[00:17] so i'm using ubuntu server for the first time, i like it a lot... but how different is it from debian? (which i've never set up) [00:17] how hard would it be to create an Ubuntu mirror of torrents, and how much bandwidth would it suck up? [00:18] lydgate: development focus is a key difference. Ubuntu Server is designed to be easy to setup and administer [00:18] J-_: I don't know what you are getting at? [00:18] are you talking about mirroring ubuntu isos or illegal content? [00:18] ubuntu isos [00:18] if it's possible [00:18] running any torrent client will do that [00:18] why would I mirror illegal content? [00:19] that's the whole point of torrents [00:19] if you set it up properly you're uploading [00:19] the client will allow you to determine how much bandwidth is used [00:19] cool [00:20] I just have a server that I really have no use for anymore(I hosted a blog) and don't really want to anymore since it's a waste. I can do it elsewhere for free like wordpress, etc.. [00:20] Burgundavia: interesting. i'm coming from slack/arch to it, and i do find it very easy... but a friend who uses all debian servers asks why i would use ubuntu [00:20] J-_: and you have ssh access? or what? [00:20] lydgate: yep [00:20] J-_: it is pretty easy, but the question about bandwidth can be answered this way: try it [00:21] if you are seeding off the main seeds, you are likely to get a great deal of traffic [00:21] then just get ctorrent (bad) or rtorrent (good) and leave it running [00:21] lydgate: a lot of the work ubuntu does builds off what debian does [00:21] they do great packaging of individual apps [00:22] kinda blows my mind "illegal content" was ruptured when I asked. [00:22] that is a large use of bittorrent [00:22] and having never met you, given you just joined the channel, I had to ask [00:25] heh besides it's o4o, and probably against the CoC and also noting the ubotu piracy factoid. [00:26] Burgundavia: yeah, I'm finding the ability to apt-get (almost) everything is what makes it all easy [00:26] in arch or slack you still end up compiling a lot of stuff [00:26] which is fine sometimes [00:26] just depends what you want to do i guess [00:34] lydgate: http://www.youtube.com/watch?v=F6L51uZjaZU :) [00:37] hehehe [00:37] win [00:37] although in our office, we'd more likely be playing Office Cricket. [00:38] which involves cricket, and office chairs [00:39] lydgate: IMO the big difference between Ubuntu and Debian on servers is that ubuntu-server is largely a stabilized version of the Debian development branch and so if you need stuff not in the Debian stable release, ubuntu-server's a good place to be. [00:39] OTOH, if Debian Stable covers what you need, then it's not a big deal either way. [00:39] fujin: sounds like fun [00:39] our office isn't quite big enough for that [00:40] ScottK: yeah, i like stuff newer than stable typically [00:40] which is i guess why i'm using arch :) [00:40] for my workstation [00:40] is Gutsy using exim now by default, instead of postfix? [00:40] fujin: Ubuntu does not include an MTA at all by default. [00:40] yes, but when you pull a package that requires an MTA of some sort [00:40] fujin: Postfix is the standard MTA for ubunt-server though. [00:41] in feisty it pulled postfix [00:41] It depends on the package you install. [00:41] but, upstairs on a gutsy desktop yesterday I tried to install mailx and it went to pull exim4 [00:42] Most such packages have either exim4|mail-transport-agent if they are straight from Debian or postfix|mail-transport-agent if we've touched them. [00:42] makes sense :) [00:42] So it's a function of whatever package you choose to install first needing an MTA. [00:43] There has been an attempt by soren to get Debian to invent a default-mta package in Debian so derivatives can pick without a lot of hassle to change dependencies. [00:43] It solves this exact use case. [00:43] ah yep [00:43] not sure why debian is so exim-happy [00:43] Exim isn't bad. I'm not a huge fan of it for my needs, but it's not like it's qmail or sendmail. [00:44] that's true [00:44] Both Debian and Ubuntu balance between exim4 and postfix. [00:45] I think usage in Debian is pretty evenly split among developers [00:45] Here Postfix and Exim4 are both in Main (Sendmail is in Universe). [01:00] ScottK: debian policy says that you depend on the standard-pri package, or virtual-package. in debian, taht's exim4, not postfix. [01:00] in ubuntu, it's postfix, and several packages are "incorrect" in depending on exim4. [01:00] hrm.. that reminds me, I need to review and upload default-mail-transport-agent so we can sync it. [01:00] * lamont goes to fetch kids [01:11] lamont: Yes. I know. [01:22] lamont: Did you ever grab that package I posted a link to? [02:18] Hello all .. Is there a good way to watch my server's data via something like Munin? I "tried" Gkrellm but I'm not sure how to get it to display on my client from the server .. Nagios? I see it but I can't figure out how to "use" it .. ideas? [02:19] data like CPU temps, Network data, and of course loads... [02:20] Why are you looking for something like munin instead of just using munin? [02:20] soren: Munin works good and I use it. but it doesn't monitor cpu temps . [02:21] * NineTeen67Comet Munin monitors all my computers via my server. [02:27] I'm certain you can configure munin to use lm_sensors? [02:28] yes, indeed [02:28] sensors will let you monitor through stuff through lm-sensors [02:28] fujin: I'll go check on that .. I have lm_sensors installed already .. [02:36] Looks like my mobo/cpu is too old to have built in sensors .. sa-la-vi I guess .. :( [02:38] Sounds like I have a good reason to "upgrade" my server .. hehehehehe [02:39] how difficult is it for me to setup some sort of local smtp server so I can send msgs without needing someone elses smtp. [02:40] apt-get install postfix [02:40] dpkg-reconfigure postfix [02:40] * NineTeen67Comet e-mail has always kicked my butt, called me a sissy and told me to go play darts with water baloons .. [02:41] the dpkg wizard in postfix will point you in the right direction [02:41] 'wizard'? :P [02:41] fujin: cool, so postfix is the way to go ? [02:41] well [02:42] it's kidn of like a vi vs. nano debate, right? [02:42] you could pick postfix, exim, sendmail, qmail [02:42] whatever.. [02:42] postfix is easy, and the dpkg configuration will get you up-and-running, delivering mail with no hassel at all [02:42] fujin: well...the way i understand it, exim isnt at stable, and qmail has a bad license. [02:42] so postfix must be the way to go. [02:42] Postfix is nice. [02:44] fujin: No configuration Internet Site Internet with smarthost Satellite system Local only [02:45] In who's world is exim "not stable"? [02:45] I think Internet Site is what I want [02:45] osmosis: read what it says! [02:45] internet site delivers and receives mail directly (via DNS MX records) [02:45] internet site with smarthost receives mail directly, but delivers through another server (relay) [02:46] satelllite system doesn't receive mail at all, it only delivers through a relay [02:46] and local only is for user->user (i.e.; cron) mail [02:52] fujin: cool [03:15] <_ruben> and qmail got stripped of its bad license as well .. at last [03:19] shame it's terrible anyway. [03:19] == fujin ... [03:22] anyone have any idea why mysql wouldn't install /etc/mysql/my.cnf or /etc/mysql/debian-start/ when I use apt-get install? [03:24] mysql is a metapacakge I think? [03:25] you want mysql-server-5 or similar [03:26] so, apt-get install mysql-server-5 ? [03:34] <_ruben> fujin: once you set a ton of patches loose on it, it's actually not so bad imo [03:34] J_5: something liek that [03:34] _ruben: vs. no-patches Postfix? :) [03:37] <_ruben> fujin: i wasnt saying its perfect ;) .. but i also must admit i havent given postfix the ammount of attention it might deserve .. we've been using qmail for ages, and that's im used to work with now [03:37] as is the way with most engineers/admins :) [03:38] <_ruben> guess so yeah :) [03:39] <_ruben> and this admin is sitting at home .. at 4:38am .. waiting for a customer to give a green light to complete their migration between 2 enviroments .. *sigh* :P [03:39] agh [03:39] hate that [03:41] <_ruben> if i had known it would take this long i might had concidered getting some shut-eye for a bit [03:47] is it a good idea to apt-get dist-upgrade on a new install before I start reinstall my packages? So it doesn't mess anything up after I have everything installed and running? [03:50] <_ruben> it shouldnt really matter at what stage you'd do it .. doing it first shouldnt do any harm [03:51] I generally do it straight away [03:51] after installing [03:51] especially as we're still in Feisty's life cycle here. [03:53] ok thanks. I ask, because I did this the other night and then mysql stopped working after that. my i am a noob, so it my be me :) [03:54] this is my thrid reinstall..i'm getting pretty good at that part lol [03:58] Greeting.. I have a gutsy server which 'kind of' hangs on reboot at 'starting syslog' stage. [03:58] install syslog-ng! :D [03:58] Has anyone seen'heard of this sort of thing? [03:59] fujin: Is this a well known issue? [03:59] no idea [03:59] I always replace the ubuntu standard syslog with -ng [03:59] as I'm more familiar with it and prefer it [03:59] I kill 'syslogd' and then everything else continues to load. [04:02] pschulz01: can you start syslogd after you've booted the system? [04:10] Whan I try and restart by hand (/etc/init.d/syslogd restart) I get 'syslogd: Unknown priority name 'exec' [04:10] The odd thing is that this is only on the console.. [04:11] pschulz01: mmm... it smells like a config issue. I found this: http://www.freebsddiary.org/syslog.php [04:11] Ahh.. [04:11] Running it from an ssh session causes it also to be displayed on the console. [04:11] pschulz01: it may be a tabs v. spaces thing in your config file [04:11] (not to the ssh window) [04:13] ha ha! somer.. you are a genius! [04:13] Trailing '/' on one of the options [04:13] pschulz01: heh... it happens [04:14] Located just after the line '# Modified by x' [04:14] Where x is going to receive some counciling sortly. [04:14] shortly. [04:15] heh... least they documented who made the change [04:15] It was followed by '# This didn't work.' [04:15] lol... that's pretty awesome [04:16] why does it ask me to cd everytime I use apt-get now? Can I change this? The most up to date packages are not on the CD, correct? [04:16] <_ruben> comment out the line in /etc/apt/sources.list [04:17] oh ok, thanks [04:23] Kamping_Kaiser: Ping [04:50] sommer: I spoke to soon.. my syslog problem is still there. (Although the error message ehas not gone away.) [05:05] How do I reinstall a package and force it to replace the config files with their default packaged files? [05:06] Something like 'apt-get install --reinstall ' appears to work.. but does it replace the default files? [05:08] pschulz01: you can 'sudo apt-get remove --purge && sudo apt-get install ' [05:12] antdedyet: Unfortunaely there are a lot of other packages that depend on sysklogd and klogd. [05:12] Hmm.. maynbe apt-get install --purge --reinstall [05:14] pschulz01: I'd disclose my practice of 'sudo dpkg --purge --force-all && sudo apt-get install ' but it should be handled with care. :) [05:15] That last one is probably the reason Ubuntu wants to hide the command-line. [05:16] antdedyet: In what way does Ubuntu hide the command line? [05:19] ScottK: well ... Debian doesn't come with X! :) [05:20] antdedyet: ubuntu-server doesn't either. [05:20] antdedyet: Notice which channel you're in. [05:20] ScottK: I'm sold on Ubuntu (even to the point of spooling out a few servers based on it), you won't have to lecture me. :) [05:20] antdedyet: Fair enough. [05:24] The only thing left in my house that isn't Ubuntu is an u2w SCSI disk separated from a controlling motherboard with Debian installed since slink. [05:25] any servers going into my colo space will be Ubuntu server. [05:28] Cool. I wouldn't mess with that one either. [05:30] Now I'm really confused!!! [05:31] nice to meet you ScottK ... you have an amazing resemblance to someone that wrote a web based SPF query tool I was using earlier this afternoon [05:31] pschulz01: about? [05:32] antdedyet: Interesting. It's a small world. Glad you found it useful. [05:32] I remove (rename) /etc/rc2.d/S10sysklogd and the system boots.. other than syslog not running.. but if I rename it to S12syslogd .. just to put it after S12dbus then the system halts on the scripts after that.. [05:32] which is bind [05:35] This is just nuts. [05:39] pschulz01: Why are you moving it to S12? [05:40] ScottK: 'cause it doesn't work at S10 [05:40] OK. Mine's at S10 and working. [05:40] Mine's also at S10 and working. [05:40] So whatever your problem is, I don't think that's it. [05:41] ScottK: System is hanging on bootup, at the S11klogd.. if I stop sysklogd manually then book progresses and completes. [05:41] antdedyet: I have 10 other machines that work as well :-/ [05:41] OK. I don't know what your problem is, but I really think moving the init scripts around is barking up the wrong tree. [05:42] ScottK: (1) I know that leaving out sysklogd from the boot sequence allows the system to boot. [05:43] (2) I need start sysklogd at some stage. [05:43] (3) I would really like ot ge tto the bottom of this :-) [05:45] will sysklogd start after the system boots if you manually run 'sudo /etc/init.d/sysklogd start' ? [05:46] Yes, that the time after you have disabled the init script, but you really should consider learning 'update-rc.d' to handle that for you. [05:48] s/that/that's [05:50] ScottK: Things would have been much better if the authoritive dns server for the txt records wasn't tinydns (and also even possibly nicer if the SPF type record was supported) [05:50] Ah. [05:50] antdedyet: Type SPF has virtually zero deployment. I wouldn't sweat it to much. [05:51] I'm trying a syslog.conf file from another machine that I know is working (waiting to reboot).. one hit was that there was a complaint about /dev/xconsole not exisitng. [05:51] We knew it would never get deployed, but adding it was enough to appease the IETF DNS gurus who knew the internet would melt if we didn't. [05:52] I commented that out.. still no luck.. same issue. [05:52] Talk about liking self-induced pain: I was working for DJB based client (qmail, tinydns, daemontools, although, I don't think rblsmtpd is in the mix) that can't send email to hotmail.com/msn.com. That's how I spent the first part of this week. [05:53] Yum. Well no one can send mail to Hotmail reliably unless they are mass marketers who pay to play. [05:54] pschulz01: so the init scripts definately re-installed after the 'sudo dpkg --purge ...' ? [05:54] pschulz01: because my sysklogd init script makes the /dev/xconsole device and prepares it for use [05:55] pschulz01: see create_xconsole() [05:56] pschulz01: (in the sysklogd init script) [05:56] antdedyet: I don't think the init scripts did get re-installed.. conf file certainly didn't/ [05:57] gutsy? [05:59] pschulz01: gutsy desktop ... what have you got? [06:01] antdedyet: It was an alternate install.. had some odd SAS driver to deal with.. DELL 1950 1RU [06:01] pschulz01: also shows up in gutsy server [06:03] ScottK: Maybe the SPF query-type will gain some traction with the IETF in the future now that the statement has been made. [06:04] antdedyet: Maybe, but it's got a serious chicken-egg problem. Particularly as there are brain dead resolvers out there that don't respond at all to queries about unknown types. [06:04] Because of that you have to look up TXT no matter what SPF tells you, so why bother? [06:04] ScottK: I continued to wonder why there wasn't a way to query more sub-types like you can with chaosnet (version.bind is the only example that comes to mind), but my thinking was probably influenced entirely too much on microsoft-ism at the time... [06:04] is there any security risk in running `ssh-keygen` on a remote server? [06:05] lousygarua: For user keys? or server keys? [06:05] antdedyet: Dunno, but the biggest impact is time, not packets anyway. [06:06] lousygarua: No risk at all.. as long as you don't copy private keys around afterwards. [06:06] pschulz01: not sure. i'm setting up a script for remote backups between servers over rsync+ssh. so i'm creating an ssh key on my server remotley because i'm not in office. [06:07] pschulz01: yes it does not sound risky to me i just recalled i read somewhere DONT CREATE KEYS REMOTELY but i might have been sleepy [06:07] lousygarua: How are you connected to the machine? [06:07] lousygarua: No problem at all.. provided you do the key generation on the machine that you plan to login 'from'. [06:07] ScottK: via ssh [06:07] lousygarua: You don't want to be moving private keys over the network. [06:08] lousygarua: If you are using ssh to connect to that remote server that you are running ssh on, you are fine. A pro (although albeit minor) of running ssh-keygen over ssh is that ssh data used xfer contributes to the entropy pool used for generating the new key pair. [06:08] s/used/used for the/ [06:08] lousygarua: OK. As long as it's not telnet or something. [06:08] s/running ssh/running ssh\-keygen [06:09] antdedyet: oh so it's not a REAL problem because i'm not the pentagon [06:10] here's another funny question, i seem to have the old ssh private key, what's the command to generate a public key out of it (rtfmlazy) [06:11] I don't know. <-- rtfmlazy too [06:15] ok well thanks everyone :) [06:16] ScottK: Ah ... I am not yet that familiar with SPF. Today was the first time I had a reason/chance to implement it and from what I read, the visual effects of it publishing a SPF record only keep my senders' emails out of the Junk/Spam Folder of hotmail.com. But I know I'm overlooking the technical advantages of an sysadmin/netadmin of it in this statement. [06:16] lousygarua: ssh-keygen -y [06:16] lousygarua: or some variant of that [06:16] antdedyet: oh cool :) [06:16] lousygarua: ssh-key -y -f priv_key [06:16] prints to STDOUT, methinks [06:16] yeah [06:17] thanks [06:17] np [06:17] antdedyet: As far as Hotmail goes, maybe, maybe not. [06:17] ScottK: There's that too. [06:17] antdedyet: They do lots of strange stuff, so no guarantees. [06:18] antdedyet: As a domain owner, a complete (ends in -all) SPF record is a good way to deter spammers from using your domains. [06:18] ScottK: In a certain way, I really wish people would take the psychological approach of boycotting Microsoft and all it's deritivies. [06:19] antdedyet: As a receiver it's a good way to reject during SMTP (when it's cheap - before DATA even) a class of mail that's almost certainly (~99% in the data I've seen) junk. [06:19] SPF's biggest drawback is that it's complicated and even 99% right isn't enough for some services/companies. [06:19] ScottK: ah, good... I used the openspf.org wizard to create the first records I did today, which included the -all for my bind backed domains and an ~all for the tinydns served ones. [06:20] The biggest resistance I had to adopting SPF early was the availablity of format/syntax documentation. [06:21] antdedyet: Just keep in mind that the wizard is not very smart. It can and will lead you astray. [06:21] The SPF record syntax is just a fancy way to come up with a list of IP addresses that a domain is authorized to send from. [06:22] antdedyet: When you have a choice, what MTA do you use? [06:33] ScottK: I use Postfix for myself and recommend it to as many of my clients as possible when they do a server rebuild/replacement/redesign [06:33] lousygarua, antdedyet huh - that openssh -y option is odd. as far as I know you can't generate a public key from a private key - that would be a huge security issue - instead you generate both at the same time. I'm guessing openssh stores both public and private keys in the private file, and the -y option extracts it rather than regenerating it. [06:34] antdedyet: Yeah. Me too. For SPF checking we've got several policy servers you can use that are easy enough to integrate. [06:35] seems like the man page gets it right and the faq confuses private file with private key [06:35] nealmcb: i know that you can generate public keys from ssl private keys as well with openssl [06:35] nealmcb: so they really save the public key along with the private key somewhere? [06:36] that's my guess - just semantics, but that's a scary way to document it [06:37] maybe mathematically the keys are not the exactly same [06:37] they are opposite sides of the coin, and if you could make the public key from the private key, you could also make the private key from the public key.... [06:37] would would be really bad :-) [06:37] we should consult the high ubuntu mathmeatician [06:38] who? [06:38] * lousygarua looks left and right, and still has no idea [06:39] lousygarua: there is no different in the keys generated that I tested. [06:39] s/keys/public keys [06:39] ? [06:39] s/different/difference [06:40] nealmcb: tested the theory of the generated public keys being different from openssh's -y option with an RSA key [06:40] nealmcb: they were the same except for the comment at the end [06:40] dropped that off and ran diff on it; they came up the identical [06:40] so the public key could definately possibly be stored in the private key [06:41] or less like that my machine doesn't have enough entropy to generate a unique key, eheh. [06:42] ScottK: Are your policy servers open or paid for or available to outsiders at all? # /me surfs to your site again [06:43] Open. [06:43] antdedyet: For Ubuntu you can just apt-get them. [06:43] ScottK: Ahh, I see you are part of the openspf.org site Council and so forth. [06:43] Yes. [06:46] antdedyet: I'd say " public key could definately possibly be stored in the private FILE" [06:46] like the man page says.... [06:46] nealmcb: ah, my mistake. I know now. [06:47] id_rsa is much bigger than id_rsa.pub - so that's my guess [06:51] nealmcb: cool to know [07:00] antdedyet: If you decide you want to install SPF checking for your Ubuntu servers, https://help.ubuntu.com/community/Postfix/SPF [07:00] antdedyet: In general I recommend the Python one as it's more featureful. [07:01] * ScottK is off to bed. [07:03] ScottK: Ahh ... Just as you'd have it I would be installing the postfix-policyd-spf-perl package just because the name says postfix. After further inspection of the python-policyd-spf I see it is also for Postfix. Thanks. Have a good night. [07:03] antdedyet: Yes. I plan to rename the binary package for the Python one. [07:03] Thanks. [07:27] nealmcb: looks like the public key data is stored inside even a pem encoded private key file. === antdedyet is now known as jtraylor === jtraylor is now known as antdedyet === antdedyet is now known as jtraylor === jtraylor is now known as jonathant === jonathant is now known as jtraylor === jtraylor is now known as antdedyet [08:30] how to use scramdisk [09:23] hi i have a ubuntu desktop with apache installed and i can reach it from the localhost but from other computers i can't access it [09:23] susscorfa: you should check 3 things, first if your firewall is not blocking port 80 [09:24] susscorfa: then that apache listens on port 80 and not on 127.0.0.1:80 or something similar [09:24] susscorfa: hmm and that's it. there's also an issue with permissions on a per-directory basis [09:25] susscorfa: but if you get 404 instead of 'permission denied' it's probably one of the first things i mentioned [09:26] ok ill check the firewall first [09:30] ok it is firestarter thx lousygarua just have to find out how to allow port 80 to be allowed [09:31] susscorfa: np, if you need more help ping me [11:36] how to use scramdisk [11:36] how to encryt my hard disk [11:37] i installed scramdisk [11:37] but i dont know how to use [22:53] what do i need to do to install on a sata raid with 6.06? [23:12] install?