Logs for #pizarro

Go to: #trilema #pizarro #trilema-mod6 #chainstate #eulora

2018-3-22 | 2018-3-24

mod6: nice, thanks TomServo
TomServo: mod6: np
hanbot: heya. re http://btcbase.org/log/2018-03-22#1788741 , i've no qualms about unix accounts/lack of vm song&dance
hanbot: i'm kinda incapacitated with some sort of jungle fever, but will keep an eye out for http://logs.bvulpes.com/pizarro?d=2018-3-22#317466 etc. thanks for the swift uptake on this stuff.
mimisbrunnr: Logged on 2018-03-22 17:34 ben_vulpes: mk imma doodle some numbers on shared hosting prices, we can come back to the chroot thing later
ben_vulpes: BingoBoingo: please make users for myself, mod6, and asciilifeform on UY1
ben_vulpes: asciilifeform mod6 hanbot: i'm thinking 25 bucks per month for these shells
ben_vulpes: that would be something like 0.003 btc/mo
ben_vulpes: also, finished retallying expenses, baked a transaction which will confirm ideally this evening and then i'll have funds in asciilifeform's deedbot wallet
ben_vulpes: going to keep all pizarro funds in a pizarro wallet moving forward, just to keep the picture clear
ben_vulpes: tomorrow i fire bills for pro-rated march services, and the pro-rata share of the transport fee to .uy
ben_vulpes: asciilifeform: i appear to have to wait for my deposit turd to wind its way through deedbot's bowels, so i'm going to hit the hay and finish this chore tomorrow
mod6: <@ben_vulpes> asciilifeform mod6 hanbot: i'm thinking 25 bucks per month for these shells <@ben_vulpes> that would be something like 0.003 btc/mo << any idea on how many to break even on this box? is $25 more or less than would charge for vps or small computer?
asciilifeform: mod6: approx what such a thing costs in heathendom, yes
asciilifeform: ben_vulpes: ok
ben_vulpes: BingoBoingo: http://p.bvulpes.com/pastes/cwHLO/?raw=true
ben_vulpes: mod6: mhm, it's approximately what an entry-level vps costs; i think it's actually a great deal
ben_vulpes: probably 10-15 usd of headroom in there
BingoBoingo: <asciilifeform> the q for BingoBoingo : do you know how to set up an ethernet switch such that 1) every jack has a FIXED ip 2) a nic in promisc mode on any jack , will see jackshit << I don't have much more than a vague idea of how it could be pulled off on our switch. The safer place to pull this off would probably be on one or more smaller switches.
ben_vulpes: BingoBoingo: and ssh key http://p.bvulpes.com/pastes/iu6Ti/?raw=true
ben_vulpes: please add those users to sudoers
BingoBoingo: ben_vulpes: Gracias
mod6: <@ben_vulpes> mod6: mhm, it's approximately what an entry-level vps costs; i think it's actually a great deal << I don't think it's a bad deal either. Just curious how many accounts we'll need on there to even break even,
mod6: s/,/./
ben_vulpes: mod6: tricky q, as the server cost basis is in btc but 6 to cover the rackspace
BingoBoingo: What is the default shell on this box?
ben_vulpes: asciilifeform: ^^ specification question
asciilifeform: default -- sh
asciilifeform: users oughta be able to pick from the traditional alternatives tho
mod6: This seems fair.
mod6: I'd say we need to have: csh/tcsh/bash/ksh/zsh available.
mod6: (lol, which ones aren't on that list)
mod6: ash?
asciilifeform: i think this covers the 'classics' yes
mod6: <@ben_vulpes> mod6: tricky q, as the server cost basis is in btc but 6 to cover the rackspace << werd.
mod6: Well, once it's up, let's announce somewhere for sure - maybe we pick up some users.
asciilifeform: should be pretty easy to let l1+l2 know that it exists
ben_vulpes: aaaayup
lobbes: http://logs.bvulpes.com/pizarro?d=2018-3-23#318182 << fwiw, my heathen vpsen run me around 5 unified standard dosidoes per month. That being said, 25 for a genuine Republican shell seems reasonable
mimisbrunnr: Logged on 2018-03-23 15:54 ben_vulpes: mod6: mhm, it's approximately what an entry-level vps costs; i think it's actually a great deal
lobbes: http://logs.bvulpes.com/pizarro?d=2018-3-22#317709 << this sounds attractive
mimisbrunnr: Logged on 2018-03-22 22:35 asciilifeform: on the 'low-end' of things, i recently tested a http://www.friendlyarm.com , where 10bux gets you a pogo-style 256M, and 12bux -- 512M, with 100M/s nic
ben_vulpes: lobbes: what are the stats on that vps?
lobbes: On frantech it is 512M, 1TB bw per month, and a ~50GB hd space
lobbes: Edis, I think is very similar
lobbes: Not sure on actual upload/downloads speeds however, but they have served up my www-tools, bots, logs, and blog speedily enough
ben_vulpes: hdd not ssd?
lobbes: Yeah, hdd
ben_vulpes: neat thanks for pricing info
ben_vulpes: at least at the outset of loading this box, you're going to have access to far greater resources than the other vps you're using
lobbes: Nice. Plus, the benefit of being able to talk to actual people I trust if shit goes wrong is very alluring selling point
ben_vulpes: asciilifeform mod6 please provide BingoBoingo with ssh keys
ben_vulpes: asciilifeform: is there a reason to assign users something other than their wot handle as unix user names?
asciilifeform: ben_vulpes: nope. imho -- The Right Thing
ben_vulpes: k
ben_vulpes: what permissions do we need to set, incantations do we need to perform on/for customer accounts?
ben_vulpes: also asciilifeform i misremembered, this machine has 128 gigs of ram
asciilifeform: aah neato
ben_vulpes: lobbes: 256 users all using 512 megs of ram before you'll be compressed back down into 512 mb
asciilifeform: ben_vulpes: chmod their homedirs, to 700 ( no folx-reading-each-other's-dirs ) and set their umask to 0077 (same effect for new dirs inside homes)
ben_vulpes: that's all? automatable?
asciilifeform: see also https://www.cyberciti.biz/tips/understanding-linux-unix-umask-value-usage.html
asciilifeform: ( after this is done, test it, naturally )
ben_vulpes: homedir perms look like they come in from /etc/skel
asciilifeform: there are several equally working places to set umask, aha
asciilifeform: 'unix philosophy' lolz
ben_vulpes: okay well mister quartermaster please to specify how pizarro configures this
asciilifeform: plz change the umask in /etc/profile .
ben_vulpes: umask in /etc/profile and homedir in /etc/skel ?
asciilifeform: aha
ben_vulpes: great thank you
asciilifeform: ( if you already created a homedir, will have to fix it manually )
ben_vulpes: well i did have the sense to ask before creating customer accounts
ben_vulpes: BingoBoingo: please ping when you're back at term
lobbes: Nice. Ok, well I'm sold on at least trying it out for the first month. I think I have at least .003 in my deedbot wallet I can pay with once things are ready. >> http://logs.bvulpes.com/pizarro?d=2018-3-23#318429
mimisbrunnr: Logged on 2018-03-23 19:23 ben_vulpes: lobbes: 256 users all using 512 megs of ram before you'll be compressed back down into 512 mb
ben_vulpes: neato
lobbes: I'll keep my eyeballs tuned to this channel
ben_vulpes: asciilifeform: tangentially, what would it take to set up a VPN provider on this machine?
ben_vulpes: asciilifeform: ps i would also like to hammer out a software installation process with you
mod6: <@ben_vulpes> asciilifeform mod6 please provide BingoBoingo with ssh keys << can do, need about an hour or so here...
BingoBoingo: ben_vulpes: At the terminal
ben_vulpes: BingoBoingo: gpg me a password for your unix account please
BingoBoingo: ben http://p.bvulpes.com/pastes/flIfD/?raw=true
ben_vulpes: BingoBoingo: try logging in please
BingoBoingo: works
ben_vulpes: poifect
ben_vulpes: please make asciilifeform and mod6 accounts and when they get you ssh keys please emplace those
ben_vulpes: in the meantime set the machine hostname to UY1
ben_vulpes: asciilifeform: when will you be free to set up an apache and all of the php machinery to run mp-wps?
ben_vulpes: mysql etc
ben_vulpes: BingoBoingo: please update /etc/profile to 0077, modify the permissions on /etc/skel to 700, and then create a new user with homedir and confirm that user's homedir permissions are 700 and umask is 0077
ben_vulpes: paste a log of the confirmations for asciilifeform's review
BingoBoingo: I've updated the /etc/profile file, but WTF is /etc/skel
ben_vulpes: it is the directory from which permissions are pulled for new user directories
ben_vulpes: http://logs.bvulpes.com/pizarro?d=2018-3-23#318434
mimisbrunnr: Logged on 2018-03-23 19:27 ben_vulpes: homedir perms look like they come in from /etc/skel
BingoBoingo: Alright ran "sudo chmod 700 /etc/skel"
BingoBoingo: And the hostname has been changed in /etc/conf.d/hostname but I do not know what the preferred incantation is to get it to take effect here
ben_vulpes: ah it gets set with the hostname command
BingoBoingo: I am not seeing any effect from that
BingoBoingo: Aite, I see it now
BingoBoingo: and users added, awaiting keys
ben_vulpes: thanks
mod6: Alright, getting key for ya.
mod6: Stand by,
mod6: http://p.bvulpes.com/pastes/2XAr4/?raw=true
BingoBoingo: mod6 key added
mod6: tyvm!
ben_vulpes: BingoBoingo: you gotta unlock the account
ben_vulpes: usermod -U
ben_vulpes: asciilifeform: do you prefer to move ssh to a nonstandard port?
mod6: BingoBoingo: let me know when you're ready, will try again
ben_vulpes: i'm hopping on the phone for a bit
mod6: ok n[
mod6: p
BingoBoingo: mod6: Should work GPGgram incoming
BingoBoingo: mod6: http://p.bvulpes.com/pastes/ZhwdS/?raw=true
mod6: anyway, don't worry about my key right now
mod6: worry about getting the rest of the stuff up so hanbot can get going with her website.
BingoBoingo: mod6: test it now
mod6: stand by
BingoBoingo: The rest of the stuff is well above my paygrade
mod6: That doesn't work either.
mod6: No matter what, when I try to connect, it says: Permission denied (publickey).
mod6: even when i use the following params:
mod6: ssh -o PubkeyAuthentication=no user@A.B.C.D -p 50022
mod6: anyway, we can worry about my account later. Right now, let's get the rest of the stuff setup.
mod6: for the record too, when I do:
mod6: ssh -o PubkeyAuthentication=yes -i /home/user/.ssh/id_rsa user@A.B.C.D -p 50022
mod6: i get the same message: Permission denied (publickey).
mod6: Let's move on to the apache/mysql setup, etc.
BingoBoingo: asciilifeform: http://p.bvulpes.com/pastes/LcdzY/?raw=true
BingoBoingo: Well I will probably be back later. Today's the day I get to see how my shit survived the latest dormitory to gas chamber conversion. Based on a brief peak at the purple residues on the glass this morning it looked like they used magnesium phosphide tablets.
mod6: I think we indeed need to work late today on this. What was the time horizon that we told Mr. P. & Hanbot that we'd have this ready?
ben_vulpes: mod6: try to log in again
mod6: ok
ben_vulpes: nailing this down in a recipe is important
mod6: same thing
mod6: Permission denied (publickey).
ben_vulpes: you're connecting on ports 55372
mod6: ssh -o PubkeyAuthentication=yes -i /home/mod6/.ssh/uy1-id_rsa mod6@161.0.121.247 -p 50022
mod6: mod6@localhost ~ $ ssh -o PubkeyAuthentication=no mod6@161.0.121.247 -p 50022
mod6: Permission denied (publickey).
ben_vulpes: drop the -o flag
mod6: ok
ben_vulpes: we want pubkeyauthentication
mod6: mod6@localhost ~ $ ssh -i /home/mod6/.ssh/uy1-id_rsa mod6@161.0.121.247 -p 50022
mod6: Permission denied (publickey).
ben_vulpes: utterly nuts
mod6: (note that i did this both ways ^ see above)
mod6: (with =no, with =yes)
ben_vulpes: can you run ssh-keygen -lf $pubkey
mod6: ok
mod6: mod6@localhost ~ $ ssh-keygen -lf /home/mod6/.ssh/uy1-id_rsa.pub
mod6: 2048 SHA256:Z4Ei8s0MuIy8+EA8tUIsQwB9sAgEmuop7XDpYWpvKhE root@airgap (RSA)
ben_vulpes: yeah nuts that's what i see as well
mod6: fwiw, i'm chmod 600 over here... also have tried with 400, same thing:
mod6: mod6@localhost ~ $ ls -al /home/mod6/.ssh/uy1-id_rsa
mod6: -rw------- 1 mod6 mod6 1679 Mar 23 15:53 /home/mod6/.ssh/uy1-id_rsa
ben_vulpes: give me the scroll with -vv ?
mod6: alright.
mod6: http://p.bvulpes.com/pastes/TfLyB/?raw=true
mod6: i hate to even ask, but i totally forgot to change my user@host in there before i sent the key to bb.
mod6: i wonder if you shouldn't change it to like 'mod6@localhost' or something
mod6: or if i need to regen.
mod6: interested to see if alf has a similar issue
mod6: anyway, like i said, me being able to log in is extreme low priority.
ben_vulpes: mod6: if we can't set up a user account you can log into...
mod6: fair enough.
mod6: ok lemme see what i can find out.
ben_vulpes: "we did not send a packet, disable method"
ben_vulpes: can you run that fingerprint against the private key as well, mod6
mod6: so in the end i'll need to make another one?
mod6: i think this is somehow a permissions problem.
ben_vulpes: mod6: what was the fingerprint that you got from that private key
ben_vulpes: it should match that which you got for the public key
mod6: I'm not sure what you're asking.
ben_vulpes: ssh-keygen -lf $privatekey
ben_vulpes: permissions on your homedir are exactly what they are on mine
mod6: mod6@localhost ~ $ ssh-keygen -lf .ssh/uy1_id_rsa
mod6: 2048 SHA256:Z4Ei8s0MuIy8+EA8tUIsQwB9sAgEmuop7XDpYWpvKhE root@airgap (RSA)
mod6: mod6@localhost ~ $ ssh-keygen -lf .ssh/uy1_id_rsa.pub
mod6: 2048 SHA256:Z4Ei8s0MuIy8+EA8tUIsQwB9sAgEmuop7XDpYWpvKhE root@airgap (RSA)
mod6: I'm going to make a new key.
mod6: Flush my key out of authorized hosts
ben_vulpes: k i'm convinced
mod6: http://p.bvulpes.com/pastes/0myCQ/?raw=true
mod6: Ok, add that, and I'll try again here.
ben_vulpes: aight, try logging in
mod6: alright
ben_vulpes: closed during preauth
mod6: http://p.bvulpes.com/pastes/ISaf7/?raw=true
mod6: Now, I'm gonna try moving the keys to another host, and see what happens over there.
ben_vulpes: yeah but more verbose
mod6: ok same host, more verbose.
ben_vulpes: mod6: why would that change anything?
ben_vulpes: yeah once again closed during preauth
ben_vulpes: mod6: try now
mod6: ok, that worked on my different host.
mod6: was about to send you the log from the orig host, that still didn't work
mod6: lemme try orig host again.
mod6: stand by
mod6: boom.
mod6: works on both. whatever you changed, fixed it.
ben_vulpes: it should work now, you were right owner of authorized_keys was root
mod6: aha, yea permissions deal.
ben_vulpes: aha
mod6: Alright! Nice work. Onwards and upwards. :]
ben_vulpes: okay, great. whenever hanbot wants a shell we're ready
ben_vulpes: lobbes idem
ben_vulpes: provisioning more software will have to wait for asciilifeform, the master of arms.
mod6: Sounds good!
danielpbarron: i would like a shared host please
ben_vulpes: super
ben_vulpes: shoop me a key, danielpbarron
danielpbarron: a what now?
ben_vulpes: send me an ssh public key, please
danielpbarron: i do not have one
ben_vulpes: can you run ssh-keygen and make one, or do you have some principled stand against ssh public keys?
danielpbarron: i can make one. will it be possible to log in via password or is that not allowed?
ben_vulpes: i'm not enabling that unless asciilifeform says to; opens the machine up to bruteforceability
danielpbarron: http://wotpaste.cascadianhacker.com/pastes/bA3Zj/?raw=true
ben_vulpes: great ty
ben_vulpes: danielpbarron: http://p.bvulpes.com/pastes/HM2iu/?raw=true
asciilifeform: ben_vulpes: aha i disrecommend pwlogin
asciilifeform: ben_vulpes: i can start with the box as soon as tomorrow
ben_vulpes: all righty, send me an ssh key and i'll get you in
asciilifeform: willdo
ben_vulpes: would you like a list of desired softs?
asciilifeform: yes
ben_vulpes: danielpbarron, lobbes, hanbot: please shoot me a preliminary list of software to install on the machine
asciilifeform: keep in mind that anything that doesn't ~absolutely have to be~ systemwide -- should not be
asciilifeform: e.g. anything in php
ben_vulpes: i'm going to defer to your judgement in setting such up
ben_vulpes: but this implies the php process itself runs as the user whose php it's running?
asciilifeform: correct
ben_vulpes: okay, what will we need from users to connect the pipe from apache to the php process?
asciilifeform: researching this currently
asciilifeform: the one tricky bit is the part where we want to give each user an ip
asciilifeform: this is atypical but for 'modern' hosting -- expected. so we gotta have it.
ben_vulpes: is that strictly necessary at the outset?
ben_vulpes: if it's relatively tractable to pull off, i don't object
asciilifeform: it is, or e.g. hanbot couldn't host using her domain
asciilifeform: gotta meet or at least exceed the nfsco level of service, neh
ben_vulpes: doesn't the webserver extract the domain from the request and serve the right thing?
asciilifeform: rather than e.g. http://pizarroisp.com/thewhet
asciilifeform: ben_vulpes: it does. problem is that there is 1 www server process, but N users
asciilifeform: and then also we are limited to http
ben_vulpes: no clearly that won't fly, but i am under the impression that we can point arbitrary numbers of domains at a single ip
asciilifeform: have we explicitly limited the advertised service to http ?
ben_vulpes: asciilifeform: no, not yet
asciilifeform: otherwise, what if , e.g., danielpbarron , wants to host a ftp
asciilifeform: or whichever
ben_vulpes: right, ok
ben_vulpes: this may chew through our IP allocation rather quickly
asciilifeform: but yes, if we are limiting to http , the config is considerably simpler
asciilifeform: and can have whole box use 1 ip even.
asciilifeform: but what do the customers think ?
asciilifeform: nao that i think about it, nobody gets 'own ip' in nfsco either.
ben_vulpes: let us wait for one to request their own ip; it's not an avenue that closes off, is it?
asciilifeform: we can easily retrofit it, give'em a separate process ( incidentally ben_vulpes , any particular reason you prefer apache to nginx ? )
ben_vulpes: nginx smells like all of the other new things i once used because they were not the old things
ben_vulpes: 'pro' offering etc
ben_vulpes: your call, really. it's an entirely great webserver in my experience.
ben_vulpes: my preliminary list is: 1) webserver 2) mysql 3) postgres
asciilifeform: it weighs less.
asciilifeform: the one reason not to use nginx would be if somebody has something apache-specific they wish to run.
ben_vulpes: i'll have to jet here shortly, but before i do help me understand how customers are to install packages. should danielpbarron want eg weechat, is he to download sources and compile himself?
asciilifeform: the simplest method is that he requests it, here in the chan
asciilifeform: and we set it up machinewide.
ben_vulpes: how does this mesh with "things that do not need to be systemwide should not be"?
asciilifeform: i will carry out this duty.
asciilifeform: well some things ~do~ want to be systemwide
asciilifeform: but for those which do not, there is nothing keeping the user from downloading the tar, unpacking, compiling, installing with make install with ~/bin prefix
asciilifeform: (i.e. into own dir)
ben_vulpes: aha
ben_vulpes: this sacrifices what strengths portage has left, costs a bit in training the rest of the squad on gentoo
asciilifeform: in practice there are not very many things at all that gotta be systemwide.
asciilifeform: and there's no particular reason why everybody has to 'know gentoo'.
asciilifeform: ./configure --prefix=/home/me/somewhere && make && make install has nothing intrinsically gentooistic around it.
ben_vulpes: yeah, i get it
asciilifeform: ben_vulpes have you never had occasion to share a unix box with friends , before ?
asciilifeform: i gotta ask
asciilifeform: how much of what we are doing, is new to you
ben_vulpes: http://logs.bvulpes.com/pizarro?d=2018-3-22#317384
mimisbrunnr: Logged on 2018-03-22 17:14 ben_vulpes: i only ever bought servers as a semi-adult with budget for entire machines actually
asciilifeform: aa
ben_vulpes: but if you'll suffer the teaching, i do want to know
ben_vulpes: i never even wanted to touch computers per se, it was simply a far better life than managing a family of bolts in button up shirts in the suburban wastelands
asciilifeform: i will teach what i know; and unearth what i do not know
asciilifeform: ( inevitably we will run into some 'modern' rubbish where we gotta dig out last-good version of proggies X,Y,... )
ben_vulpes: (and nobody's had fun with rockets since the thirties...)
asciilifeform: lol korolev had fun
ben_vulpes: ah i suppose
asciilifeform: and betcha the folx building 'sarmat' are having boatload of phun even now
ben_vulpes: this may be so, if they've escaped the western curse of headcount
ben_vulpes: upstack, pinning down last-known-good versions is a worthy labor
ben_vulpes: modern weechat crashes on term resize i hear
ben_vulpes bbl

2018-3-22 | 2018-3-24