[04:21] <ph1zzle> DustWolf: fact of the matter is, thats not a standard thing to happen in ubuntu, nor does it have to do with the route cache, there is software that is autobanning them, now it can be something that is just in a cron script that the other "root"
[04:21] <ph1zzle> guy you mentioned added it
[04:21] <ph1zzle> or it can be one of dozens of apps that do exactly what fail2ban does
[04:24] <ph1zzle> do a DustWolf =>
[04:24] <ph1zzle> ps -A -o command | sort -u
[04:25] <ph1zzle> that command will show you all processes running
[04:25] <ph1zzle> sudo crontab -l
[04:25] <ph1zzle> that command will list the root crontab
[04:26] <ph1zzle> and if that doesn't work, and maybe it's not the every ten minutes, maybe it's hourly, then check /etc/cron.hourly
[05:14] <rinman> I have just installed SSL for apache as by the ubuntu tutorial, but now when I try wgetting the page i get "ERROR: certificate common name `s.p10.hostingprod.com' doesn't match requested host name `my.host.com'". What didn't I do or did wrong?
[05:14] <rinman> I created my own certificate btw
[05:16] <ScottK> If you didn't use your hostname as the common name when you created it, that's what happens.
[05:18] <rinman> mkay, will try that, thx!
[05:20] <halcyonCorsair> hi, i'm trying to install ubuntu 6.06 server onto an HP DL140 G3 with an LSI SAS RAID controller, but the 2.6.15 kernel doesn't seem to support SAS, and the partitioner can't find any drives, is there any way I can somehow install 6.06 but use a later kernel or something?
[05:21] <ScottK> Not and have it be supported.
[05:21] <ScottK> Ubuntu is getting close to releasing a 6.06.2 and newer hardware support is the primary reason.
[05:22] <ScottK> I'd ask here during the week if your hardware will be supported.  The people that would know are rarely here during the weekend.
[05:24] <halcyonCorsair> geh, its monday here... :(
[05:24] <halcyonCorsair> is there a solid timeline on 6.06.2?
[05:24] <halcyonCorsair> either way, i need this reasonably quickly, so support or no, is it possible?
[05:25] <Kamping_Kaiser> hm. .2 took sits time
[05:26] <ScottK> halcyonCorsair: Why 6.06?  If you are going to do something that doesn't get LTS supported, why not try Feisty?
[05:26] <ScottK> Most of the relevant people work in Europe, so standard working hours there.
[05:27] <halcyonCorsair> ScottK: 6.06, because its currently our preferred platform for all our servers, and we want it to be as standardised as possible
[05:27] <ScottK> Ah.
[05:28] <ScottK> If I were in your position, I'd try Feisty and if it works, ask about if you hardware will be supported in 6.06.2.
[05:29] <rinman> scottk: if i wanted to use the same crt for a bunch of subdomains, would it be possible to set it to just domain.com rather than svn.subdomain.domain.com and still get it to work?
[05:29] <ajmitch> the kernel team did have something planned for driver backports, I'm not sure of its status though
[05:30] <ScottK> rinman: I think, but am not sure, that you need to roll one cert per domain.  I've never had to do it, so that may be wrong.
[05:30] <halcyonCorsair> i did see a mention of a 2.6.15-50 kernel...is there any way I can install using that? (i don't know what the process would be to install to a kernel other than the one on the cd)
[05:30] <ajmitch> you can have an ssl certificate for *.domain.com
[05:30] <ScottK> rinman: What ajmitch said.
[05:31] <rinman> oki, so should i write .domain.com, *.domain.com or just domain.com as the common name?
[05:31] <rinman> =)
[05:32] <ScottK> halcyonCorsair: I don't either.
[05:32] <ajmitch> I believe domain.com vs *.domain.com are different
[05:32] <halcyonCorsair> hmm
[05:33] <ScottK> halcyonCorsair: The extremely painful way to do it would be to install a later working system (e.g. Edgy or Feisty), install the older kernel and then downgrade everying.  Not sure if it's actually possible.
[05:34] <rinman> ajmitch: sorry, but was that an answer? =)
[05:34] <ajmitch> rinman: in a sense
[05:34] <ScottK> I think it was.
[05:34] <ajmitch> latest 2.6.15 kernel I see is 2.6.15-28.57
[05:34] <ScottK> rinman: Based on ajmitch's sense of an answer, I'd try *.domain.com and see how it works.
[05:34] <ajmitch> or not, that's security
[05:35] <ajmitch> 2.6.15-50.61 is in -proposed
[05:35] <halcyonCorsair> its a shame i couldn't use a usbstick to load a new kernel while running
[05:35] <ajmitch> kexec would be useful there
[05:37] <ajmitch> 2.6.15-50.61 doesn't appear to have anything helpful in its changelog
[05:37] <halcyonCorsair> i might have to go as high as 2.6.20
[05:38] <ScottK> That's the Feisty kernel, so at least it's available in a release and not just in the developmental version.
[05:38] <halcyonCorsair> hmm
[05:39] <halcyonCorsair> ajmitch: i think its the fusion mpt sas driver
[05:42] <halcyonCorsair> ok, so i'm gonna try installing feisty for the moment
[05:42] <halcyonCorsair> is there any particular advantage to a separate /boot partition when using xfs for the main partition?
[05:42] <ajmitch> https://bugs.launchpad.net/ubuntu/+source/linux-source-2.6.15/+bug/37452
[05:42] <ubotu> Launchpad bug 37452 in linux-source-2.6.15 "fusion mpt sas driver does not find a RAID1 disk during installation(Sun Galaxy X4200 and X4100, Dell SASR5/i)" [High,In progress] 
[05:43] <ajmitch> probably not, as grub should read xfs without any issues
[05:44] <halcyonCorsair> ajmitch: yeah i found that before, just working my way through the links in the comments
[05:44] <ajmitch> some tedious workarounds in there
[05:44] <halcyonCorsair> is there any advantage to a separate boot partition with the main partition being xfs on lvm?
[05:45] <ajmitch> yes, grub can't handle lvm
[05:47] <halcyonCorsair> good to know
[05:47] <rinman> yay, it worked! thx a lot!
[06:04] <halcyonCorsair> ok....so like...how different from 6.06 is 7.04?
[06:09] <ScottK> halcyonCorsair: This is for server, right?
[06:09] <halcyonCorsair> ScottK: yeah
[06:10] <ScottK> The biggest thing you will immediately notice is that mounts are done by UUID instead of device name.
[06:10] <ScottK> Upstart is used instead of the traditional Sys V init system, but it has a compatibility layer, so you may not even notice that.
[06:11] <halcyonCorsair> ScottK: will be switching from mawk to gawk, using bind9 for dns, squid, dhcp3-server, and our own custom software
[06:11] <halcyonCorsair> hmm, upstart.... >:( i hope so....i don't want to rewrite our init scripts again....
[06:11] <ScottK> Oh, one other big thing is the default shell switches from Bash to Dash, so no mor Bashisms.
[06:12] <ScottK> You shouldn't have to.
[06:12] <ScottK> mor/more
[06:12] <Kamping_Kaiser> mounts by uuid is iky :(
[06:13] <halcyonCorsair> ScottK: i think i need the crazy-mad bash stuff
[06:14] <ajmitch> your initscripts are full of bashisms?
[06:14] <ScottK> '/bin/sh is a symlink, so you can change it.
[06:15] <ScottK> Kamping_Kaiser: Why?  It's the only thing that actually works reliably with mutliple SATA/RAID drives.
[06:15] <halcyonCorsair> ajmitch: well....sec
[06:15] <Kamping_Kaiser> ScottK, because its unreadable (by me). /dev/sda i can read [15 character string]  i cant (or write)
[06:16] <ScottK> Agreed, but unless you want random failures on reboot, for systems with multiple drives, it's the only way to fly.
[06:17] <Kamping_Kaiser> yea. quite probably :(
[06:17] <ajmitch> Kamping_Kaiser: so use LVM on top & don't worry about it
[06:17] <Kamping_Kaiser> ajmitch, potentially the first thing i've heard that makes me like the sound of lvm, but i dont like the 'one drive dies, you loose all' bit that i've herad of
[06:18] <ajmitch> so use LVM on RAID :)
[06:18] <halcyonCorsair> what are the chances of this working in dash?: http://rafb.net/p/R9j5P643.html
[06:18] <ajmitch> or a separate volume group per drive, if you're that way inclined
[06:19] <ajmitch> my eyes...
[06:21] <halcyonCorsair> thats what happens when you get help from #bash....i know what it does, and mostly how it does it, but.....its a monster nonetheless
[06:22] <Kamping_Kaiser> i usually do pretty welll out of #bash
[06:25] <halcyonCorsair> heh :)
[06:25] <halcyonCorsair> greycat forever!
[06:25] <Kamping_Kaiser> hehe
[09:09] <kraut> moin
[09:09] <Kamping_Kaiser> hi
[09:10] <coNP> guten morgen, kraut
[09:10] <kraut> morning coNP
[11:04] <Kamping_Kaiser> how many levels deep can a sub domain go?
[11:06] <soren> Kamping_Kaiser: Many. Why?
[11:08] <Kamping_Kaiser> soren, i was thinking of writing a bind config file, but found a script my mate wrote to automate the job (to a degree). took a look, and it only allows 3 levels from root sub.domain.ext.cc
[11:09] <Kamping_Kaiser> so i was wondering if you could only do 3, or if that was a limit of the script
[11:10] <soren> Kamping_Kaiser: Oh, you can do plenty more than three.
[11:10] <soren> Kamping_Kaiser: Hang on, I'll look it up.
[11:10] <Kamping_Kaiser> oh, cool. thanks.
[11:11] <maswan> you can have max 256 chars in the whole name, and any number of dots
[11:11] <soren> Kamping_Kaiser: the maximum number of characters in an fqdn is 255. Each element in it can be max 63 characters.
[11:11] <maswan> well, 255, close enough. :)
[11:11] <soren> maswan: 256 with the final ., yes.
[11:11] <Kamping_Kaiser> hehe. thanks both.
[11:12] <Kamping_Kaiser> so up to 128 parts *grin*
[11:12] <maswan> just look at the reverses for ipv6 addresses...
[11:12] <maswan> (not _quite_ the same, but the same mechanics pretty much)
[11:12] <maswan> 7.3.1.0.0.0.0.0.0.0.0.0.0.0.0.0.8.1.0.2.e.0.0.0.0.b.6.0.1.0.0.2.ip6.arpa domain name pointer tutankhamon.acc.umu.se.
[02:49] <spiekey> hi
[02:50] <spiekey> i have install ubuntu LTS on a DQ965GF intel board.
[02:51] <spiekey> After a reboot i only get: GRUB _
[02:53] <spiekey> it seems to work with SuSE ;)
[02:54] <ScottK> spiekey: It should work on the current Ubuntu release (Feisty) too.
[02:55] <spiekey> same problem with Feisty
[02:55] <ScottK> Hmmm
[02:56] <ScottK> Do you have any IDE devices?
[02:58] <spiekey> during the installation?
[02:58] <ScottK> Yes.
[02:58] <ScottK> Different 965 variants have one of two different IDE controllers (non-Intel) on them.
[02:59] <ScottK> One has been problematic on kernel support and the other hasn't.
[02:59] <ScottK> All of the 965 install problems I've seen relate to that.
[03:00] <ScottK> On pure SATA systems that don't use the IDE controller, it generally installs fine.
[03:00] <spiekey> yes. i had. sda and sdb
[03:00] <ScottK> How about the CD/DvD?
[03:01] <spiekey> one moment, i will reinstall again.
[03:05] <nandemonai> Sounds like the jmicron issue I came across, not that it will probably help but I had a similar issue on Asus P5B, updated the Bios and it's ok now.
[03:07] <nandemonai> Actually while I'm here, has anyone got Ubuntu to install on an old Compaq Proliant server? So far all I've got to boot is Centos/RH. I'm thinking it's either a RAM or Raid issue. The installer just kaputs trying to load the kernel.
[03:28] <spiekey> ScottK: DVD is sr0. Could thta be correct?
[03:28] <spiekey> the others are sda and sdb for sure
[03:32] <ScottK> spiekey: I'm not sure at all.  I don't recall having seen that before.  I don't actually have a 965 (my newest is a 945).  My CD on that box is /dev/hda        /media/cdrom0   udf,iso9660 user,noauto     0       0
[03:48] <spiekey> ScottK: if we send you a 965, will you fix it for us? :D
[03:52] <soren> Did someone say free hardware?
[04:00] <spiekey> ScottK did! :D
[04:08] <ScottK> spiekey: soren would be a better bet than me.
[04:09] <soren> ...to be on the receiving end of a free hardware transaction? Sure. Bring it :)
[04:10] <spiekey> hehe, its not mine anyway :P
[04:19] <ScottK> soren: Would you have a moment to review http://revu.tauware.de/details.py?upid=105.  It's a pretty simple Python C extension for the Sendmail Milter protocol.  I'm pretty sure it's good to upload, but need a MOTU ack since it's new.
[04:31] <soren> ScottK: I believe cdbs automatically install README without you having to list it in docs.
[04:31] <ScottK> OK.
[04:32] <ScottK> I'm trying that now.
[04:32] <soren> At a glance, it looks ok. Gimme a few minutes.
[04:33] <ScottK> Sure
[04:34] <soren> Wow. It took a whopping 8 seconds to build :)
[04:35] <coNP> Thanks soren, even in advance :)
[04:37] <ScottK> Yeah.  There's not much to it.
[04:39] <ScottK> soren: It should pick up libmilter1 as a dependency through shlibs:depends.
[04:39] <ScottK> soren: If you can start Python and "import milter" without error it's working.
[04:39] <soren> ScottK: Sure, got it.
[04:39] <soren> Just one more thing I want to check. Hang on.
[04:40] <ScottK> OK.  You were correct about README.  I have a revised upload prepared.
[04:43] <soren> ScottK: The build-dep on python-all-dev should be "(>= 2.3.5-11)", I believe.
[04:44] <soren> Also, shouldn't there be a XB-Python-Version: ${python:Versions} ?
[04:45] <ScottK> soren: debian/pyversions takes care of both of those I believe.
[04:45] <soren> ScottK: No, not exactly.
[04:45] <ScottK> No?
[04:46] <soren> ScottK: The former is needed for pyversions (the script) to do the right thing (or something like that).
[04:46] <soren> ScottK: The latter is needed, and in the absence of debian/pyversions, it will be used in its place.
[04:46] <soren> ScottK: Did that make sense?
[04:46] <ScottK> Yes.
[04:46] <soren> "Note: if there's no debian/pyversions, dh_pysupport will try to use the XS-Python-Version field to find out the list of supported versions."
[04:47] <soren> http://wiki.debian.org/DebianPython/NewPolicy
[04:47] <ScottK> I'll add the python-all-dev versioned dependency.
[04:47] <ScottK> Right.
[04:47] <ScottK> So python-all-dev (>= 2.3.5-11) is what I need to add.
[04:48] <soren> Er... Oh, I'm messing things up here.
[04:48] <soren> XB-Python-Versions *is* needed, but the quote above is unrelated to that, actually.
[04:48] <ScottK> So what's the point of debian/pyversions then?
[04:49] <ScottK> I had a delivery arrive just now.  I'll be back in a couple of minutes.
[04:51] <soren> debian/pyversions specifies which versions of python the package is compatible with.
[04:51] <soren> python-{support,central} extracts this info and creates a substitution variable that can be put in debian/control, namely ${python:Versions}. That's how I understand it.
[04:56] <soren> ..so add the XB-Python-Versions, and I'm happy.
[05:00] <ScottK> OK.  Will do.
[07:43] <ScottK> soren: I got called away by a bit of a family crisis.  I'm back and I'll get it straightened out and re-uploaded.
[07:50] <soren> ScottK: Cool.
[07:50] <ScottK> soren: Any chance you can hang around long enough for me to dput this so you can advocate it....
[07:52] <ScottK> soren: Tested and uploaded.
[07:52] <soren> ScottK: Yeah, this feels like on of those days, where "taking off" means leaving my basement office and going back to work in the living room with my laptop. :)
[07:52] <ScottK> Ah.  OK.
[07:52] <ScottK> I understand how that is.
[07:55] <ScottK> soren: http://revu.tauware.de/details.py?upid=110
[07:55] <soren> ScottK: You forgot the XB-Python-Versions (for the binary packages). It's a bit silly as changing the XS-Python-version to XSB-Python-Version really ought to do it, but the wiki page says to add it.
[07:55] <ScottK> Ah. Frick.  OK.
[07:56] <soren> Ah, no.
[07:56] <soren> It's not the same.
[07:56] <soren> You set XS-Python-Version manually, but XB-Python-Versions should be set to ${python:Versions}
[08:00] <soren> ...and into the livingroom.
[08:00] <soren> ScottK: Just ping me whenever.
[08:14] <ScottK> soren: How about http://revu.tauware.de/details.py?upid=112
[08:20] <soren> ScottK: Commented.
[08:20] <soren> ScottK: by the way: http://www.debian.org/doc/packaging-manuals/python-policy/ch-module_packages.html#s-specifying_versions
[08:22] <ScottK> soren: Thanks.  Urgh.  This what I get for trying to package and pack for a business trip at the same time.  Thanks for your patience.
[08:23] <soren> ScottK: Oh, don't mention it.
[08:26] <ScottK> soren: How about http://revu.tauware.de/details.py?upid=114
[08:27] <soren> Advocated
[08:27] <ScottK> Thanks.
[08:29] <ScottK> soren: Uploaded.  Thanks again.  See you in a few days...
[08:31] <soren> Sure thing. Have a nice trip.
[09:09] <keescook> soren: would you happen to have a chance to do the vim merge?  I'd like to get current debian into gutsy -- it has a minor security fix in it.
[09:10] <soren> keescook: Will tomorrow be ok or is it urgent in any way?
[09:10] <keescook> soren: not urgent at all, just wanted to ping you about it
[09:10] <soren> keescook: Sure, no problem.
[09:11] <keescook> cool, thanks.
[09:43] <mwh_> Hi, just installed ubuntu-server
[09:44] <mwh_> during the install, I couldn't setup the network ... the network works manually .. but how can I configure it now permanently in an easy way?
[09:44] <mwh_> is there a console ncurses tool I can use to enter the ssid and key for my wifi net?
[09:45] <infinity> man 5 interfaces
[09:45] <mwh_> Or do I have to update /etc/network/interfaces manually?
[09:45] <ubuntu-jeff> It sounds like you don't have DHCP setup on your networking equipment
[09:45] <mwh_> it works well with dhcp
[09:45] <mwh_> no problem
[09:46] <mwh_> I just do an iwconfig ... then dhclient .. and it works
[09:46] <mwh_> I would like to have that set in stone though ;)
[09:46] <ubuntu-jeff> what release are you using?
[09:46] <mwh_> the latest stable
[09:46] <ubuntu-jeff> ok
[09:46] <infinity> Do I want to know why you have a server that's connected with wireless?  Probably not, right? :)
[09:46] <mwh_> ha ha
[09:46] <infinity> Anyhow, you can configure your ESSID in /etc/network/interfaces.
[09:47] <infinity> The manpage is very friendly about the whole thing.
[09:47] <mwh_> yes .. I know
[09:47] <mwh_> though I was still wondering why there isn't a handy tool for setting it up
[09:47] <infinity> If your wireless NIC had been found at install, d-i would have let you configure it then too, but you may have skipped that bit if you had a wired network too.
[09:47] <mwh_> while there is one during the installationprocess
[09:47] <ubuntu-jeff> Yeah, setting up a server with a Wireless connection is (a) a security hazard and (b) performance will always suck.
[09:48] <infinity> No need for a tool, really, the config file is easy enough to understand...
[09:48] <mwh_> btw, how does ubuntu behave when the wifi connection goes away for a time and comes back .. will it automatically pick up where it left?
[09:48] <infinity> We have tools for GUI users, but (puts on his elitist jerk hat), a sysadmin that can't figure out interface(5) won't get much further with his system, IMO.
[09:49] <infinity> It should keep the association, in general.
[09:49] <mwh_> infinity, sure its easy .. though it would be super easy just to run a curses program
[09:49] <mwh_> okay
[09:49] <infinity> Yes, but it would be super-pointless for me to WRITE a curses application, since the config file is easy.  See? :)
[09:49] <infinity> If it's an itch someone cares to scratch, they may.
[09:49] <ubuntu-jeff> Dose anybody know if ifolder will be available in the Universe repositories for 7.10 Gutsy? I know of some people who claim to have gotten it working, but only on 6.06.
[09:51] <mwh_> infinity, well .. its an old discussion :)
[09:59] <ubuntu-jeff> Do any of you have a solid understanding of Samba3?
[10:02] <mathiaz> ubuntu-jeff: you'd better ask your questions
[10:02] <mathiaz> ubuntu-jeff: someone may have enough understanding of samba3 to help you
[10:04] <ubuntu-jeff> ok
[10:04] <ubuntu-jeff> well...
[10:05] <ubuntu-jeff> If I setup a SAMBA share with Read (or Read Write Permissions) to /mnt/smb/data
[10:05] <ubuntu-jeff> Which is it's own partition (single hd, raid, not relevant for the question)
[10:06] <ubuntu-jeff> Then I set the noexecute option for /mnt/smb/data
[10:06] <ubuntu-jeff> in fstab
[10:06] <ubuntu-jeff> will that prevent the Windows XP/2k clients
[10:06] <ubuntu-jeff> from executing code (.exe's) stored on the server, available on the share?
[10:06] <mralphabet> ubuntu-jeff: no
[10:07] <ubuntu-jeff> Or will that only prevent Unix users, telnet / ssh'ed into the server from executing code in /mnt/smb/data?
[10:07] <mralphabet> ubuntu-jeff: windows copies the file to the windows client and executes it out of /userdata/temp/
[10:07] <ubuntu-jeff> damn
[10:07] <ubuntu-jeff> so
[10:08] <ubuntu-jeff> Even though my nice shiny Ubuntu server is immune to viruses itself, it could become the typhoid marry of the network, if enough users make use of an infected file?
[10:08] <ubuntu-jeff> Even with noexecute set in fstab?
[10:09] <mralphabet> if they do not have write access to the share, the clients can't write back to infect files on the server
[10:10] <ubuntu-jeff> ok
[10:10] <ubuntu-jeff> thanks
[10:10] <mralphabet> this isn't a "ubuntu fails" type question (and I know you weren't going to say that) but this is a standard file serving issue
[10:11] <infinity> ubuntulog: noexec can never stop anyone from executing code anyway.
[10:12] <infinity> Err.
[10:12] <infinity> Sorry, ubuntulog.. You got tab completion when the other dude left. :P
[10:26] <Alpha232> :Can I tune the arp cache size? i'm getting "Neighbour table overflow" errors, or an easy way to flush as  ip neigh flush dev eth0 doesn't work.