Re: [VOTE] Accept the donation of RDP client code into Apache CloudStack

+1 On Oct 21, 2013, at 11:11 AM, Donal Lafferty wrote: > As stated in a previous thread [1], Citrix is proposing the donation of > source for an RDP client. After donation, the client would be integrated > with the console system VM in order to provide access to Hyper-V based VMs. > > The cl

Re: how to use hashes on c.a.o?

This is the output of gpg -v --print-md SHA512, generated as part of the release procedure [1] by tools/build/build_asf.sh 1: https://cwiki.apache.org/confluence/display/CLOUDSTACK/Release+Procedure On Oct 17, 2013, at 7:56 PM, Darren Shepherd wrote: > The hashes that are on c.a.o for the re

Re: how to use hashes on c.a.o?

nyone provide SHAs in that format. I wouldn't expect many people to know how to use them. Why can't we use the good old GNU coreutils style? Darren On Wed, Oct 23, 2013 at 7:14 PM, John Kinsella mailto:j...@stratosec.co>> wrote: This is the output of gpg -v --print-md SHA512, genera

parallel mvn builds

I've been tinkering with adding -T to builds on my laptop - e.g. "mvn -T 2C install" (Means run two build threads on each CPU core the system has) I'm seeing a 20-30% improvement in build time vs a single-thread build, and things seem to work so far, but I do get this warning a few times during

Re: parallel mvn builds

because its not guaranteed to work and I have seen it fail. Darren On Thu, Oct 31, 2013 at 3:36 PM, John Kinsella mailto:j...@stratosec.co>> wrote: I've been tinkering with adding -T to builds on my laptop - e.g. "mvn -T 2C install" (Means run two build threads on ea

Re: checkstyle

I think it'd be fairly painful to make it mandatory - maybe see if we can set that as a goal for 6 months out? On Nov 4, 2013, at 6:29 AM, Hugo Trippaers mailto:h...@trippaers.nl>> wrote: Hey, Just added a very basic checkstyle configuration to maven. The configuration file is in parents/che

Re: Wiki issues: Redirect loop

What URL are you trying to hit? https://cwiki.apache.org/confluence/display/CLOUDSTACK/Home seems fine here in FF25, OSX Chrome 6.1 and Chrome 30... On Nov 3, 2013, at 3:31 PM, Ian Duffy wrote: > Hi, > > I'm unable to access the wiki. Chrome keeps reporting a redirect loop. > > Anybody know

Re: checkstyle

On Nov 4, 2013, at 7:54 AM, Chip Childers wrote: > On Mon, Nov 04, 2013 at 04:33:07PM +0100, Hugo Trippaers wrote: >> Hey John, >> >> That would be my idea. >> >> Make it mandatory for new (maven) projects coming into the code base and >> slowly start working on fixing the existing projects.

Re: Coverity static code analysis

I'll guess Coverity counts executable lines. LOC can be a little tricky to calculate…comments, whitespace, things like include statements usually don't count (from a licensing POV). John On Nov 4, 2013, at 8:55 AM, Sebastien Goasguen mailto:run...@gmail.com>> wrote: On Nov 4, 2013, at 11:39

Re: [PROPOSAL] Liaison with ETSI NFV ISG

+1 On Nov 5, 2013, at 11:58 AM, Sebastien Goasguen wrote: > I volunteer you. > > We need to do this. > > -Sebastien > > On 5 Nov 2013, at 20:28, Chiradeep Vittal wrote: > >> Network Functions Virtualisation (NFV) is an effort to utilize server >> virtualization in conjunction with industry

Re: [PROPOSAL] Service monitoring tool in virtual router

Thx for putting this together, Jayapal. A few comments: I'd really like to have a config flag to specify if things should be restarted automatically or not. Worst case, track the restarts - if a service is restarted more than X times in Y seconds, something's obviously wrong so stop tail-chasin

Re: [WEBSITE] Security page for cloudstack.apache.org

Been working through a few ideas in my head, will see movement on this in the next few days. On May 15, 2013, at 8:12 AM, Chip Childers wrote: > (note mixing of public and private lists) > > We need a security page for cloudstack.apache.org, so that I can add > CloudStack to http://www.apache.

Re: IRC meeting today

I'm happy to run it On Jun 19, 2013, at 8:45 AM, Chip Childers wrote: > Hi all, > > Joe asked me to facilitate the meeting today, however I have a $dayjob > responsibility that just came up. I'm not going to be able to do > anything other than lurk in the channel. > > I'm going to suggest th

Re: IRC meeting today

We had about 4 of us in the meeting, so we just dropped it until next week. On Jun 19, 2013, at 9:15 AM, John Kinsella wrote: > I'm happy to run it > > On Jun 19, 2013, at 8:45 AM, Chip Childers > wrote: > >> Hi all, >> >> Joe asked me to facilita

Re: Review Request: Make SHA256Salt the default password encoding and authentication mechanism for cloudstack

Never too late. :) Looking at [1], it'll take about 2E64 days to search the SHA256 keyspace with a brute forcer written for a GPU accelerator. Even with 10,000 of them, it'll take way, way too long. Bitcoin coin uses SHA256, so I think it's safe for a while. :) Yes, SHA512 would be "more safe,

Apache CloudStack Security Advisory: Multiple vulnerabilities in Apache CloudStack

Product: Apache CloudStack Vendor: The Apache Software Foundation CVE References: CVE-2013-2756, CVE-2013-2758 Vulnerability Type(s): Authentication bypass (2756), cryptography (2758) Vulnerable version(s): Apache CloudStack version 4.0.0-incubating and 4.0.1-incubating Risk Level: High, Medium CVS

Re: [DISCUSS] Lock System VMs to specific IPs - due to security concerns and firewall rules

+1. You can fudge it currently via the API, but there's no guarantee… It'd be really useful for the SSVMs, as we have various firewalls and other things configured to let packets to/from them. On May 2, 2013, at 2:02 PM, "Musayev, Ilya" wrote: > This request mostly affects corporate customers

Re: Dev/Test Environment

+1 On May 2, 2013, at 1:16 PM, Joe Brockmeier mailto:j...@zonker.net>> wrote: On Thu, May 2, 2013, at 01:44 PM, Soheil Eizadi wrote: The wiki is organized around VirtualBox, assuming it works, I think it is a better choice than Fusion since it free and easy to setup. I don't have much experience

idea of a "production" lock

Folks - we’re getting bitten occasionally by stability issues on some of our customer VMs indirectly related to ACS: * The billing package[1] we use is touchy, and will occasionally reboot VMs when we bring up the VM’s details page in the billing package * ACS recently lost connectivity with a n

Re: idea of a "production" lock

On Feb 7, 2014, at 6:31 PM, David Nalley wrote: > On Fri, Feb 7, 2014 at 9:02 PM, John Kinsella wrote: >> Folks - we're getting bitten occasionally by stability issues on some of our >> customer VMs indirectly related to ACS: >> >> * The billing packa

Re: UI Latency

I’ve been tinkering with httpd proxying the UI via mod_proxy_ajp, then using mod_deflate to compress on the httpd side. That gets me about a 2.5x decrease in loading the login screen. system.js, which is the largest item downloaded by default is around 980k, with gzip that drops to 68k. I wanna

Re: 4.2 max volume size hard-coded

IIRC there was a limitation in Xen…if you search the dev archives you might find mention of it. We have multi-TB disks with KVM/ACS no problemo. On Feb 12, 2014, at 9:03 AM, Marcus mailto:shadow...@gmail.com>> wrote: This doesn't seem to be an issue with 4.3, but I noticed that in 4.2 we hav

Re: UI Latency

23 587 | S: +44 20 3603 0540 | M: +44 7788 423 969 alex.hitch...@shapeblue.com<mailto:alex.hitch...@shapeblue.com> -Original Message- From: John Kinsella [mailto:j...@stratosec.co] Sent: 10 February 2014 01:05 To: Subject: Re: UI Latency I've been tinkering with httpd pr

Re: UI Latency

esolve the comments in...days. I measured the download size dropped from 3.5 MB to somewhere around 0.5 MB https://reviews.apache.org/r/12228/ Adding javascript compression could also help a lot. That 3.5 M is a lot even on LAN :-) On Thu, Feb 13, 2014 at 7:04 PM, John Kinsella wrote: Just

Re: UI Latency

en longer. It is quite short compared to the full time of the build, but for a CI build it is completely useless. So it must be moved to a profile and profile should be active during release process, maybe not anyway unless you manually enable it. On Thu, Feb 13, 2014 at 7:23 PM, John Ki

Re: Findbugs findings fixed this week

On Feb 14, 2014, at 9:39 AM, Hugo Trippaers mailto:htrippa...@schubergphilis.com>> wrote: The correct answer to that question is that in my opinion we both did and didn't improve CloudStack. The paradox here is that we improved the code as written making the code flow as the original developer

Re: [PROPOSAL] Windowsfication Of ACS

On Feb 14, 2014, at 4:21 AM, Damoder Reddy mailto:damoder.re...@citrix.com>> wrote: My comments inline in RED. Apache mailing lists strip HTML, so while some form of mind altering substances in the correct amount might cause your comments to be perceived as RED, in general that won’t be the

Re: [PROPOSAL] Windowsfication Of ACS

Interesting idea…I wouldn’t use it but I wish you good luck in your journey. ;) As Alex mentioned, would be curious to see the demand. I try to avoid cygwin in production environments…it’s great for desktops, but just feels like a hack for production use, IMHO. The ssh part caught my attention,

Re: is cwiki down? error with 503

Yep was down last night, infra has a few issues on http://monitoring.apache.org/status/ if you look at things that started around the same time. I haven’t asked but I presume they know about it. John On Feb 16, 2014, at 12:32 AM, Paul Angus mailto:paul.an...@shapeblue.com>> wrote: I'm getting

Re: [UPDATE][DOCS][PROPOSAL] Move to .rst and new repos

Wow, just looked for the first time - that looks great :) Personally I usually hit cloudstack.org and then look for links to docs. On the RTD sites, might wanna have links from install -> admin and vice-versa... On Feb 18, 2014, at 5:12 AM, Sebastien Goasguen mailto:run.

Re: [DISCUSS] Browser-based template and volume uploads

We definitely need to support more than http download. http upload sounds interesting, but I’d love to see something more resilient for large uploads. How ‘bout specifying a “drop folder” type location on the mgmt server that the server polls every 15 seconds for new files, then in the UI the us

Re: [DISCUSS] Browser-based template and volume uploads

, 2014 at 11:42 PM, John Kinsella mailto:j...@stratosec.co>> wrote: We definitely need to support more than http download. http upload sounds interesting, but I'd love to see something more resilient for large uploads. How 'bout specifying a "drop folder" type location on

Review Request 18392: CLOUDSTACK-6156: remove rampart maven dependencies to fix?

-Pawsapi on master Build/ran devcloud2 Haven't tested awsapi itself as I'm not currently using that. :/ Thanks, John Kinsella

Re: developers and mysql

I created CLOUDSTACK-6157 over the weekend to track this. Not sure adding the jar after compile will help the deploydb target, but will give it a try this morning. Could we set up the pom.xmls to use the jar for execution if it’s found in the user/system classpaths while respecting the legal re

Re: [PROPOSAL] Change systemvm template URL in master to s3 bucket

Who’s paying for the s3 storage (sorry if I missed something there)? How long do you keep old images? Vaguely related - I was pondering seeding ACS and/or VM image torrents - wonder if folks would be interested in that? I realize bittorrent isn’t always welcome in corp environments... On Feb 2

Re: developers and mysql

eploydb are not what we'd expect a normal user to consume. (Anyone else's head spinning?) --David On Mon, Feb 24, 2014 at 11:44 AM, John Kinsella mailto:j...@stratosec.co>> wrote: I created CLOUDSTACK-6157 over the weekend to track this. Not sure adding the jar after compile will

Re: developers and mysql

user to consume. (Anyone else's head spinning?) --David On Mon, Feb 24, 2014 at 11:44 AM, John Kinsella mailto:j...@stratosec.co><mailto:j...@stratosec.co>> wrote: I created CLOUDSTACK-6157 over the weekend to track this. Not sure adding the jar after compile will help the deploydb tar

Re: status of 4.3?

On Feb 25, 2014, at 3:06 AM, Daan Hoogland wrote: > On Tue, Feb 25, 2014 at 11:32 AM, Nux! wrote: >> there are going to be any dramatic last minute changes. > > > nothing functional, just packaging (some jars will become prerequisites) > Personally, I’d consider CLOUDSTACK-6156 a blocker on

Re: developers and mysql

jdbc:mysql://localhost:3306/cloud?autoReconnect=true&prepStmtCacheSize=517&cachePrepStmts=true I built using "mvn -P developer,systemvm clean install" and ran the management server using "mvn -pl client jetty:run". Any thoughts on that? Thanks On Tue, Feb 25, 2

Re: developers and mysql

ocalhost:3306/cloud?autoReconnect=true&prepStmtCacheSize=517&cachePrepStmts=true I built using "mvn -P developer,systemvm clean install" and ran the management server using "mvn -pl client jetty:run". Any thoughts on that? Thanks On Tue, Feb 25, 2014 at 1:10 PM, Joh

Re: status of 4.3?

y, so a bit more shouldn't be too troublesome. > > --David > > On Tue, Feb 25, 2014 at 3:21 PM, John Kinsella wrote: >> >> On Feb 25, 2014, at 3:06 AM, Daan Hoogland wrote: >> >>> On Tue, Feb 25, 2014 at 11:32 AM, Nux! wrote: >>>> there

Re: [DISCUSS] Policy blocker?

+1 well put. On Feb 26, 2014, at 6:44 AM, Chip Childers wrote: > On Tue, Feb 25, 2014 at 7:13 PM, Animesh Chaturvedi > wrote: >> >> Folks since the liability of Release manager has been called out explicitly >> for the release I want to call out that I cannot take personal liability for >> a

Re: Submitting a Feature Proposal

Actually, if it’s a Significant Feature, I like seeing a spec put together to be referenced by the [PROPOSAL] thread. Take a look at https://cwiki.apache.org/confluence/display/CLOUDSTACK/Design and in particular the Design Document Template. John On Feb 26, 2014, at 7:34 AM, Mike Tutkowski m

Re: [VOTE] Apache CloudStack 4.3.0 (sixth round)

Just pushed a fix for that to master. On Feb 25, 2014, at 5:55 PM, Chiradeep Vittal mailto:chiradeep.vit...@citrix.com>> wrote: So how do you now Œprovide¹ the jdbc connector on a Mac? mvn -Pdeveloper -pl developer -Ddeploydb-simulator Š SQL exception in trying initDB: java.sql.SQLException: No

FYI: 4.3 and 4.3-forward branches not building

Before we go to another vote - apidocs build is failing with: Traceback (most recent call last): File "/home/jlk/code/cloudstack/tools/apidoc/gen_toc.py", line 195, in category = choose_category(fn) File "/home/jlk/code/cloudstack/tools/apidoc/gen_toc.py", line 175, in choose_category

Re: developers and mysql

So it should be ok to include the jar in non-default builds. developer and deploydb are not what we'd expect a normal user to consume. (Anyone else's head spinning?) --David On Mon, Feb 24, 2014 at 11:44 AM, John Kinsella mailto:j...@stratosec.co><mailto:j...@stratosec.co>> w

Re: developers and mysql

I’ve cherry-picked these into 4.3-forward…will ask RM in a separate email to pick them into 4.3. John On Feb 26, 2014, at 5:26 PM, Mike Tutkowski mailto:mike.tutkow...@solidfire.com>> wrote: Awesome! Thanks, John! On Wed, Feb 26, 2014 at 6:12 PM, John Kinsella mailto:j...@strato

[4.3] [Cherry-pick] developer mysql dependencies

Dearest RM - would like the following commits from 4.3-forward picked into 4.3. To the best of my knowledge they comply with ASF third-party licensing policy for build scripts [1]. 24dcf2948c2d4cdd98fcda0f766d82f40eee8be1 2c3cd90b5604cde8123968b15ef6c53bad43b5e2 f5aeac845df8b73b1525442461a8a811e

Re: 4.4 Feature Freeze

I don’t see not moving the freeze date as a penalty. If a feature doesn’t make the current deadline, it moves to the next release, which is still a few months away. For significant issues, it’s not uncommon for us to allow them in late. What we have a stronger need for than shifting a date, by

Re: developers and mysql

te: Great, John - thanks again! On Wed, Feb 26, 2014 at 7:10 PM, John Kinsella mailto:j...@stratosec.co>> wrote: I've cherry-picked these into 4.3-forward...will ask RM in a separate email to pick them into 4.3. John On Feb 26, 2014, at 5:26 PM, Mike Tutkowski < mike.tutkow...@

Re: Looking for test folks on the community!

Raja - curious why you’re asking? On Feb 26, 2014, at 10:00 PM, Raja Pullela wrote: > Hi, > > Can you please respond if you are actively involved or looking get involved > in testing 4.4 Release? > > Thanks, > Raja >

[DISCUSS] realhostip.com going away

Folks: Recently the PMC was informed that the realhostip.com DNS service that ACS currently uses by default as part of the console proxy will be disbanded this summer. We’ve been informed the realhostip service will be shut down June 30th, 2014, so we have approximately 4 months to mitigate thi

Re: 4.4 Feature Freeze

I’m completely in-line with Hugo on this. Was actually going to make similar comments about the…solidness of the arguments to move. On Feb 28, 2014, at 6:09 AM, Hugo Trippaers mailto:h...@trippaers.nl>> wrote: i’m all for being flexible, but i find a lot of the arguments used here debatable.

Re: [DISCUSS] realhostip.com going away

I talked with some of the Citrix folk over the weekend…their position is they think they’d be doing the community a disfavor by passing the torch, so-to-speak, and I agree with them [1]. >From what I understand, the patches that are going to be proposed will remove >HTTPS completely and encrypt

Re: [PROPOSAL] Ability to add new guest OS

+1 for the feature, but usually I just go for “other paravirtualized (64 bit)” (paraphrasing, mistakes mine) nowadays. What would be more useful, IMHO, is to better document the what the selection OS type selection choice means for a VM. For KVM, it’s a hell of a lot more than SCSI vs IDE root d

Re: Review Request 18759: HTTP support for console proxy and making it default

ening port? I don't see what this has to do with moving from HTTPS to HTTP... - John Kinsella On March 5, 2014, 1:42 a.m., Amogh Vasekar wrote: > > --- > This is an automatically generated e-ma

Re: [DISCUSS] realhostip.com going away

/18759/ that partially address the issue. It has a link to the wiki describing the changes in detail. Thanks, Amogh On 3/3/14 8:58 AM, "John Kinsella" mailto:j...@stratosec.co>> wrote: I talked with some of the Citrix folk over the weekendŠtheir position is they think they¹d be doing

The global settings beast...

One thing that’s been gnawing on me - we keep shoving more and more stuff into the global settings shortcut instead of creating a proper settings UI. Then some new user comes along all shiny-eyed at the awesomeness of ACS, but wonders why something isn’t working, only to be told that combination

Re: [DISCUSS] realhostip.com going away

t at : https://reviews.apache.org/r/18759/ that partially address the issue. It has a link to the wiki describing the changes in detail. Thanks, Amogh On 3/3/14 8:58 AM, "John Kinsella" mailto:j...@stratosec.co>> wrote: I talked with some of the Citrix folk over the weekendŠtheir position is th

Re: 4.3 vote

FYI I’m still -1 until CLOUDSTACK-6156 and https://reviews.apache.org/r/18392/ is addressed. On Mar 5, 2014, at 10:10 AM, Animesh Chaturvedi wrote: > > >> -Original Message- >> From: sebgoa [mailto:run...@gmail.com] >> Sent: Wednesday, March 05, 2014 7:58 AM >> To: dev@cloudstack.apa

Re: 4.3 vote

issues. John On Mar 5, 2014, at 11:10 AM, Animesh Chaturvedi mailto:animesh.chaturv...@citrix.com>> wrote: John when was the dependency broken? Are you not able to build AWSAPI? -Original Message- From: John Kinsella [mailto:j...@stratosec.co] Sent: Wednesday, March 05, 2014 11:00

Re: Review Request 18759: HTTP support for console proxy and making it default

main")) WHERE `name`="secstorage.ssl.cert.domain"; work? 2) What happens here if a install already has changed away from realhostip.com? - John Kinsella On March 5, 2014, 8:47 p.m., Amogh Vasekar wrote: > > --

Re: apidocs build failure

Can’t quite tell if that’s the same as what I was seeing - haven’t tried for a few days http://markmail.org/thread/6drub4m2xgrgtfxt On Mar 6, 2014, at 2:12 PM, Alex Hitchins mailto:alex.hitch...@shapeblue.com>> wrote: Just trying a build against 4.3 (not 4.3-forward) and I get the following err

Re: 4.3 vote

.758s] [INFO] [INFO] BUILD SUCCESS [INFO] -Original Message- From: John Kinsella [mailto:j...@stratosec.co] Sent: Wednesday, March 05, 2014 11:51 AM To: dev@cloudstack.apache.or

Re: [DISCUSS] realhostip.com going away

So - I’ve browsed around a little after pondering the idea of doing crypto at the JS level, but I can’t seem to make the argument and keep a straight face. I did find a JS library [1] that would probably work, but still you’re left with 2 issues: 1) gotta get the library securely to the browser

Re: 4.3 vote

our next RC. > >> -Original Message----- >> From: John Kinsella [mailto:j...@stratosec.co] >> Sent: Thursday, March 06, 2014 4:14 PM >> To: dev@cloudstack.apache.org >> Subject: Re: 4.3 vote >> >> David was seeing this as well. This is is a d

Re: [DISCUSS] realhostip.com going away

Soo…I’d recommend against something like Nux’s suggestion below. I’ve only looked briefly at VirtualDNS.java, and it looks fine from a glance, but I’m willing to bet I can a) DOS it, and b) use it for a reflection attack. I could be wrong, don’t really have time to look closely, but based on it

Re: Review Request 18759: HTTP support for console proxy and making it default

--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/18759/#review36614 --- Ship it! Ship It! - John Kinsella On March 7, 2014, 12:32 a.m

[4.3][Cherry-pick] realhostip changes

Animesh - please pick the commit below from 4.3-forward into 4.3. This is for CLOUDSTACK-6204. 2fe7aeea23ddef25224e3e248f0a91513a14811f John

Re: [DISCUSS] realhostip.com going away

Folks - just applied Amogh’s patch to 4.3-forward, and back ported that to master. Two steps left on the code side: * Need to get this retirement into the 4.3 docs * Need to backport this to 4.2 John On Feb 28, 2014, at 12:27 PM, John Kinsella mailto:j...@stratosec.co>> wrote:

Re: [DISCUSS] realhostip.com going away

I mentioned their response on 3/3. Basically "their position is they think they’d be doing the community a disfavor by passing the torch” (quoting my previous email, not a direct quote from them but this is their position) The realhostip cert provides a false sense of security, so I can’t think

Re: [DISCUSS] realhostip.com going away

The console technology doesn’t really matter. The encryption is the part of concern. You have two choices: * Shared secret: set up a crypto password in advance, get it onto the CPVM and browser in some secure manner. Basically, however you do this you’re compromised once somebody sniffs the con

Re: [PROPOSAL] Enhance the cloudstack events to include more information

I didn’t see comments from others, but this sounds great to me. More info is always better IMHO. On Mar 11, 2014, at 2:31 AM, Sonal Ojha mailto:sonal.o...@sungard.com>> wrote: Currently the event logged in CloudStack doesn't give detailed information about the event that has occurred. The infor

Re: Release cadence

I am in agreement with my radical CloudStack brother. On Mar 13, 2014, at 9:42 AM, David Nalley wrote: > The RC7 vote thread contained a lot of discussion around release > cadence, and I figured I'd move that to a thread that has a better > subject so there is better visibility to list particip

Re: [VOTE] Apache CloudStack 4.3.0 (eighth round)

Before we go to 9th round, let’s get https://issues.apache.org/jira/browse/CLOUDSTACK-6156 resolved. I’m pretty busy this week, but will see if I can come up with. Just tried doing a clean awsapi build on a clean AWS instance again and it still fails. On Mar 12, 2014, at 5:26 PM, Animesh Chatu

Re: [VOTE] Apache CloudStack 4.3.0 (eighth round)

Prachi who worked on awsapi, maybe they can help -sebastien On Mar 17, 2014, at 2:25 PM, John Kinsella mailto:j...@stratosec.co>> wrote: Before we go to 9th round, let’s get https://issues.apache.org/jira/browse/CLOUDSTACK-6156 resolved. I’m pretty busy this week, but will see if I can

Re: 4.3 vote

awsapi I haven’t run this through functional testing yet, but the results look promising. On Mar 6, 2014, at 4:14 PM, John Kinsella wrote: > David was seeing this as well. This is is a documented problem at > https://issues.apache.org/jira/browse/RAMPART-393. > > I just spun up a VM

Re: [VOTE] Apache CloudStack 4.3.0 (eighth round)

I’ll be committing the patch to master in the morning unless I hear otherwise. On Mar 17, 2014, at 2:56 PM, Animesh Chaturvedi mailto:animesh.chaturv...@citrix.com>> wrote: -Original Message- From: John Kinsella [mailto:j...@stratosec.co] Sent: Monday, March 17, 2014 2:48 PM T

Re: 4.3 vote

btw, what I’m doing here is based on http://svn.apache.org/viewvc/axis/axis2/java/rampart/trunk/pom.xml?r1=1355738&r2=1357818&pathrev=1357818&diff_format=h On Mar 17, 2014, at 10:34 PM, John Kinsella mailto:j...@stratosec.co>> wrote: >From my last few hours tinkerin

Re: RealHostIp

I can’t ping the NS servers, but they do respond to queries… On Mar 19, 2014, at 2:37 AM, Alex Hitchins wrote: > I can't ping RealHostIp, has the service been properly taken down? An > NSLOOKUP didn't resolve any nameservers at all. > > Alex > > . > > Need Enterprise Grade Support for Apache

Re: [ANNOUNCE] Change of Apache CloudStack PMC Chair

Chip - your balanced viewpoint has kept ACS moving forward in leaps and bounds. I greedily hope you’ll continue to stay involved, no matter what $dayjob says. :) Congrats Hugo - looking forward to another great year! On Mar 19, 2014, at 1:51 PM, Chip Childers wrote: > Per our project bylaws,

Re: RealHostIp

+1 on avoiding 8.8.8.8. Nothing good comes from google knowing your dns resolution history... (or whatever other free dns resolvers) On Mar 19, 2014, at 2:08 PM, Nux! wrote: > On 19.03.2014 19:37, Alex Hitchins wrote: >> It's my DNS, it just won't play ball with this one domain. >> I will try

Re: Resetting a VM is broken?

Mike - There is a way to restore disks in destroyed state before they are expunged. It requires shutting down management server, modifying database directly, and keeping a good stock of potential offerings near your data recovery shrine. I’m going to be covering this in my CCC Denver talk. Joh

Re: Review Request 12228: static resource compression

Laszlo, can you reference any other open source projects that have similar solutions to this issue? Anything I’ve read states dynamic compression in tomcat/httpd/nginx does not add significant CPU overhead. On Mar 20, 2014, at 12:53 PM, Laszlo Hornyak mailto:laszlo.horn...@gmail.com>> wrote:

Re: Review Request 12228: static resource compression

Canya tell us a little more about the test you’re doing? What URL are you fetching, how many times etc. Just curious to tinker myself this weekend if I have some time. :) On Mar 21, 2014, at 1:07 PM, Laszlo Hornyak mailto:laszlo.horn...@gmail.com>> wrote: -

Re: Simulator Component under Jira

done On Mar 21, 2014, at 1:18 AM, Santhosh Edukulla wrote: > Team, > > Currently, it seems we don't have a component by name Simulator under jira, > This component can be used for any changes we do and issues raised against > simulator. > > Please, some body with permissions can add it. >

Still need SSVM SSL config docs

Everyone - I believe we’re still missing documentation on how to configure ACS 4.3 to use a user-provided SSL certificate for SSVM file copies? Pretty sure I know the answer, so consider this a request for that documentation, at least in wiki form. I’ve submitted a pull request for updates to t

Re: Still need SSVM SSL config docs

nerate the correct certificate. I will submit a pull request based on similar lines as console proxy soon. Thanks, Amogh On 3/24/14 11:32 PM, "John Kinsella" wrote: Everyone - I believe we¹re still missing documentation on how to configure ACS 4.3 to use a user-provided SSL certifica

REMINDER please send security issues to security@

Folks - in the last week or three we’ve had 2 Jira issues created for security-related issues. In both cases, they seem to be false-positives, luckily. If you think you have found a security issue in ACS, please email secur...@cloudstack.apache.org. This gives us a chance to investigate and cr

Re: OpenSSL vunerability (bleedheart)

Folks - we’re aware of the OpenSSL issue, and are working with vendors to release mitigation instructions for ACS. Hoping to have something out later this evening. John On Apr 8, 2014, at 8:12 AM, Paul Angus mailto:paul.an...@shapeblue.com>> wrote: A vulnerability has been found in OpenSSL h

Re: OpenSSL vunerability (bleedheart)

/how_to_mitigate_openssl_heartbleed On Apr 8, 2014, at 6:21 PM, John Kinsella wrote: > Folks - we’re aware of the OpenSSL issue, and are working with vendors to > release mitigation instructions for ACS. > > Hoping to have something out later this evening. > > John > > On Apr 8, 2014

Re: OpenSSL vunerability (bleedheart)

To my knowledge, no code change is necessary just a rebuild. - j Please excuse typos - sent from mobile device. - Reply message - From: "Rayees Namathponnan" To: "dev@cloudstack.apache.org" Subject: OpenSSL vunerability (bleedheart) Date: Wed, Apr 9, 2014 10:13 AM Even if we get lates

Re: OpenSSL vunerability (bleedheart)

Folks - unfortunately there’s an error in my blog post last night. On Debian, you need to update both openssl and libssl, updating openssl by itself is not good enough. I knew this, had it in a draft but somehow that didn’t make it into the post. I’ll blame lack of sleep. Blog post has been upd

Re: OpenSSL vunerability (bleedheart)

y not insulting/condescending) On Apr 9, 2014, at 10:19 AM, John Kinsella mailto:j...@stratosec.co>> wrote: To my knowledge, no code change is necessary just a rebuild. - j Please excuse typos - sent from mobile device. - Reply message - From: "Rayees Namathponnan" ma

Re: OpenSSL vunerability (bleedheart)

ween 2 trusted IPs - Also this should only affect SSVM template from 4.2 onwards as only wheezy is affected Thanks Animesh -Original Message- From: John Kinsella [mailto:j...@stratosec.co] Sent: Wednesday, April 09, 2014 11:07 AM To: dev@cloudstack.apache.org<mailto:dev@cloudstack.a

Re: OpenSSL vunerability (bleedheart)

:10 PM, Kelven Yang mailto:kelven.y...@citrix.com>> wrote: What is the process name of that daemon in CPVM? I remember that we only have SSH and HTTPS port open in console proxy, and the later one is running Java based SSL engine. Kelven On 4/9/14, 1:38 PM, "John Kinsella

REMINDER realhostip going away

Reminder, folks - please migrate off realhostip.com or you’re going to get a nasty surprise this summer. More info at link below. https://blogs.apache.org/cloudstack/entry/realhostip_service_is_being_retired

Re: [DISCUSS][PROPOSAL] CA authority plugin definition

I’d suggest taking a look at using Dogtag[1] as well. Actually, that’s what the Other Guys also suggest[2]. 1: http://pki.fedoraproject.org/wiki/PKI_Main_Page 2: https://wiki.openstack.org/wiki/PKI > On Apr

New committer: Dag Sonstebo

The Project Management Committee (PMC) for Apache CloudStack has invited Dag Sonsteboto become a committer and we are pleased to announce that he has accepted. I’ll take a moment here to remind folks that being an ASF committer isn’t purely about code - Dag has been helping out for quite a while o

Re: John Kinsella and Wido den Hollander now ASF members

Thanks David and everyone - it really means a lot to me. Will continue to support and evangelize CloudStack and the ASF where I can! John > On May 2, 2018, at 8:57 AM, David Nalley wrote: > > Hi folks, > > As noted in the press release[1] John Kinsella and Wido den Hollan

  1   2   >