--- Log opened Fri May 28 00:00:23 2021
00:04 < jb7od> Mirage, I hear you on that VM thing- like "form-of: a-bunch-of-datastores!"? The day one of those vmdks tears up... {>_<}
00:08 < jb7od> the worst burn I ever took in 12 solid years was a traitor vmdk.
00:59 -!- jb7od [mfph@2600:3c02::f03c:91ff:feb0:b94e] has quit [Quit: {>_<}]
01:05 -!- jb7od [~mfph@mfphmusic.com] has joined #se2600
03:40 -!- remoford [~remof@2601:480:4102:82c0:85a7:4114:6d39:5d84] has quit [Ping timeout: 258 seconds]
05:28 -!- remoford [~remof@2601:480:4102:82c0:85a7:4114:6d39:5d84] has joined #se2600
05:33 -!- remoford [~remof@2601:480:4102:82c0:85a7:4114:6d39:5d84] has quit [Ping timeout: 258 seconds]
06:12 <@Dolemite> mr0ning, be0tches and h0ez!
06:28  * xtort-[df-org] hugs dolomite
06:28 <@Dolemite> The mountain?
06:30 <@Dolemite> I wonder if aestetix is trying to sleep off his post 2nd shot headache
06:33  * aestetix hugs Dolemite 
06:33 < aestetix> yep not operating at full capacity
07:16 -!- You're now known as Evilpig
07:16 -!- mode/#se2600 [+o Evilpig] by ChanServ
08:36 -!- Bloodrose [~Bloodrose@thebloodrose.powered.by.lunarbnc.net] has quit [Quit: Free ZNC ~ Powered by LunarBNC: https://LunarBNC.net]
08:52 -!- Bloodrose [~Bloodrose@thebloodrose.powered.by.lunarbnc.net] has joined #se2600
09:24 -!- _NSAKEY [~nsa@backdoored.equipment] has quit [Quit: leaving]
09:24 -!- _NSAKEY [~nsa@backdoored.equipment] has joined #se2600
09:24 -!- mode/#se2600 [+o _NSAKEY] by ChanServ
11:22 <@Evilpig> looks like i've identified a new bug for red hat.  
11:23 <@Evilpig> damnit
11:24 <@Mirage> I've run into not being able to send email from apache.  Been driving me crazy this morning.  Only solution I've found so far is setting /var/spool/clientmqueue 777, which is just wrong.
11:28 <@Dolemite> SELinux Bill Gates Microchips Lizard People 5G
11:28 <@Mirage> Disabled SELinux, that's not it.
11:28 <@Mirage> May 28 11:28:08 ra sendmail[506177]: NOQUEUE: SYSERR(apache): can not write to queue directory /var/spool/clientmqueue/ (RunAsGid=48, required=51): Permission denied
11:28 <@Dolemite> ok, so now check for Bill Gates
11:28 <@Dolemite> Just move on down that list
11:31 <@Dagmar> Wait... are you actually using sendmail instead of postfix?
11:31 <@Dagmar> This shit should be sgid if I remember correctly
11:31 <@Dagmar> Apache shouldn't ever be writing into that damn directory
11:32 <@Dagmar> it's usualyl smmsp or something like that
11:32 <@Dolemite> Mirage prefers the unreadability of sendmail.cf files.   Reminds him of the Cthulu novels.
11:32 <@Mirage> Dagmar: right, per documentation, /usr/sbin/sendmail.sendmail no longer needs to be set g+s, and setting it made no difference
11:33 <@Dagmar> Dolemite: It still kills me that I actually mapped out where the fuck all their mail was routing by carefully reading the entire sendmail.cf file at Vandy, and they wiped the laptop I *told* them the information it was on before I left
11:33 <@Dagmar> Dolemite: Hence the multiple departement total failure to deliver mail
11:34 <@Mirage> Dolemite: I do't have a problem with sendmail.  Remember, I'm the one that had the project to decifer the nasty Solaris sendmail configs at VU and make it all work on RHEL in a sane manner.
11:34 <@Dagmar> Mirage: Allow me to suggest perhaps the documentation is mistaken.  It's very much this here
11:34 <@Mirage> Dolemite: though you may have been gone by then.  Dagmar helped with the ndbm/gdbm perl updates
11:34 <@Dagmar> drwxrwx--- 2 smmsp smmsp 12288 May 28 04:40 /var/spool/clientmqueue
11:35 <@Dolemite> Yeah, you likely inherited it all from Gary
11:35 <@Dagmar> The fun thing is I remember it coming up about why you WRITE M4 FILES and NEVER WRITE SENDMAIL.CF BY HAND in _2000_ when I was doing a lecture there
11:35 <@Dolemite> And his whole calling Bari a cocksucker in order to get fired deal was right before I left
11:35 <@Mirage> Dolemite: You think GARY HOWARD was competent enough for that?!?>
11:36 <@Dagmar> Gary's major problem was that he was too trusting
11:36 <@Dagmar> ...and Bari wasn't trustworthy.
11:36 <@Dolemite> Mirage: I just remember that he was in charge of it.   I have no clue if he was competent at it.
11:36 <@Dagmar> Gary trusted people to understand that when you request another Exchange instance, you mean you need actual CPU power
11:36 <@Dagmar> ...and that you should not, perhaps, load all these fucking isntances on the same set of CPUs until they're living 8:1 virtual:real
11:36 <@Mirage> Dolemite: he didn't do anything on the old Solaris environment
11:37 <@Dagmar> Mirage: I'd turned all that cf madness back into m4 files before I left.  ;)
11:37 <@Dagmar> Fucking 10,000+ lines of config
11:38 <@Dagmar> Less than 35 m4
11:38 <@Dolemite> WTF would need 10K lines of sendmail config!?
11:38 <@Dagmar> You don't "need" it.  You get it for free.
11:38 <@Mirage> All the crazy routing rules they had for the different schools, etc
11:39 <@Dagmar> Yep.  Not to mention the vacation responders, and the vestigial parts.
11:39 <@Mirage> That was the majority of it...and the "firewall" they built into it
11:40 <@Dagmar> Might as well be asking "who needs millions of computer instructions?"
11:40 <@Dagmar> Small m4 files turn into fairly massive .cf files very quickly
11:40 <@Dolemite> Well we have lots of crazy routing rules, but we have all of that managed in an LDAP directory
11:40 <@Dolemite> But we're also using Postfix
11:40 <@Dagmar> ...and it only gets worse if (as it appears was done) someone makes _new_ m4 files, compiles them into cf files, and then copypastas most of them together
11:40 <@Dolemite> So our main.cf is not much bigger than the baseline
11:41 <@Mirage> I initially had it extremly simplified and with SMTP-Auth working and was told "that's not in scope for this project" by KMac and told that instead of reworking everything that all I was supposed to do was take the old shit and make it work the same way but on RHEL
11:41 <@Dagmar> Dolemite: That combination makes it pretty easy since you can just write some damn SQL statements and be done with it
11:41 <@Dagmar> Mirage: At that point they'd already been treating it like an angry voodoo god for over a decade.
11:41 <@Dagmar> This came up _in 2000_ when I did a security lecture there.
11:42 <@Dagmar> Their mail admin was present.
11:42 <@Mirage> Dagmar: rightly so.
11:42 <@Dagmar> He also believed hand-editing cf files was a threat, but wasn't being allowed to make those choices either apparently
11:43 <@Dagmar> Honestly, I think if I hadn't burned a ton of caffiene hours and rewrote that replicator without telling anyone but Peter what I was up to people would have come up with reasons why I should not reaplce it
11:43 <@Dagmar> I'm not sure how long I could live with the knowledge that all that stands between the environment and total mayhem was someone using one of the many insecure file upload php scripts the users make and knowledge of the bug
11:45 <@Dagmar> f**king sql
11:46 <@Dagmar> |  1 | 0000-00-00 00:00:00 | sysadmin |        | Added agency 1 to contractor 1 |
11:46 <@Dagmar> Now I get to go figuer out why the hell TIMESTAMP won't accept UNIX_TIMESTAMP();
11:47 <@Evilpig> mysql handles that funny.  you ahve to format it just like you see there 0000-00-00 00:00:00
11:47 <@Dagmar> Yeah, this appears to be one of those cases where MySQL auto-reboxes data based on whim and phase of the moon
11:48 <@Dagmar> UNIX_TIMESTAMP() returns a long int, which should be quite compatible with TIMESTAMP
11:48 <@Evilpig> the fucntions for opendcim that use time I wrote a wrapper to handle that
11:48 <@Evilpig> all our sql passes through that and it fixes those
11:50 <@Dagmar> I'm in the middle of taking a moment to wrapper all the functions that update data with calls to an auditlog
11:50 <@Dagmar> ...so I'm finding all sorts of funnery
12:06 <@Mirage> sendmail is sane again.. Finally found correct old permission for sendmail.sendmail.  Had been changed to root:root and 775 for whatever reason, flipped it to root:smmsp 755 and g+s...now everything is happy again with normal 770 on clientmqueue
12:06 <@Dagmar> Amazing.  It's almost like I've used sendmail for decadesa.
12:09 <@Mirage> I'd only changed grp to smmsp and done g+s, but it was still broken at that point.  perms needed to be rwxr-sr-x, but were rwxrwsr-x, which apparently it didn't like.
12:09 <@Dagmar> I think you've got that flipped
12:09 <@Mirage> Guess this was the first email I sent from squirrelmail since I patched on 5/18
12:10 <@Dagmar> I got severely burned by the introduction of smmsp so I remember it well
12:10 <@Mirage> Dagmar: nope.
12:10 <@Mirage> All this shit was and has been working fine for ages up until I discovered it today
12:11 <@Dagmar> drwxrwx--- 2 smmsp smmsp 12288 May 28 04:40 /var/spool/clientmqueue
12:11 <@Dagmar> ...and yet...
12:12 <@Dagmar> Look carefully at the group rights
12:13 <@Mirage> Dagmar: what am I supposed to be looking at?  clientmqueue or sendmail?
12:13 <@Dagmar> "perms needed to be rwxr-sr-x, but were rwxrwsr-x"
12:13 <@Dagmar> That's the part I was referring to by being flipped.
12:13 <@Dagmar> It _does_ like 2775.  It can not make use of 2755.
12:14 <@Dagmar> When a client program calls sendmail to send a mail out, sendmail changes to the smmsp user/group so that it can write to /var/spool/clientmqueue
12:14 <@Dagmar> This is to keep J Random User from just copying warez in tyhere.
12:15 <@Mirage> yeah, on sendmail.sendmail.   When they were 2775 it didn't work, changing them to 2755 worked.  Initially when I discovered the problem the perms were 775
12:17 <@eryc> https://www.youtube.com/watch?v=GTpd5LSRO-0
12:17 < PigBot> Covered Bridge Webcam from Vermont's Mad River Valley - YouTube (at www.youtube.com) https://tinyurl.com/yeudcc56
12:18 <@Mirage> Dagmar: there's a disconnect here on what SHOULD have worked and what ACTUALLY worked, which is what was driving me nuts
12:20 <@Dagmar> Oh no.  That part is _normal_.
12:20 <@Dagmar> Sendmail appears to actually _look_ at the directory ownership
12:20 <@Dagmar> It may well be able to write there with just group writeability, but it never gets to that point
12:20 <@Dagmar> It's very very picky to the point of being somewhat paranoid, but I can't really say I blame them
12:21 <@Mirage> When I found it "root:root 775 ..", it should have started working when I did "chgrp smmsp" and "chmod g+s", but it didn't
14:07 <@Dagmar> Mirage: Being that I have been dealing with mysql all week, the idea that there might be pieces of a puzzle hiding from me isn't even a little mysterious feeling right nwo
14:07 <@Dagmar> I'm banging out some fairly decent queries not who
14:07 <@Dagmar> er now tho
14:08 <@Dagmar> They're /probably/ transactions.  Who knows
14:08 <@Dagmar> I'm in that third phase of problem solving, where I'm collapsing redundant code and doing things correctly before they blow my fingers right off.
14:17 <@Mirage> Um, yeah...i think they need to toss in a few more musical numbers in Lucifer.
14:17 <@Dagmar> huh?
14:17 <@Dagmar> Oh hell that second half hte season dropped
14:22 <@Mirage> With all the musical numbers in the first couple episodes I find myself wondering if Seth MacFarland is an uncredited producer or something on them
17:08 -!- KiriBloodrose [~Bloodrose@thebloodrose.powered.by.lunarbnc.net] has joined #se2600
17:11 -!- Bloodrose [~Bloodrose@thebloodrose.powered.by.lunarbnc.net] has quit [Ping timeout: 250 seconds]
17:12 -!- KiriBloodrose [~Bloodrose@thebloodrose.powered.by.lunarbnc.net] has quit [Client Quit]
17:13 -!- Bloodrose [~Bloodrose@thebloodrose.powered.by.lunarbnc.net] has joined #se2600
--- Log closed Sat May 29 00:00:25 2021