IRC channel logs

2013-10-03.log

back to list of logs

<civodul>ah, but it's on the single-page version: http://www.gnu.org/software/guix/manual/guix.html#Bootstrapping
<civodul>lemme see
<handheldCar>nice, thanks
<civodul>jxself: i tried to add a .symlinks clause for manual/html_node/images, but that doesn't seem to work; ideas?
<civodul>perhaps i should make another .symlinks under manual/html_node
<handheldCar>Is xf86-video-nouveau hard to build?
*davexunit finally compiled guix
<jxself>Woot.
<jxself>I see I missed civodul.
<handheldCar>Guix could be great for keeping systems up to date
<civodul>Hello Guix!
<viric>ei
<viric>civodul: did the socat thig work for you?
<civodul>viric: haven't tried yet!
<civodul>oh i need to install Fossil first
<viric>no no
<viric>you can download the trunk tarball
<civodul>even better
<civodul>viric: so how do i use the socat thing in filegive?
<viric>-ss your_ssh_host
<viric>mh I forgot to write 'socat' there, right
<civodul>error setting up ssh socattunnel: exit status 127
<civodul>what command does it expect exactly?
<viric>it runs 'socat' at the remote side
<viric>can you have 'socat' there?
<civodul>nope!
<civodul>would it work to use netcat or so?
<viric>no
<civodul>damn it
<viric>:D
<viric>you said socat was fine :)
<civodul>yes, i assumed it was ubiquitous
<civodul>i could install it though
<viric>with guix
<civodul>well Guix is not installed on those machines
<viric>when you say netcat, you mean gnu netcat?
<civodul>gnu netcat is actually not GNU, but yes, something like that :-)
<civodul>or nc
<viric>civodul: I tried to write 'netcat support' with '-sn'. pick the trunk if you want to try.
<civodul>how fast :-)
<viric>well, it isn't very nice code. I'll refactor it later :)
<viric>first it should work. hehe
<civodul>error setting up ssh 'netcat' tunnel: exit status 1
<civodul>although 'nc' is present on the host
<viric>nc --help
<viric>GNU netcat 0.7.1
<civodul>arf, mine is the other 'nc'
<viric>this looks like a monty python show already
<viric>:)
<civodul>so apparently the options have different names
<viric>that's why I mentioned 'GNU netcat'
<viric>can you paste me the '-h' of that one?
<civodul>like there's no -tt and no -R
<civodul>yes
<viric>-tt and -R are for ssh
<viric>you have openssh, right? :D
<viric>or lsh/dropbear/...?
<civodul> http://paste.lisp.org/+2ZGS
<civodul>(centralized service!)
<viric>;)
<civodul>ah right, i have the OpenSSH client
<civodul>sorry i thought -tt and -R were for nc
<viric>civodul: this nc can't tunnel tcp
<civodul>blech
<civodul>so, hmm
<viric>only stdin/stdout things
<civodul>i'll have to find a way to get the other netcat, or socat, or something
<viric>that'd be the best. You are in a tough situation ;)
<civodul>i think you've done the best you could do :-)
<viric>hehe
<civodul>so thanks!
<viric>firewalls are hard. internet looks so unidirectional!
<civodul>yeah
<civodul>the problem is only when i'm at work, though
<civodul>or in similarly hostile places ;-)
<viric>very hostile, yes.
<mark_weaver>civodul: I'm sure I'm missing something, but if you have access to a server, why can't you use ssh to create tunnels back and forth? what are you trying to do?
<mark_weaver>is it just that you want to avoid sending the bulk of the data through the server, for bandwidth reasons?
<civodul>mark_weaver: i'm trying to use viric's filegive: http://vicerveza.homeunix.net/~viric/cgi-bin/filegive/doc/trunk/doc/home.wiki
<civodul>it returns an https URL that must be valid from the outside, and so it creates the tunnel itself
<viric>mark_weaver: privacy reasons
<viric>(too)
<viric>mark_weaver: to create ssh tunnels that *open* a remote port, the default sshd config allows only opening it for 'localhost'.
<viric>civodul: if anything had worked about tunnels, I imagine that next you would tell me that the given 'ssh' host allows only connections to port 22. ;)
<mark_weaver>interesting. where can I read about how filegive works?
<viric>at that url
<viric>given by ludo
<viric>or http://viric.name/cgi-bin/filegive
<civodul>mark_weaver: it has .go files :-)
<viric>which are not guile files
<mark_weaver>but not from Guile, I see :)
<viric>:)
<mark_weaver>does filegive work from behind hostile corporate firewalls, or does it depend on a fairly friendly NAT router that supports things like UPnP?
<viric>it does not do tricks at all.
<viric>but if you have a public reachable ssh host, you can use it as hop
<viric>it does not use any network magic. It only uses usual things. So yes, you may be in a case like civodul, where no option serves you to use filegive.
<mark_weaver>NAT is one of the worst things that happened to the internet :-(
<viric>that happened, and that will happen MORE
<viric>ripe meetings results suggest, that providers go to cgNAT and not to IPv6
<mark_weaver>*nod* so sad
<viric>you can download a trojan that connects to a remote computer and sends all your data to it, without warning
<viric>but you have very good protection against trojans that listen to incoming connections.
<viric>(talking about firewalls)
<viric>I mean... given that NAT is there, there could be better approaches to it, than the usual firewall sysadmin approach of disabling incoming connections to any internal host whatsoever.
<mark_weaver>NAT blocks some simple ways to hack into a host, but there are plenty of other ways. meanwhile, it makes peer-to-peer quite difficult, and strongly encourages the use of privileged servers as intermediaries.
<viric>exactly.
<viric>False feeling of security.
<viric>by the means of lots of annoyance.
<viric>everyone knows, annoyance means security. ):
<viric>:)
<viric>speak with your BOFH, and get a public reachable tcp port :)
<mark_weaver>the internet has become so broken that at this point, the best we can do is probably to treat UDP as the new IP, and build something better on top of that.
<viric>I've some friends behind cgNAT. Very annoying; they need some public host with ssh account, but filegive gives the end-to-end security over that, at least.
<mark_weaver>filegive sounds very nice
<viric>mark_weaver: UDP can't bypass NAT either, in 99% of cases
<mark_weaver>well, I'm thinking of STUN
<viric>STUN is in the 1% of cases
<mark_weaver>so yeah, you can't quite use it as a direct IP replacement.
<viric>works in the 1%
<mark_weaver>oh really? STUN doesn't work anymore in most cases?
<viric>I have never seen it working
<viric>I'd be pleased to accept a counterexample
<mark_weaver>I've only read about it, and that was many years ago. I'll take your word on it.
<viric>I may be wrong; I only tried it with voip, with troubles.
<mark_weaver>viric: where did you get the 99% and 1% from?
<viric>I thought I saw them here: http://grothoff.org/christian/pwnat.pdf but it seems it is not so
<viric>:)
<viric>that is about *autonomous* nat, which is clearly not stun
<mark_weaver>right, STUN requires a server that can accept incoming connections for the initial connection setup.
<mark_weaver>well, I'm a fool for staying up so late. time for sleep now.
*mark_weaver --> zzz
<viric>fun that there is Mark Weaver, Marc Weber, and Mark Webber.
<civodul>heh
<civodul>seen on LWN: GNOME now requires GNOME application developers to provide package descriptions in their AppData format
<civodul> http://lwn.net/SubscriberLink/569034/1fa61f0fdc41ef37/
<jxself>Hey, a complete RMS recording has been found. It was made by someone in the audience. Woot.
<jxself>Plus, it looks like I missed civodul earlier. It is working now?
<viric>jxself: the gnu30 talk?
<viric>I'm interested in it
<jxself>Yep.
<jxself>It's currently being worked on by FFmpeg. I expect it'll be on audio-video.gnu.org later today.
<viric>Ok!
<viric>isn't it this? http://audio-video.gnu.org/video/#2013
<jxself>That is where the complete recording will end up being but isn't there just yet. The two part thing you see is missing several minutes because of an error at the streaming source.
<viric>aaah
<viric>I remember the cut. I didn't expect that part would be recorded. great
<jxself>The problem was at the streaming source, and so yeah. Sadly.
<civodul>Guix in the news: http://www.examiner.com/article/gnu-guix-the-most-important-free-software-project-you-ve-never-heard-of-1
<viric>:)
<civodul>jxself: the symlinks seems to work now: http://www.gnu.org/software/guix/manual/html_node/Bootstrapping.html
<civodul>jxself: did you change something?
<meta-RET>civodul: I'm trying to handle mupltiple 'source's. I renamed 'package-source-derivation' to 'match-source-element' (for now) and placed it inside my newly created 'test-match' procedure. Then I added another 'match' to check the number of arguments in 'source'. Basically, (match source ((e) (match-source-element e)) ((e . es) (sequence-operations (match-source-element e) (test-match es)))).
<meta-RET>I'm not sure how to define 'sequence-operations' because 'match-source-element' may return a string, add a file to the store, or do something else. Do you see a way to structure the code differently to avoid using 'sequence-operations'?
<meta-RET>Usually, one'd use 'cons', but it won't work in this case.
<meta-RET>Oh, I have to go. TTYL.
<jxself>civodul: Nope, it just sometimes takes a while. I am not sure when the cron job runs.
<civodul>jxself: ah ok, good then :-)
<civodul>perhaps the symlinks cron job is less frequent than the regular web page update job
<civodul>Steap: do you know the answer to Andreas' Python issue?
<Steap>not yet :)
<civodul>ok :-)
<Steap>I don't know why "python setup.py install_data" is triggered
<Steap>but I guess we can just pass the right switch