[12:55] <spike> who was that was playing with LUKS around here?
[12:55] <spike> I cant make it work for a normal user, luksOpen just fails
[02:13] <maswan> hmm.. is there a server-oriented backport of 2.6.14 or later to breezy?
[02:13] <maswan> (or a generic one for that matter)
[02:13] <maswan> I'd like to get the new tcp stack with minimum fuzz. :)
[03:12] <infinity> maswan: Backporting kernels is generally considered a non-starter, due to the userspace requirements.  When I want new kernels on old distributions, I tend to just build a monolithic kernel.
[03:12] <infinity> maswan: Either with the kernel.org souce, or the dapper source, pick whichever you like better.
[05:17] <BlankC> Are there any control panels built into ubuntu-server? Things like ISPConfig, VHCS, or web-cp.
[06:24] <infinity> BlankC: Nope.
[06:24] <infinity> BlankC: Nothing is "built in" to ubuntu-server, it's not an appliance distribution, it's more of an IKEA distribution.
[06:25] <infinity> BlankC: We give you a base system and a mess of software, you install what you need.
[06:25] <BlankC> What I meant to ask was...is there a repository that has ISPConfig in it?
[06:37] <infinity> Not that I know of.
[06:44] <BlankC> Thanks. I will keep working at it. Im trying to get it to work on a new server.
[06:48] <infinity> It just looks like a big PHP application anyway, no big deal.
[06:49] <infinity> (As long you don't use their scary installer that appears to want compile its own copy of apache/php/vsftp/etc)!
[06:49] <BlankC> I hope so. I was hoping I could just do: apt-get install ispconfig
[06:50] <BlankC> it compiles a custom version that runs separate from the normal apache. Its just for running the admin interface.
[06:55] <neuralis> that's.. unpleasant.
[06:57] <BlankC> Its a fresh server so I'm willing to experiment.
[06:59] <ajmitch> unpleasant doesn't begin to describe that, from the sound of it
[07:00] <BlankC> If it works...its like turning the entire system over to a php script....scary.
[07:01] <neuralis> even if it works, the "developers" that wrote a php application that compiles its own apache and php should be hurt.
[07:01] <BlankC> I'm sure they say its for 'security reasons'...move along nothing to see here. 8)
[07:02] <neuralis> BlankC: that's really a terrible reason.
[07:02] <infinity> BlankC: Well, I assume they run it as root, so the PHP application has full root access to your whole machine.  Which means any number of the small-scale holes found in php and apache over the years would now be root holes.  ROCK.
[07:03] <BlankC> It doesn't replace the packaged version. It uses its version for giving root I guess. I'm still just in the beginning stages of installing it.
[07:03] <infinity> (Somehow, I'm doubting they were smart enough to use a well-audited root helper to do config mangling, but instead use a apache/php as root)
[07:03] <neuralis> infinity: what? you're saying php doesn't have a crystal-clean security record? oh noes, say it ain't so!
[07:03] <fabbione> ROFL
[07:03] <fabbione> GO PHP
[07:04] <infinity> PHP's security record really isn't that bad.
[07:04] <BlankC> compared to sendmail. 8)
[07:04] <fabbione> UHUHU I am down to 14 personal bugs
[07:04] <infinity> It's their security HANDLING that sucks (ie: "fix it in CVS, note it in the changelog, don't bother giving anyone patches, let them dig for themselves)
[07:04] <fabbione> and about 600 to X
[07:05] <fabbione> neuralis: do you know anything about autofs?
[07:05] <infinity> Anyhow, neither Apache nor PHP have a security record good enough for anyone to say "Hey, I should run that as root!"
[07:05] <fabbione> i mean i know it.. but i don't use it
[07:05] <infinity> "... And open a port to it, too!"
[07:05] <neuralis> infinity: yeah, that's what i was getting at.
[07:06] <neuralis> fabbione: haven't used it, never had the need
[07:07] <fabbione> ok
[07:07] <fabbione> thanks
[07:07] <neuralis> fabbione: what're you trying to find out?
[07:08] <fabbione> neuralis: trying to figure if the patches i have in the bugs are good enough
[07:08] <neuralis> ah. sorry, can't help much there.
[07:08] <fabbione> i will manage..
[07:08] <fabbione> don't worry
[07:08] <fabbione> yeah no problem
[07:34] <jsgotangco> fabbione: are we going to have a test plan of sorts for -server (like break me challenge hehe)
[07:35] <fabbione> jsgotangco: it's enough people will test installs and lamp installs
[07:35] <fabbione> it's not really a security context
[07:35] <fabbione> but stress testing the kernel is good
[07:35] <fabbione> speaking of which.. i need to switch default scheuler
[07:35] <fabbione> scheduler
[07:36] <jsgotangco> dunno anything about stress testing the kernel i could research are there resources for that online?
[07:42] <jsgotangco> ah top and sar
[07:43] <neuralis> jsgotangco: look at the server testing/certification spec, i mention some tools and an example stress test schedule
[07:43] <jsgotangco> ok i'll check it out
[07:44] <jsgotangco> i was looking at LTP too
[07:54] <infinity> fabbione: We're stress-testing kernels on some buildds (sparc and powerpc right now), do you figure it's about time to upgrade one i386 and one x86_64 buildd to dapper's -server kernels and give them a spin?
[07:54] <fabbione> infinity: from the next upload yes
[07:54] <fabbione> i am just changing the default IOSCHEDULER to deadline on -server
[07:55] <fabbione> infinity: i also have some sparc SMP patches we want to test on faure
[07:58] <fabbione> ajmitch: so did you manage to play with the T2000 ?
[07:58] <infinity> fabbione: Is deadline known-stable on all arches?
[07:58] <ajmitch> talking to them tomorrow
[07:58] <ajmitch> so probably tomorrow afternoon or next week
[07:58] <infinity> fabbione: I mean, I realise it's simpler code, and SHOULD be stable, but it's also not the default, which means less testing..
[07:58] <fabbione> infinity: it's common code.. block/ and it's only for x86 and x86_64 -server
[07:58] <fabbione> infinity: elmo did test it for the last 3 releases at least
[07:59] <infinity> Good point, elmo does use it a lot. :)
[07:59] <infinity> Fair enough.
[07:59] <fabbione> eheh
[08:00] <infinity> At 100Hz and deadline, this kernel won't really be great for a massive multiuser shell box.
[08:00] <jsgotangco> by ajmitch
[08:00] <infinity> But, I guess that type of "server" isn't very common anymore anyway.
[08:00] <infinity> Only us nerds have those.
[08:00] <infinity> Should rock for pgsql/mysql.
[08:00] <infinity> And fileserving.
[08:02] <fabbione> infinity: right
[08:02] <fabbione> neat!
[08:02] <fabbione> ppc crashes as hell if i ask it to blank a cd
[08:02] <fabbione> score...
[10:44] <Stonekeeper> Hi! I set up my first US yesterday and am looking for a newbies guide to administering it. Any help much appreciated.
[10:49] <spike> Stonekeeper: that means everything and nothing...
[10:53] <spike> Stonekeeper: you can have a look at the linux administration guide on tldp.org
[10:53] <Stonekeeper> sure. Sorry. I have found a guide from the forums
[10:53] <spike> that might be a start
[10:53] <Stonekeeper> out of interest, what is the difference between a Breezy install with "server" and a ubuntu server install?
[10:54] <spike> Stonekeeper: link? I'm curios about what ppl recommends in such cases
[10:54] <spike> Stonekeeper: assuming an ubuntu ->breezy<- server install,  nothing iirc, things changed a lot in dapper
[10:55] <Stonekeeper> http://doc.ubuntu.com/ubuntu/serverguide/C/index.html
[10:58] <spike> I see
[10:59] <spike> Stonekeeper: this is way more complete even if not ubuntu specific: http://www.tldp.org/LDP/sag/html/index.html
[11:00] <Stonekeeper> yeah, that other doc is a bit thin on the ground
[11:01] <neuralis> Stonekeeper: we'll have the official ubuntu book out soon, with a server chapter as a crash course to administering ubuntu server
[11:02] <infinity> neuralis: Does the server chapter have anything saying "if you disagree with how a package works, it's your fault, not the package's.  infinity says so."?
[11:04] <neuralis> infinity: yes. it's in section 4, "things infinity says, and other collected proverbs."
[11:05] <infinity> Excellent.
[11:30] <spike> is there any plan to have something like this: http://bencer.cauterized.net/projects/debsums/
[11:30] <spike> just posted on debian-sec
[11:30] <spike> online database with files/packages md5/sha hashes
[11:30] <spike> and permissions/owner as installed by the package
[11:46] <Stonekeeper> neuralis: great
[11:54] <fabbione> spike: it was done already
[11:54] <fabbione> spike: but our admins were not fast enough to provide the server
[11:55] <fabbione> spike: so basically the code is there but can't be used
[11:55] <tepsipakki> hmm, my nwu installation seems to be a bit limited in functionality.. should it be possible to say "nwu upgrade host" on the server?
[12:00] <spike> fabbione: I see, nice. and does it happen you included code to generate a bz2 so ppl can download and check it offline? (provinding a script to run the check would be nice too).
[12:23] <fabbione> spike: my code is meant to run offline from the installer rescue mode
[12:30] <spike> fabbione: eeer, guess then there's just a bit of confusion on my side about what code for what. from my POV I see 2 apps, a script that generates and check against a db of hashes, and one offering a web service do search and download that db.
[12:34] <fabbione> spike: mine does the former
[12:34] <spike> unless you consider the web one useless, so you just need former and some page to make the link to the db available (unless you even plan to make the whole thing working remotely, with the script querying the db directly on the ubuntu server, but that'd be lots of traffic I guess)
[12:35] <fabbione> spike: the code is available here: http://people.ubuntu.com/~fabbione/archives/system-integrity-check/
[12:35] <spike> fabbione: can I download it somehwere?
[12:35] <fabbione> it's a bzr archive
[12:35] <spike> oh :)
[12:35] <spike> ta
[12:35] <fabbione> but without a server you can't do much
[12:35] <spike> yeah, np, just curios about the code
[12:36] <spike> fabbione: do you see any use of that web interface?
[12:36] <fabbione> spike: no
[12:36] <spike> we could actually use packages.ubuntu.com too
[12:36] <fabbione> but i might be wrong
[12:36] <spike> includeing the piece of info there
[12:37] <spike> that's already working and in place, so it might make more sense to extend that with a couple more fields rather than creating a new dedicated one
[12:39] <fabbione> spike: don't post if you didn't read the code first
[12:40] <fabbione> mine can be integrated directly into archive.ubuntu.com
[12:40] <fabbione> and there are different other things
[12:40] <fabbione> please do NOT get overexicted to something that we have been looking at already
[12:41] <spike> ehehe :) I do not get overexcited for anything CS related :)
[12:41] <spike> sorry if I gave that impression
[12:43] <neuralis> fabbione: is it really that much work for elmo et al to enable the server side of this, particularly after dapper was delayed?
[12:44] <fabbione> neuralis: we are still in deep feature freeze.. it's unlikely that i am going to push partially untested code in dapper
[12:44] <fabbione> neuralis: and given they never come back to me, i guess it is an issue
[12:46] <fabbione> neuralis: anyway at this point in time i don't feel confortable to push code that's brand new
[12:48] <neuralis> fabbione: fair enough
[05:35] <jjesse> has anyone tried running ubuntu server on microsofts virtual server software?
[05:36] <thefish> jjesse: not yet, but i would not be all that surprised if it was a bit iffy
[05:36] <thefish> in vmware its great though
[05:37] <thefish> (vmware server is also free)
[05:37] <jjesse> thefish: i know it works well in vmware server
[05:37] <mgalvin> jjesse: not yet... but it does run in virtual pc so i would think it *might* work
[05:37] <jjesse> thefish: however in virtual server i just get a blan screen and no login prompt
[05:37] <thefish> hrm
[05:38] <thefish> it would be pretty typical for them to "See! look how bad linux is!" when running on their vm
[05:38] <jjesse> only way i can get a prompt is in recovery mode
[05:39] <jjesse> well they are now support red hat and SuSE
[05:40] <jjesse> http://suport.microsoft.com/?id=917437
[05:53] <jjesse> do you think there could a resolution problem that might be screwing things up, if so how would i change what resolution ?
[10:01] <hunger> ~.