trentster/gist:4441603

## gistfile1.txt
Licenser
is now really off to bed

11:07
trentster
I think what joyent does is they ony give access to vnc console if you have access to the GZ which kind of emans you own the node
11:08
killfill
trentster: they have that on the joyent public cloud?

11:08
trentster
Licenser: its still early mate its barely 1am there?

11:08
killfill
or you mean when you use sdc

11:09
trentster
killfill: I am not sure about the Joyent vnc stuff, I vaguely remember reading it soemwhere, but could be wrong, have you deployed a kvm vm on joyent cloud? do you get vnc console access?

11:09
killfill
i feel im from the past..   im GMT-4
11:09
killfill
trentster: nope, there is no vnc

11:09
trentster
its Thu 11am here, I am from the future

11:10
arekinath
damnit, you're more future than me at the moment, stupid daylight savings
11:10
killfill
trentster: on jdc, supostly there is vnc in the operator portal.. but it never worked for me..

11:10
arekinath
my 2c, I think vnc through websockets is fine, but direct exposure, nah

11:10
killfill
heh..

11:11
trentster
arekinath: long time no see mate, how do you figure websockets is safe vs direct exposure. Please explain to my layman brain.

11:11
killfill
well actually.. i only has to use vnc ones.. when my vm's didnt booted.. and then i actually ended foring restarting them all by hand..
11:12
arekinath
trentster: the vnc itself runs from inside the zone, so if you exploit it you just get control over the kvm zone and not the gz
trentster: but having the gz on a network that people can get to, with ssh and whatever else open (except for firewall rules of course)

11:12
arekinath
seems a bit more shady to me

11:13
killfill
yah
like to have the users to connect to the fifo-zone for vnc acces... not the G, where the access really is

11:14
trentster
Whats your guys opinions on console access for smart machines via the webUI?
I was chatting to Licenser about it and we are in 2 minds about weather is even necessary?

11:14
arekinath
I think it would be nice, but only if it can be delivered safely
I've had plenty of times here where people have blown up their zones by using up their ram cap and SSH can't fork to let them log in
but console login works
and silly people who forget passwords, so we have to zlogin and change them

11:15
trentster
arekinath: so in those instances they log support tickets and soemone manually has to fix the problem for them, which can be a bit of a pita
11:16
arekinath
trentster: yeah. it's nice if they can do it themselves next time though. they usually file a ticket the first time, but if we leave them instructions to fix it themselves next time, we like things like that.

11:16
killfill
arekinath: thats a nice one..

11:16
arekinath
they never read documentation in advance
but if you have some you can throw at them that works when they have a problem
it's nice

11:16
trentster
arekinath: out of interest what do you think of the latest 0.3 dev?
11:17
arekinath
trentster: it's ok. still seems a little buggy sometimes with the non-updating datasets list where you have to go around restarting chunters.  and I haven't figured out how to use the user permissions in a way that doesn't seem stupid yet

11:18
arekinath
I still would like that "resolvers" box to be auto-filled or disappearable (eg if it's set on the network)

11:18
trentster
arekinath: killfill the only thing that would really work with end users is have them all wear an electric shock collar. and when they log a support ticket it automaticaly delivers a jolt of electricity. I would guess the forgetting password problem would dissapear very quickly
I have tried to get the shock collars implemented at some of our sites, but have been told that users may be anti the idea.
11:19
arekinath
trentster: the academics here are pretty good at removing shock collars, unfortunately. they really apply their brains well when it comes to avoiding physical pain. but computers are hard, and they just don't want to try very hard

11:19
trentster
arekinath: lol!

11:20
killfill
jaja...

11:20
arekinath
also, for anyone who wants SSL on 0.3-dev and doesn't want to fight with haproxy's ssl shiz
try stud
it's in pkgin
put haproxy on localhost:8088 or something and point stud through to it. then you can put nginx on port 80 and have it just serve 301s to https://
shame nginx doesn't cope with websockets yet
apparently the next release will

11:21
killfill
yah.. i found haproxy strange there as well..

11:21
trentster
stud, cool Licenser will be glad to hear that, we have spent a lot of time battling ssl, I still have it kinda working on my one dev instance, but its broken on others, so we basically removed it from dev for now until a workaround can be made.

11:21
killfill
yup, i remember seen a changelog of it supporting it..
but may be on a unstable release..

11:22
trentster
arekinath: do you have a working config file for "stud" that you have managed to getw orking with fifo?
arekinath:    whats your opinion on moving Ui to angular/js
11:22
arekinath
trentster: I just edited the default config
trentster: told it frontend="[*]:443" and backend="[127.0.0.1]:8088", and the path to the certificate
trentster: it figures out the rest. even does SNI if you want

11:23
killfill
Websockets (end of Jan, 2013, md)
11:23
arekinath
trentster: doesn't bother me. might make changes easier to make.
trentster: (re angular.js)

11:24
arekinath
hey, erlang hipe has ARM support now. when did that happen?

11:24
killfill
what i actually find too complicated are the forms.. users need to enter too much info... and they are ugly..

11:25
trentster
SNI looks cool just googled it
killfill: yeah you are right, the forms could do with some serious elegance
would be great if we could get MerlinDMC dataset.at form code integrated.. hint hint MerlinDMC

11:27
arekinath
they're not terrible, but not quite yet amazing either.  that resolvers box annoys me, because none of our users are going to have a clue what it is or what it does
or will think they do and put something weird in there

11:27
trentster
yeah I was thinking about the resolvers box as well, it probably should be defined in packages section

11:27
arekinath
I would have said with the network
haha
this is probably why it ended up there, couldn't decide
oh, it would be nice to have edit capabilities, too
to update VMs/networks etc
rather than destroy -> recreate

11:28
trentster
arekinath: yeah network makes sense as well.

11:29
killfill
definitly.. redimension zones in hot, is a killer feature

11:29
trentster
yeah, I think now that we have a solid base with the 0.3 architecture rewrite the sky is the limit in regards to Ui functionality and features.
I think one major step is missing before all these features are added, imho, we need to have the UI flow basics setup. from the perspective of we should not be doing everything via action buttons in list boxes, but should have uuids , aliases, and network tags etc hyperlinked that open up new sections in the UI for that specific vm to make changes see attributes in more details etc.
my 2c

11:32
killfill
would be too to associate the users to the owner_uuid or billing_id property of the vm's
would be cool i mean..  ah damn keyboard..

11:33
trentster
and there should be 2  templates that gets triggered when you click on either a kvm vm vs a smartmachine, as the attribues are different, e.g you can increase disk quota and ram on the fly in smartmachines.

11:34
killfill
yup

11:34
trentster
killfill: yeah exactly , ou would click on a uuid it would launch the vm attribute template in the UI, and one of the things listed in there would be Owner, you could then click on owner name (also hyperlinked) and then would take you to a list screen filtered by that owner so you can see what other vm's he owns, same with groups etc.
same thing could be done from datasets, click on a dataset and a template comes up telling you about datasets and in there could be a vm link button you could click on that would filter the vm's based on that dataset

11:37
killfill
yah... not sure how would that look like, but sounds grate!

11:37
trentster
etc etc the possibilites are endless, the real magic needs to happen at the "planning level" to cleverly figure out how to make all these components interact, then put that into place and build all the UI magic on top of that
its kind of outlined already in the flow diagram I did.
	Licenser
	is now really off to bed

	11:07
	trentster
	I think what joyent does is they ony give access to vnc console if you have access to the GZ which kind of emans you own the node
	11:08
	killfill
	trentster: they have that on the joyent public cloud?

	11:08
	trentster
	Licenser: its still early mate its barely 1am there?

	11:08
	killfill
	or you mean when you use sdc

	11:09
	trentster
	killfill: I am not sure about the Joyent vnc stuff, I vaguely remember reading it soemwhere, but could be wrong, have you deployed a kvm vm on joyent cloud? do you get vnc console access?

	11:09
	killfill
	i feel im from the past.. im GMT-4
	11:09
	killfill
	trentster: nope, there is no vnc

	11:09
	trentster
	its Thu 11am here, I am from the future

	11:10
	arekinath
	damnit, you're more future than me at the moment, stupid daylight savings
	11:10
	killfill
	trentster: on jdc, supostly there is vnc in the operator portal.. but it never worked for me..

	11:10
	arekinath
	my 2c, I think vnc through websockets is fine, but direct exposure, nah

	11:10
	killfill
	heh..

	11:11
	trentster
	arekinath: long time no see mate, how do you figure websockets is safe vs direct exposure. Please explain to my layman brain.

	11:11
	killfill
	well actually.. i only has to use vnc ones.. when my vm's didnt booted.. and then i actually ended foring restarting them all by hand..
	11:12
	arekinath
	trentster: the vnc itself runs from inside the zone, so if you exploit it you just get control over the kvm zone and not the gz
	trentster: but having the gz on a network that people can get to, with ssh and whatever else open (except for firewall rules of course)

	11:12
	arekinath
	seems a bit more shady to me

	11:13
	killfill
	yah
	like to have the users to connect to the fifo-zone for vnc acces... not the G, where the access really is

	11:14
	trentster
	Whats your guys opinions on console access for smart machines via the webUI?
	I was chatting to Licenser about it and we are in 2 minds about weather is even necessary?

	11:14
	arekinath
	I think it would be nice, but only if it can be delivered safely
	I've had plenty of times here where people have blown up their zones by using up their ram cap and SSH can't fork to let them log in
	but console login works
	and silly people who forget passwords, so we have to zlogin and change them

	11:15
	trentster
	arekinath: so in those instances they log support tickets and soemone manually has to fix the problem for them, which can be a bit of a pita
	11:16
	arekinath
	trentster: yeah. it's nice if they can do it themselves next time though. they usually file a ticket the first time, but if we leave them instructions to fix it themselves next time, we like things like that.

	11:16
	killfill
	arekinath: thats a nice one..

	11:16
	arekinath
	they never read documentation in advance
	but if you have some you can throw at them that works when they have a problem
	it's nice

	11:16
	trentster
	arekinath: out of interest what do you think of the latest 0.3 dev?
	11:17
	arekinath
	trentster: it's ok. still seems a little buggy sometimes with the non-updating datasets list where you have to go around restarting chunters. and I haven't figured out how to use the user permissions in a way that doesn't seem stupid yet

	11:18
	arekinath
	I still would like that "resolvers" box to be auto-filled or disappearable (eg if it's set on the network)

	11:18
	trentster
	arekinath: killfill the only thing that would really work with end users is have them all wear an electric shock collar. and when they log a support ticket it automaticaly delivers a jolt of electricity. I would guess the forgetting password problem would dissapear very quickly
	I have tried to get the shock collars implemented at some of our sites, but have been told that users may be anti the idea.
	11:19
	arekinath
	trentster: the academics here are pretty good at removing shock collars, unfortunately. they really apply their brains well when it comes to avoiding physical pain. but computers are hard, and they just don't want to try very hard

	11:19
	trentster
	arekinath: lol!

	11:20
	killfill
	jaja...

	11:20
	arekinath
	also, for anyone who wants SSL on 0.3-dev and doesn't want to fight with haproxy's ssl shiz
	try stud
	it's in pkgin
	put haproxy on localhost:8088 or something and point stud through to it. then you can put nginx on port 80 and have it just serve 301s to https://
	shame nginx doesn't cope with websockets yet
	apparently the next release will

	11:21
	killfill
	yah.. i found haproxy strange there as well..

	11:21
	trentster
	stud, cool Licenser will be glad to hear that, we have spent a lot of time battling ssl, I still have it kinda working on my one dev instance, but its broken on others, so we basically removed it from dev for now until a workaround can be made.

	11:21
	killfill
	yup, i remember seen a changelog of it supporting it..
	but may be on a unstable release..

	11:22
	trentster
	arekinath: do you have a working config file for "stud" that you have managed to getw orking with fifo?
	arekinath: whats your opinion on moving Ui to angular/js
	11:22
	arekinath
	trentster: I just edited the default config
	trentster: told it frontend="[*]:443" and backend="[127.0.0.1]:8088", and the path to the certificate
	trentster: it figures out the rest. even does SNI if you want

	11:23
	killfill
	Websockets (end of Jan, 2013, md)
	11:23
	arekinath
	trentster: doesn't bother me. might make changes easier to make.
	trentster: (re angular.js)

	11:24
	arekinath
	hey, erlang hipe has ARM support now. when did that happen?

	11:24
	killfill
	what i actually find too complicated are the forms.. users need to enter too much info... and they are ugly..

	11:25
	trentster
	SNI looks cool just googled it
	killfill: yeah you are right, the forms could do with some serious elegance
	would be great if we could get MerlinDMC dataset.at form code integrated.. hint hint MerlinDMC

	11:27
	arekinath
	they're not terrible, but not quite yet amazing either. that resolvers box annoys me, because none of our users are going to have a clue what it is or what it does
	or will think they do and put something weird in there

	11:27
	trentster
	yeah I was thinking about the resolvers box as well, it probably should be defined in packages section

	11:27
	arekinath
	I would have said with the network
	haha
	this is probably why it ended up there, couldn't decide
	oh, it would be nice to have edit capabilities, too
	to update VMs/networks etc
	rather than destroy -> recreate

	11:28
	trentster
	arekinath: yeah network makes sense as well.

	11:29
	killfill
	definitly.. redimension zones in hot, is a killer feature

	11:29
	trentster
	yeah, I think now that we have a solid base with the 0.3 architecture rewrite the sky is the limit in regards to Ui functionality and features.
	I think one major step is missing before all these features are added, imho, we need to have the UI flow basics setup. from the perspective of we should not be doing everything via action buttons in list boxes, but should have uuids , aliases, and network tags etc hyperlinked that open up new sections in the UI for that specific vm to make changes see attributes in more details etc.
	my 2c

	11:32
	killfill
	would be too to associate the users to the owner_uuid or billing_id property of the vm's
	would be cool i mean.. ah damn keyboard..

	11:33
	trentster
	and there should be 2 templates that gets triggered when you click on either a kvm vm vs a smartmachine, as the attribues are different, e.g you can increase disk quota and ram on the fly in smartmachines.

	11:34
	killfill
	yup

	11:34
	trentster
	killfill: yeah exactly , ou would click on a uuid it would launch the vm attribute template in the UI, and one of the things listed in there would be Owner, you could then click on owner name (also hyperlinked) and then would take you to a list screen filtered by that owner so you can see what other vm's he owns, same with groups etc.
	same thing could be done from datasets, click on a dataset and a template comes up telling you about datasets and in there could be a vm link button you could click on that would filter the vm's based on that dataset

	11:37
	killfill
	yah... not sure how would that look like, but sounds grate!

	11:37
	trentster
	etc etc the possibilites are endless, the real magic needs to happen at the "planning level" to cleverly figure out how to make all these components interact, then put that into place and build all the UI magic on top of that
	its kind of outlined already in the flow diagram I did.