00:13:25  * nfitchjoined
00:14:59  * ghostbarjoined
00:17:47  * nfitchquit (Ping timeout: 260 seconds)
00:43:25  * dapquit (Quit: Leaving.)
00:56:09  * dapjoined
00:56:19  * dapquit (Client Quit)
01:00:09  * dapjoined
01:16:52  * dapquit (Quit: Leaving.)
01:18:11  * abraxasjoined
01:22:13  * abraxasquit (Ping timeout: 240 seconds)
01:37:28  * abraxasjoined
02:01:49  * nfitchjoined
02:06:31  * nfitchquit (Ping timeout: 264 seconds)
02:59:00  * ghostbarquit (Remote host closed the connection)
02:59:30  * ghostbarjoined
03:04:21  * ghostbarquit (Ping timeout: 276 seconds)
03:24:28  * bixu_quit (Ping timeout: 264 seconds)
03:50:02  * nfitchjoined
03:54:42  * nfitchquit (Ping timeout: 264 seconds)
05:07:43  * bixuquit (Remote host closed the connection)
05:38:20  * nfitchjoined
05:42:45  * nfitchquit (Ping timeout: 256 seconds)
05:45:07  * bixujoined
06:38:49  * AvianFlujoined
06:44:22  * trentmquit (Quit: Leaving.)
07:26:35  * nfitchjoined
07:30:51  * nfitchquit (Ping timeout: 260 seconds)
07:36:38  * mamashjoined
07:40:21  * fredkquit (Quit: Leaving.)
07:40:59  * fredkjoined
07:42:21  * fredkquit (Client Quit)
08:35:22  * bixuquit (Remote host closed the connection)
09:07:36  * mamashpart
09:14:51  * nfitchjoined
09:19:07  * nfitchquit (Ping timeout: 240 seconds)
10:13:53  * mamashjoined
11:03:12  * nfitchjoined
11:07:42  * nfitchquit (Ping timeout: 264 seconds)
11:22:13  * irajoined
11:48:04  * yruss972joined
12:20:40  * marsellquit (Ping timeout: 256 seconds)
12:22:23  * yruss972quit (Quit: Disconnected)
12:24:18  * marselljoined
12:36:37  * abraxasquit (Remote host closed the connection)
12:51:28  * nfitchjoined
12:56:16  * nfitchquit (Ping timeout: 264 seconds)
14:30:58  * iraquit (Quit: Computer has gone to sleep.)
14:36:50  * abraxasjoined
14:39:48  * nfitchjoined
14:41:09  * abraxasquit (Ping timeout: 248 seconds)
14:43:57  * nfitchquit (Ping timeout: 240 seconds)
14:56:40  * dapjoined
15:16:12  * ghostbarjoined
15:30:46  * yruss972joined
15:41:49  * ins0mniajoined
15:43:44  <yruss972>Anyone here? I'm wondering how close manta is to supporting ssh keys other than those used to manage the compute nodes?
15:46:42  * dapquit (Quit: Leaving.)
15:52:56  <mcavage>yruss: that and all things access control are "top of the list", but that realistically means something a quarter or two out, not a week or two.
15:56:29  <yruss972>mcavage: any ideas on workarounds?
15:58:08  <mcavage>well, assuming that you have production VMs, the short term solution is to make a dedicated manta-only account. The caveat here I tell everybody that asks about this is that since we (and everybody else in the cloud business) have an API for managing credentials, simply saying "a key that's different than SSH" is borderline no value if any credential can be used to manage access to virtual machines.
16:00:09  <mcavage>that's not a caveat to "make a separate account", that's just saying if _any_ credential is compromised it can be used to change other things -- in the absence of "stepped down" identity/credentials.
16:00:21  <mcavage>really long-winded way of saying "it's a big feature"
16:00:39  <yruss972>mcavage: that will bring us up to 6 separate joyent accounts running on 7 :/
16:00:55  <yruss972>+1 telefonica
16:01:02  <yruss972>so 8
16:01:16  <mcavage>I understand, and I'm sorry.I know it sucks. The alternative is wait. There's really no magic bullet :\
16:01:23  <yruss972>ok- thanks
16:03:51  <yruss972>mcavage: any idea what the solution will look like when it arrives?
16:05:07  * ghostbarquit (Remote host closed the connection)
16:05:36  * ghostbarjoined
16:05:39  <mcavage>well, i suspect it's going to roll out in phases, but you'll have "policy based ACLs" in manta (i.e., "allow GET from IP=1.2.3.0/24"), and users/groups under your account that can be specified with rules on them as well (i.e., so a user A with credential C can't do anything except what it's explicitly allowed to do).
16:08:24  * nfitchjoined
16:09:40  * ghostbarquit (Ping timeout: 240 seconds)
16:09:41  <yruss972>can I ask that you consider (if you haven't already) including a write once use case
16:10:19  <yruss972>users that can write a file but not update, delete, replace, possibly not even read back?
16:11:28  <mcavage>yeah - that would be relatively minor to do once we have the policy thing. that would look like "ALLOW PutObject on /... WHERE HTTP.HEADERS.IF-MATCH = null"
16:11:33  <mcavage>or something to that effect
16:12:58  <yruss972>great! sounds like you need a killer gui though :)
16:13:33  <yruss972>you == me
16:15:14  <mcavage>well, we need that anyway ;)
16:24:20  * dapjoined
16:29:46  * ghostbarjoined
16:30:40  * trentmjoined
16:31:02  * ghostbar_joined
16:34:54  * ghostbarquit (Ping timeout: 276 seconds)
16:47:15  * trentmquit (Ping timeout: 276 seconds)
16:49:43  * elijah-mbpquit (Ping timeout: 245 seconds)
16:51:04  * trentmjoined
17:10:36  * caaarlosjoined
17:16:32  * bixujoined
17:26:16  * elijah-mbpjoined
17:29:46  * bixu_joined
17:29:49  * bixu_quit (Remote host closed the connection)
17:30:15  * bixu_joined
17:34:06  * yruss972quit (Ping timeout: 264 seconds)
17:46:01  * AvianFluquit (Remote host closed the connection)
17:46:35  * AvianFlujoined
17:51:34  * AvianFluquit (Disconnected by services)
17:52:04  * AvianFlu_joined
18:16:25  * bixuquit (Remote host closed the connection)
18:16:52  * bixujoined
18:27:20  * papertigersjoined
18:50:30  * mamashpart
18:57:07  * mamashjoined
19:14:59  * yruss972joined
19:32:22  * yruss972quit (Quit: Disconnected)
19:35:21  * yruss972joined
19:39:55  * trevorojoined
20:05:01  * yruss972quit (Quit: AndroIRC - Android IRC Client ( http://www.androirc.com ))
20:05:49  * yruss972joined
20:13:08  * yruss972quit (Quit: AndroIRC - Android IRC Client ( http://www.androirc.com ))
20:20:32  * trevoroquit (Quit: leaving)
20:37:26  * ghostbar_quit (Remote host closed the connection)
20:37:56  * ghostbarjoined
20:42:31  * ghostbarquit (Ping timeout: 264 seconds)
20:57:38  * mamashpart
21:09:27  * mamashjoined
21:14:15  * ghostbarjoined
21:50:02  * nfitchquit (Quit: Leaving.)
22:15:00  * mamashpart
22:24:23  * _Tenchi_joined
22:41:33  * ralphtheninjajoined
22:41:40  <ralphtheninja>hey guys
22:45:05  <tjfontaine>hey hey
22:46:20  <ralphtheninja>what's new on the manta front? :)
22:46:44  <tjfontaine>http://www.joyent.com/blog/introducing-kartlytics-mario-kart-64-analytics obviously :P
22:47:44  <ins0mnia>is it possible to limit generated URL's to IP address(es) ?
22:48:00  <ralphtheninja>I _think_ I've noticed a bug, when I stream a file from manta, the data that arrives in the stream is from the previous request
22:48:27  <tjfontaine>ralphtheninja: do you have an example that you can gist?
22:48:36  <ralphtheninja>tjfontaine: working on producing it right now
22:48:53  <ralphtheninja>it might be me that's messing things up, need to make sure first :)
22:49:24  <tjfontaine>ins0mnia: you mean, restrict access to a given url such that only specific ips can access it?
22:49:32  <ins0mnia>tjfontaine: yeah
22:50:00  <ralphtheninja>one time usable links would be awesome too
22:50:08  <ralphtheninja>after request is made, the link goes away
22:51:24  <tjfontaine>right all of those pieces are being discussed in terms of the broader ACL mechanism, as I understand it
22:51:46  <tjfontaine>at the moment you have your public and stor, and signed urls
23:05:07  <ralphtheninja>cool
23:05:22  <ralphtheninja>I really like the cli tools, makes it so much easier to create test data etc
23:05:56  <ralphtheninja>especially if you like to work with cli on e.g. unix, it's like working with your own filesystem :)
23:07:42  * AvianFlu_quit (Remote host closed the connection)
23:29:04  * AvianFlujoined
23:45:45  <ralphtheninja>tjfontaine: the bug is on my side :) sorry
23:46:28  <tjfontaine>ralphtheninja: hehe good to know :)
23:59:13  * dapquit (Quit: Leaving.)