up" key to access it. :-) (20:04:35) anothy_x: it means the service needs to manage its own list of trusted users, rather than relying on ssh/the OS. (20:04:57) powerman: While I understand reasons why this was done in current way, it still made sh interface less usable. (20:04:59) anothy_x: but if all you care about is yes/no, as you'd get from relying on ssh, it can be as simple as a text file of one allowed user per line. (20:10:53) uriel: 17:58 < powerman-asdf> You know. It's like inferno sh. It doesn't have history and doesn't support "Up" key to access it. :-) (20:11:00) uriel: that is not a problem, that is how it should be (20:11:10) uriel: on the other hand, wm's terminal windows *suck* (20:11:23) uriel: (big time) (20:11:29) anothy_x: agreed. (20:11:34) anothy_x: but then, i dislike wm overall. (20:12:28) powerman: as for user, it doesn't really important is it sh suck or wm. only important thing is lack of history feature. and autocomplete feature. (20:14:36) uriel: inferno has never been really usable from an end user pov AFAIK (20:14:54) te left the room (quit: Connection timed out). (20:15:32) powerman: btw, is copy&paste between wm and X possible? (20:17:16) uriel: hah! (20:17:28) uriel: it is possible (20:17:30) powerman: uriel: history and autocomplete in sh are features for developers, cos users don't usually use sh at all (20:17:36) uriel: it is just not enabled by default, because that would make too much sense (20:17:41) powerman: :) (20:18:00) uriel: history and autocopmlete again are not the problem, the problem is that wm and most inferno tools are bad jokes (20:18:10) uriel: only exception is acme (20:18:23) powerman: can you give me quick hint how to enable copy&paste or I have to rtfm for this? :) (20:18:48) uriel: I don't remember, you have to bind some device somewhere, I'm sure anothy_x remembers (20:19:11) uriel: (my memory is shit, and having to remember this idiotic shit pisses me off to no end, when it should 'just work', great way to waste my time for no reason) (20:19:33) uriel: there is some thread in inferno-list where I bitched about this and of course everyone simply insulted me (20:19:48) uriel: because it makes no sense to have working copy-paste out of the box (20:19:53) uriel: stupid, stupid idea (20:20:11) powerman: :) (20:20:14) uriel: it might even be useful and not drive new users away! and we don't want that (20:20:32) uriel: anyway, just use acme-sac, that will get rid of most stupidity in inferno (20:20:33) anothy_x: #^ is the snarf device. (20:20:48) anothy_x: it's conventionally bound on /dev, making /dev/snarf your host-os snarf buffer. (20:21:08) anothy_x: if you want all the wm programs to know about it, bind /dev/snarf over /chan/snarf (20:29:20) powerman: anothy_x: thanks. it mostly works. (20:29:48) powerman: actually before starting wm/wm /chan/snarf already exists and it's same as /dev/snarf (20:30:26) powerman: but in wm/wm it become something else. after bind I've to run wm/sh, and in that, second, sh, copy&paste start working (20:31:28) powerman: probably there exists some config file, where I've to put this bind. /lib/wmsetup? (20:31:30) uriel: really, don't use wm if you want to retain your sanity (20:31:46) uriel: lib/profile IIRC (20:32:39) powerman: uriel: actually I'd like to try wm again just because after installing many inferno on servers I wanna have sort of 'control center' at home, which mean I need to mount many servers and execute different commands.. hard to do all these things in single console (20:33:13) uriel: powerman-asdf: again, use acme-sac then (20:33:56) anothy_x: $home/lib/wmsetup, i think. (20:34:22) anothy_x: er, i guess /lib/wmsetup would do it, yeah. (20:35:54) powerman: yeah, it works! (tm) thanks! :) (22:27:00) KillerX [n=anant@gentoo/developer/KillerX] entered the room. (23:05:32) te [i=tao@gateway/shell/blinkenshell.org/x-f3f017e8613ae523] entered the room. (23:17:22) newmanbe [n=btdn@138.74.131.25] entered the room. (01:17:34) te left the room (quit: Read error: 110 (Connection timed out)). (02:18:40) KillerX left the room (quit: ). (02:22:34) underspecified left the room (quit: ). (03:16:14) underspecified [n=eric@isa7-dhcp-116-127.naist.jp] entered the room. (03:21:28) underspecified left the room (quit: ). (03:21:51) underspecified [n=eric@isa7-dhcp-116-127.naist.jp] entered the room. (04:29:00) teh_eekster [n=notyou@cpc3-lanc4-0-0-cust273.brig.cable.ntl.com] entered the room. (04:31:22) eekee left the room (quit: Read error: 104 (Connection reset by peer)). (04:35:27) olegfink left the room (quit: Read error: 104 (Connection reset by peer)). (04:37:19) olegfink^ [n=olegfink@62.141.52.142] entered the room. (05:32:27) underspecified left the room (quit: ). (05:33:46) underspecified [n=eric@isa7-dhcp-116-127.naist.jp] entered the room. (06:29:46) underspecified left the room (quit: ). (06:39:10) underspecified [n=eric@naist-wavenet126-021.naist.jp] entered the room. (07:24:03) newmanbe left the room (quit: "Leaving"). (07:33:50) underspecified left the room (quit: ). (07:49:40) underspecified [n=eric@isa7-dhcp-116-127.naist.jp] entered the room. (07:59:50) hotaru2k3 [n=hotaru@cpe-24-29-193-226.neo.res.rr.com] entered the room. (09:05:00) eno_ [n=eno@adsl-70-137-132-217.dsl.snfc21.sbcglobal.net] entered the room. (09:06:33) eno left the room (quit: Success). (09:14:16) hotaru2k3 left the room (quit: "ChatZilla 0.9.84 [Firefox 3.1b2/20081201080242]"). (09:21:10) underspecified_ [n=eric@isa7-dhcp-116-127.naist.jp] entered the room. (09:22:09) underspecified left the room (quit: Read error: 104 (Connection reset by peer)). (09:46:17) underspecified_ left the room (quit: ). (09:52:39) te [i=tao@gateway/shell/blinkenshell.org/x-878492a25c314280] entered the room. (10:08:45) uriel_ [n=uriel@li43-28.members.linode.com] entered the room. (10:14:29) uriel left the room (quit: Read error: 104 (Connection reset by peer)). (10:20:29) uriel_ is now known as uriel (11:09:33) gualteri [n=unknown@crespins.disca.upv.es] entered the room. (11:25:05) underspecified [n=eric@isa7-dhcp-116-127.naist.jp] entered the room. (11:27:45) te left the room (quit: Read error: 110 (Connection timed out)). (11:28:47) underspecified left the room (quit: Client Quit). (11:30:00) underspecified [n=eric@isa7-dhcp-116-127.naist.jp] entered the room. (11:43:38) soul9 left the room (quit: kornbluth.freenode.net irc.freenode.net). (11:43:38) jas left the room (quit: kornbluth.freenode.net irc.freenode.net). (11:43:38) MrWGW left the room (quit: kornbluth.freenode.net irc.freenode.net). (11:43:38) C-Keen left the room (quit: kornbluth.freenode.net irc.freenode.net). (11:43:38) underspecified left the room (quit: kornbluth.freenode.net irc.freenode.net). (11:43:38) mycroftiv left the room (quit: kornbluth.freenode.net irc.freenode.net). (11:43:38) sqweek left the room (quit: kornbluth.freenode.net irc.freenode.net). (11:43:38) uriel left the room (quit: kornbluth.freenode.net irc.freenode.net). (11:43:38) anothy_x left the room (quit: kornbluth.freenode.net irc.freenode.net). (11:54:20) underspecified [n=eric@isa7-dhcp-116-127.naist.jp] entered the room. (11:55:03) C-Keen [i=ckeen@pestilenz.org] entered the room. (11:55:06) uriel [n=uriel@li43-28.members.linode.com] entered the room. (11:55:41) anothy_x [n=a@99.155.104.228] entered the room. (11:56:07) jas [n=jas@adsl-69-215-39-41.dsl.chcgil.ameritech.net] entered the room. (11:56:07) MrWGW [n=MrWGW@74.124.206.166] entered the room. (11:56:08) mycroftiv [n=infernus@h69-128-47-243.mdsnwi.dedicated.static.tds.net] entered the room. (11:56:08) sqweek [n=none@203-206-64-149.dyn.iinet.net.au] entered the room. (11:56:38) soul9 [n=none@unaffiliated/johnnybuoy] entered the room. (11:57:12) ModusTolensUnite [n=nickson@pub-nat.csc.liv.ac.uk] entered the room. (11:58:51) mjl- [n=none@knaagkever.ueber.net] entered the room. (12:24:16) underspecified left the room (quit: ). (13:56:06) underspecified [n=eric@softbank220043052007.bbtec.net] entered the room. (14:37:20) mjl- left the room (quit: Read error: 104 (Connection reset by peer)). (15:14:18) te [i=tao@gateway/shell/blinkenshell.org/x-f53b9a2f34b8a8c4] entered the room. (17:16:23) underspecified left the room (quit: ). (17:28:38) eno_ is now known as eno (17:32:09) anothy_x: /who (17:32:12) anothy_x: sigh. (17:33:13) soul9: ☺ (17:33:34) soul9: anothy_x: hey there, how goes it? (17:34:02) anothy_x: reasonably. :-) (17:34:46) anothy_x: personally, fine, but professionally... i think there's a very strong chance that the project i've been working on for the last year or so is going to fall apart before the end of the month. (17:35:21) soul9: damn (17:35:37) soul9: sometimes that's a relief, tho ;-) (17:35:50) anothy_x: yup. (17:36:06) mennis [n=mennis@adsl-068-016-104-079.sip.asm.bellsouth.net] entered the room. (17:36:06) anothy_x: given how things have gone with it for the last two months, it wouldn't be entirely bad, i guess. (17:36:15) anothy_x: it's just my primary source of income. ;-) (17:36:26) soul9: oooh, yeah, it does suck then :-( (17:37:27) soul9: anothy_x: you use fossil on your plan9s or kfs? (17:37:43) soul9: wondering, because it's the 5th time my fossil completely fails.. (17:38:32) anothy_x: my cpu server runs a venti-backed fossil. (17:39:10) soul9: so...no such issues with fossil for you? (17:39:23) anothy_x: i had a laptop that ran just fossil, but it was very old. the fossil eventually died, and i've just been running it as a diskless terminal since. (17:39:27) soul9: ok, then it is probably my ide driver or somesuch (17:39:31) anothy_x: i *think* that's the only fossil i've lost. (17:39:47) soul9: ok (17:40:02) soul9: yeah, i thought fossil wouldn't be this buggy ;-) (17:40:19) soul9: i was almost swiveled by uriel though ;-) (17:41:55) anothy_x: yeah, well, that's the effect FUD has, regardless of where it comes from. (17:43:52) soul9: :-D (17:44:21) soul9: well, uriel isn't uncertainty and doubt, he couldn't be more implicit ;-) (17:44:35) soul9: fear, well, i guess that depends on you (17:45:01) soul9: but yeah, i understand, he does tend to get out of bounds sometimes (17:45:24) anothy_x: i think he generates plenty of UD, too, for people that don't know any better. (17:45:38) anothy_x: look at you, Uncertain about fossil. (17:45:48) olegfink^ is now known as olegfink (17:45:52) anothy_x: because the early versions were buggy, sure, but now he's on a crusade. (17:46:02) soul9: heh, yeah, i guess so (17:46:15) anothy_x: (except the crusaders at least did *something*; he just yells a lot) (17:46:21) soul9: hahahah (17:46:34) anothy_x: i'd love to see fossil get some competition. but where's the code for his replacement? (17:47:06) soul9: anothy_x: well, the site he maintains is quite helpfull though..it's just on IRC that he does this (never met him in real life...) (17:47:38) anothy_x: he does useful stuff, no doubt. (17:47:46) anothy_x: it's just that all the yelling really ups his SNR. (17:48:37) soul9: yeah (17:48:39) soul9: SNR? (17:49:16) anothy_x: Signal-to-Noise Ratio (18:08:39) teh_eekster is now known as eekee (18:39:47) uriel: 15:28 < anothy_x> personally, fine, but professionally... i think there's a very strong chance that the project i've been working on for the last year or so is going to fall apart before the end of the month. (18:39:53) uriel: fail early, fail often (18:40:13) anothy_x: i kinda wish it'd happened earlier. (18:40:33) mennis left the room (quit: Client Quit). (18:40:43) anothy_x: largely my own fault. it's bad contracts that're likely to kill it, and these are issues we should've resolved 6-9 months ago. (18:41:28) uriel: 15:39 < anothy_x> i think he generates plenty of UD, too, for people that don't know any better. (18:41:44) uriel: yea, because all the lies and false expectations created by others sure work wonders (18:42:08) uriel: I just got tired of telling people that all is just fine, and not being able to look them in the face (18:42:30) anothy_x: so now you've gone to the other extreme. good improvement. (18:43:02) uriel: inferno and plan9 are in pathetic states of decay, and anyone that points it out is insulted and ridiculed, without anyone really providing any answers (18:43:46) uriel: there is a reason somebody in #plan9 concluded plan9 can't boot on about 50% of the bioses out there, and it had nothing to do with my comments (18:43:55) anothy_x: that simply isn't true, provided the person pointing it out can do so in a reasonable manner. (18:44:24) anothy_x: so a new user's confusion is your argument? wow. (18:44:48) uriel: no, that confusion is result of brokeness that has been there for many years (18:45:00) uriel: not of the guy being a 'new user' (18:45:44) anothy_x: what do you believe the "broken thing" in question is? (18:46:02) uriel: and all the apologists still have to explain to me why everyone at the labs 1) left 2) have zero interest in having anything to do with plan9 and inferno (18:46:04) anothy_x: i don't even recall seeing him saying he tried and failed. (18:46:11) uriel: (might it be because it is a hopeless waste of time?) (18:46:40) uriel: anothy_x: the broken thing is that 9load can't boot from a huge chunk of systems out there (18:46:50) uriel: (ie., those with a cd that is not secondary master) (18:46:55) anothy_x: 1 has lots of reasons that have nothing to do with plan 9, in particular Lucent's overall implosion and the gutting of large portions of staff. (18:47:20) anothy_x: 2 is an over-generalization, which makes it false. (18:47:25) anothy_x: and your diagnosis of 9load is false. (18:47:28) uriel: funny, how is it that all the pythong, and apache, and linux people that have gone from their failed companies to work at google are still involved with their projects.... (18:47:32) anothy_x: it can "boot" on such systems just fine. (18:47:35) anothy_x: i've done it plenty. (18:47:41) anothy_x: including my main cpu server. (18:47:45) uriel: the cd can't boot (18:47:59) anothy_x: yes, it can. (18:48:03) anothy_x: done that, too. (18:48:05) anothy_x: more FUD. (18:48:08) uriel: and you can't install plan9 if you can't boot from the cd (18:48:11) uriel: oh, whatever (18:48:23) uriel: 'the emperor is wearing very nice clothes' (18:48:24) anothy_x: also false, although that's at least closer. (18:48:51) anothy_x: no, the emperor is wearing rags with holes in them. but that's not the same as saying they're on fire and poisoning everyone around him. (18:49:08) uriel: look, don't give me that bullshit, ok? I know you can install plan9 by punching bytes into a punchcard, if you think that matters, well.. (18:50:32) anothy_x: exactly. you go from "works exactly as i want" to "useless, irrelevant crap". (18:50:47) anothy_x: i'm saying you can install from the CD on machines you say you can't. (18:51:07) anothy_x: and the big, tricky, insider knowledge is that you have to type in *one friggin string*. (18:51:09) anothy_x: ooo. (18:51:16) anothy_x: oh, sorry, two. (19:00:34) mennis [n=mennis@adsl-068-016-104-079.sip.asm.bellsouth.net] entered the room. (19:08:03) gualteri left the room (quit: "leaving"). (19:18:23) ModusTolensUnite left the room (quit: "Leaving."). (20:26:38) newmanbe [n=btdn@138.74.131.25] entered the room. (20:37:11) sqweek: iirc i got into the live cd that way, but installation hung (20:37:19) sqweek: until i shifted the cd over (20:40:00) anothy_x: it would be nice to know what the actual problem was. i've done several installations on systems where the CD wasn't secondary master. (20:59:56) megaboz [i=none@201.80.224.34] entered the room. (22:28:48) uriel: 16:45 < anothy_x> and the big, tricky, insider knowledge is that you have to type in *one friggin string*. (22:28:52) uriel: *wrong* (22:28:55) uriel: it can't be done (22:31:27) C-Keen: I also have a machine here that would not boot with the cd rom attached anywhere else despite giving it the right sting for 9load (22:31:55) C-Keen: but only that particular machine, others do boot from other positions (22:32:09) C-Keen: I dunno and I don't want to find out (22:51:37) hotaru2k3 [n=hotaru@cpe-24-29-193-226.neo.res.rr.com] entered the room. (23:55:38) mennis left the room (quit: Remote closed the connection). (23:55:54) mennis [n=mennis@adsl-068-016-104-079.sip.asm.bellsouth.net] entered the room. (23:57:43) hotaru2k3 left the room (quit: Nick collision from services.). (23:57:45) hotaru2k3_ [n=hotaru@cpe-24-29-193-226.neo.res.rr.com] entered the room. (23:58:19) hotaru2k3_ left the room (quit: Client Quit). (23:58:53) hotaru2k3 [n=hotaru@cpe-24-29-193-226.neo.res.rr.com] entered the room. (00:29:13) mennis left the room (quit: Read error: 104 (Connection reset by peer)). (00:47:07) hotaru2k3 left the room (quit: "ChatZilla 0.9.84 [Firefox 3.1b2/20081201080242]"). (00:53:04) KillerX [n=anant@gentoo/developer/KillerX] entered the room. (01:08:35) underspecified [n=eric@softbank220043052007.bbtec.net] entered the room. (02:20:03) mycroftiv left the room (quit: "leaving"). (02:33:32) KillerX left the room (quit: ). (02:33:50) KillerX [n=anant@145.116.230.32] entered the room. (02:34:20) KillerX left the room (quit: Client Quit). (02:35:22) KillerX [n=anant@gentoo/developer/KillerX] entered the room. (02:37:31) KillerX left the room (quit: Client Quit). (02:40:36) KillerX [n=anant@gentoo/developer/KillerX] entered the room. (02:41:30) KillerX left the room (quit: Client Quit). (02:43:33) KillerX [n=anant@gentoo/developer/KillerX] entered the room. (02:45:40) KillerX left the room (quit: Client Quit). (02:47:56) KillerX [n=anant@gentoo/developer/KillerX] entered the room. (02:50:06) KillerX left the room (quit: Client Quit). (02:50:14) KillerX [n=anant@gentoo/developer/KillerX] entered the room. (03:11:29) KillerX left the room (quit: "http://www.kix.in/"). (03:11:40) KillerX [n=anant@gentoo/developer/KillerX] entered the room. (03:18:51) KillerX left the room (quit: "http://www.kix.in/"). (03:18:59) KillerX [n=anant@gentoo/developer/KillerX] entered the room. (03:47:33) KillerX left the room (quit: "leaving"). (03:47:42) KillerX [n=anant@145.116.230.32] entered the room. (04:00:54) hotaru2k3 [n=hotaru@cpe-24-29-193-226.neo.res.rr.com] entered the room. (04:12:48) KillerX left the room (quit: "http://www.kix.in/"). (05:40:23) underspecified left the room (quit: ). (06:59:55) underspecified [n=eric@isa7-dhcp-116-127.naist.jp] entered the room. (08:14:36) underspecified left the room (quit: ). (10:05:55) underspecified [n=eric@isa7-dhcp-116-127.naist.jp] entered the room. (10:24:18) underspecified left the room (quit: Read error: 113 (No route to host)). (12:41:01) underspecified [n=eric@isa7-dhcp-116-127.naist.jp] entered the room. (12:49:25) te left the room (quit: Read error: 110 (Connection timed out)). (13:05:57) te [i=tao@gateway/shell/blinkenshell.org/x-864e6a8b05ee3065] entered the room. (13:17:04) gualteri [n=unknown@crespins.disca.upv.es] entered the room. (14:11:25) hotaru2k3 left the room (quit: "ChatZilla 0.9.84 [Firefox 3.1b2/20081201080242]"). (14:34:34) underspecified left the room (quit: ). (14:45:56) hotaru2k3 [n=hotaru@cpe-24-29-193-226.neo.res.rr.com] entered the room. (15:03:57) hotaru2k3 left the room (quit: "ChatZilla 0.9.84 [Firefox 3.1b2/20081201080242]"). (15:44:59) underspecified [n=eric@softbank220043052007.bbtec.net] entered the room. (17:12:05) powerman: maybe I'm doing something wrong... :( (17:12:25) powerman: I wanna restart emu in case some of running services failed. (17:13:23) C-Keen: while /bin/true; do emu -r $inferno_root;sleep 1;done? (17:13:28) powerman: So, I run all services from this script: (17:13:28) powerman: pctl newpgrp (17:13:28) powerman: echo exceptions notifyleader > /prog/^${pid}^/ctl (17:13:28) powerman: rescue '*' { shutdown -h } { (17:13:28) powerman: service1 & (17:13:28) powerman: service2 & (17:13:28) powerman: service3 & (17:13:28) powerman: pause (17:13:28) powerman: } (17:14:04) powerman: C-Keen: yeah, but emu should die first :) (17:16:40) powerman: If these services will not pctl(NEWPGRP) and will not "just exit", then this script should work reliable and kill emu on any exception unhandled in these services. (17:16:41) anothy_x: that looks fine. what're you missing? (17:17:25) powerman: if that looks fine, than this is a bad news. because of another race in inferno: http://code.google.com/p/inferno-os/issues/detail?id=161 (17:17:56) powerman: I hoped it just my mistake, that will be good news. :-/ (17:18:30) powerman: Because it's ease to fix that for me than wait until Charles will fix another race. (17:23:24) anothy_x: i'm not sure; i admit to not having used exceptions much (i guess i'm a traditionalist in that regard). (17:23:33) anothy_x: still, let me take a look. (17:24:39) powerman: In last comment (#3) there example when 1) exception handling block doesn't executed; 2) shutdown doesn't work even after rescue block. so there no reliable way to shutdown emu on unhandled exception at all!! at least - this way. maybe same code in limbo will work... (17:27:28) powerman: anothy_x: only reason why I love to use exceptions (but only for errors, not for flow control, of course) is guarantee there will be no unhandled errors (app either handle that error or die). (17:30:12) anothy_x: i guess, but they mess up logic flow too much for my mind. (17:32:52) sqweek: not so different from multiple returns (17:33:12) sqweek: ... except that multiple returns are explicitly visible within a function (17:33:45) anothy_x: and you know that the only place they can be handled is in the caller. (17:34:54) powerman: actually in usual app only few (if any at all) errors are not fatal and should be handled, in all other cases it should die anyway. so switching from if(x==nil) after each function call to exceptions usually mean code become smaller and cleaner - a dozens of if's replaced by one/two exception catching constructions. (17:34:54) powerman: as for multiple returns - that probably not the case suitable for exceptions because it's more like flow control than error (17:36:13) anothy_x: is the reduced code in comment #3 enough to trigger the error, more or less reliably? (17:36:23) anothy_x: and what do you do, stick that in a shell file and run that? (17:36:42) anothy_x: i've not yet reproduced it on Plan 9. (17:36:55) anothy_x: (incidentally: emu in 9vx is... not snappy) (17:37:59) powerman: yeah. to both. put it in script "m" and do $ echo m | emu (17:39:05) anothy_x: er, "echo $m | emu" ? (17:39:14) anothy_x: or "cat m | emu"? (17:39:19) powerman: no. $ is sh prompt sign (17:39:25) powerman: echo m | emu-g (17:39:32) C-Keen: echo? (17:39:40) anothy_x: oh, i see. right. (17:40:15) powerman: if it works as it should, script m will kill emu and I just press Up+Enter (you know, history in bash which we don't have in emu's sh :)) (17:40:44) anothy_x: who wants history in a shell? (17:40:45) anothy_x: ick. (17:40:46) powerman: if it failed then emu doesn't return (17:40:48) powerman: :) (17:41:29) powerman: I want easy way to repeat one of previous commands. Call me luser then. :) (17:42:53) anothy_x: i have an easy way to repeat previous commands: my mouse works fine. ;-) (17:45:25) powerman: ok, here is more reliable way to reproduce this bug: (17:45:37) powerman: while :; do emu-g sh -c "ndb/cs; bind '#U*'/home/powerman/inferno /tmp; /tmp/m"; done (17:46:37) powerman: ndb/cs executed only to demonstrate not working shutdown - without it emu will exit even when this bug happens just because no other processes left (17:47:19) anothy_x: i'm running this; i'll let you know how it turns out: (17:47:20) anothy_x: for (i in `{seq 1 100}) {echo BEGIN RUN $i ; echo /usr/a/bin/sh/emuerr | emu ; echo END RUN $i ; echo} (17:47:53) soul9: if you guys are talking about hanging emu processes that don't exit, i have had that problem too (17:48:16) powerman: when you go your way you execute /lib/sh/profile and other setup which may affect environment (17:49:01) powerman: so better try my example with emu sh -c "..." (17:51:28) powerman: soul9: we're talking about some race which result in non-working rescue block and ignoring shutdown -h (17:51:43) soul9: wow (17:51:45) soul9: ☺ (17:51:48) anothy_x: a good point. it also makes output easier to compare, without the vaiability of where the "; " happens to be printed. (17:52:27) powerman: soul9: wow? no, it's more like uriel's FUD :) (17:53:56) anothy_x: constructively diagnosing errors is not FUD (17:54:07) soul9: wow doesn't cause FUD, it's just a statement trying to express that i don't really understtand what you're talking about, but a nonworking shutdown -h sounds bad ;-) (17:54:40) anothy_x: hrm. running it that way causes my loop to exit. (17:54:48) anothy_x: that's an unexpected difference. (17:56:31) powerman: the FUD happens anyway, because in my experience Charles really fast fixing simple errors like typo on man page... unlike race conditions. and such bugs not fixed for months/years made it _much_ complex and risky to use inferno in production (17:57:42) anothy_x: but if it's precise and accurate, it's not FUD, it's a realistic assessment of the state of things. no U, reduced D. F is questionable, i guess. (17:59:30) powerman: I love inferno, I wanna use it, I have power to decide is we'll use it in our project or no... but I also only responsible person for project's reliability. And to be honest it's very hard to made this decision. Each time I trying something non-trivial I found race. That's not FUD, it's my own statistics. (18:00:28) powerman: From other view, it's really hard to find time to play with inferno if I can't use it in daily work. (18:00:45) powerman: eh... (18:00:48) anothy_x: i agree. like i said, finding real problems and diagnosing them is not FUD. (18:01:02) C-Keen: that's usually how software projects get pushed ahead :) (18:01:30) anothy_x: i'm not sure if it helps or hurts, but it might be useful to realize that some parts of inferno are more mature than others (and which parts aren't well documented) (18:02:20) powerman: C-Keen: to push it ahead somebody should support this project - i.e. fix these race bugs quickly (18:02:48) powerman: sadly, but I'm not a C programmer and can't fix it myself in reasonable time (18:02:55) anothy_x: in particular, parametric polymorphism was added to limbo very late, and i don't believe it's well-exercised. exceptions were very much redone in the most recent release, enough that they probably qualify as "new". in my experience, charles doesn't program in that style (nor do most users), so if i were to guess, i'd expect them to be less exercised, too. (18:03:53) anothy_x: well, anyway, i don't know why the rc loop exits on plan9; it isn't in rc on OS X, so i'm trying it there. (18:04:00) anothy_x: (emu's worlds faster, too, which means testing will go better) (18:04:34) powerman: "charles doesn't program in that style" - they why I see all these small nice 'raise' words in cmd/listen.b? (18:05:53) powerman: it's ok for me to avoid using exceptions in my code, if that's important for reliability (18:06:06) anothy_x: good question. maybe he's "coming around" - i haven't really worked with him in years. or maybe someone else did those (back when there were more full-time VN people) (18:06:59) powerman: there 1461 'raise' in /appl/ (18:07:01) anothy_x: test complete. every run looks like this: (18:07:02) anothy_x: BEGIN RUN 3 (18:07:02) anothy_x: start (18:07:02) anothy_x: end (18:07:02) anothy_x: start2 (18:07:02) anothy_x: OOPS: fail:some error (18:07:03) anothy_x: END RUN 3 (18:07:09) anothy_x: this is on OS X> (18:08:04) powerman: if there exists "OOPS:" line then this bug doesn't happens and everything is ok (18:08:27) powerman: maybe this is linux/pthreads-specific issue (18:14:18) powerman: anothy_x: I've just reproduced it on MacOS 10.4.8 (18:14:39) anothy_x: what do you get? (18:16:48) powerman: vmware-mac:~/inferno powerman$ MacOSX/386/bin/emu sh -c 'ndb/cs; /tmp/racebug' (18:16:48) powerman: OOPS: fail:some error (18:16:48) powerman: shutdown... (18:16:48) powerman: vmware-mac:~/inferno powerman$ MacOSX/386/bin/emu sh -c 'ndb/cs; /tmp/racebug' (18:16:48) powerman: sh: 7 "Pause":killed (18:16:48) powerman: shutdown... (18:16:48) powerman: [here it hangs] (18:17:15) powerman: file /tmp/racebug is same as in http://code.google.com/p/inferno-os/issues/detail?id=161#c3 (18:20:14) powerman: i.e. I run it just two times and it failed on second. lucky me, don't have to write loop in macos shell :) (18:26:01) powerman: anothy_x: anyway. main goal is solve my task. if you've ideas how to reliably shutdown emu when any one of several running services failed in another way, working around this bug - it's acceptable for me. I wanna move, and don't stick on each such bug, if that's possible without making my code less reliable. (18:26:44) powerman: maybe run separate script which will check pids of other services... :( (18:26:54) powerman: it even sounds ugly (18:29:43) ***uriel sighs (18:29:56) uriel: FUD or not, there is a word for this: depressing (18:30:25) uriel: and I didn't notice charles taking days to fix typos in man pages, I reported a considerable bunch months ago, and afaik they are still not fixed (18:30:30) uriel: (I even provided a patch!) (18:32:03) powerman: uriel: probable problem in a "bunch" (18:32:44) powerman: if they'll be reported one-by-one, next after charles will fix previous, chances to get quick fixes from him are much higher (18:33:20) KillerX [n=anant@gentoo/developer/KillerX] entered the room. (18:45:51) powerman: anothy_x: another interesting fact: if I replace line "pause" with line "pause; sleep 1" - bug disappears. but if I use "pause; echo 1" - bug happens (18:47:30) powerman: it looks like race triggered by exiting from main sh block (which start services and do pause) (18:49:15) KillerX left the room (quit: "http://www.kix.in/"). (18:50:49) KillerX [n=anant@gentoo/developer/KillerX] entered the room. (18:55:27) gualteri left the room (quit: "leaving"). (18:58:26) powerman: is it possible to 'switch off' notifyleader? (19:05:29) anothy_x: what do you mean? (19:08:54) powerman: maybe it there happens second exception, after leaving rescue block or when in rescue block while handling first exception... if notifyleader will be switched off before entering rescue block it may change something (19:09:39) powerman: because symptoms of that 'hang' are same as when initial sh (pid 1) exit leaving ndb/cs running (19:10:30) powerman: if sh killed while executing this script (i.e. before it run shutdown), then it will looks exactly like it looks now when hangs (19:36:59) powerman: anothy_x: emu-g sh -c "ndb/cs; { read >/dev/null; shutdown -h }