Skill sharing session 8 (log)

(16:54:24) Alster: hi
(16:54:36) Alster: i'll be ~10 minutes late today
(16:54:46) didleth: hi
(16:54:47) didleth: ok
(16:55:04) Alster: need to eat something. you're welcome to start without me.
(16:55:16) Alster: see you then
(16:56:20) didleth: eat something you say?
(16:56:22) didleth: good idea ; )
(17:07:38) txopi: hi
(17:07:46) ***txopi is checking his email
(17:11:28) didleth: hi
(17:11:35) didleth: txopi: alster will late 10 minut
(17:11:46) txopi: ok
(17:18:47) didleth: Alster: harcesz when you are ready let us know
(17:20:12) Alster: ok, i'm back
(17:20:18) Alster: hi everyone
(17:20:39) Alster: i guess i didn't miss much :)
(17:21:37) didleth: hehe
(17:21:47) didleth: we only delete all backups of kosmos ;]
(17:21:53) didleth: *deleted
(17:22:03) didleth: so you not missed a lot of ;]
(17:22:07) Alster: rm -rf / ?
(17:22:21) didleth: i only joking :)
(17:22:33) Alster: so am i :)
(17:22:55) didleth: i probably txopi will kill me if i will do something like this, right, txopi? ;-)
(17:23:26) txopi: aaah
(17:23:34) txopi: it was a joke
(17:23:41) txopi: fufufufu
(17:23:42) Alster: and after that harcesz will kill you again
(17:23:43) txopi: :-D
(17:25:02) didleth: hehe, right ;-)
(17:25:14) txopi: harcesz is comming today?
(17:25:20) didleth: so we can beginn i belive :]
(17:28:28) didleth: https://we.riseup.net/kosmos/skill-sharing-session-8-agenda
(17:28:40) didleth: Set time constraints for this meeting
(17:28:54) didleth: what is ok for you?
(17:29:29) Alster: 19:30 is the maximum for me today...
(17:29:30) txopi: tlf
(17:29:55) didleth: txopi: ?
(17:30:13) Alster: what's the meaning of "tlf"?
(17:30:26) txopi: sorry
(17:30:35) txopi: i was talking by telephone
(17:30:43) Alster: ah ok :)
(17:30:43) txopi: let me read
(17:31:32) txopi: there is a demo right now because the only basque newspaper closed by the spanish government
(17:31:46) txopi: i agree with the agenda
(17:31:57) d3z: hi
(17:31:58) txopi: 19:30 is ok for me
(17:32:30) Alster: hi d3z
(17:32:55) didleth: hi d3z
(17:33:07) didleth: d3z is a man who help imc-pl
(17:33:08) d3z: (I'm here as a newcomer to imc-pl-tech)
(17:33:14) Alster: thats a shame abut the newspaper
(17:33:32) Alster: yeay new techies :)
(17:33:46) Dez: :)
(17:33:48) didleth: Alster: +1
(17:33:56) ***Dez steps in lurking mode
(17:34:05) txopi: welcome dez
(17:34:09) didleth: for me 19.30 is ok too
(17:34:40) Alster: dez: you're welcome to not just lurk if you like :)
(17:34:48) Dez: nice :)
(17:35:27) Alster: check out the urls in the topic for starters
(17:35:43) Alster: actually just the 8-agenda
(17:35:49) Dez: well, I have some technical background, little time, but much affinity and long time sporadic reader of ((i)) in general
(17:36:09) Dez: so I offer my sporadic help to imc-pl. 
(17:36:26) ***Dez reads the topics
(17:36:33) Alster: cool
(17:36:43) Alster: next topic? # Do we want a summary or IRC logs of this meeting? If so, who volunteers to do it?
(17:36:59) didleth: i can do it - if not today, that tomorrow
(17:37:05) didleth: well - probably tomorrow
(17:37:15) Alster: thanks didleth 
(17:37:20) Alster: # Next meeting, and who volunteers to prepare the agenda for it?
(17:37:25) didleth: (and i should give pre before logs, right?
(17:37:46) Alster: yes pre before logs and /pre after logs
(17:37:52) didleth: yhm
(17:38:05) Alster: you can just look at one of the old logs
(17:38:15) didleth: exactly i could do the agenda
(17:38:26) didleth: if i will know which new topic are needed
(17:38:40) Alster: cool
(17:39:13) Alster: we may find some topics during this meeting
(17:39:19) didleth: yhm
(17:39:29) didleth: but now - when it should be...
(17:39:31) Alster: if not, just copy from todays' agenda what we didn't make
(17:39:31) txopi: i think we should decide if the next session is going to be on saturday or not
(17:39:38) txopi: if yes, decided
(17:39:44) didleth: we were talking about this during the last meeting
(17:39:51) txopi: if not, the planner should be for next year
(17:40:24) didleth: on saturday i'm not sure or i can be - probalby not, its christmas so i will be to my family
(17:40:34) ***txopi misunderstood agenda with planning
(17:40:36) Alster: i could not take part on the 26th.
(17:41:01) Alster: (which is next saturday)
(17:41:11) Alster: i don't have to take part though
(17:41:23) txopi: ok, so we should let the next session for 28,29 or 30, or to next year
(17:41:23) d3z: uhm. I saw the logs online
(17:41:50) didleth: as i remember
(17:42:02) didleth: alster didin't want to session between christmas and new year
(17:42:03) Alster: I cannot really take part in another session before january 2nd
(17:42:23) Alster: but you'e welcome to have a meeting in the meantime
(17:43:23) didleth: the holiday from session can be a good idea - but what we will do, when in this time kosmos will be broken?
(17:43:31) didleth: so like you want txopi
(17:45:13) txopi: the teacher in next sessions is Alster 
(17:45:23) txopi: so i think we have to wait to Alster 
(17:45:31) didleth: yhm, so the next meeting is on new yera
(17:46:04) txopi: we could join between xmax and new year, but i prefer to wait until all can participate
(17:46:11) didleth: but if something wrong, for examle kosmos broke up in this time, we can go to irc and look or someone is here and make panic ;P
(17:46:13) txopi: ah ok
(17:46:36) txopi: didleth, you are right
(17:46:38) didleth: but the usual session - next year
(17:47:44) Alster: do we want to use a decider again for this purpose?
(17:48:22) Alster: if so, someone needs to set it up (ideally using the same meeting-planner document we already have now)
(17:48:51) txopi: i can do that
(17:49:11) Alster: yeay :)
(17:49:27) txopi: i will put from january 2 to january 10
(17:49:27) Alster: txopi: can you send an email to the mailing list when it's done?
(17:49:35) txopi: of course
(17:49:45) Alster: cool thanks
(17:49:46) txopi: i'll do it today
(17:50:13) Alster: any news from nadir?
(17:50:14) didleth: Server hosting (Nadir virtual server status)
(17:50:19) ***d3c have just gleaned over https://we.riseup.net/kosmos/skill-sharing-session-8-agenda and felt quite confortable with it
(17:50:32) Alster: very well d3c 
(17:50:42) didleth: no, nothing new
(17:51:10) Alster: d3c: you can /msg me if you have any questions about the agenda or stuff in general
(17:51:25) txopi: no news from nadir
(17:51:47) Alster: had you already sent the virtual server specs to them?
(17:51:58) Alster: and if so, when was this?
(17:52:28) Alster: i don't really need to know, just wondering
(17:52:37) txopi: Alster, you are asking to didleth, isn't it?
(17:52:58) Alster: txopi: everyone but occam and ChanServ really
(17:53:07) didleth: that was i send to nadir was, wait:
(17:54:07) didleth: fuck...
(17:54:20) ***didleth is triyng to remember a password to gpg ;P
(17:54:26) txopi: xD
(17:54:36) Alster: uh oh :)
(17:54:39) txopi: you send "fuck" to nadir??!!
(17:54:45) Alster: weird message
(17:55:12) Alster: your password is probably one of "123" "password" "sex" or "god"
(17:55:34) Alster: could be "fuck", too, of course
(17:55:38) d3c: gh
(17:56:21) didleth: found it ;P
(17:56:27) didleth: Hi, thanks for your kindly offert. What about RAM and Space we need - we (imc-eh and imc-pl) need at least 750 MB RAM and 60 GB disk space, but more RAM and 100 GB would be much better - in this case we could make the remote backups. Would it be ok for you? After migrating to the domU you kindly offer to us, we will start to think which are our possibilities and if we will move again  greets didleth
(17:56:41) Alster: anyway, while didleth is sweating and in pain i can just report that there is nothing new to report from tachanka, yet, but I think something will be happening until our next meeting for sure.
(17:56:42) txopi: telephone
(17:57:37) didleth: Alster: hehe, i was teached for good geeks - i don';t have so simple password ;P
(17:57:46) d3c: Alster: with "nothing new" you mean "failures", "spam attacks", "power problems", "god existence and wickedness" and such alike ?
(17:58:38) didleth: lol
(17:58:56) didleth: d3c: tachanka is the good not the bad ;P
(17:59:03) Alster: d3c: there has been no decision by the collective regarding whether or not to offer hosting to the four interested IMCs 
(17:59:36) Alster: didleth: so "securepassword" maybe
(17:59:46) Alster: :-P
(17:59:56) Alster: didleth: when did you send the email?
(18:00:00) didleth: Alster: do you want to try to broke it? ;>
(18:00:12) didleth: 11.12
(18:00:25) Alster: not really, i can think of better things to do on a saturday night
(18:00:38) Alster: oh so 8 days ago already
(18:00:52) Alster: i guess we need to send a freindly reminder then
(18:01:00) d3c: Alster: I'm really really new -- "kosmos" is a machine and there are 4 IMCs interested to be hosted on it
(18:01:35) Alster: d3c: i'll respond in /msg so we don't go off-topic here
(18:02:31) tryb (+o d3c) przez txopi
(18:02:48) didleth: Alster: do you thing my password is not secure? well, it could be better, but - all my mails are on true-crypt partition with 28-signs password
(18:03:11) didleth: i suposste the mail-contect is the only thing on my computer which is really good secured ;P
(18:04:05) didleth: maybe txopi should write now?
(18:04:14) didleth: i can write of course too 
(18:04:35) didleth: but he wanted to write to nadir before
(18:04:44) didleth: so like you wish txopi :]
(18:05:34) txopi: didleth, ok
(18:05:41) Alster: didleth: i have no idea what your password is so i cannot tell whether it is secure. i'm just making fun of insecure passwords, didn't mean to make fun of you, though I admit I may have. Sorry.
(18:05:47) txopi: fordward to me what you send previously ok?
(18:05:56) d3c: didleth: the 'default advice' regarding the choice of password is to choose them with 'pwgen' 
(18:06:23) d3c: pardon. to generate them with the pwgen utility, and to choose one of the proposed ones
(18:06:39) txopi: off-topic: information in french and english about the newspaper closed byt the spanish government http://egunkaria.info/international/
(18:08:00) didleth: Alster: no problem and no reason to sorry, i'm just a person who ...how to say in english :-/ who thinks too lot about something what someone says and thinks is about me, no reason to worry becouse of this 
(18:08:02) Alster: off-topic, too: I don't generally agree that pwgen creates secure passwords.
(18:09:03) Alster: ok didleth :)
(18:09:35) Alster: oh we can talk about the backup location on this agenda item, too
(18:09:50) didleth: well, if i can be sincere i belive the most problemy be me is that the all pc with example the mails is not secure, but this is off-topic i belive
(18:09:52) Alster: have you already had the time to discuss my offer?
(18:10:26) Alster: didleth: but definately worth another skill sharing session
(18:10:54) txopi: i send an email to mundurat.net to set the backups there
(18:11:01) didleth: well, exaxtly we didn'ty discuss this yet, but i think it would be great and we would be greatfull you for this kindly offer, right, harcesz?
(18:11:01) txopi: but i still have no response
(18:11:41) didleth: blah, with exception of mail not example, fucking ensglish
(18:12:27) txopi: Alster, i have forward you offer to 3 more people but nobody says nothing
(18:12:36) txopi: the real thing is that i'm alone here
(18:12:51) txopi: i don't think that noone is going to say nothing :-/
(18:13:11) Alster: txopi: it's not long ago, too. i was just wondering...
(18:13:24) txopi: if i understood you right, you are offering exactly what we need and for free
(18:14:06) txopi: i can accept that temporarily but i want to achieve a backup server for my own
(18:14:08) didleth: i suggest: make authoritary decision
(18:14:10) didleth: and agree
(18:14:14) txopi: you are doing too much for us!
(18:14:23) Alster: i guess if you trust me enough to grant me root access to your server you also trust me enough to run one of your possible backup locations so i can just activate the server now.
(18:14:31) didleth: (i meand we all - only no idea how to do it in english)
(18:16:44) Alster: we can continue the meeting in the meantime
(18:16:47) txopi: Alster, i trust on you to manage kosmos (with internal backups) and the mirror server, why not trust on you for the backup server?
(18:17:07) txopi: i would like if you can set the backup of kosmos there as quick as possible
(18:17:15) txopi: before finish this year
(18:17:26) txopi: it would be the best for me
(18:17:57) txopi: and then set another external backup in another place (rakentz box or mundurat.net)
(18:18:01) didleth: txopi: i'm not sure or its possible to doing this so schnell and of course i thing we should help in this how much like we only can
(18:18:19) txopi: so you don't have to put the server you have proposed
(18:18:32) Alster: txopi: I think there's no good reason not to trust someone to run a backup location for a server who already has full access to the server, unless you have reason to believe that this someone will not setup the backup location up in a somewhat security minded way.
(18:18:34) didleth: it would be not good and not kindly to ask alster to do everything alone if he offer us so much
(18:18:58) didleth: :-/ me is not understand
(18:19:12) Alster: txopi: sounds like a good plan to have two backup locations
(18:19:21) Alster: (or more)
(18:19:25) txopi: didleth, i don't understand what you told to me
(18:19:25) didleth: txopi: do you meaned you have no trust to alster?
(18:19:43) didleth: or i understand something wrong?
(18:20:06) txopi: i think is not kindly but if we lose all the data i'm afraid about what is going to happen to eh-imc, so i can't be kind
(18:20:55) txopi: i know it is not just, but i think Alster can understand me because he knows the urgent situation
(18:21:21) Alster: txopi: ah so you're declining my offer (which would be totally fine with me, no worries!)? I got it the other way so far.
(18:21:31) didleth: but - it is possible we can help in the backups?
(18:21:51) didleth: wait
(18:21:53) didleth: stop
(18:22:01) didleth: i don't understand
(18:22:06) txopi: didleth, i sais that it is obvious that we trust completely on Alster and trustness has no relation with the decission of the server proposed by Alster
(18:22:08) Alster: didleth: txopi did not say that he does not trust me.
(18:22:18) didleth: txopi: do you agree with alster proposition or note?
(18:22:32) txopi: ...
(18:22:37) txopi: i'm sorry
(18:22:44) txopi: you are talking to fast
(18:22:47) txopi: let me explain
(18:22:49) Alster: hehe, sorry to force you into this discussion here
(18:22:58) txopi: i agree on alster
(18:23:04) didleth: hehe, sorry txopi its just becousw my nort good english
(18:23:09) txopi: i have no doubts!
(18:23:44) didleth: google-translate translate not so good and i can problem to understand you and really don't know or you are yes or no for alster's proposition
(18:23:47) txopi: the problem is that Alster is helping us so much and now he offers us a server for the external backups
(18:23:51) txopi: i think that is too much
(18:24:11) didleth: yhm, I understand
(18:24:11) txopi: i fill a big debt
(18:24:25) txopi: didleth, no problem
(18:24:30) didleth: but - do we have another choise?
(18:24:30) txopi: i fill a big debt!
(18:24:43) didleth: i fill a big debt too
(18:24:54) txopi: not now :-/
(18:24:59) Alster: txopi: ah so i didn't understand what you originally said either, but I do now.
(18:25:09) txopi: Alster, ok
(18:25:11) didleth: but txopi this sam was with zapata before
(18:25:41) txopi: that's why i told that i accept the server proposed by you but just as a temporary solution
(18:25:45) Alster: there's no need to think this way. i have these spare resources and it makes hardly any difference to me whether they are used or not
(18:25:58) txopi: didleth, what?
(18:26:04) didleth: i belive, its not ok to have so much help from the people who have no reason to help us, but without their help indymedia will just nor working
(18:26:41) txopi: didleth, what you said about zapata?
(18:26:48) txopi: so:
(18:27:11) txopi: i accept your offer Alster
(18:27:30) didleth: i mean: it would be great to not give so much work to alster, thatwhy i suppose if we can help in backups etc. - but there is no another people who can help us
(18:27:41) txopi: i'm not going to ask to the other people in my imc, because they don't understand almost anything
(18:27:54) txopi: i will explain all after doing the changes
(18:28:07) didleth: if we would find another server for backups - great, but for this time we don't have any
(18:28:16) txopi: but i will continue trying to find another backups server
(18:28:35) txopi: do i explain myself now?¿
(18:28:40) didleth: sorry if that what I say is unkindly to Alster, i didn't want it sounds like this
(18:29:10) txopi: i say the same!
(18:29:43) txopi: my english is very bad too and i want to let clear that i am very happy of the help Alster is giving us
(18:30:03) didleth: and that what i said about zapata was, that we didn'y want to ask him a about help every time, but we did becouse we could do tech-things self
(18:30:17) Alster: ok, so we all agree on using this backup server (and possibly others) for now, cool. :)
(18:30:19) txopi: i fill a big debt, as when zapata helped to imc-eh so many times
(18:30:50) didleth: the atmosphere beginns to be stressful ;-/
(18:31:04) didleth: so i belive is the near situation
(18:31:39) didleth: so let make backups by alster how long we don't find nothing another ok txopi harcesz?
(18:31:58) txopi: ok!
(18:32:10) didleth: ufff....
(18:32:18) txopi: i want to learn how do that because i think i am able for that
(18:32:35) txopi: i think i can do that (when i learn how to do it)
(18:33:02) txopi: i tryed to install mir some years ago and i can't :-/
(18:33:13) txopi: but i think i can learn how to do external backups
(18:33:42) txopi: but time is needed to find an available machine
(18:34:16) txopi: i hope to learn a lot more tech things to help indymedias but step by step
(18:35:07) txopi: ok so, what's the point of the agenda we are discussing?
(18:35:44) Alster: we were at # Server hosting (Nadir virtual server status)
(18:35:58) Alster: but extended this to the backup location
(18:36:28) Alster: we can now either go on and start looking at backup applications
(18:36:39) txopi: i can send the next message to nadir, but i would like to know what didleth said exactly before me
(18:36:46) Alster: or i can finish setting up the backup server and we can then do hands on backup
(18:37:22) didleth: txopi: only this what i pasted to the channel
(18:37:33) didleth: i hope its not to small?
(18:38:00) txopi: didleth, can you refresh my memory?
(18:38:29) didleth: thanks for your kindly offert. What about RAM and Space we need - we (imc-eh and imc-pl) need at least 750 MB RAM and 60 GB disk space, but more RAM and 100 GB would be much better - in this case we could make the remote backups. Would it be ok for you? After migrating to the domU you kindly offer to us, we will start to think which are our possibilities and if we will move again
(18:38:30) txopi: Alster, "do hands on backup"?
(18:38:39) txopi: didleth, ok
(18:38:54) didleth: i hope that what i wrote was ok...
(18:39:30) txopi: i have copyes it and i will use its content to write another message
(18:40:00) Alster: txopi: 'hands on' means you actually do it, a practical lesson...
(18:40:02) ***txopi is searching either in the dictionary
(18:41:20) Alster: didleth: personally i think what you pasted here was good. and it's always good to keep your emails short so that recipients do not spend more time on reading them than it is neccessary.
(18:41:21) txopi: Alster, you need to look up a backups application?
(18:42:02) Alster: txopi: ah damn i think i wanted to look something up, yes. and i forgot to do that.
(18:42:12) Alster: and i also forgot what exactly i wanted to lookup
(18:42:27) txopi: ...
(18:42:55) Alster: ah, i remember: i wanted to look up a backup utility which can do incremental backups on (partial) file contents
(18:42:56) didleth: ;D
(18:43:47) txopi: i don't understand what we are going to do now
(18:43:54) txopi: we have to investigate
(18:43:55) Alster: but I don't neccessarily need to do this now
(18:44:02) txopi: we have to continue with backup teory
(18:44:18) txopi: i agree anything you say
(18:44:37) Alster: i think backup theory is mostly done, we are ready to do pratical stuff now
(18:44:52) txopi: yesterday i had a chistmas dinner and i am a bit confused
(18:46:38) Alster: so the options right now are really: (a) get to know one or more backup utilities (without actually doing backups yet) and (b) I setup accounts for you on the (otherwise readily setup ) backup server now, and an extra backup account, and we can then continue and do (a) but actually start a backup.
(18:47:30) didleth: yhm, i understand
(18:48:07) txopi: the incremental backups are because we have not enough space on rakentz's machine or we have to use one application like that anyway?
(18:49:34) txopi: b option is better, isn't it?
(18:50:20) txopi: what the rest thinks?
(18:50:53) didleth: i belive you know the topic much better that i so i have trust to yours choise
(18:50:57) ***d3c does not think, but does not have knowledge about the main program for incremental backups ('amanda')
(18:51:17) Alster: i would think b, too, but then we have not much time left
(18:51:38) Alster: but i stil think b is better and it should not take much longer, ~5 minutes
(18:52:36) txopi: so b, ok?
(18:52:50) didleth: for me ok if its for you ok
(18:56:44) Alster: I created a file /root/backup-server on kosmos which provides information on how to connect to the backup server with your individual user accounts
(18:56:55) Alster: your accounts are not active until i tell you
(18:57:09) didleth: yhm, ok, thx alster
(18:57:33) Alster: txopi: you should be able to login already
(18:57:44) txopi: ok, i'm going to try
(18:57:56) Alster: oh wait i forgot to provide you with the ssh fingerprint
(18:58:02) txopi: ok
(18:59:17) ***d3c is on we.riseup.net, too
(19:01:04) Alster: ok, the ssh key fingerprints are in the /root/backup-server file now
(...)
(19:04:11) Alster: didleth: can you please remove the details above from the irc logs?
(19:04:40) Alster: thats ok txopi 
(19:04:53) txopi: ok
(19:05:13) txopi: and what about the error? do you know whay is happening?
(19:05:57) txopi: Alster, i'm trying to connect from my desktop, not from kosmos
(19:06:17) didleth: Alster: ok i remove this
(19:06:18) txopi: i'm going to put my ssh keys on kosmos
(19:06:34) Alster: thanks didleth 
(19:06:40) txopi: didleth, you have to remove a lot of things on the logs today :-)
(19:06:46) didleth: hehe
(19:08:09) Alster: txopi: can you try logging in again please
(19:08:52) txopi: same error from my desktop
(19:09:02) txopi: i'm configuring my kosmos user
(19:09:08) Alster: weird i don't even get to see any authentication attamept
(19:09:49) txopi: i get this: Permission denied (publickey).
(19:09:57) Alster: but the ip address is correct
(19:11:05) txopi: i have made ping and i get unknown host!
(19:11:16) txopi: that must be the problem...
(19:11:23) didleth: in kosmos it was this problem
(19:11:27) didleth: when chmod was wrong
(19:12:54) txopi: i have tryed with the ip adrees instead of the host name, and the same error
(19:13:11) Alster: ok, sorry it's taking so long
(19:13:18) Alster: i'm still setting up your accounts
(19:13:25) Alster: as soon as this is done we can test
(19:13:41) txopi: don't worry
(19:18:29) Alster: ok harcesz, txopi, didleth , alster are setup
(19:18:38) Alster: now lets see whats wrong there
(19:20:32) didleth: if i can suggest something - the problem on kosmos like this was when the .ssh was not chmod on 755
(19:20:49) Alster: hmm this is not normally neccessary
(19:21:01) didleth: yhm
(19:21:05) Alster: can you try connecting again?
(19:21:12) didleth: I or txopi?
(19:21:15) Alster: and make sure you actuall yuse your ssh key when connecting
(19:21:21) Alster: both of you
(19:21:43) Alster: please report errors in /msg
(19:21:56) didleth: Alster: i have i very stupid question...
(19:21:58) Alster: at least the details
(19:22:04) Alster: go didleth 
(19:22:06) didleth: i should log from kosmos or directly from atena?
(19:22:33) Alster: didleth: it does not matter, as long as you have your ssh key there
(19:22:40) Alster: so from atena is probably easier
(19:22:46) didleth: yhm, ok
(19:22:59) txopi: i am inside!
(19:23:02) txopi: now it works
(19:23:04) Alster: yeay :)
(19:23:24) didleth: for me works!:D
(19:23:32) Alster: double yeay :)
(19:23:39) txopi: :-D
(19:25:11) Alster: next time you login you should be able to run sudo
(19:25:16) didleth: so now....
(19:26:22) txopi: thank you Alster, but if to manage backups we don't need to be root (i don't think so), please don't give us so many permissions
(19:26:29) txopi: is what i think...
(19:27:16) didleth: i think it is more safe to not give me a root ;P
(19:27:32) didleth: i'm still noob only ;-)
(19:27:41) Alster: it's a virtual server just for you, which unfortunately also means you're supposed to maintain it in terms of maintenance + security updates
(19:28:01) Alster: and you'll need root for this purpose
(19:28:08) didleth: aha, if it so - its ok
(19:28:15) txopi: ah ok
(19:28:35) Alster: didleth: you can simply not use sudo if you'Re not sure what you're doing
(19:28:50) didleth: yhm, and asking txopi before doing something
(19:28:58) txopi: he he
(19:29:03) Alster: yes, like this
(19:29:10) Alster: :)
(19:29:20) didleth: txopi: i belive its more safe that nort ask you and in this wait spoit something ;-)
(19:29:23) txopi: if you need to do something like apt-get dist-upgrade or something like that, don't ask me
(19:29:24) Alster: we also have a user 'backup-kosmos' setup there but its still missing an ssh key
(19:29:35) didleth: blah... 
(19:29:45) txopi: telephone!
(19:29:49) Alster: txopi: you're not into installing security updates, yet?
(19:30:21) didleth: txopi: i belive it is more safe; that not ask you and spoilt something 
(19:31:02) didleth: Alster: this server is debian?
(19:32:37) ***txopi is back and reading
(19:33:17) d3c: didleth:  grep debian /etc/apt/sources.list should give the answer 
(19:33:46) txopi: Alster, you are asking me if i know managing a server?
(19:34:04) txopi: Alster, i know apt-get update & upgrade
(19:34:22) didleth: hmm.... it have to be some manual to making backups :-/
(19:34:43) txopi: Alster, but i don't know if in a server it must done more things
(19:34:53) Alster: didleth: yes this is a debian lenny server
(19:34:59) didleth: :]
(19:35:23) Alster: d3c: i have not setup an account for you on the backup server yet, since I don't know whether this is intended. Sorry about it.
(19:35:40) Alster: d3c: We can do this as soon as it's been discussed.
(19:35:42) didleth: Alster: d3c has no account on kosmos yet
(19:35:49) d3c: Alster: i am very new. didleth and harcesz are my tutors
(19:35:58) d3c: so they decide
(19:36:16) didleth: d3c: maybe let discuss this on poland
(19:36:17) Alster: txopi: for the security updates, that's all you need to do in a server
(19:36:20) d3c: (pardon I'm at the phone)
(19:36:45) Alster: ok d3c thanks for providing this background info
(19:37:34) Alster: alright, it's late, I had inteded to stop now since I wanted to sleep before I meet friends later. But I feel somewhat awake and if I fetch a mate lemonade i should stay awake longer
(19:37:35) txopi: if this is a little server with no strange packages i will try to keep it updated
(19:37:49) Alster: so if you can spend more time we can go on a bit now
(19:38:10) txopi: sure? we can continue other day if you want
(19:38:13) Alster: txopi: you (kosmos users) decide what's installed
(19:38:35) Alster: the other day would not be before january, so i'd prefer to continue a bit now
(19:38:36) txopi: it is clear that we don't have enought time to put the backup working today, so don't force yourself
(19:39:05) txopi: Alster, continue if you want
(19:39:10) txopi: i have no problem today
(19:39:12) Alster: maybe the time is actually sufficient to at least explain how it's done and you can try on your own
(19:39:40) txopi: when the demo ends i have to translate somethings, mamange the photos send by people, etc. but i can do that later
(19:40:01) txopi: Alster, ok
(19:40:02) Alster: i can spend up to another 1h30m
(19:40:25) Alster: let's share a screen on kosmos
(19:41:06) Alster: argh kosmos is slow again
(19:41:36) txopi: about packages, i meaned that kosmos has a lot of servers and services, java libraries and a lot of things that i don't know very well, so it can be difficult to me to take decissions when making upgrades
(19:42:23) txopi: if this server just has the needed things (ssh yes, apache no, tomcat no, postgresql no), it is easyer to keep it secure and working
(19:42:25) txopi: i think so...
(19:42:52) Alster: that's true
(19:43:57) txopi: ok
(19:44:35) Alster: and yes it has no other daemons but udevd, rsyslogd, crond, ntpd, sshd installed right now
(19:44:42) Alster: which are quite simple and basic daemons
(19:44:48) txopi: ok
(19:45:00) Alster: and upgrading them should be flawless as long as it's within lenny
(19:45:29) txopi: i should upgrade once a day, a week, a month?
(19:46:05) txopi: should i subscribe to any mailing list? i think it exists debian-security or something like that...
(19:46:08) Alster: so can you all join the screen session of 'root' on kosmos, please?
(19:46:11) Alster: didleth: ?
(19:46:34) didleth: wait a little bit, i translate what you write
(19:46:43) Alster: txopi: that's correct, there is a debian-security mailing list on lists.debian.org
(19:46:54) Alster: instructions can be found on http://security.debian.org
(19:47:53) didleth: im on screen session i belive
(19:48:03) Alster: txopi: we can later setup apticron and a small mail server, which will notify us when updates are needed.
(19:48:10) didleth: if i wasn't gekickt from the connection
(19:48:12) Alster: i think i already ddi this on kosmos
(19:48:29) Alster: didleth: do you see something about ssh-keygen?
(19:48:39) didleth: yhm
(19:48:40) Alster: txopi: are you in the screen session, yet?
(19:49:07) txopi: i don't remember how to join (reading the irc logs)
(19:49:19) Alster: txopi: sudo screen -x
(19:49:19) ***didleth is learn about cron few times but still can't use it ;]
(19:49:52) txopi: done :-)
(19:50:13) Alster: didleth: ok, we should learn this, too. you can add it to the skill sharing session topics
(19:50:26) didleth: yhm, ok
(19:50:45) didleth: but i can do this tomorrow, right?
(19:50:48) Alster: there's one document on we.riseup.net which lists all of them (which was on docs.i.o before)
(19:50:53) didleth: i don't have to do this right now?
(19:51:05) Alster: do it if and when you feel like it :)
(19:51:07) txopi: didleth, no
(19:51:30) didleth: sorry for my always-stupid-questions ; )
(19:51:52) txopi: questions are never stupid
(19:52:02) txopi: answers can be :-)
(19:52:32) Alster: ok, i'm adding a backup user on kosmos.
(19:52:39) txopi: i see
(19:53:07) Alster: this user will be a normal user account just like ours, and thus have limited capabilities/authority
(19:53:42) didleth: i don't see nothing
(19:53:50) didleth: are you doing this on scree Alster?
(19:53:53) Alster: yes
(19:53:59) txopi: i see
(19:54:47) Alster: didleth: i'll paste the commands here, it's not so sensitive
(19:54:47) didleth: hehe, welcome in polish-connection ; ) i belive i will read this later if it erschien to me
(19:55:33) Alster: kosmos:~# adduser backup-kosmos --disabled-password --home /var/backup/Warning: The home dir /var/backup/ you specified already exists.
(19:55:33) Alster: Adding user `backup-kosmos' ...
(19:55:33) Alster: Adding new group `backup-kosmos' (1000) ...
(19:55:33) Alster: Adding new user `backup-kosmos' (1000) with group `backup-kosmos' ...
(19:55:33) Alster: The home directory `/var/backup/' already exists.  Not copying from `/etc/skel'.
(19:55:35) Alster: adduser: Warning: The home directory `/var/backup/' does not belong to the user you are currently creating.
(19:55:37) Alster: Changing the user information for backup-kosmos
(19:55:40) Alster: Enter the new value, or press ENTER for the default
(19:55:42) Alster:         Full Name []: 
(19:55:44) Alster:         Room Number []: 
(19:55:46) Alster:         Work Phone []: 
(19:55:48) Alster:         Home Phone []: 
(19:55:50) Alster:         Other []: 
(19:55:52) Alster: Is the information correct? [Y/n] 
(19:55:54) Alster: kosmos:~# 
(19:56:33) didleth: yhm - shoult i put its from the logs too?
(19:56:38) didleth: *cut not put
(19:57:05) Alster: no you don't need to
(19:57:15) Alster: but actually i removed the user again
(19:57:22) Alster: and added it again
(19:57:36) didleth: komisch - when i logged in kosmos once time more and go to screen i can see it
(19:57:36) Alster: just using "adduser backup-kosmos --disabled-password" this time
(19:58:35) txopi: Alster, didleth can see you on the screen
(19:58:41) Alster: now i become this user using "su kosmos-backup" and I change into its home directory
(19:58:44) Alster: ok
(19:59:02) didleth: yes i belive i can se now
(19:59:16) txopi: !
(19:59:16) Alster: sorry, i kicked you out of the screen
(19:59:20) didleth: blah...
(19:59:21) Alster: it's not my day today :(
(19:59:27) Alster: please join again
(19:59:27) didleth: aha so ok
(19:59:36) didleth: i thought its again something with my conection
(19:59:45) didleth: i belive we can just screen again isnt it?:]
(19:59:56) didleth: np Alster :]
(20:00:03) Alster: yes, just sudo screen -x again
(20:00:23) txopi: done
(20:00:40) ***txopi is following the screen
(20:00:45) Alster: ok, we've become 'backup-kosmos' again
(20:00:52) Alster: are you following, too, didleth ?
(20:01:14) didleth: yes
(20:02:28) Alster: ok, we now create a new ssh key for user backup-kosmos
(20:02:55) Alster: this ssh key is created with special parameters
(20:03:21) didleth: yhm
(20:04:00) Alster: we use RSA encryption (i think this is actually the default by now, the other option would be DSA) and 4096 bit encryption key length (default length for RSA is 2048 on lenny, I think)
(20:04:21) d3c: ok I'm back
(20:04:37) Alster: and we instrcut ssh-key to save this keypair to ~/.ssh/kosmos-backup-to-jordie(.pub)
(20:05:01) Alster: with a comment (which gets added to the key file) of "kosmos -> jordie backup key"
(20:05:42) didleth: what means 'instrcut'?
(20:06:01) Alster: we do _not_ add a passphrase. normally you should always do this, but for backups which require to be run automatically, you must not set a passphrase.
(20:06:21) Alster: didleth: I meant to write: instruct
(20:06:36) didleth: aha, ok
(20:06:39) Alster: it means (to) command, (to) request
(20:06:46) Alster: something like that
(20:07:31) Alster: so we have a backup key and it was stored where we wanted it to be stored
(20:07:59) Alster: lets have a look at the public and private key files
(20:08:18) Alster: the private key file is the one without .pub in the end
(20:08:41) Alster: looks quite similar to a GPG encrypted email or a GPG key
(20:09:49) Alster: so the public key consists of three parts: 'ssh-rsa' indicating this is a RSA encryption key (as opposed to DSA)
(20:09:57) Alster: then the public key
(20:10:09) Alster: then a comment, the one we assigned when creating the key
(20:10:15) txopi: when connecting to some machines ssh ask for a password and other for a passphase
(20:10:22) txopi: how it is controled?
(20:10:34) txopi: is something related to the accound or to the shole daemon?
(20:10:41) didleth: wait
(20:12:09) txopi: the comment is just informative. i mean, i can change it after creating the key without any problem?
(20:12:18) txopi: the comment is just informative? i mean, i can change it after creating the key without any problem?
(20:12:39) Alster: txopi: i guess what you mean is the difference between password authentication (no SSH key) on the one hand and SSH public key authentication (after unlocking your locally stored SSH private key which can be garbled with a password, too). These password/passphrase prompts differ slightly.
(20:13:27) didleth: is something related to the accound or to the shole daemon?
(20:13:34) Alster: didleth: i'll just respond to txopis questions quickly. we can answer any other questions you have right afterwards
(20:13:35) didleth: txopi i dont understand what you say
(20:13:39) didleth: sorry for my english
(20:14:13) didleth: Alster: ok
(20:14:16) Alster: ok, you're ready, then let's take a look at txopis first question again
(20:14:48) Alster: didleth: do you know these two words, 'password' and 'passphrase' and what the difference is?
(20:15:11) txopi: didleth, i ask if i make an ssh to a machine and it ask me a password, if i can change something in my user to ask for a passphrase or i can't change it if i don't change something general in the server (at /etc/sshd or something like that)
(20:15:18) Alster: txopi: i do not know the word 'shole'
(20:15:23) didleth: btw i have a question, it is possibility to add a password to ssh-key if i have no any?
(20:16:01) txopi: i wanted to write Whole deamon
(20:16:02) didleth: Alster: for me its the same
(20:17:04) Alster: didleth: passwords are usually short single 'words' which contain spaces, special chararacters, letters and digits
(20:17:49) Alster: didleth: passphrases are sually several real words of an existing language, forming a phrase.
(20:18:01) didleth: txopi: i still don't understand :-/ but if its not something very important you dont have to explain
(20:18:08) Alster: passowrd example: uhwd73kjOLDS; 'fsop*~
(20:18:30) didleth: and passphrases?
(20:18:37) Alster: passphrase example: I would love to drink a mate lemonade soon.
(20:18:51) txopi: didleth, password is a secret word you write when login in a computer, login in a website, etc.
(20:19:27) txopi: passphrase is something more long and it is usually used to protect a criptographic key
(20:19:30) didleth: yhm.... password its like a one word and psphrase is like a some sentence?
(20:19:38) txopi: your email ask you a password
(20:19:52) txopi: pgp and ssh as you for a passphase
(20:19:52) Alster: a passphrase does not necceaarily need to be a sentence, it may just be a conglomeration of several words such as this: house mouse Richard tramp whoever this
(20:20:13) txopi: you can write the same on both but the meaning is a bit different
(20:20:26) Alster: necceaarily->neccessarily
(20:21:44) Alster: sometimes people create a password from the first letters of all words found in a passphrase. for my last passphrase example, the corresponding password would then be: hmRtwt
(20:21:51) txopi: Alster, forget my questions and continue with your plan when you want
(20:21:54) didleth: so pashphrase is just more long that a password and have ' '?
(20:22:17) didleth: Alster: tis is a method i prefer to do
(20:22:24) didleth: but in another way
(20:22:27) Alster: didleth: yes, basically. 
(20:22:54) didleth: so - i not make a password from the passphrase, only i make a passphrase in my head to remember password :]
(20:23:23) txopi: a passphrase it is theorically more secure
(20:23:30) txopi: more difficult to brake
(20:23:32) Alster: the reason why there are both passwords and passphrases is mostly hostorical. In the past many authentication schemes did not allow for longer passwords, there was a maximum password length of 8 characters (DES hashing for example).
(20:24:06) Alster: so you could not use passphrases then
(20:24:10) txopi: 1234, secure, private, anthony, mydarling, victoria, berlin, paris....
(20:24:27) Alster: passphrases offer the advante of being more easily to be remembered by the human brain
(20:24:35) txopi: hmRtwt, jingelbelsjingelbellsallthe way, ...
(20:24:58) Alster: on the other hand they can be less secure since they probably use words also found in a dictionary, which can be used by password crackers.
(20:25:10) Alster: so if you use passphrases make sure they are long.
(20:25:15) didleth: Alster: the good thinkg is
(20:25:22) didleth: to not use the whole world
(20:25:28) didleth: only chan ge something in them
(20:25:52) txopi: programs to break passwords, use dictionaries with commons words, so a passphrase should be more difficult to breack with this method
(20:26:11) didleth: forexample, change syllabe-order, add numbers etc
(20:26:26) Alster: yes this can help
(20:26:51) Alster: didleth: about your question: <didleth> it is possibility to add a password to ssh-key if i have no any?
(20:26:57) txopi: you also can use slang, dialects, etc.
(20:27:17) didleth: txopi: slangs and dialects are not secure - there are dictionary about this
(20:27:24) didleth: i supposte to
(20:27:33) didleth: well.... ich gebe zu
(20:27:40) txopi: they are more secure, not absolutely secure, of course
(20:28:02) txopi: using number instead of vowels isn't secure also
(20:28:15) txopi: also = 4ls0
(20:28:17) didleth: i have no password to kosmos-ssh - i know its very bad, just when i become account i was a techie maybe 2 weeks or so and didn't know its so important
(20:28:20) txopi: free = fr33
(20:28:38) Alster: I assume you are asking whether it is possible to add a passowrd to an existing ssh private key which was created without a password initially.
(20:29:03) txopi: it is very eassy to make a program that makes this kind of changes and try also numbers changed in this way
(20:29:14) Alster: yes I think this is possible, but I would need to look it up, too.
(20:29:17) didleth: no exaclty that what i mean: for examlpe jingelbelsjingelbellsallthe way you can du as:
(20:30:21) Alster: a simple option is to simply create a new ssh key pair, which is a good idea anyway since your private key has not had a password all the time and someone might have gooten a copy of it in the meantime.
(20:30:43) Alster: gooten->gotten
(20:32:16) Alster: any more questions on this?
(20:32:28) didleth: jne20blj17neb14lsl11tei8gle5sig2lel-1alh 
(20:32:57) didleth: so its easy to remember but more difficult to break up i suppose
(20:33:05) didleth: Alster: but if i wll have a new key
(20:33:16) didleth: it would be difficult to add it to kosmos tight?
(20:33:21) didleth: *right
(20:33:23) txopi: i have no more questions
(20:34:42) Alster: didleth: no you can still login with your old key
(20:34:49) Alster: you can have multiple keys at a time
(20:34:59) didleth: so the both key will be work?
(20:35:04) Alster: yes
(20:35:23) didleth: yhm - i should add this to thing to do in this/next week
(20:35:32) Alster: but you'd want to replace the old key with the new one so that it makes sense the new one has a password on it
(20:35:47) didleth: yes that i understand
(20:36:01) didleth: but if i can add the new sitting on the old
(20:36:15) didleth: i can after this delete the old from kosmos and atena, right?
(20:36:19) Alster: the ~/.ssh/authorized_keys file on the server you connect to needs to contain a copy of your public key
(20:36:33) Alster: it can also contain multiple public keys, one per line
(20:36:53) Alster: the keys listed there define which keys you will be able to authenticate with.
(20:36:58) txopi: at kosmos eh has a lot of authorized keys
(20:37:47) didleth: yhm, i just add the one
(20:37:51) txopi: you can add your key to the list with just one command: cat mynewkey.pub >> authorized_keys
(20:37:57) didleth: will replace this
(20:38:02) didleth: and if doesn't work
(20:38:10) didleth: call harcesz for help ;P
(20:38:11) Alster: didleth: yes noce the new key is installed on kosmos and you have verified you can authenticate with _this_ key to kosmos you can then delete the old key from kosmos:~/.ssh/authorized_keys and from atena:~/.ssh/kosmoskey*
(20:38:34) Alster: noce->once
(20:38:37) didleth: yhm, i belive first i should delete it from atena
(20:38:47) didleth: to let her know
(20:38:53) Alster: if you do this you will no longer be able to login
(20:38:55) didleth: which key she should to use
(20:39:05) didleth: :-/
(20:39:25) didleth: well... i have still odyseusz withmy old-keys :]
(20:39:33) didleth: (odyseusz is my old laptop)
(20:39:38) Alster: i see
(20:39:44) Alster: well we'Re getting a bit offtopic now
(20:40:01) Alster: i'd just liek to get the ssh connection between kosmos and jordie going now
(20:40:10) Alster: so we can copy some files
(20:40:14) txopi: ok
(20:40:47) Alster: didleth: i can help you another day with your ssh key change. just ping me on irc when you have time
(20:41:24) txopi: didleth, i think i can help you too. ping me too if you trust on me :-)
(20:41:57) didleth: ok so if i broke something and will not know how to repair this i will to turn your head again ;-)
(20:42:18) didleth: (i'm not sure its ok in english, but google is saing it is :-/)
(20:42:33) txopi: we are root on kosmos so be sure we will help you if you have no access
(20:42:53) Alster: ok, please have a look at the screen session again. i'm now creating a file named ~/.ssh/config which can be used to preset ssh configuration options for multiple servers and makes your ssh life easier.
(20:43:13) didleth: yhm, thx txopi Alster :]
(20:43:44) didleth: nothing on screen... Alster can you kick me please?
(20:44:06) Zostałeś wykopany przez Alster: (of course)
(20:44:41) Temat dla #kosmos to: https://we.riseup.net/kosmos | https://we.riseup.net/kosmos/skill-sharing-session-7-log https://we.riseup.net/kosmos/skill-sharing-session-8-agenda  | https://we.riseup.net/kosmos/meeting-planner
(20:44:48) didleth: hehehe
(20:45:03) txopi: Alster, the kicker!!
(20:45:08) didleth: did someone kick me of the screen?
(20:45:21) Alster: so txopis screen session is stalled, too
(20:45:24) txopi: i haven't touch anything
(20:45:41) Alster: i'll just explain here what i'm doing
(20:45:46) didleth: ok, i will write somethin
(20:46:22) Alster: i'm working as user backup-kosmos on kosmos in the users' home directory which is /home/backup-kosmos
(20:46:40) Alster: i'm editing a file named ~/.ssh/config
(20:46:44) didleth: ok can someone write something on screen?
(20:47:08) txopi: Alster, i see this prompt all the time: backup-kosmos@kosmos:~$
(20:47:15) txopi: i think i'm blocked
(20:47:29) Alster: i'd adding the following text to it (quotation ends before the line which says 'EOF')
(20:47:31) txopi: ah no
(20:47:47) txopi: i'm following the screen
(20:47:55) didleth: the last line i see is 'insert'
(20:48:03) didleth: ok i see
(20:49:40) didleth: :-/ why not passwordauthentication?
(20:49:43) Alster: ok so i don't put the details here since you can see it
(20:49:52) txopi: ok
(20:50:20) Alster: didleth: we're setting up a way to automatically transfer files from server kosmos to server jordie
(20:50:43) didleth: aha, ok
(20:51:05) Alster: didleth: if kosmos needs a password to transfer files every night, then you will need to get up at 23 o'clock at night to connect to kosmos to enter the password so it can copy the files over
(20:51:13) Alster: 3 o'clock
(20:51:25) didleth: :-/
(20:51:25) Alster: and you dont want to do this every night :)
(20:51:38) didleth: what people don't do for the revolutuion ;P
(20:52:10) didleth: 23 o'clock it would be ok, but 3 o'clock nooooo ;P
(20:52:14) Alster: can someone verify the fingerprint please
(20:52:24) didleth: :-/
(20:52:53) txopi: fingerprint is ok
(20:53:16) Alster: there we are
(20:54:06) Alster: this 'ip addr show' command shows you which network interafces there are and which ip addresses they have assigned
(20:54:16) txopi: great :-)
(20:54:44) txopi: ifconfig doen't do that?
(20:54:58) Alster: the second network interface 'eth0' has an internal ip4 address (and an ipv6 address but this doesn't matter right now)
(20:55:18) Alster: ifconfig does the same thing, and more readable to humans in fact
(20:55:22) Alster: but it requires root
(20:55:34) didleth: i not see any 'ip addr show'
(20:55:37) txopi: mmmh
(20:55:48) txopi: ip addr show doesn't nned root, great
(20:55:48) Alster: and poor backup-kosmos has no root privileges
(20:55:49) didleth: did someon do it on screen?
(20:56:13) didleth: ok now i see something.... bakunin, whats a lag :-/
(20:56:15) txopi: didleth, Alster is doing on the screen
(20:56:18) Alster: didleth: yes, we ran this in the screen session
(20:56:52) txopi: Alster, i don't understand this:
(20:57:06) txopi: "the second network interface 'eth0' has an internal ip4 address"
(20:57:47) Alster: ok, i didn'T finish my explanation there
(20:57:56) txopi: inet is old ip (4?)?
(20:57:57) Alster: there are two network interfaces on jordie
(20:57:59) txopi: ah ok
(20:58:32) txopi: ----------------------------------------------------------
(20:58:33) Alster: there is 'lo' which is not very useful, it just allows you to have 127.0.0.1 (localhost)
(20:58:35) txopi: $ ip addr show
(20:58:35) txopi: 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN 
(20:58:35) txopi:     link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
(20:58:35) txopi:     inet 127.0.0.1/8 scope host lo
(20:58:35) txopi:     inet6 ::1/128 scope host 
(20:58:36) txopi:        valid_lft forever preferred_lft forever
(20:58:40) txopi: 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 1000
(20:58:42) txopi:     link/ether 00:16:3e:00:00:03 brd ff:ff:ff:ff:ff:ff
(20:58:44) txopi:     inet 192.168.111.3/24 brd 192.168.111.255 scope global eth0
(20:58:46) txopi:     inet6 fe80::216:3eff:fe00:3/64 scope link 
(20:58:48) txopi:        valid_lft forever preferred_lft forever
(20:58:50) txopi: ----------------------------------------------------------
(20:59:00) ***txopi hopes that this information isn't secret...
(20:59:09) Alster: :)
(20:59:13) Alster: well, no more now
(20:59:25) Alster: it's not a problem 
(21:00:03) didleth: ;D
(21:00:10) Alster: so, the second network interface is eth0, which is a real physical network interface
(21:00:28) Alster: well, nit really in this case sinc ethis is a virtual server, but it would be normally
(21:00:34) didleth: secret or not.... all this don't saing me nothing if i can be sincere
(21:00:37) txopi: i understand it very well
(21:01:10) didleth: if i should cut something from logs
(21:01:14) didleth: let me know
(21:01:20) Alster: no its ok
(21:01:36) Alster: "inet 192.168.111.3" means that this network interface has the ip address 192.168.111.3 assigned to it
(21:01:42) txopi: eth0 means ethernet wire number one (well, zero, because tehc people start from 0 not from 1)
(21:01:42) didleth: if its a information to find in google
(21:01:50) didleth: i belive i can try to understand it
(21:02:24) txopi: lo means localhost and it is special, allways there
(21:02:33) Alster: this is a so-called internal ip address. you won't find this ip address anywhere on the internet (at least you should not)
(21:02:42) Alster: lo means loopback really
(21:02:50) txopi: if you have two network card, you can have eth0 and eth1
(21:02:52) didleth: 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN --> i understand nothing, ever this :D so i suggest to not stop on this, i just have to learn more about this
(21:03:55) Alster: didleth: you don't need to undertand all this, i don't either. the only thing I want you to know is that this serverhas the ip address 192.168.111.3
(21:04:30) didleth: :-/ I belive i know this ip adress :-/
(21:04:40) didleth: only what is it :-/
(21:04:45) ***txopi knows the difference between network interface and device so suggest to Alster to don't correct txopi for the simplification made some seconds ago :-)
(21:04:49) didleth: wait, i try to remember ;P
(21:04:50) Alster: ip addresses which start with '192.168.' are internal ip addresses. you may have them at home in your LAN, too
(21:04:59) didleth: hehe
(21:05:08) didleth: ok so that is what you say :]
(21:05:18) Alster: atena probably has an ip address liek this
(21:05:31) didleth: yhm
(21:05:32) Alster: and txopicomputerathome probably, too
(21:05:46) txopi: yep
(21:06:05) Alster: so this server is actually in a LAN, just like your computers at home
(21:06:10) didleth: so its atenas adresse, thatwhy i had a feel i know it
(21:06:22) Alster: ah :)
(21:06:23) didleth: yhm
(21:07:02) Alster: so this server is behind network address translation: it is known by a different ip address in the internet than in the LAN
(21:07:12) didleth: yhm
(21:07:48) Alster: and the router which sits somewhere between kosmos/internet and jordie/LAN translates those ip addresses
(21:07:59) txopi: ok
(21:08:36) Alster: the router also does port forwarding. it forwards the port our ssh session connects on to jordie
(21:08:49) didleth: yhm
(21:09:00) Alster: but other ports on the same internet IP address connect to other computers in the LAN
(21:09:36) Alster: so you do not always neccessarily end up on jordie when you connect to the hostname i wrote into the file on kosmos
(21:09:42) Alster: i just wanted you to know this
(21:09:51) Alster: now lets go on with the backup
(21:10:13) didleth: ok
(21:10:19) Alster: i'm disconnecting our screen session's ssh connection from jordie for now
(21:10:49) Alster: i also exit the backup-kosmos shell so that i become root again
(21:11:22) Alster: i'm cleaning up my previous backup attempt which failed
(21:11:30) Alster: aptitude purge backupninja
(21:11:54) Alster: backupninja is a utility written by (mostly) micah of riseup
(21:12:13) Alster: it was mentioned on the web page I referred you to last time
(21:12:20) txopi: aha
(21:12:39) Alster: it is a management front end to other backup utilities so to say
(21:13:11) Alster: Description: lightweight, extensible meta-backup system
(21:13:11) Alster:  Backupninja lets you drop simple config files in /etc/backup.d to
(21:13:11) Alster:  coordinate system backups. Backupninja is a master of many arts,
(21:13:11) Alster:  including incremental remote filesystem backup, MySQL backup, and ldap
(21:13:11) Alster:  backup. By creating simple drop-in handler scripts, backupninja can
(21:13:12) Alster:  learn new skills. Backupninja is a silent flower blossom death strike to
(21:13:14) Alster:  lost data.
(21:13:16) Alster:  .
(21:13:18) Alster:  In addition to backing up regular files, Backupninja has handlers to ease
(21:13:20) Alster:  backing up: ldap, maildir, MySQL, svn, trac, and the output from shell scripts
(21:13:21) Alster:  .
(21:13:23) Alster:  Backupninja currently supports common backup utilities, easing their
(21:13:25) Alster:  configuration, currently supported are: rdiff-backup, duplicity, CD/DVD
(21:13:27) Alster: Homepage: http://code.autistici.org/trac/backupninja
(21:14:25) didleth: i have a question
(21:14:26) Alster: i'm now installing backupninja again
(21:14:30) didleth: it support mysql
(21:14:38) didleth: and we have postgresql
(21:14:43) didleth: ist not a problem?
(21:14:44) Alster: we'll try to use this utility for the backups for now
(21:15:27) Alster: didleth: yes, it provides a mysql database handler out of the box. but there can be more handlers.
(21:15:46) didleth: yhm, ok
(21:15:49) Alster: there may be one for postgrsql, too
(21:15:52) Alster: i have not checked
(21:16:16) Alster: but we don't even need a postgresql handler for backupninja right now (though it would be better)
(21:16:40) Alster: we can just use the postgresql database dumps which get created already
(21:16:50) txopi: in the begining of this session i understood that it was not clear witch backup application we were going to use
(21:17:01) didleth: :-/ i don't understand but i belive you ; )
(21:17:02) Alster: the mysql handler does nothing but to dumpall databases to the hard disk
(21:17:38) txopi: didleth, do you know what is a dump of the database?
(21:17:38) Alster: txopi: that's true, it still isn't. i have unilaterally decided that we try backupninja now. :-P
(21:18:00) txopi: Alster, perfect!
(21:18:04) Alster: due to lack of time and since i know it 
(21:18:09) txopi: ok
(21:18:16) Alster: we should look into other otpions later
(21:18:27) didleth: that what google-transdlate says is stupid... but in logic its when is a error-site insteed of publication-site?
(21:18:46) didleth: with a long lines of error where and what doesnt work?
(21:19:12) txopi: didleth, it seams that backupninja doesn't make the dump for you and then backup it, but if you do the dump your own, you can use backupninja to backup this file as the others
(21:19:45) Alster: that's right
(21:19:48) txopi: dump is something like take all the actual content and put them in a single (and big) file
(21:19:49) didleth: but what is the dump?
(21:20:08) didleth: beliving google - database has a depression _-_
(21:20:17) txopi: mysql has its content in many files, postgresql too
(21:20:24) txopi: on firectory per database
(21:20:29) txopi: one file per table
(21:20:30) txopi: etc.
(21:20:52) txopi: if you create a dump you get an snapshot of all the information in one file
(21:21:10) txopi: this file, this dump, is what you can copy to another machine, etc.
(21:21:27) Alster: kosmos:~# ls /var/backup/December-2009/2009-12-18/
(21:21:27) Alster: 03:00-postgresql_database-eh_indy-backup.gz
(21:21:27) Alster: 03:00-postgresql_database-poland_00-backup.gz
(21:21:27) Alster: 03:00-postgresql_database-postgres-backup.gz
(21:21:35) Alster: these are database dumps
(21:21:46) Alster: one file for each database which matters
(21:21:57) Alster: there are three databases on kosmos
(21:22:10) didleth: ok txopi i belivem i understand what is dump
(21:22:13) Alster: eh_indy poland_00 and postgres
(21:22:18) txopi: didleth, ok
(21:22:24) didleth: so there are 3 dumbs?
(21:22:32) Alster: yes
(21:23:29) Alster: 'postgres' just contains some meta information, things like credentials required to access the database, and which other databases there are. it's the main database of a postgresql server.
(21:23:55) Alster: gah it's late...
(21:24:04) Alster: txopi is right, we won't make it today
(21:24:27) txopi: unfortunately i was right :-(
(21:24:35) didleth: som if we can dump we can use backupninja now?
(21:24:42) Alster: yes
(21:25:08) Alster: actually backupninja comes with a postgrsql handler which can create the dumps, too. but it doesn't matter which option is used.
(21:25:42) didleth: yhm, so we will have to wait to the next session?
(21:26:16) Alster: i think it's better i setup the backup when i have some time before christmas
(21:26:30) Alster: and then next year we setup another backup
(21:26:42) txopi: Alster, can we at least scp those 3 files to jordie?
(21:26:52) Alster: sure txopi 
(21:26:57) Alster: do you want to do it?
(21:27:13) txopi: this way at last we have one partial backup for this two weeks
(21:27:19) txopi: Alster, yes
(21:27:29) Alster: the problem is they are owned by root and not readable by anyone else
(21:27:38) txopi: i will execute the command and let the computer turn on all the night
(21:28:11) didleth: so maybe txopi can do this with sudo or change chmod?
(21:28:22) txopi: Alster, i should chmod the files?
(21:28:38) Alster: the other problem is these files are so large that it is quite likely your transfer will fail somewhere in the middle and I don't think scp provides a way to resume transfrs
(21:28:43) didleth: (only for backup-time)
(21:28:59) txopi: ah
(21:29:14) didleth: Alster: we tried to transwer imc-pl-database to some computer
(21:29:19) Alster: txopi: the files are only readable by root for a reason. you should not change its permissions
(21:29:19) didleth: but it didn't work
(21:29:28) Alster: instead, you should make root conect to jordie
(21:29:34) didleth: (some monaten ago)
(21:29:37) txopi: i just know ftp, scp and rsync to copy files
(21:30:12) txopi: Alster, ok, root(kosmos)->backup-server(jordie)
(21:30:26) didleth: wget from jordie if its root-files its impossible, right?
(21:30:34) txopi: Alster, ok, root(kosmos)->backup-kosmos(jordie)
(21:30:55) Alster: you will need to copy the ssh config of kosmos-backup and create a new ssh key for root and install it on jordie
(21:31:06) Alster: just like we did it for kosmos-backup
(21:31:16) txopi: i think i can do that
(21:31:22) Alster: exactly <txopi> Alster, ok, root(kosmos)->backup-kosmos(jordie)
(21:31:30) txopi: but what i have to use to transger the files
(21:31:34) txopi: ?
(21:31:42) didleth: scp?
(21:32:00) Alster: instead of using scp, you can use sftp, which behaves like ftp but also uses the SSH configuration and keys
(21:32:13) Alster: sftp supports resuming
(21:32:17) txopi: didleth, Alster says that scp will break
(21:32:26) didleth: yhm
(21:32:30) txopi: Alster, so y should install a ftp server at jordie?
(21:33:29) Alster: no
(21:33:33) txopi: ah
(21:33:42) Alster: ssh daemons come with a small sftp server
(21:33:49) txopi: ah
(21:34:01) didleth: so there is installed?
(21:34:18) Alster: you just run sftp jordie after configuring the .ssh/config and the ssh key pair for root
(21:34:27) txopi: if i use sftp i have to generalet the ssh files, etc?
(21:34:31) Alster: yes it is already installed on kosmos and jordie
(21:35:01) Alster: txopi: yes, it's very similar to scp really
(21:35:09) txopi: Alster, ok
(21:35:13) txopi: i will try
(21:35:17) txopi: you can go!
(21:35:25) Alster: unfrotunately i don't know how to make it resume
(21:35:33) Alster: but i *think* it works
(21:35:40) txopi: don't worry
(21:35:47) txopi: fly Alster fly :-)
(21:36:20) Alster: if it does not work another option is to make a copy of the database dumps with tar and write them into small files using tar's multi-archive option 
(21:36:36) Alster: so if a 25 MB file transfer fails... no problem
(21:36:49) txopi: ufff
(21:36:53) txopi: ugly solution
(21:37:02) txopi: i hope the sftp works...
(21:37:31) txopi: i can investigate how create a lot of tar files
(21:37:41) Alster: ideall you would also limit the bandwidth, you can do so in the .ssh/config
(21:38:01) Alster: because kosmos' network doesnt have much
(21:38:36) Alster: i think nadir said we are supposed to limit to 100 kilobYTE / second
(21:39:20) txopi: well, first of all i will configure ssh and try the sftp
(21:39:44) Alster: actually 100 kilobIT / second
(21:39:52) Alster: ok, good luck
(21:40:06) Alster: i will check your prograss tonight when i return or tomorrow