#archlinux32 | Logs for 2018-04-27
Back
[00:41:34] -!- isacdaavid has joined #archlinux32
[00:47:21] -!- AndrevS has quit [Quit: umount /dev/irc]
[02:01:17] -!- yans has quit [Quit: chaos is the only true answer]
[02:32:38] -!- isacdaavid has quit [Quit: Leaving.]
[03:06:08] -!- malte70 has joined #archlinux32
[03:08:34] * buildmaster failed to execute a mysql query - can you have a look at "tmp.mysql-functions.query.stdin.2018-04-27T03:08:05.M8hDlS"?.
[03:50:28] -!- malte70 has quit [Quit: Leaving]
[04:37:13] -!- guys has joined #archlinux32
[06:07:40] * buildmaster resumes sanity.
[06:17:34] -!- titus_livius has joined #archlinux32
[06:30:17] -!- buildmaster has quit [Remote host closed the connection]
[06:32:19] -!- buildmaster has joined #archlinux32
[06:40:02] <girls> buildmaster: what's up?
[06:40:39] <buildmaster> up? I'm up for 9 minutes, load average: 0.10, 0.27, 0.18
[07:30:27] -!- eduardoeae_ has quit [Ping timeout: 260 seconds]
[08:31:14] -!- oaken-source has joined #archlinux32
[08:31:42] -!- deep42thought has joined #archlinux32
[08:31:44] <buildmaster> Hi deep42thought!
[08:43:55] -!- abaumann has joined #archlinux32
[08:43:56] <buildmaster> Hi abaumann!
[08:44:03] <deep42thought> Good morning!
[08:45:58] -!- oaken-source has quit [Quit: Lost terminal]
[08:50:03] <abaumann> Morning :-)
[08:50:16] <abaumann> DSGVO or GDPR, really funny.
[08:50:21] <abaumann> Does it affect archlinux32?
[08:51:07] <abaumann> I think bugreporting and forum are the two critical ones..
[08:51:23] <abaumann> .. though I'm not sure whether I'm still allowed to collect IPs in an Apache logfile..
[08:51:32] <deep42thought> I think, you're not
[08:51:54] <abaumann> cool: "the email address has to be present in plain text on the webpage"
[08:52:00] <abaumann> spaming ahoi. :-)
[08:52:20] <deep42thought> you got your own domain, just create a new email address for that :-)
[08:52:29] <abaumann> spam@... :-)
[08:52:30] <abaumann> yes.
[08:52:31] <deep42thought> spam-me-$(date)@eckner.net
[08:52:34] <abaumann> lol
[08:52:53] <deep42thought> or even better: spam-me-$_SERVER["remote_addr"]@eckner.net
[08:53:15] <abaumann> needs php or scripting, I usually prefer static pages.
[08:53:22] <abaumann> well, I can generate them every day :-)
[08:54:20] <deep42thought> I think, "spammer-".base64_encode($_SERVER["REMOTE_ADDR"])."@eckner.net" would actually be pretty nifty
[08:55:21] <deep42thought> but back to topic: what do you think, we need to take care of?
[08:55:42] <abaumann> not sure.
[08:55:57] <abaumann> the forum is the forum and you register and you delete you account.
[08:56:11] <abaumann> can you also delete your own posts? (right to forget)
[08:56:42] <abaumann> the same applies to bug reporting system.
[08:57:06] <abaumann> IRC chat logs in the public.. well, if we are fine with it, it should be no problem.
[08:57:27] <abaumann> but is everyone seeking help in the chat aware, that the conversation is kept as HTML logfiles?
[08:57:46] <deep42thought> it says "channel logs: ..." in the topic
[08:57:51] <deep42thought> what more could we do?
[08:57:55] <abaumann> ah. really?
[08:57:58] <abaumann> never seen. :-)
[08:58:04] <deep42thought> ok ...
[08:58:09] <deep42thought> then it is not enough ;-)
[08:58:18] <abaumann> basically, the user which doesn't agree, can not use the service.
[08:58:23] <abaumann> I think, this is also a problem..
[08:58:28] <abaumann> *who
[08:59:01] <deep42thought> we could add a filter to titus_livius, so he asks new ones if logging is ok for them
[08:59:09] <deep42thought> ... but this would be annoying, I think
[08:59:16] <abaumann> yes.
[08:59:34] <abaumann> not to mention: how do you filter out the answers?
[08:59:41] <abaumann> you have to mark all messages somehow.
[08:59:51] <deep42thought> filter by nick
[09:00:01] <deep42thought> e.g. only "allowed" nicks will be logged
[09:00:17] <abaumann> answer-to-person-who-doesn't-want-to-be-logged: yes
[09:00:19] <deep42thought> and if a new nick appears, titus asks "may I log your statements?"
[09:00:58] <deep42thought> abaumann: well, we could log dummy messages, e.g. "[censored content]"
[09:01:00] <deep42thought> or something
[09:01:32] <abaumann> [this message has not been logged due to EU GDPR]
[09:01:38] <deep42thought> exactly :-D
[09:01:48] <abaumann> I wonder, what upstream Archlinux thinks about that.
[09:01:53] <abaumann> They have pretty much the same setup.
[09:01:54] <deep42thought> [altered by big brother]
[09:01:58] <abaumann> lol
[09:02:19] <abaumann> uh. I have a Google search on my webpage..
[09:02:37] <deep42thought> and all the other messages get "(approved by StaSi)"
[09:03:14] <abaumann> mu firewall logs IPs :-(
[09:03:18] <abaumann> &my
[09:03:37] <deep42thought> I'm not sure, maybe hashing the ips is sufficient
[09:03:57] <deep42thought> or hashing of ips older than 24 h or something
[09:04:00] <abaumann> I have blacklists and honey traps installed based on real IPs. :-)
[09:04:12] <deep42thought> IIRC, logging of ips is fine as long as it's "needed to run the service"
[09:04:14] <abaumann> they are transient, so I could argue, they are not really logged.
[09:04:28] <abaumann> ah. that's good then.
[09:04:37] <deep42thought> and blocking out spammers is a valid reason IMHO
[09:04:45] <deep42thought> oh you have honey traps?
[09:04:47] <deep42thought> nice :-)
[09:04:54] <abaumann> yes.
[09:05:34] <abaumann> "EU Cookie Law"
[09:06:39] <deep42thought> this is madness
[09:07:11] <abaumann> and Switzerland usually follows EU madness. :-)
[09:07:34] <deep42thought> I have the feeling, Germany leads the EU madness ...
[09:07:35] <abaumann> for us it's very funny: we have no law yet and still we have to be EU-conformant.
[09:08:10] <abaumann> Google Fonts. :-)
[09:08:21] <deep42thought> hmm, what's that?
[09:08:46] <abaumann> If you deliver content from a content delivery network, who guarantees, that data protection laws are followed there?
[09:09:05] <deep42thought> oh
[09:09:06] <abaumann> jquery.js download from somewhere. download fonts from Google servers.
[09:09:20] <abaumann> I usually install them locally.
[09:09:43] <deep42thought> I never gave a damn about fonts
[09:09:59] <deep42thought> I just check, that it has äöüß and that's it
[09:10:28] <abaumann> I hate those fonts anyway.. they are not particularly fast on old machines.
[09:12:29] <deep42thought> plus, I have usually js deactivated - especially all the google stuff
[09:12:54] <abaumann> soon EU regulations will force people to use lynx and w3m. ;-)
[09:13:00] <deep42thought> lol
[09:13:23] <deep42thought> or they forbid computers, because they consume too much power ;-)
[10:37:53] -!- Alina-malina has quit [Ping timeout: 256 seconds]
[10:59:22] -!- Alina-malina has joined #archlinux32
[11:12:33] -!- davor has quit [Ping timeout: 248 seconds]
[11:19:09] -!- davor has joined #archlinux32
[11:40:16] -!- abaumann has quit [Quit: leaving]
[11:56:42] -!- yans has joined #archlinux32
[11:57:05] -!- eduardoeae_ has joined #archlinux32
[12:33:43] -!- abaumann has joined #archlinux32
[12:33:44] <buildmaster> Hi abaumann!
[12:34:11] <abaumann> python2: the segfault is in test_bigrepeat (regression test), so xorg-server (fb) did nothing to it..
[12:36:06] <abaumann> as the python version is still the same I fear this is a glibc/toolchain issue.
[12:36:49] <abaumann> ah. hang on: some i686 cleanup: - # test_replace_overflow (present in test_bytes, test_str, test_string, test_unicode, test_userstring) segfault on i686
[12:36:52] <abaumann> - # test_bigrepeat (present in test_tuple) segfault on i686
[12:37:03] <abaumann> so, I'll readd it in packages32
[12:37:51] <abaumann> but I don't feel comfortable to just comment out python tests..
[12:38:25] <abaumann> .. the fact they were ignored also before doens't make it better.
[12:42:05] <buildmaster> girls, my database is dirty again ...
[12:56:34] * buildmaster resumes sanity.
[13:04:56] <abaumann> I'm testing python2 locally as the buildmaster seems to e on strike :-)
[13:15:30] <deep42thought> is the buildmaster still on strike?
[13:16:26] <abaumann> no. now it's ok.
[13:16:30] <deep42thought> :-)
[13:16:38] <abaumann> I ignored all failing tests in python2
[13:16:57] <deep42thought> are those more than in the past?
[13:17:14] <abaumann> no. but upstream cleaned up and removed i686 specific ignores.
[13:17:20] <abaumann> fair enough.
[13:17:23] <deep42thought> yeah
[13:17:29] <deep42thought> then it's ok, I guess
[13:17:39] <abaumann> what worries me, how many things are failing in python2 and it will be alive till 2020 at least.
[13:27:33] <tyzoid> abaumann / deep42thought: talking about gdpr without me?
[13:27:33] <tyzoid> lol
[13:27:53] <deep42thought> damn, he noticed ;-)
[13:31:15] <abaumann> :-)
[13:31:38] <tyzoid> abaumann: The other thing with the logs is that (at least on my services) included in my backups
[13:31:44] <tyzoid> because I do full-disk backup
[13:32:09] <abaumann> well, keeping Apache logs should not be a problem. They are necessary for spam and dosa prevention.
[13:32:18] <abaumann> We should just not keep them for too long..
[13:32:22] <tyzoid> Well, that's the question
[13:32:33] <tyzoid> if they're included in my backup system, they're kept for perpetuity
[13:33:18] <deep42thought> can you skip the logs from backing up?
[13:33:32] <deep42thought> I mean, there is not really a purpose of backing up logs, anyway
[13:34:03] <abaumann> is backup really backup? if it's just a mirror to a hot-standby?
[13:35:29] <tyzoid> I can exclude them, yes, but I back up the whole hypervisor
[13:35:42] <tyzoid> so (a) it can't be excluded from vms
[13:35:51] <tyzoid> and (b) I'll need a manual exclude from every container
[13:35:59] <abaumann> * abaumann shudders what gets on his backup tapes at work..
[13:36:04] <deep42thought> you could put the server logs into a tmpfs
[13:36:09] <deep42thought> :-D
[13:36:17] <abaumann> mmh. in case of a crash you have no logs.
[13:36:22] <deep42thought> true
[13:36:27] <abaumann> I do this on my RaspPi and OpenBSD firewall.
[13:36:28] <tyzoid> tmpfs gets backed-up since full-disk
[13:36:36] <deep42thought> but do you need access logs after a crash?
[13:36:38] <tyzoid> It grabs / with a few things excluded
[13:36:45] <deep42thought> O.o
[13:36:47] <deep42thought> no -xdev?
[13:37:05] <tyzoid> deep42thought: in case someone dosing your system causes a crash?
[13:37:13] <abaumann> '/sys and /proc'?
[13:37:13] <deep42thought> ok
[13:37:17] <tyzoid> I'll have to check the exact backup command, but I exclude those on the host
[13:37:29] <tyzoid> but any tmpfs mounted in the container itself would be backed up
[13:37:30] <deep42thought> tyzoid: why not exclude all mount points?
[13:37:49] <tyzoid> Is that an option in borg?
[13:38:39] <deep42thought> it certainly should be :-/
[13:38:52] <deep42thought> like for "find" or "tar" ...
[13:39:10] <tyzoid> here's the backup command I use: https://ptpb.pw
[13:39:14] <deep42thought> btw: I'll be offline over the weekend
[13:39:18] <tyzoid> ok
[13:39:39] <tyzoid> the only things I exclude are things like /proc and /dev on the host, and the mirror repos on the apache box
[13:39:48] <tyzoid> since those are too big for my backup system
[13:39:55] <deep42thought> --exclude /tmp
[13:39:57] <deep42thought> ?
[13:39:58] <abaumann> -e
[13:40:00] <abaumann> :-)
[13:40:12] <deep42thought> "-e"?
[13:40:17] <abaumann> --exclude
[13:40:48] <abaumann> I would exclude all but '/' (if you have a one partition install)
[13:40:51] <tyzoid> but that'd still include /rpool/data/subvol-100-disk-1/tmp/
[13:41:06] <tyzoid> and this system has multiple partitions
[13:41:09] <abaumann> ah.
[13:41:29] <tyzoid> all the actual vm data is in /rpool or /spool
[13:41:51] <tyzoid> but I like to backup the hypervisor host in case I need to restore something on it
[13:41:56] <deep42thought> wel,, you'll sort it out - I gotta go
[13:41:59] <deep42thought> have a nice weekend
[13:42:01] <tyzoid> ok, have fun
[13:42:08] -!- deep42thought has quit [Quit: Leaving.]
[13:42:20] <abaumann> you too.
[13:42:31] <tyzoid> lol
[13:42:35] <abaumann> '--one-file-sytstem'
[13:42:55] <abaumann> that's a fast weekend :-)
[13:43:04] <tyzoid> not sure if that'll work
[13:43:15] <tyzoid> due to aformentioned crossing of zfs volumes
[13:43:58] <tyzoid> here's `mount`: https://ptpb.pw
[13:44:57] <abaumann> maybe an include on /rpool, /spool?
[13:45:13] <abaumann> with an exclude on /rpool/var/log/http or so?
[13:45:45] <tyzoid> I could, but then I'd need to do that on every vm
[13:46:13] <tyzoid> I don't keep any logs on the reverse proxy, but those logs are kept on the actual bbs container
[13:46:31] <tyzoid> (and apoligies for mixing vm and container - all systems on srv1 are containers, at this point)
[13:47:31] <abaumann> yeah. this is tedious.
[13:47:54] <abaumann> the question would also be: is it a problem if you keep more logs, but don't use them for anything yourself?
[13:48:11] <abaumann> I can only think of the problem of a security breach on the backup leaking personal data.
[13:48:45] <abaumann> if the retention period is let's say 2 months and the data on the server is not kept longer in the log directories, then personal data disappears latest in 2 months.
[13:48:52] <tyzoid> All backups are encrypted on a storage medium that I physically control
[13:48:54] <abaumann> I wonder, if that is enough..
[13:49:08] <tyzoid> but the encryption phrase is in plaintext on the server (since it needs it to actually make the backup)
[13:49:18] <abaumann> so, I would just worry about the logs on the life server which can leak.
[13:49:46] <abaumann> which means: don't keep them there longer than necessary.
[13:49:52] <tyzoid> right. We'll they're behind a firewall / nat, and only deep42thought and I have access to it there
[13:50:00] <tyzoid> (barring a hacker, ofc)
[13:50:01] <abaumann> anyway: the new EU rules are somewhat extreme and crazy :-)
[13:50:10] <tyzoid> yup
[13:50:25] <tyzoid> plus, considering that the srv0 and srv1 are located in the united states
[13:51:00] <tyzoid> I think it's a general good practice to limit personal data storage to the minimum necessary anyway
[13:51:08] <abaumann> yeah. that's gray area: the EU law states that you have to protect the data of EU citiziens.
[13:51:31] <abaumann> that's way we in Switzerland are almost forced to have the same laws as in the EU.
[13:51:54] <tyzoid> I'll be back on in ~1hr
[13:51:58] <abaumann> piwik and google analytics is maybe more critical. Are we using some of them?
[13:52:14] <tyzoid> I'm not using either of them on anything I've got (at least, not intentionally)
[13:52:20] <abaumann> for instance statistics per country or mirror should not be a big issue, if annonymized.
[13:52:38] <tyzoid> for that, I usually look at the apache logs
[13:52:38] <abaumann> we don't have facebook/google links on our pages, also good.
[13:52:54] <tyzoid> anyway, I'm heading off to work, I'll respond when I get there
[13:52:56] <abaumann> people can register for the bug reporting tool and the forum and deregister.
[13:52:59] <abaumann> ok.
[13:53:07] <abaumann> I think, we are pretty safe. :-)
[13:53:28] <abaumann> ok. happy work :-)
[13:57:53] <eschwartz> ISTR something about the EU insanity being toned down to some sort of right to remove reasonably objectionable content.
[13:58:38] <eschwartz> anyway, channel topics are *the* way to inform people about literally everything channel related, across all channels everywhere...
[13:59:21] <eschwartz> so, this would give you an excuse to defend everyone by saying, "wait, why didn't you read the topic like a normal person?"
[14:00:05] <eschwartz> Plus, you could censor information on request, even though that's gross and antisocial in 99% of cases.
[14:16:35] -!- abaumann has quit [Ping timeout: 240 seconds]
[14:17:13] <buildmaster> qemu is broken (says rechenknecht).
[14:45:35] -!- eduardoeae_ has quit [Ping timeout: 240 seconds]
[14:46:04] -!- eduardoeae_ has joined #archlinux32
[14:47:29] -!- eduardoeae_ has quit [Read error: Connection reset by peer]
[14:48:29] -!- eduardoeae_ has joined #archlinux32
[15:28:10] <tyzoid> abaumann: On the forum, people can delete their own posts, but not entire accounts
[15:28:18] <tyzoid> but they could always request account deletion
[15:28:50] <tyzoid> but both are still included in the backup system
[15:40:18] <buildmaster> python-tqdm is broken (says buildknecht3).
[15:58:15] * buildmaster failed to execute a mysql query - can you have a look at "tmp.mysql-functions.query.stdin.2018-04-27T15:58:02.hxoatB"?.
[16:01:11] -!- bill-auger has quit [Quit: No Ping reply in 60 seconds.]
[16:01:31] -!- bill-auger has joined #archlinux32
[16:45:06] -!- davor has quit [Ping timeout: 265 seconds]
[16:49:42] -!- davor has joined #archlinux32
[18:03:06] -!- yans has quit [Quit: chaos is the only true answer]
[18:12:58] -!- isacdaavid has joined #archlinux32
[18:44:10] -!- davor has quit [Ping timeout: 264 seconds]
[18:49:44] -!- davor has joined #archlinux32
[19:06:22] -!- belanthor has joined #archlinux32
[19:46:12] -!- isacdaavid has quit [Quit: Leaving.]
[20:28:16] -!- abaumann has joined #archlinux32
[20:28:17] <buildmaster> Hi abaumann!
[20:38:25] -!- bill-auger has quit [Quit: No Ping reply in 60 seconds.]
[20:39:05] -!- bill-auger has joined #archlinux32
[21:16:44] -!- abaumann has quit [Remote host closed the connection]