[06:13] <wintermu1e> anyone know much about routing in linux?
[06:13] <foo> wintermu1e: Just ask ...
[06:15] <wintermu1e> ok, anyone know how to have linux dynamically determine which interface to send out packets on for a box with multiple nics all on the same subnet, but where some of the nics may not be plugged in?
[06:15] <wintermu1e> but the non-plugged in nics could be up and configured
[06:16] <wintermu1e> or where the place to look for an answer to this might be
[06:19] <lamont> wintermu1e: sounds like a bonding question
[06:19] <lamont> or see the kernel docs on multiple routing tables
[06:21] <wintermu1e> lamont: thanks, hadn't occured to me that bonding might work
[06:22] <lamont> wintermu1e: traditionally, you get one NIC per subnet, and the choice of which interface to send packets out is based purely upon destination IP
[06:23] <wintermu1e> lamont: yeah, and it seems that the normal routing doesn't support anything other than that model (you can have two interfaces on the same subnet, but the packet always goes out on the same interface)
[06:26] <lamont> as it should. :-
[06:26] <lamont> _
[06:26] <lamont> :-)
[06:26] <lamont> damn keyboard
[06:27] <lamont> the advanced routing tables let you add more things to the selection criteria
[06:29] <ScottK> BTW, in case any one is interested I'm working on merging dkim-milter 1.2 from Debian with Ubuntu specific stuff (like /var/run is a tempfs).
[06:29] <ScottK> It's also late here and so I'll finish tomorrow.  Good night.
[06:32] <wintermu1e> lamont: where is the advanced routing doc?
[06:33] <lamont> http://lartc.org/ looks promising
[06:33] <lamont> google: linux advance routing howto
[06:34] <wintermu1e> thanks
[02:14] <ScottK> soren: Are you around?
[02:15] <dendrobates> ScottK: soren is out, can I help?
[02:15] <ScottK> On Bug #105225, my suggestion would be that if your testing indicates the fix does not harm, upload it to dapper-proposed and let the reporter install/test it from there.
[02:15] <ubotu> Launchpad bug 105225 in mysql-dfsg-5.0 "'flush tables with read lock' causes mysql server to deadlock" [Undecided,Fix released]  https://launchpad.net/bugs/105225
[02:15] <dendrobates> bug 125850
[02:15] <ubotu> Bug 125850 on http://launchpad.net/bugs/125850 is private
[02:15] <ScottK> dendrobates: Just wanted to follow up with him thee above mysql bug.
[02:15] <ScottK> No rush.
[02:16] <dendrobates> He should be back in a couple hours.  Also mathiaz does a lot of work with mysql bugs.
[02:17] <ScottK> dendrobates: It at least slightly interesting that without security permissions I can tell you were trying to look up a security issue in linux-source-2.6.15
[02:17] <ScottK> That strikes me as a slight, but unnecessary information leak.
[02:18] <dendrobates> ScottK: I think that is alright, it's the comments that are private.  From a support customer.  Can you see those?
[02:18] <ScottK> No, just the package that the bug is in from the LP url that redirects to.
[02:18] <ScottK> Ah.
[02:19] <ScottK> I think it would be slightly better to do the permissions check before executing the redirect.
[02:19] <ScottK> But I'm paranoid.
[02:21] <dendrobates> create a bug againstr launchpad, and see what they say, I am inclined to agree with you, but I am paranoid as well.  :)
[02:27] <ScottK> I'll do that.
[02:58] <eikke> any reason libapache2-mod-security isn't in feisty?
[03:02] <ScottK> Probably because no one packaged it.
[03:03] <ScottK> I don't see that in any Ubuntu release.
[03:03] <ScottK> Nevermind.  I take that back.
[03:08] <ScottK> It was removed, I'm not sure way.  Generally they don't do that randomly.  At a guess from hints I see on Google, I'd expect a licensing issue.  Not sure.
[03:08] <eikke> ah, so should be possible to package it myself?
[03:09] <lionel> It was removed for a licensing issue yes
[03:09] <lionel> and same for Debian
[03:09] <eikke> bummer, I like it
[03:43] <fernando> moin all
[05:39] <soren> ScottK: I'm around now.
[05:51] <ScottK> soren: Did you see my comments in the backscroll?
[05:57] <soren> ScottK: Ah, yes.
[05:58] <soren> ScottK: the thing is that the SRU policy also states that there must be some way to verify (by more than one person) that the bug has been fixed.
[05:58] <ScottK> OK.  That was all I had.
[05:58] <ScottK> Right.  
[05:58] <soren> ScottK: So I'll need some way to reproduce it anyway.
[05:58] <ScottK> Well then I guess ask the reporter for a simplified test case...
[05:58] <soren> ScottK: That's what I did, wasn't it?
[05:59] <soren> I believe so.
[05:59] <ScottK> Alternatively, publish it in proposed, let the reporter test it.  Leave it there, and then the next time someone complains about the bug, say, "Here. try this."
[05:59] <soren> For now, the fix is actually in my PPA.
[05:59] <ScottK> In the mean time, the reporter is happy.
[06:00] <soren> ScottK: I can't just upload stuff to -proposed, can I?
[06:00] <ScottK> Are you a core-dev?
[06:00] <soren> ScottK: Nope.
[06:00] <ScottK> Acutally it doesn't matter.
[06:00] <ScottK> You need to have an archive admin ack it anyway.
[06:00] <soren> ScottK: I wasn't just thinking "will Soyuz let me?", but also if I'm allowed to by policy.
[06:01] <soren> ScottK: Then I'm SOL. :) pitti is picky about these things.
[06:01] <ScottK> If it were Universe, you'd go ahead and upload it and wait for the archive admin.
[06:01] <ScottK> Just wait until it's Riddell's admin day to upload it then ;-)
[06:01] <soren> He has admin days now, too? 
[06:02] <ScottK> Yes
[06:08] <[miles] > afternoon guys
[06:09] <[miles] > anyone know if L7-Filtering is available with Ubuntu Server?
[06:09] <soren> [miles] : What sort of filtering, specifically?
[06:09] <[miles] > L7
[06:10] <[miles] > http://l7-filter.sourceforge.net
[06:10] <soren> Ah, I though you just meant layer 7 in the generic sense.
[06:11] <[miles] > :)
[06:12] <[miles] > we could do with trying it out on some of our FW's
[06:12] <[miles] > which are either 6.06 or 7.04
[06:15] <soren> [miles] : I see no indication that we support that. Sorry.
[06:15] <[miles] > ok np
[06:15] <[miles] > I can compile the source and try it on new installation
[06:15] <[miles] > thanks anyway
[06:16] <soren> [miles] : You could file a bug about its absence?
[06:17] <soren> [miles] : Against linux-source-2.6.22 and iptables (just one bug, but against both of them)
[06:23] <ScottK> soren: Wouldn't it be a needs-packaging bug?
[06:24] <soren> ScottK: I don't remember what the criteria are for that.
[06:24] <[miles] > would'nt class it as a bug anyway 
[06:24] <[miles] > personally
[06:24] <soren> ScottK: It involves a patch to the netfilter code in the kernel and a patch against iptables..
[06:24] <soren> [miles] : Wishlist bug, surely?
[06:25] <[miles] > well
[06:25] <[miles] > thats not 100% true
[06:25] <[miles] > about kernel patching
[06:25] <[miles] > there is two options
[06:25] <[miles] > kernel, as you say
[06:26] <[miles] > and user space
[06:27] <[miles] > which they say is the planned default method of filtering
[06:29] <[miles] > http://l7-filter.sourceforge.net/README (Very bottom)
[06:29] <[miles] > Userspace version
[06:30] <soren> Ah, sorry. I didn't notice that.
[06:30] <[miles] > jeje np
[06:30] <[miles] > I hate reading websites too
[06:30] <ScottK> [miles] : Any experience or interest in doing Debian packaging?
[06:30] <[miles] > wow, we have a lot more nicks in here than ever, 62
[06:30] <[miles] > nice
[06:30] <[miles] > is Ubuntu Server becoming more popular or what
[06:30] <[miles] > :)
[06:31] <[miles] > ok, their dropping like flies
[06:31] <[miles] > :)
[06:34] <soren> Ah, yes, the userspace version sounds like what we want.
[06:35] <ScottK> If [miles]  is interested in packaging it, I'm sure someone over in #ubuntu-motu would be glad to help him do it.
[06:35] <[miles] > ScottK: I must read up on packaging actualyl
[06:35] <[miles] > my work load is immense atm tho :-|
[06:36] <[miles] > and in the evenings, it so hot out here, I can't really be bothered sitting at a keyboard 
[06:36] <ScottK> If you are interested in deploying this package, it'll be easier for you to deploy it with your own Debian package even if it's not uploaded.
[06:36] <ScottK> So it'll save you work.
[06:36] <[miles] > yeah I agree
[06:37] <[miles] > I know how to package RPM's
[06:37] <[miles] > cos I worked with SuSE for many years
[06:37] <[miles] > but not really .deb's
[06:37] <[miles] > I will get round to looking into it tho
[06:37] <[miles] > promise
[06:37] <[miles] > :)
[06:37] <[miles] > lionel: won't I :-)
[06:37] <ScottK> Well genericly the stuff in a spec file goes in a debian directory, but there's more to it.
[06:37] <ScottK> Maybe lionel will package it.
[06:38] <[miles] > ;-)
[06:39] <[miles] > http://www.mozilla.org/security/announce/2007/mfsa2007-18.html
[06:39] <[miles] > I have had sooooooo many crashes in FF, it's unreal
[06:39] <[miles] > never have I know so many, now that explains it
[06:40] <[miles] > right, im heading home
[06:41] <[miles] > see u 2moro
[06:41] <[miles] > ciao
[07:01] <ScottK> I got dkim-filter working with Postfix.
[07:04] <lamont> awesome
[07:04] <lamont> any postfix changes needed?
[07:04] <ScottK> No.
[07:05] <ScottK> The dkim-filter package in Debian works.
[07:05] <ScottK> You have to set some options to work with Postfix, but other than the normal stuff to config Postfix to work with a milter, no.
[07:07] <lamont> ScottK: wietse was pretty proud of his sendmail developer's award
[07:07] <ScottK> Rightfully so.
[07:08] <lamont> and lazily so, too.  implementing sendmail-milter support in postfix relieves him of doing milter-esque stuff to postfix
[07:08] <lamont> very smart move
[07:08] <ScottK> Why in the world would dkim-filter sign the user-agent header by defult?
[07:08] <ScottK> Now if he'd just add Mail From rewriting via the milter interface I'd be satisfied.
[07:09] <ScottK> Key point...  dkim-flter signs the received headers too, so you need to call the milter after the last time Postfix has recieved it or the signature fails.
[07:16] <lamont> I mention it here, since it's a server install I'm hitting it on... :0)
[07:18] <ScottK> lamont: That'll be something that needs to be dealt with for LTS to LTS+1 upgrades then.
[07:21] <lamont> Configuration file `/etc/initramfs-tools/initramfs.conf'                        
[07:21] <lamont> *** initramfs.conf (Y/I/N/O/D/Z) [default=N]  ? 
[07:21] <lamont> ouch
[07:36] <ScottK> That or I messed up my key record....
[07:38] <hansin321> I just wanted to say that I love the keep it simple design aspects of Ubuntu Server, and how it installs a basic server and leaves the rest up to the user to decide what else they want to install/ports to open, etc.  I guess I was just looking to clarify if this design philosophy is something that Ubuntu Server will try to adhere to going forward.  I am hoping so, because it is a really cool install 'out of the box' compared to
[07:47] <mralphabet> hansin321: yes
[08:02] <hansin321> mralphabet: Thanks.  I am glad to hear that, as I really like the approach Ubuntu Server has taken.
[08:02] <soren> hansin321: That is likely going to keep being the default install, yes.
[08:03] <soren> hansin321: Other options will be added, though-
[08:03] <hansin321> soren: Sure.  Kind of like the 'Install LAMP server now' scenario?  But for other things?
[08:03] <soren> soren: Something like that, yes.
[08:04] <soren> hansin321: ^^
[08:22] <ScottK> Well I think I got the Ubuntu specific needs for dkim-milter/dkim-filter sorted out.  Just doing a Gutsy test build and then I'll upload it.
[08:24] <hansin321> Thanks all.  I enjoy 'listening' in on the chat traffic and getting a sense of where things are headed.
[08:28] <ScottK> lamont: The DKIM Milter is uploaded.  If you are interested, you can either ask pitti or Mithrandir to pretty please accept dkim-milter 1.2.0.dfsg-1ubuntu1 or just wait until after Tribe 3 releases.
[08:30] <lamont> what had to change from debian?
[08:30] <lamont> and after tribe3 is fast enough, I expect... 24 hours and all that
[08:31] <BFTD> On a remote terminal, how do I enter a command and then close the terminal without killing that process/command I started in it?
[08:32] <mralphabet> &
[08:32] <mralphabet> I think
[08:32] <BFTD> ?
[08:32] <BFTD> oh
[08:32] <mralphabet> some command &
[08:32] <BFTD> so like "& <command>"?
[08:32] <BFTD> ok
[08:33] <mralphabet> if you run bash that puts it into the background, though I don't know if the session close kills it
[08:33] <mralphabet> alternatively you could use screen
[08:33] <BFTD> I want to compile a kernel, which'll take about 5 hours on this system, but I need to do it over a slow internet connection
[08:33] <ScottK> lamont: Mostly I added a test for the PID dir and to add it if missing to the init (since var/run is a tempfs) and changed the default config from a Unix socket to TCP localhost port 8891 to it'll work with or without a chroot and no fiddling.
[08:34] <ScottK> lamont: Also I added info on Postfix integration into README.Debian.
[08:34] <mralphabet> BFTD: use screen
[08:34] <lamont> ok.  so mostly stuff that  needs to be in a debian bug report.  cool
[08:34] <mralphabet> !screen
[08:34] <ubotu> screen is a terminal multiplexer. See http://www.kuro5hin.org/story/2004/3/9/16838/14935 and http://en.wikipedia.org/wiki/GNU_Screen
[08:35] <ScottK> lamont: None of what I changes is actually wrong for Sendmail on Debian though.
[08:35] <ScottK> changes/changed
[08:37] <lamont> ScottK: true enough, but creating /var/run directories is just a good thing to do in the init.d script, regardlesws
[08:38] <ScottK> So I should file a bug in BTS on that you think?
[08:39] <lamont> looks like two severity: wishlist bugs for debian: one for pid dir, and one for localhost switch for chroot happiness
[08:42] <ScottK> The localhost thing is already allowed for in the supplied config file, it's just not default.
[08:43] <ScottK> Maybe ask to have it switched to the default for broader compatibility.
[08:50] <BFTD> hrm, I have ftpd-server installed, how do I ftpd into my server though!!
[08:50] <BFTD> it tells me connection denied
[08:54] <lamont> BFTD: I expect it wants to be configured first...
[08:54] <lamont> I've never used that package though
[08:55] <mralphabet> BFTD: use sftp
[09:01] <BFTD> mralphabet isn't sftp like ssh+ftp?
[09:02] <ScottK> BFTD: Generally, yes, but you don't need to install/configure any extra packages to do it.
[09:02] <BFTD> hrm
[09:04] <ScottK> ssh + ftp - plain text passwords and data streaming across the internet and a few other details.
[09:13] <lamont> ScottK: I use vsftpd wherever anonymous access is desirable
[10:04] <ScottK> lamont: I'm going to wait on filing bugs and such until I get my licensing questions (see ubuntu-devel) resovled.
[10:05] <J-_> http://paste.ubuntu-nl.org/30379/ any ideas?
[10:43] <ScottK> Do you have php-db installed?
[10:49] <J-_> ScottK: No, should I install it?
[10:49] <Innatech> is there a .deb of the binary Intel Pro NIC drivers maintained anywhere?
[10:50] <ScottK> J-_: I know very little about php, but that looks like you are missing a package.  There is a package with php-pear stuff in it.  I think it's php-db, but I'm not sure.  I'd recommend you do some research.
[10:51] <J-_> k thanks
[10:52] <J-_> it's a php pear database abstraction layer
[11:05] <nealmcb>  /join #ubuntu-bugs
[11:15] <soren> Innatech: Not that I know of, no.
[11:19] <Innatech> soren: thanks. 
[11:20] <Burgundavia> hey soren
[11:21] <soren> Burgundavia: Ahoy.
[11:21] <nealmcb> ScottK: are there forwarders that change user-agent?  that would seem odd.
[11:22] <nealmcb> but of course much of the world of email is complicated enough to be "odd" :-)
[11:22] <ScottK> I have no idea.  I have even less idea why someone would care.
[11:27] <Innatech> does apt-get have an option to include recommends w/o changing its .conf?
[11:29] <ScottK> I don't think so.
[11:29] <Innatech> yeah, OK. 
[11:29] <Innatech> thx. 
[11:30] <ScottK> Of course you should also keep in mind that I think lots of things that turn out not to be true;-)
[11:33] <soren> Innatech: apt-get -o APT::Instll-Recommends ought to do it?
[11:33] <soren> Innatech: The trick being that you have to spell Install correctly, though.
[11:33] <Nafallo> but correctly spelled
[11:34] <soren> Nafallo: Quite :)
[11:34] <Innatech> oh, nice. I forgot about -o . Thanks!
[11:34] <soren> Innatech: Any time.
[11:36] <soren> ScottK: *g*
[11:40] <lamont> ew
[11:40] <lamont> ScottK: ^^'
[11:43] <ajmitch> good day
[11:44] <Taco|king> hey
[11:44] <ajmitch> soren: I see you stuffed storm into gutsy already
[11:45] <Nafallo> ehrm
[11:45] <Nafallo> not my storm I hope :-)
[11:45] <Nafallo> http://home.nafallo.info/pics/animals/storm.jpg
[11:46] <soren> Nafallo: That's the one. :)
[11:46] <Nafallo> :-P
[11:46] <soren> ajmitch: Yeah. Go me! :)
[11:46] <ajmitch> yeah
[11:46] <Taco|king> je looks like a cloud.....thats awesome
[11:46] <Taco|king> he*
[11:46] <Nafallo> :-)
[11:47] <Taco|king> my laptop hates me and linux
[11:47] <Taco|king> :(
[11:51] <ajmitch> hm, a section about declining membership for the server team - I probably wouldn't qualify for it now
[11:52] <ScottK> If you got the message, you qualify.
[11:52] <ScottK> Since currently the only qualification is to be subscribed to the mailing list.
[11:54] <ajmitch> nah, it's more than that
[11:55] <ajmitch> or it should be soon :)
[11:56] <Innatech> so, the e1000 drivers want the kernel source to compile against. Do I install linux-source or linux-source-2.16.15
[11:57] <Innatech> or does the former just point to the latter?
[11:59] <ajmitch> linux-headers-$(uname -r)
[11:59] <ajmitch> should hopefully be enough for that module
[12:00] <Innatech> ah, nice. 
[12:00] <Innatech> thanks. 
[12:08] <nealmcb> ajmitch: Does server team membership include extra permissions?   What are you thinking in terms of membership requirements?
[12:08] <soren> ajmitch: Currently, all you get is a shitload of bug mail.
[12:09] <soren> nealmcb: ^^
[12:09] <nealmcb> :-)