Thursday, 2016-09-15

« Wednesday, 2016-09-14 Index Friday, 2016-09-16 »
*** jamielennox|away is now known as jamielennox00:00
*** JAHoagie has quit IRC00:07
*** tmcpeak has quit IRC00:16
*** Granate has joined #openstack-security00:19
*** Granate has left #openstack-security00:19
openstackgerritCharles Neill proposed openstack/syntribos: Glance template tweaks  https://review.openstack.org/37049300:24
ccneillso this is interesting.. somehow I managed to get invalid image types into my db o_O00:28
ccneillYES00:28
ccneillXSS POPPED00:29
ccneillMUAHAHA00:29
ccneillwow, you know it's good when you ssh into a box and get this:00:39
ccneill-bash: fork: Cannot allocate memory                                                                                                                            │< X-Openstack-Request-Id: req-e4033ad6-55a5-43a4-8a31-eb5eaf41e40300:40
ccneillvagrant@vagrant-ubuntu-trusty-64:~$ top                                                                                                                        │< Date: Mon, 12 Sep 2016 20:53:22 GMT00:40
ccneill-bash: fork: Cannot allocate memory                                                                                                                            │<00:40
ccneill-bash: xmalloc: cannot allocate 4112 bytes (3670016 bytes allocated)                                                                                           │* Connection #0 to host localhost left intact00:40
ccneillConnection to 127.0.0.1 closed.00:40
ccneilloops00:40
*** yeison has joined #openstack-security00:43
yeisonSe ha solicitado una sesión de mensajería musical. Por favor, seleccione el icono de MM para aceptarla.00:45
yeisonSe ha solicitado una sesión de mensajería musical. Por favor, seleccione el icono de MM para aceptarla.00:45
yeisonSe ha solicitado una sesión de mensajería musical. Por favor, seleccione el icono de MM para aceptarla.00:45
*** yeison has left #openstack-security00:45
*** ccneill has quit IRC00:49
*** jass93 has joined #openstack-security00:54
*** vinaypotluri has quit IRC01:22
*** salv-orlando has joined #openstack-security01:41
*** salv-orl_ has quit IRC01:43
*** woodster_ has quit IRC01:50
*** yeison has joined #openstack-security01:55
*** yeison has left #openstack-security01:56
*** yeison has joined #openstack-security02:06
*** yuanying has quit IRC02:47
*** diazjf has joined #openstack-security02:51
*** sdake has joined #openstack-security03:01
*** diazjf has quit IRC03:07
*** austin987 has quit IRC03:26
*** knangia has quit IRC03:41
*** vinaypotluri has joined #openstack-security03:45
*** mdong has joined #openstack-security03:50
*** yuanying has joined #openstack-security03:51
*** sdake has quit IRC05:03
*** JAHoagie has joined #openstack-security05:15
*** rcernin has joined #openstack-security05:17
*** sdake has joined #openstack-security05:22
*** markvoelker has quit IRC05:41
*** pcaruana has joined #openstack-security06:04
*** pcaruana is now known as pcaruana|afk|06:13
*** vinaypotluri has quit IRC06:22
*** sdake has quit IRC06:36
*** pcaruana|afk| is now known as pcaruana06:40
*** jamielennox is now known as jamielennox|away06:45
*** mdong has quit IRC06:50
*** salv-orlando has quit IRC06:50
*** salv-orlando has joined #openstack-security06:51
*** liverpooler has joined #openstack-security07:01
*** zul has joined #openstack-security07:10
openstackgerritMerged openstack/security-doc: Adding OSSN-0066  https://review.openstack.org/36807707:20
*** salv-orl_ has joined #openstack-security07:40
*** markvoelker has joined #openstack-security07:42
*** salv-orlando has quit IRC07:43
*** markvoelker has quit IRC07:48
*** zul has quit IRC07:57
*** jamielennox|away is now known as jamielennox07:57
*** gfhellma has joined #openstack-security08:21
*** gfhellma has quit IRC08:32
*** tkelsey has joined #openstack-security08:36
*** markvoelker has joined #openstack-security09:44
*** Trident has joined #openstack-security09:48
*** markvoelker has quit IRC09:49
*** salv-orl_ has quit IRC10:01
openstackgerritMerged openstack/security-doc: Use hyperlink markup for the link reference title  https://review.openstack.org/36974610:14
*** salv-orlando has joined #openstack-security11:02
*** dave-mccowan has joined #openstack-security11:06
*** salv-orlando has quit IRC11:06
*** Guest84617 has joined #openstack-security11:11
Guest84617hi11:12
Guest84617echo11:12
*** Guest84617 has left #openstack-security11:14
*** salv-orlando has joined #openstack-security11:28
*** edmondsw has joined #openstack-security11:42
*** markvoelker has joined #openstack-security11:45
*** markvoelker has quit IRC11:50
*** sdake has joined #openstack-security12:38
*** markvoelker has joined #openstack-security12:38
*** _elmiko is now known as elmiko13:02
*** liverpooler has quit IRC13:03
*** sdake_ has joined #openstack-security13:14
*** salv-orlando has quit IRC13:15
*** sdake has quit IRC13:16
*** singlethink has joined #openstack-security13:32
*** cleong has joined #openstack-security13:44
*** gmurphy has quit IRC13:47
*** gmurphy has joined #openstack-security13:47
*** diazjf has joined #openstack-security13:49
*** diazjf has quit IRC13:52
*** diazjf has joined #openstack-security14:01
*** jass93 has quit IRC14:06
*** diazjf has quit IRC14:10
*** JAHoagie has quit IRC14:20
*** diazjf has joined #openstack-security14:20
*** Trident has quit IRC14:41
*** Trident has joined #openstack-security14:41
*** mvaldes has joined #openstack-security14:42
*** tmcpeak has joined #openstack-security14:45
*** knangia has joined #openstack-security14:48
*** liverpooler has joined #openstack-security14:49
*** diazjf has quit IRC14:55
*** edtubill has joined #openstack-security14:57
*** edtubill has quit IRC14:57
*** edtubill has joined #openstack-security14:58
*** edtubill has quit IRC15:00
*** diazjf has joined #openstack-security15:06
*** zul has joined #openstack-security15:12
*** mvaldes1 has joined #openstack-security15:17
*** pcaruana has quit IRC15:19
*** mvaldes has quit IRC15:19
*** salv-orlando has joined #openstack-security15:19
*** mvaldes has joined #openstack-security15:20
*** salv-orlando has quit IRC15:22
*** zul has quit IRC15:22
*** mvaldes1 has quit IRC15:23
*** woodster_ has joined #openstack-security15:36
*** vinaypotluri has joined #openstack-security15:48
*** salv-orlando has joined #openstack-security15:49
*** mvaldes has quit IRC15:56
*** mvaldes has joined #openstack-security15:57
*** JAHoagie has joined #openstack-security16:02
*** jass93 has joined #openstack-security16:04
*** diazjf has quit IRC16:26
*** rcernin has quit IRC16:26
*** diazjf has joined #openstack-security16:33
*** gfhellma has joined #openstack-security16:34
*** mdong has joined #openstack-security16:34
*** ccneill has joined #openstack-security16:34
ccneilllooks like my Horizon XSS is a dupe. womp womp :( https://bugs.launchpad.net/horizon/+bug/162269016:37
openstackLaunchpad bug 1622690 in OpenStack Dashboard (Horizon) "Potential XSS in image create modal or angular table" [High,Fix committed] - Assigned to Richard Jones (r1chardj0n3s)16:37
*** diazjf has quit IRC16:41
*** mvaldes has quit IRC16:43
*** browne has joined #openstack-security16:49
ccneilltristanC: I'm ./unstack && ./stack -ing to see if the issue I reported is fully resolved. at this point it looks like a dupe16:49
ccneillunfortunately I have a conflict during the OSSP meeting in a few minutes :\16:49
hyakuheiccneill Sounds like you're having fun16:55
ccneillhyakuhei: only always16:55
ccneill:P16:55
ccneillwas really hoping I had finally found something serious16:55
ccneillcan I also say how cool it is to be able to tear down & spin up devstack with one command?16:57
*** mvaldes has joined #openstack-security16:57
ccneillmdong: family meeting?17:03
*** gfhellma has quit IRC17:03
*** mwturvey has joined #openstack-security17:04
*** mvaldes has quit IRC17:20
*** mdong has quit IRC17:24
*** jass93 has quit IRC17:37
*** sicarie has joined #openstack-security17:40
*** gfhellma has joined #openstack-security17:41
openstackgerritRahul U Nair proposed openstack/syntribos: Minor modifications to the neutron templates  https://review.openstack.org/37102317:42
*** tkelsey has quit IRC17:45
openstackgerritRahul U Nair proposed openstack/syntribos: A minor naming change for a neutron extension  https://review.openstack.org/37102417:45
*** jass93 has joined #openstack-security17:57
openstackgerritMerged openstack/syntribos: A minor naming change for a neutron extension  https://review.openstack.org/37102417:59
*** diazjf has joined #openstack-security18:06
*** mdong has joined #openstack-security18:10
mdongsorry for skipping on the ossp meeting unrahul, I had the same conflict as ccneill and didnt realize it18:12
*** liverpooler has quit IRC18:14
*** pcaruana has joined #openstack-security18:22
*** sdake_ is now known as sdake18:26
*** mvaldes has joined #openstack-security18:27
*** diazjf has quit IRC18:38
*** mvaldes has quit IRC18:41
*** mvaldes has joined #openstack-security18:42
*** gfhellma has quit IRC18:43
*** diazjf has joined #openstack-security18:49
*** gfhellma has joined #openstack-security18:55
unrahulhey mdong .. yup..18:58
unrahulmdong: ccneill  should be release a new version of syntribos?18:58
*** mdong_ has joined #openstack-security18:59
*** diazjf has quit IRC18:59
*** mdong has quit IRC19:02
*** mdong_ is now known as mdong19:02
ccneilllike on pypi?19:03
ccneillprobably19:03
unrahulyup19:03
ccneillthe one thing I think we might want to solve first is an easy install process (which I'm trying to figure out in the CR I have open right now)19:04
ccneilli.e. being able to use the default payloads/etc without having to do a bunch of folder-creating, moving files, etc.19:04
ccneillbut I haven't worked on it much since we started testing since I think WE can live without it for the time being19:05
unrahulmm.. yeah.. that makes senses.. ccneill  it would make using the tool way more convenient19:06
ccneillyep19:06
ccneillunfortunately I haven't figured it all out yet lol19:06
ccneillI think it's gonna involve using pbr's data files, but that has its own issues19:06
ccneillif we just force everyone to use a venv it should be fine, but I'm not sure how to enforce that with pbr19:07
*** salv-orlando has quit IRC19:07
unrahul+1 :) we can may be push a patch for it after the tests. in october.. ? yeah,... or we could use some init sub commands and download all things..19:07
openstackgerritMerged openstack/syntribos: Glance template tweaks  https://review.openstack.org/37049319:07
unrahulyeah.. and some ppl are hell bent on not using venv at times .. and everything breaks .. that wont be that great also i guess.. :|19:08
ccneill¯\_(ツ)_/¯19:13
ccneillthey can always install everything manually I guess19:14
*** jass93 has quit IRC19:22
*** diazjf has joined #openstack-security19:23
*** ametts has joined #openstack-security19:26
*** sicarie has quit IRC19:29
*** pcaruana has quit IRC19:32
*** sicarie has joined #openstack-security19:44
*** sdake has quit IRC19:49
*** sdake_ has joined #openstack-security19:49
*** rcernin has joined #openstack-security19:53
*** ametts has quit IRC20:01
*** diazjf has quit IRC20:04
ccneillargh.. our cluster is acting weird. can't even run syntribos with the neutron templates sometimes because it 401's on the networks.json call :\20:06
ccneillseems to only respond with 200 every 5th request or so >_<20:07
ccneillwhew, there we go20:08
mdongyeah, I was noticing that too20:08
mdongI can only test in chinks at a time20:08
mdonger20:08
mdongchunks20:08
mdong><20:08
*** diazjf has joined #openstack-security20:10
ccneill:S same20:11
*** ametts has joined #openstack-security20:13
unrahul:/20:14
unrahulnot sure why though..20:14
unrahulrate limiting or something.. no idea.20:15
ccneillthat should throw a 429 though I think20:15
ccneill¯\_(ツ)_/¯20:15
ccneillnot sure20:16
unrahul:/20:16
unrahulagain20:16
*** mvaldes has quit IRC20:17
openstackgerritOpenStack Proposal Bot proposed openstack/anchor: Updated from global requirements  https://review.openstack.org/37109420:17
ccneillwhat do y'all think about making debug logging a flag..?20:19
ccneillor at least having an option to disable it20:19
ccneille.g. right now I'm generating logs over and over but I don't care about any of them20:19
mdongcan you set the logging config option to /dev/null?20:19
ccneillhm yeah, that would work20:20
ccneillcan't specify it from the command line though :\20:21
unrahulI think we had a discussion and decided against it.. as some might turn it off  when it shouldnt be.20:21
ccneill/dev/null doesn't work since it tries to create a folder20:21
ccneillunrahul: I agree it should be enabled by default, but I think there are legit cases for not using it sometimes20:24
ccneillif you're in a read-only environment and can't create a folder for example20:24
ccneillor in CI environment where the debug log will probably be deleted and never used20:24
ccneillor this edge case where I'm trying to test syntribos itself, not the actual endpoint20:25
unrahulccneill: hmm.. agreed.. valid scenarios .  if we are making this possible, it would be good to warn the user that no logging is enabled when the tool is run.20:29
mdongwell we’d have to do something with the log path string that’s printed at the end of every run, I’d imagine we’d just do it there20:29
ccneillyep ^ +120:29
unrahul+!20:30
unrahul+120:30
ccneilland we can leave it off as a command line option so that you have to actually edit the config file to turn it off20:31
*** mvaldes has joined #openstack-security20:31
*** tkelsey has joined #openstack-security20:42
*** ametts has quit IRC20:42
*** tkelsey has quit IRC20:47
*** JAHoagie has quit IRC20:57
*** diazjf has quit IRC21:02
*** diazjf has joined #openstack-security21:05
*** diazjf has quit IRC21:06
openstackgerritMerged openstack/syntribos: Updated from global requirements  https://review.openstack.org/37112821:08
*** gfhellma has quit IRC21:09
*** salv-orlando has joined #openstack-security21:11
*** diazjf has joined #openstack-security21:11
*** gfhellma has joined #openstack-security21:12
*** diazjf has quit IRC21:14
*** catintheroof has joined #openstack-security21:15
*** salv-orlando has quit IRC21:18
*** salv-orlando has joined #openstack-security21:22
*** diazjf has joined #openstack-security21:44
*** tkelsey has joined #openstack-security21:44
*** jraim has quit IRC21:45
*** sweston has quit IRC21:45
*** hyakuhei has quit IRC21:45
*** mvaldes has quit IRC21:46
*** jamielennox has quit IRC21:46
*** mhayden has quit IRC21:46
*** amit213 has quit IRC21:47
*** tkelsey has quit IRC21:48
*** JAHoagie has joined #openstack-security21:48
*** sweston has joined #openstack-security21:49
*** jraim has joined #openstack-security21:49
*** amit213 has joined #openstack-security21:51
*** diazjf has quit IRC21:51
*** hyakuhei has joined #openstack-security21:53
*** jass93 has joined #openstack-security21:57
*** mhayden has joined #openstack-security22:00
*** jamielennox has joined #openstack-security22:01
*** cleong has quit IRC22:05
*** singlethink has quit IRC22:09
*** edmondsw has quit IRC22:14
*** mdong has quit IRC22:15
openstackgerritMerged openstack/security-doc: Add marker files  https://review.openstack.org/37037622:16
*** tmcpeak has quit IRC22:25
*** diazjf has joined #openstack-security22:31
*** salv-orlando has quit IRC22:32
*** diazjf has quit IRC22:45
*** salv-orlando has joined #openstack-security22:46
*** gfhellma has quit IRC22:53
*** diazjf has joined #openstack-security22:54
*** diazjf has quit IRC23:12
*** jass93 has quit IRC23:21
*** catintheroof has quit IRC23:21
*** elmiko is now known as _elmiko23:37
openstackgerritRahul U Nair proposed openstack/syntribos: Adding unittest for neutron client extension  https://review.openstack.org/37121923:37
*** markvoelker has quit IRC23:39
*** JAHoagie has quit IRC23:40
openstackgerritRahul U Nair proposed openstack/syntribos: Adding unittest for neutron client extension  https://review.openstack.org/37121923:42
*** tkelsey has joined #openstack-security23:45
openstackgerritOpenStack Proposal Bot proposed openstack/security-doc: Updated from openstack-manuals  https://review.openstack.org/37122223:47
openstackgerritRahul U Nair proposed openstack/syntribos: Minor modifications to the neutron templates  https://review.openstack.org/37102323:48
*** tkelsey has quit IRC23:49
*** ccneill has quit IRC23:57
*** sicarie has quit IRC23:59
« Wednesday, 2016-09-14 Index Friday, 2016-09-16 »

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!