/srv/irclogs.ubuntu.com/2006/02/24/#ubuntu-server.txt

=== lbm [n=lbm@130.225.243.71] has joined #ubuntu-server
neuralisfabbione: we have ganglia packages, please advise if anything else needs to be done with those. cheers.01:56
=== await [n=Alexande@209-6-26-196.c3-0.bkl-ubr1.sbo-bkl.ma.cable.rcn.com] has joined #ubuntu-server
=== Psi-Jack [n=psi-jack@cpe-70-112-220-160.austin.res.rr.com] has joined #ubuntu-server
Psi-JackHmm. Why does php5 depend on apache2-mpm-prefork? Does that mean that php5 is compiled with non-threading in mind? :/06:01
LordHunter317php isn't thread safe.06:54
Psi-JackLordHunter317: Yeah. I noticed. :/07:25
Psi-JackUpsets me, too.07:25
Psi-JackPHP itself, is threadsafe. The package made for ubuntu, is not.07:26
fabbionePHP is not thread safe.07:27
fabbionethat's why it is built with prefork07:27
Psi-JackPHP5 is perfectly threadsafe. Don't tell me it's not, when I personally know it is.07:28
fabbioneupstream says otherwise according to our maintainers07:28
Psi-JackI've run quite reliable systems with PHP5 threaded.07:28
LordHunter317Psi-Jack: no, it isn't.07:28
LordHunter317mpre importantly, even if php5 core was, half the modules it ships with aren't.07:29
LordHunter317so it's effectively not-thread safe.07:29
LordHunter317it's shipped prefork by /everyone/ with good cause.07:29
Psi-JackLordHunter317: Hey. Everything /I/ use in php5, has been reliably thread-safe. Even the gd stuff.07:30
LordHunter317i think you've just been lucky.07:31
Psi-JackI've setup custom fbsd servers with a fully thread-safe base system, with all libs being thread-safe compiled.07:31
LordHunter317that's impossible.07:31
LordHunter317not everything shipped is thread-safe.07:31
LordHunter317you don't know what 'thread-safe' means.07:31
Psi-JackNot impossible, no. Not everything has the option for threading.07:31
LordHunter317which makes your statment a contradiction...07:31
Psi-JackActually, re-read my statement.07:32
LordHunter317 with all libs being thread-safe compiled.07:32
LordHunter317that's impossible, as I said.07:32
fabbionePsi-Jack: even PHP5 build system tells you that it is not thread safe07:32
Psi-Jackwith a fully thread-safe _base_ system07:32
Psi-JackI didn't say EVERYTHING.07:32
LordHunter317yes, you did.07:32
LordHunter317learn to read.07:32
LordHunter317_all_ means everything.07:32
Psi-JackWhere did I say all? :)07:33
LordHunter31701:31 <Psi-Jack> I've setup custom fbsd servers with a fully thread-safe base system, with all libs being thread-safe compiled.07:33
LordHunter317and even that is a life.07:33
LordHunter317err lie.,07:33
LordHunter317ANSI C isn't thread safe.07:33
LordHunter317it's impossible.07:33
LordHunter317you can't be both thread safe and in keeping with the standard.07:33
Psi-JackAnyway. Right now, I don't care. For the most part, I07:34
Psi-JackI'm just gonna deal with the prefork model, till it pains me to re-compile it. :)07:35
Psi-JackBut, what's up with the phpmyadmin package for breezy, including /etc/phpmyadmin/config.inc.php, but not seeming to actually read it?07:35
LordHunter317o_O?  i haven't had that problem on Debian.07:35
LordHunter317it doesn't really matter.  apache is so slow anyway.07:36
LordHunter317and last I looked, thread-safe php was slower, not faster.07:36
LordHunter317the interpreter isn't locked very well.07:36
Psi-JackIt includes it, and all.. But, if I edit /usr/share/phpmyadmin/config.inc.php's $cfg lines, it bombs out saying that config.inc.php isn't setup. Which means, it's not reading the included /etc/phpmyadmin/config.inc.php. It's getting the blowfish, fine, but not the config.07:36
LordHunter317though my knowledge isn't recent.07:36
LordHunter317that is particular.07:37
Psi-Jackpeculier? :)07:37
LordHunter317it's late.07:37
LordHunter317i'm worried about more imporant things than my diction.07:37
Psi-JackAnd actually, in my servers, it was 3-6 times faster. :)07:38
Psi-JackPaired with ZendOptimizer, at least.07:38
LordHunter317i don't think I've deployed an application yet where apache was the bottleneck.07:38
LordHunter317or where, "get a new server" isn't a valid response.07:38
Psi-JackSon-of-a.07:40
Psi-JackShoot me!07:40
Psi-JackJust fricken shoot me!07:40
LordHunter317?07:40
Psi-JackAll the lines in the stock phpmyadmin package config.inc.php, are commented. heh07:40
LordHunter317rol.07:41
Psi-JackOne by fricken one, instead of just using a /* */ method, that actually pisses me off. :)07:41
LordHunter317it's preferable.07:41
LordHunter317any developer prefers it.07:41
Psi-JackUsing // on every fscking line, for 20+ lines?07:41
LordHunter317yes.07:42
LordHunter317because it's nestable, and because it lets me selectively uncomment lines.07:42
Psi-JackI don't prefer it, and I am a developer. :p07:42
LordHunter317in most languages /* /* */ */ doesn't work.07:42
Psi-JackGrr.07:46
fabbioneneuralis: yes i saw the email. will do on monday hopefully...07:56
Psi-Jackheh, this is odd..08:00
Psi-JackWhy does postfix-ldap suggest postfix-mysql and postfix-pgsql? :)08:00
LordHunter317someone at ubuntu bugged up.08:08
LordHunter317oh, did you have postfix installed at all before?08:08
LordHunter317what you may be seeing is postfix-ldap depending on postfix suggseting the last two.08:09
Psi-JackNope. Just now finally setting up this kubuntu server I installed several days ago.08:09
LordHunter317well, htat's the only way I cfan see that being seen.08:09
LordHunter317on debian sid, ldap doesn't suggest.08:09
LordHunter317if it does in ubuntu, it's a bug.08:09
fabbionethe debian and ubuntu packages of postfix are exactly the same08:12
fabbionethe maintainer is the same08:12
fabbioneand there is no discrepancies between the 208:12
LordHunter317well then, that's how it was seen.08:12
fabbioneSuggests: is pulled in according to the package manager you are using08:12
fabbioneand it's not installed by default08:13
fabbionejust Suggeted08:13
fabbioneSuggested08:13
fabbione= no harm08:13
LordHunter317it fustrates me though that aptitude has no way to pull suggests like it does recommends.08:13
LordHunter317well, trivially.08:13
LordHunter317anyway. I'm out.08:14
=== virogenesis [n=vir@ACBD9ECB.ipt.aol.com] has joined #ubuntu-server
Psi-JackHmm09:11
Psi-JackAnyone got any suggestions for ldap schema layout for virtual-hosting setups with postfix and cyrus-imapd09:12
Psi-Jack?09:12
=== hondadarrell [n=hondadar@c-24-5-105-207.hsd1.ca.comcast.net] has joined #ubuntu-server
Psi-JackLooks like the misc.schema has what I need. Just gotta make proper use of it. heh09:19
=== zenrox [n=zenrox@71.115.198.118] has joined #ubuntu-server
=== zenrox [n=zenrox@71.115.198.118] has joined #ubuntu-server
=== mpathy [n=mm@a15197305.alturo-server.de] has joined #ubuntu-server
mpathyHi there..12:17
mpathyHow do I get ubuntu-server, with its nice default configuration, on a dedicated server? When I debootstrap ubuntu, I loose all the nice configuration right? is there another way?12:18
=== spike [n=spike@unaffiliated/spike] has joined #ubuntu-server
=== JulienH [n=JulienH@222.67.3.159] has joined #ubuntu-server
JulienHHi all12:51
JulienHWill webmin package or something like be moved from "universe" to "main" in Dapper ? I'm asking because of security fixes support with the main component12:53
=== irvin [n=irvin@ubuntu/member/irvin] has joined #ubuntu-server
=== ivoks [n=ivoks@ubuntu/member/ivoks] has joined #ubuntu-server
=== irvin [n=irvin@ubuntu/member/irvin] has joined #ubuntu-server
mpathyare there no wiki pages or sth. like that for ubuntu-server?03:02
mpathybecause I recognized a big interest in a debian-based server-specific distribution, but with newer packages like some apache2 and php5 packages..03:03
mpathyreally sad03:04
spikewhat's sad?03:05
spikempathy: there are wiki pages related to ubuntu-server around, just not grouped under a macro ubuntu-server page03:06
spikempathy: and there's a ubuntu-server forum, check out the topic03:06
mpathyyeah sure.. but at least I would put a link list online somewhere03:07
mpathyspike: and a forum is not the greatest tool for this03:08
spikempathy: I agree, when I joined I proposed/asked for an server.ubuntu.com but I've been told that wasnt necessary03:09
mpathyspike: perhaps a directory in the ubuntu wiki would be a start03:09
spikemight try again if more of us will support that03:09
spikeyeah, that too03:10
mpathyspike: Hmm.. WHO told you that03:10
spikempathy: are you subscribed to the list?03:10
spikempathy: mailistlist, that is03:10
mpathywe at the art-team do have a subdomain..03:10
spikeah03:10
spikewell, I'll just post on the list and see what happens03:11
mpathyspike: No, but I will. A Mailinglist, additionally being added to GMANE, so that its accessible via a newsreader would be a good start too! :)03:11
=== fabbione [i=fabbione@gordian.fabbione.net] has joined #ubuntu-server
spike'lo fabbione03:12
fabbionehi spike03:13
spikebye :)03:13
=== fabbione [i=fabbione@gordian.fabbione.net] has joined #ubuntu-server
ivoksfabbione: hi03:26
ivoksfabbione: i just ralized we have ganglia in universe, but outdated03:26
ivoksrealized03:26
fabbioneivoks: yes.03:27
fabbionei know03:27
fabbionethat's why we needed the new packages03:28
fabbioneto replace the old ones and move them to main03:28
fabbionei only need to look at the packages you did before updating tehm03:28
fabbionethem03:28
ivoksok03:28
=== mpathy [n=mm@a15197305.alturo-server.de] has joined #ubuntu-server
fabbioneivoks: if you want to look at them and see if you need to merge bits, you have time till tomorrow/tuesday03:29
fabbionei am sort of overloaded to death03:30
ivoksfabbione: ok03:30
ivoksfabbione: take it easy :)03:30
fabbionei can't03:30
fabbionewe have Feature Freeze next week03:30
=== christl [n=chris@chello212186104043.37.11.vie.surfer.at] has joined #ubuntu-server
=== christl [n=chris@chello212186104043.37.11.vie.surfer.at] has left #ubuntu-server []
Micksais there any way at all to permanently change perms in files in /dev?04:25
ubijtsa2Micksa: you can make udev set them for you when it creates the device nodes04:28
Micksaah, I see04:29
ubijtsa2Micksa: /etc/udev/permissions.rules is what you want to look at04:29
spikehey ubijtsa2 , how you doin?04:29
ubijtsa2lo spike04:29
Micksado you mean permissions.d?04:29
Micksaor rules.d?04:29
ubijtsa2I'm doing alright, DL'ing Kubuntu Flight4 now :)04:30
ubijtsa2Micksa: permissions.d probably04:30
ubijtsa2I have a permissions.rules file (Breezy)04:30
spikeme too04:31
ubijtsa2spike: how's you then?04:31
spikebut guess that's like normal .d stuff, where apps can place their files04:31
spikethere's no reference to it neither in .rules nor in /etc/init.d/udev, tho04:31
spikemaybe it's somewhere else, havent looked to deeply04:32
spiketoo*04:32
ubijtsa2:)04:32
spikeubijtsa2: I'm coming back home at last!! I was about to kill myself here :)04:32
MicksaI'll figure it out04:32
Micksadammit04:33
MicksaI can't get a 2.4 uml working in dapper04:33
spikeubijtsa2: one more week to go, tho :/04:33
Micksathere appears to be no hope04:33
ubijtsa2spike: *grin* alrighty :)04:33
Micksamslade@boo:~$ linux04:33
MicksaKilled04:33
ubijtsa2spike: how'd the cv stuff go?04:33
spikeubijtsa2: my version worked too :P04:33
ubijtsa2spike: good stuff :)04:33
spikeand that's actually more than a problem now ehehe, kinda overloaded :)04:34
MicksaWTF04:34
Micksamslade@boo:~$ strace linux04:34
Micksaexecve("/home/mslade/bin/linux", ["linux"] , [/* 41 vars */] ) = 004:34
Micksa+++ killed by SIGKILL +++04:34
spikecoffee break, c you in a bit04:35
=== lbm [n=lbm@x1-6-00-13-10-7a-d1-e4.k233.webspeed.dk] has joined #ubuntu-server
=== virogenesis [n=vir@ACBD9ECB.ipt.aol.com] has joined #ubuntu-server
virogenesishi05:35
LordHunter317hi05:48
virogenesisafter installing postgresql what needs to be done to be to use it would you say?05:52
spikevirogenesis: depends how you intend to use it of course05:56
virogenesisi'll be using it locally basicaly a webdev box , same machine i'll code on05:57
spikeyou could use psql to talk to the db, or install the relevant modules to use it through ur application of choice, ie apache/php if it's a web thingie05:58
spikevirogenesis: what language are you gonna use for web development?06:00
=== await [n=Alexande@207-172-213-68.c3-0.bkl-ubr1.sbo-bkl.ma.cable.rcn.com] has joined #ubuntu-server
virogenesisi've got apache and php installed its just with mysql you set a password for root for the db what happens with postgresql?06:01
spikevirogenesis: have you read postgresql documentation?06:02
virogenesisi guess its alot different from mysql by the sounds of it i should read it i suppose06:03
spikeyou suppose right06:05
LordHunter317you don't.06:05
LordHunter317unless you're going to use it over the network, you don't set a password.06:05
LordHunter317ever.06:05
LordHunter317create an account for whatever use will run the software you're using.06:06
LordHunter317it checks the credentials of the acessing process.06:06
LordHunter317so sudo -u postgres psql to start the monitor as the DB admin, and 'CREATE USER me;' so you can acess the DB, then 'CREATE USER www-data;' for Apache.06:06
LordHunter317then grant permissions as needed.06:06
=== spike shrugs
spikeso all the hosted applications can nicely access each other DB06:08
spikenice plan06:08
virogenesissounds simple enough thanks LordHunter317  answers a few questions i'm gonna read the docs aswell06:08
LordHunter317spike: no.06:08
LordHunter317for hosted stuff, you have everything urnning as different users anyway.06:08
LordHunter317you hvae to.06:08
LordHunter317it's infinitely more secure for local databases than a password.06:09
spikenot everybody uses suexec or suphp06:09
LordHunter317moreover, most hosting provdiers ptu databases on other machiens anyway, rendering this irrelevant.06:09
LordHunter317spike: and if you have multiple users and you don't, you're incompetent.06:09
LordHunter317pure and simple.06:09
LordHunter317multiple untrusted users don't share an account, unless it's the anonymous FTP / SAMBA/ etc. account.06:10
LordHunter317and oyu have more immeidate things to worry about than the database, in that case.06:10
spikeLordHunter317: pure and simple, but not given. point is u cant jump is and say that "user/password" arent of any use assuming all of that06:10
LordHunter317like <?php system("/bin/rm -rf /var/www/*") ?> and trashing /everyone's/ files06:10
LordHunter317spike: yes, I can.  see above.06:10
LordHunter317if you have multiple untrusted users, they run in seperate accounts.06:11
LordHunter317your security is already gone if you don't do it, so discussing hte database is irrelevant.06:11
LordHunter317you're overextending yourself.06:11
spikeI'm what?06:11
LordHunter317overextending.  the database is of no concernt at that point.06:11
LordHunter317who cares if I can get in the database?  I can delete all their files anyway.06:11
LordHunter317or trojan their scrips.06:12
LordHunter317the username/apssword security on the db become instantly irrelevant.06:12
LordHunter317so I can still get in the DB.06:12
spikeu're missing the point, but whatever, I'm not the one who asked a question06:12
LordHunter317spike: no, I', not, you are.06:13
LordHunter317spike: if two "users" share an account as www-data.06:13
LordHunter317the permissions used to access the database are /irrelevant/.06:13
LordHunter317be it a process credentials check or username/password for the db, user a can get user b's data and vice-versa.06:13
spikeu're missing the point because u're trying to convince me of something I already know :)06:13
LordHunter317because they trojan the scripts.06:13
LordHunter317spike: no, you don't, as you wouldn;'t have said waht you said if you did.06:13
spikeand u're missing the point because u dont answer like that someone who never used pgsql06:14
spikeno, I said that because I didnt assume what you did06:14
spikethat's the difference06:14
LordHunter317spike: i;m assuming zero.06:14
LordHunter317what's teh assumption?06:14
spikeu're assuming best practise06:14
LordHunter317no, I'm not.06:14
LordHunter317it still holds in the case you mentioned.06:14
LordHunter317because it's irrelevant.06:15
LordHunter317as I've said.06:15
LordHunter317do you need me to set this up and show you?06:15
LordHunter317i can.06:15
LordHunter317and I should make a minor correctoin: they can't necessarily trojan the script, but they certainly can read  the DB password out of it.06:16
spikeu should make a lot of minor corrections, like safe_mode and denied access to /bin/rm06:18
LordHunter317neither of which will stop DB access.06:18
LordHunter317and safe_mode can be bypassed pretty trivally anyway.06:18
LordHunter317*oops*06:18
virogenesisits highly annoying that they talk about the syntax before admining the server bloody weird06:44
LordHunter317tehy're seperate parts.06:45
LordHunter317there isn't much admining to do, really.06:46
LordHunter317it's very much a "it works" or "it doesn't owrk" situation, most of the time.06:46
LordHunter317the rest is just avoiding some gotchas, like SELECT COUNT(*) and that bulk loading via INSERT or SPROC is really, really slow.06:47
LordHunter317also, Npgsql sucks but that doesn't matter unless you're doing .NET development.06:50
=== await [n=Alexande@207-172-213-68.c3-0.bkl-ubr1.sbo-bkl.ma.cable.rcn.com] has joined #ubuntu-server
=== nsilva [n=nathans@c-67-171-250-99.hsd1.wa.comcast.net] has joined #ubuntu-server
=== nsilva [n=nathans@c-67-171-250-99.hsd1.wa.comcast.net] has joined #ubuntu-server
=== await [n=Alexande@207-172-213-68.c3-0.bkl-ubr1.sbo-bkl.ma.cable.rcn.com] has joined #ubuntu-server
=== nictuku [n=yves@201.15.116.192] has joined #ubuntu-server
=== virogenesis [n=vir@ACBD9ECB.ipt.aol.com] has joined #ubuntu-server
=== hunger [n=tobias@p54A60F4C.dip0.t-ipconnect.de] has joined #ubuntu-server
=== zenrox [n=zenrox@71.115.198.118] has joined #ubuntu-server
=== zenrox [n=zenrox@71.115.198.118] has joined #ubuntu-server
=== zenrox [n=zenrox@71.115.198.118] has joined #ubuntu-server

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!