[Global Notice] Hi all. We're working on the problems with Tor abuse. We ask that you only ban "*@tor/session/*", rather than adding a global ban on "*@tor/*" . Freenode continues to support the Electronic Frontier Foundation's Tor project and will work on ways to filter out the abuse without causing problems for legitimate users.
[Global Notice] Our policy on Tor is here: http://freenode.net/policy.shtml#tor
[Global Notice] Clarification: we definitely don't recommend you ban tor nodes if you can avoid doing so; if you do need to, we recommend you quiet them (+q instead of +b). And we recommend you make those quiets temporary. Please be aware: there are a number of legitimate Tor users on the network. Thanks!
jmkasunich_ is now known as jmkasunich
you're just the one I'm looking for
could you add cvs.linuxcnc.org to dns please?
sure -where do you want it to point?
or do you want me to set up CVS on dreamhost?
just an A record
nope, it's already done
we looked in the dreamhost documentation and there were some real limitations
ok - I know anonymous access was one of them
now all I have to do is remember my password
* cradek crosses his fingers
yay - found it
have I mentioned recently that I can't type on laptop keyboards?
yay, thank you
by tomorrow maybe it'll work everywhere
I take it SF has stayed crappy?
we've decided to roll our own (it's up, have a look at the new cvsweb)
will do. it hasn't made it here yet
click one of the graphics next to a filename
( 2006-04-03 14:04:56 - Project CVS Service ) As an update to the 2006-03-30 CVS outage, our current estimate is that CVS services will be back online (developer access) late Tuesday or early Wednesday (Pacific Timezone).
you'll have to use the IP right now
SWPadnos: are you back from your trip now?
meanwhile they have another server failed (statistics, no big deal)
nope - I'm in San Jose right now
today is the first day, actually
cool, instead of clicking slowly through four levels of directories (whose names you know perfectly well), you can just type the path and go to it
on the revision graph, clicking on a node gives you that version/log, clicking on the line between two nodes gives you the diff
clicking on a branch gives you ... well, you can guess
that's pretty cool
and it's synchronized with devel cvs now, so it will actually be useful
does this use apache to serve the pages and cgi / cvsweb to build them? or does cvsweb have a built in webserver?
it is a cgi script that apache runs
so you have a general purpose webserver there (if we think of anything usefull to do with it)
I just noticed the "Download this directory in tarball" link... cool!
yeah, that'll be great
you can go to a tag, and get that tarball too
so we can just link to up-to-the-second HEAD and TESTING tarballs from the website
is cvs on that machine? (or, how is it synchronized with devel CVS?)
yes cvs is on it
we will no longer use sf at all
the web and the developer cvs run off the same repository, right?
instant updates on the web when you commit
and instant tarballs for users
so we'll have to do new checkouts from this server
SWPadnos: I sent a couple mails to the devel list earlier today
ok - I'm not getting list emails here - they get removed from the webmail server by mi machine at home
the webcvs is obviously up
what the status of developer cvs?
working on adding the first user now (me)
when I get your public keys I can add you right away
I guess I should generate a ssh key
hmmm - keys
don't got none neither
I haven't done keys on ubuntu yet
ssh-keygen -t rsa
then send me .ssh/identity.pub
or whatever the pub is called
if you have more than one key (several machines) send them all
do you need separate ones per machine>
that's up to you
you can copy around your .ssh directory if you want the same key everywhere
ok - so they're portable of you want to
have I mentioned recently that I hate laptop keyboards?
just saw a funny FedEx commercial
a caveman walks into a cave, adn says "the package didn't make it"
(subtitled, of course)
he eventually gets fired, and sulks out of the cave
then he kicks a little dinosaur
then he gets stomped on by a giant dinosaur foot :)
my key is on the way
of course if it takes as long to get there as your mail did to get here, add me tomorrow
got it already
well - I think my battery is about to die. if the DNS doesn't update, drop me an email
see you later
you're welcome. good night
jmkasunich: cvs -d:ext:firstname.lastname@example.org:/cvs co emc2
that's all there is to it
ok, lets talk farm
it won't be committing, only reading
is there anon cvs?
replace jmkasunich with anon
does it need a key?
so the farm can check out that way
and in some hours, we can replace 22.214.171.124 with cvs.linuxcnc.org
I think I'll wait for that before I do the farm checkouts
hmm, the checkout stopped....
had to blow the dust out of the net probably
you could try cvs -z3 to get compression
duh, I always do that (except this time)
I'll let it finish
yeah, it's only slow the first time
tomorrow we can talk about getting the backups set up
yeah I have to work on that some more
I installed apache etc already
I noticed that you logged in a couple times, have you started setting stuff up?
are you taking notes?
ideally other folks should be able to set up backups without dumping all the work on you
and theres that bus issue....
yeah I suppose so
I'll document it as much as necessary (most is normal setup: apache, cvsweb, etc, that I don't need to document)
but I will document everything I did that's "creative" (nonobvious)
normal is relative
ask on the dev list how many folks have set up apache, and I bet you get less than 5 hands raised
maybe lots less (like 1)
well it's not going to be boilerplate, you'd need a unix-guy to do the work
apt-get install apache
that part I can do
twiddle some config files, searching google if necessary
not rocket science...
the kind of stuff I muddle thru, taking a weekend to do what you do in an hour
Checking in NEWS;
/cvs/emc2/docs/NEWS,v <-- NEWS
new revision: 1.14; previous revision: 1.13
but I understand, its hard to spell it out in painstaking detail
[04:09:46] <cradek> http://emc/cgi-bin/cvsweb.cgi/emc2/docs/
Age: 19 seconds
err you'll have to fix the url of course
you lie, its 76 seconds
click on the graph image next to NEWS
did, looking at the diff now
you clicked on the line between the last two rectangles?
I think that's just the coolest thing
- adressing hardware drivers, and allows fir simple configuration
+ addressing hardware drivers, and allows fir simple configuration
"fix lots of spelling errors" ;-)
new revision: 1.15; previous revision: 1.14
so, CIA and commit list tomorrow?
possibly, or wednesday if I'm as swamped at work as I was today
usually I have some time
I'm really tickled that its this far this soon
me too, I'm really happy with the setup
is it reasonable to rsync things like apache and cvsweb config files?
I'll wait to announce it to the list until the dns works (early tomorrow, I hope)
yes probably so
(so setting up backup servers is simpler, and they benefit from any changes you make)
I wonder about syncing the system passwd files - I'll have to check into the nitty gritty of that.
I think you can sync master.passwd, and then run pwd_mkgen or whatever it is to generate the databases
the system password files won't be exactly the same anyway
well that's an issue I'm not sure how to solve
for instance I have an account on this box, but not yours (and don't need one there)
each developer has an entry in the system passwd file
every cvs user needs an account on the box, right?
yes but the cvs accounts are very restricted
I wasn't thinking, I thought cvs passwords were part of the cvs sercer
but basically, users log into the _box_, not into cvs, then they access cvs
there's no such thing as a cvs password (except with pserver, which is insecure)
so commit messages get sent from their account on the box, etc
with this setup, their system login only lets them do one thing: run cvs
that sounds good
hmm, commit messages might be a trick, since it's chrooted
but will probably complicate things like the commit list
that might be a little tricky. I'll rig something up.
what did you wind up using for a box? old laptop?
did you try a commit yet?
you want me to test it?
not necessary, I committed something, and we're about the same
alex has some outstanding changes to hal_intro.lyx, after he commits I'm gonna do some editing on that
ok, I haven't set up his access yet, I'll do it now
what version of cvs are you running?
Concurrent Versions System (CVS) 1.11.17-FreeBSD (client/server)
once you figure out how to send mail, CIA should be easy
there's a perl script
Petr Baudis has written the definitive CIA client for the Concurrent Versions System, ciabot_cvs.pl. It is written in Perl, sends its commits over e-mail or XML-RPC, and even supports a simple system for client-side filtering of unwanted messages.
well yes and no
it's chrooted, so nothing is easy
qe es chrooted?
I may sadly have to install perl in the chroot
a "sandbox" where the only program that exists is cvs, and the only data that exists is the cvs repository
almost but not quite a qemu?
same amount of security without the complexity of emulating a computer
reading wikipedia article
links to an article about setting up a chroot jail for CVS ;-)
cvs is a very good use for chroot jails
so when a cvs user logs in, they log into the jail?
they log into the system and run "cvs" but that's actually another program that chroots and then runs the real cvs.
[04:34:32] <jmkasunich> http://www.ffnn.nl/pages/articles/linux/setting-up-a-chroot-jail-for-cvs.php
little late now, but maybe handy anyway
they use sudo and bash scripts
what did you use?
one setuid c program that calls chroot()/setuid()
a prog you wrote?
I found it somewhere, but it's easily auditable - only a few lines of C
I wasn't thinking of auditing, I was thinking of preservation/backup
gotta save that prog
seems wasteful to have to copy over the binaries
but I guess you don't want symlinks out of the jail to the real programs
symlinks can't point outside the jail, since your / is changed
when we have conversations like this I feel really stupid
that's the point - the rest of the filesystem disappears
we'll have to talk about motor drivers someday then
thanks, I feel better now ;-)
seriously tho, its that "before, I thought I knew stuff, now I know how much I don't know"
which probably happens to anybody who strays outside their area of expertise and talks to a real expert
(real expert in another area, one they know superficially)
I think that's true
(though I'm not sure I'm a real expert)
probably pretty close for this kind of thing I guess.
well in anything there is a hierarchy of experts
you're several steps above me, even if not at the top
and thats enough to induce "now I know how much I don't know" ;-)
I felt good doing that iptables stuff last night tho!
yes that can be complex stuff
I got thrown off by bad (outdated) info on the web
ok I have set up anon, alex_joni, cradek, jepler, jmkasunich - these are all the folks I have keys from so far
you need root to add a user right?
so right now, _you_ have to do it
dunno how you feel about sharing that
how many developers do we add a year?
but at a minimum you should share the list of steps that are needed
I'm not thinking of workload
I'm thinking of single point of failure
documentation + backups fixes that
"list of steps" = documentation
and the worst that happens is "the future team" (those not hit by buses) has a cvsroot and they have to find somewhere to host it - exactly our situation yesterday
hell if they're desperate they could send it to sourceforge
except I think nobody else on the team could come close to what you've done in the last couple days
then they'd be looking for which hosting service to pay
if we went to a service all we'd really need is the cvsroot backup?
same as we got from sf
(I guess we'd have to re-enter user lists and such as well)
sure, using whatever scheme the hoster uses (passwords maybe)
I like my public key scheme, were nobody knows anybody else's password, and no passwords are ever sent over the net
re the CIA script:
It should be noted that the more complex and larger a program gets, the more support files it will use. For example, perl requires a very large number of files and directories to work within a chroot()ed environment - 2610 files and 192 directories for a reasonable installation.
currently 6 files in 3 directories
maybe theres another way
there'll have to be
I haven't looked up the commit list scripts
it might be possible to pass the commit list message thru the CIA stuff outside the jail
user in jail commits and that results in a message being sent
script outside jail is on the cc, and processes the message into cia format, then forwards to cia
it's true the outside world could poll the jail
(that assumes the commit list script doesn't use perl)
I'll come up with something - probably not immediately though.
I imagine some form of backup (not neccessarily a backup server) is higher on the list
as soon as there are commits, yes
just a backup of cvsroot
how hard would it be to set up a cron job on cvs2 to rsync the cvsroot (nothing else, no apache, no cvsweb, etc)?
"do it tonight" trivial, or "do it tommorrow" trivial?
at midnight nothing is "do it tonight" trivial
I'm doing a rsync to my home machine
we still need backups though, rsync isn't enough. we'll have to figure that out.
sounds like something for another day
well it's another day now
you've done a ton these last couple says
but maybe later today
yes, I agree :-)
1am here, I'm going to go to bed early tonight ;-)
I got motors running with m5i20 last night.
Thanks. I really can't say that I like the pid much.
emc2's pid, or something inside the m5i20?
This is only my second tuning effort with it.
I see that we have work to do on the new cvs.
We need to get a note out to all developers regarding testing of all the configs.
rayh: did you run into problems with cvs.linuxcnc.org?
what happened to "emc_log_isopen" in emcsh?
oh -- you said "we still have work to do"; I wondered what you meant.
Seems to be working okay here.
Ah there were a number of errors in the configs when the system was last saved.
I'm trying to work my way through those now.
What should we do with stepper-xyza? It raises these errors on my setup.
EMC2 - Prerelease CVS v2_0_branch
Machine configuration directory is '/home/rayh/emc2/configs/stepper-xyza/'
Machine configuration file is 'inch.ini'
ERROR: could not find thread: 'THREAD (null)'
ERROR: could not set horizontal multiplier: 'HMULT 1'
ERROR: config file '.scope.cfg' caused 2 errors
Can't execute DISPLAY program /home/rayh/emc2-v2_0_branch/bin/axis
I swear I fixed that
DISPLAY = axis
you didn't ,)
ERROR: could not find thread: 'THREAD (null)'
or is that just because it's exiting?
exiting, not exciting
rayh: if you don't have axis, try it with a different gui
What I was wondering is if we wanted to leave that.
Will all installed versions have Axis?
all ubuntu users will have an up-to-date axis
I am a ubuntu user and I guess I don't.
Or is this an enable-run-in-place thing?
I mean the people using the release packages
Ah is that possible to fix?
yes, untar the axis source in emc2/src, and it will do the right thing automatically when you use run-in-place
then you have the source in your rip setup, just like for emc
If you want to check in a change so it doesn't run with axis, that's fine by me
No my only concern was that we make as many of the configs run as possible.
What I was meaning to ask is can the config program be made to setup axis as well as the rest of emc for rip.
Or use a global variable for the installed location of it.
yes, it does that today, when you just put the source there for it to find
We are talking past each other.
This pc has a full install of testing that is up to date.
It also has the extra packages that you provide for devel
I have not tried it but I'm guessing that Axis will run on the deb package.
right, it does
here's my thinking: if you want to run emc as a developer (rip) you get the source and build it. If you want to do the same with axis, you do the same (get the source and build it)
Sure it's there. Now what I'd like to do is make that same system automagically available to run in place folk.
If you want to build a copy of axis at the same time you build emc2 --run-in-place, you can do that
That is not my thinking at all.
There will be many integrators who develop their system in place cause the other is so damned hard to find and make available for editing.
and untar it in emc2/src
No we are still on parallel tracks.
in emc2/src run ./configure
it will detect axis source
I would like it to be there regardless of where I'm running emc from.
when run you 'make' it will install axis "in place" as well
rayh: I have only heard that from you. Perhaps there is a documentation bug.
No this is a configuration and run issue
rayh: you cannot convince me that getting cvs and compiling emc is somehow easier than copying a sample config to your home directory.
are we talking about axis, or are we talking about config files?
Have you tried to do that. As a user you can't unless you sudo.
rayh: also, without an installed system, you don't have easy access to the man pages, another thing vital for understanding the system.
rayh: that's incorrect.
And having copied it all there you have to chmod in order to edit.
rayh: that's also incorrect.
I tried it last night on the phone with a friend.
mkdir -p ~/emc2/configs; cp -R /etc/emc2/sample-configs/stepper ~/emc2/configs
And you could NOT drag a copy of m5i20 out of etc.
now you can edit your sample config.
Right and I'm going to tell them to type that into a terminal.
NB I have not tried it with any gui tool.
Why not a button on picker that does it like l had originally.
Right and it does not work with a gui tool
how do they compile emc for rip without typing?? again that can NOT be easier
sure it is.
except for that damnably long ./configure --enable-run-in-place
but those are english words that I can use over the phone.
I'll try this with the gui.
* alex_joni uses mc all the time, and doing that is trivial in mc
In the mean time, is there a link to the existing Axis that I can sim to make it work with a rip.
Right and now I've got to teach them to use mc as well.
rayh: no you don't ..
I think we are rapidly retreating from any sort of tillie izing.
I just told you what _I_ am confortable with
* rayh would be comfortable with a copy button on the picker.
I used mc a lot with BDI. There was no other good way to do some things.
mc is not a part of a stock ubuntu release.
no, but it's in universe, so you can apt-get for it
I see that. But still we are talking major extra steps for a Ubuntu installer/user.
Maybe that was to strong a word.
ok jepler copied and edited a sample config using the gui. he will put instructions on the wiki.
remember if you use rip, you lose all benefit of the auto updates, so you'll have to help each customer every time there's an update.
our test shows the permissions work out fine by default and sudo is not required.
[18:39:32] <cradek> http://wiki.linuxcnc.org/cgi-bin/emcinfo.pl?CustomizingConfigsOnUbuntu
Okay works here. Not the drag and drop solution I was imagining for folk who are accustomed to that.Only issue I see with it is double click
double click is an issue?
Some like me turn it off.
And it is possible to double click and get where you don't get where you really want to be.
really dont ...
fwiw, control+drag copies
drag only tries to move the sample folder, which is not what you want (and you don't have the permissions necessary to remove it)
so if you want to drag, hold down control
Okay. Proves I'm never to old to learn.
so you will start using the packages for customers?
btw ln -s /usr/bin/axis in the emc2/bin dir works to make axis available
that often will break, because they may not match (the canon API)
for instance if you do that today, and load a program with G33 in it, axis will give an error, even though the program will run fine
so I do NOT recommend that practice. if you need RIP for development, you should have axis source too, and compile them together
that gets back to what I was talking about earlier. If you want help setting up axis 1.3 so it automatically builds with emc2 we can talk about that
(it's still an extra download and untar, though)
I wasn't suggesting that I wanted that ability. I was suggesting that we wanted that ability.
we have it, but it sounds like you don't know how to do it, that's what jepler is offering to help with.
it's not well-documented yet, and it doesn't work with axis 1.2.
untar axis-latest.tar.gz inside emc2/src, and re-run configure
it automatically builds axis into emc2/bin, emc2/share
(well, the subsequent "make" builds axis)
cradek: does mailing to emc-commit work?
alex_joni: I don't have that set up yet
cradek: the new cvsweb.cgi is really great
thanks, I really like the graphs
yeah, one thing though.. (minor rant), could it be configured to display the newest version on top, and the oldest on the bottom?
in the graphs I mean
of course, only if there's an option for that, wouldn't want you to go recoding anything
there are a lot of options
what was the lyx incantation for ubuntu?
apt-get install lyx-foo?
pretty sure I just did apt-get install lyx
hrmm.. from universe?
I turned the graph over, not sure I like it, but we'll try it for a while
I'm not sure where it came from
it's not found without universe/multiverse
I'm 90% sure that's all I did
did you apt-get update?
yeah, but you probably already had the universe/multiverse enabled from /etc/apt/sources.lst
I didn't read it right
yes I probably have those enabled
it's probably a sane thing to do
For lyx to complete the job of processing words, it needs several other packages which is why I started that wiki page.
apt-get install lyx seems to work here
I can edit the lyx files now
but I probably lack imagemagic for the pictures
The lyx install worked fine here as well.
By editing the preferences you can get it to show pdf with evince.
Although that is not one of the default pdf viewers that it looks for.
Again I'm thinking within the ubuntu stuff.
ok, I'll worry about learning to edit for now :)
and converting to pdf later :)
cradek: I am missing CIA :)
but I know you're working on it :P
don't mean to stress you..
nah, you're not a cause of stress
I intend to get the commit mails working first, then tackle CIA
I think the mails are more important
are you aware of CVSSpam ?
just googled around and found it.. seems VERY capable
no, I haven't looked that far, still trying to get outgoing mail from the chroot
here's an example of what it can send:
[20:32:45] <alex_joni> http://www.badgers-in-foil.co.uk/projects/cvsspam/example.html
* cradek 's eyes cross at the pastel colors
HTML e-mails? No thanks.
I want a udiff, nothing else
I'm with cradek
and the log message
though links into the web interface are a nice plus
cradek: (those are in the axis commits, aren't they?)
yes that would be nice
I don't know, I must never use them
[20:34:20] <alex_joni> http://www.badgers-in-foil.co.uk/projects/cvsspam/example-simple.html
it also can look basic enough
yay, a udiff
now if you remove the colors, it'd be perfect
and send it in ascii, of course
and use text instead of html
alex_joni: seriously, thanks for looking, but I hope there's something simpler
and not HTML
then maybe this helps: http://www.bpfh.net/simes/computing/chroot-break.html
cradek: seriously now: http://axljab.homelinux.org/Chroot_with_sSMTP
A very important aspect of writing secure code is the principle of "least privilage".
e-mail is working now; it's the perl-based CIA code that's the problem now.
another slightly important aspect might be the principle of "least privilege".
jepler_: you speak too soon
unless if by working, you mean almost working
(and why was there such a delay between "working now" and "right?")
anonimasu: you know .. the kind that we're mandated to have because the source originally came from NIST.GOV?
there are quite a few cvs mailers here.. (Related software) http://www.badgers-in-foil.co.uk/projects/cvsspam/
jepler_: the CIA stuff is not that old
[21:06:19] <alex_joni> http://cia.navi.cx/doc/clients
alex_joni: I was trying to string anonimasu with a worrying story that it had something to do with the US government .. sorry if it didn't work as a joke.
lol, ok ;)
the stuff that needs to be sent to CIA seems rather simple
[21:07:39] <alex_joni> http://cia.navi.cx/clients/bk/ciabot_bk.sh
I bet cradek can code/adapt that in a blink
yeah that looks pretty simple
jepler_: haha ;)
I remember what cia is now
oh that cia!
I'm not worried about the cia
it's the uncalled ss'es that worry me ;)
rayh: didn't expect that many visitors to linuxcnc.org
let me look.
Quite a few hits there.
yup, for a bit over 24h it's great
The stats are awesome. Stuff like referrer
make some interesting reading.
yeah, was browsing those too :)
BTW We are trying to figure a way into the server we talked about so you can install a wiki.
but I hope not tonight :)
* alex_joni is off to bed
cradek: Chris you about?
new revision: 1.6; previous revision: 1.5
cvs [commit aborted]: received broken pipe signal
I think he stepped away from the box for a bit.
ok... wanted to pick his brain about acad... and his realize.lsp pgm
time for an afternoon snooze here... sun is very nice to see
Snowed this morning. Nice sun in the afternoon.
we are well into spring here... had to cut grass yesterday... weeds are growing and plums tree flowers are just about done
Way ahead of us.
here, it'll be 70s tomorrow
it was nice today too
See you tomorrow.