[00:00] <owh> Just for fun, I'm not going to have to install X just to compile/run/install vmware-tools am I?
[00:00]  * kgoetz shrug - whats its build deps? :PO
[00:03] <kgoetz> afk. company meeting
[00:03] <owh> Have fun.
[00:51] <kgoetz> hm. company shouting lunch today. i'm on a roll :O
[01:08] <owh> kgoetz: My company shouts me lunch, dinner and breakfast every day.
[01:08] <kgoetz> i'm a contractor, so its good ;)
[01:08] <owh> kgoetz: I wasn't bragging, my company == me :)
[01:09] <kgoetz> owh: hehe :)
[01:10] <owh> kgoetz: Now all I need to do is figure out how to make it an expense :)
[01:11] <kgoetz> *grin* 'ongoing maintainance' ;)
[01:12] <owh> ROTFL
[01:12] <owh> Thanks, I needed that.
[01:13] <kgoetz> its free :p
[01:14] <thomas_newbie__> hey guys :)
[01:15] <owh> Where do I find a single paragraph description of a "valid debian policy compliant version number" so checkinstall will allow me to create a package - I'd like it to reflect reality. The actual version for the code is "1.0.4 build-56528"
[01:15] <kgoetz> thomas_newbie__: hey there :)
[01:15] <owh> Alternatively, how do I mangle that version no?
[01:15] <thomas_newbie__> my teacher suggested to me that I put in something called PAM between my router and my computer
[01:16] <kgoetz> owh: you on oftc? ask #debian-mentors (or read their /topic)
[01:16] <kgoetz> owh: actually, try #ubuntu-motu , and read their /topic :)
[01:17] <owh> phone
[01:18] <thomas_newbie__> kgoetz: hey can i ask you bunch of questiosn
[01:18] <kgoetz> not sure calling them will help
[01:18] <kgoetz> thomas_newbie__: no, but you can ask the channel :)
[01:19] <thomas_newbie__> sorry :S;
[01:20] <thomas_newbie__> anyway um, remember  you were helping me setup my server yesterday and I was saying how I have 2 computers on my internal network, 1 of them hostin web and ssh servers
[01:20] <thomas_newbie__> Now in order for the other to be hijacked or somehow intruded, the intruder has to go through my machine first right?
[01:24] <thomas_newbie__> If the other computer is not running any services, then would a hijacker be able to do something with that computer?
[01:25] <thomas_newbie__> I mean no ports would be open, so I shouldn't worry about somethign going wrong with the 2nd computer. Only mine the ones with the servers......?
[01:25] <kgoetz> afk.
[01:25] <kgoetz> lunch
[01:29] <owh> thomas_newbie__: The *only* way to secure a computer through the network is to physically disconnect the the network. After that, all you're doing is putting policies in place. There is no such thing as a secure computer, just exploits not yet discovered.
[01:39] <wickedrash> k...tape noob here.. I am trying to backup a bunch of my data to a 40/80 DLT with bacula
[01:39] <wickedrash> can anyone help?
[01:41] <wickedrash> hello
[01:48] <owh> wickedrash: You may get a better response if you actually asked a question.
[01:49] <owh> wickedrash: "can anyone help?" does not qualify as a question.
[01:50] <wickedrash> I am having trouble with bacula-web
[01:51] <wickedrash> hello
[01:52] <wickedrash> got a bacula tape backup question.. bacula-web says DB: not found?
[01:53] <wickedrash> the bacula.conf is correct as far as I know
[01:57] <thomas_newbie__> owh: lol obviously i don't want to disconnect it though...I'm just trying to understand how another computer in my internal network that isn't hosting anything can be hacked if I'm hosting a server
[02:01] <owh> thomas_newbie__: My point was that if it's physically connected to the wire that is connected to the net, then technically it's possible that it can be hacked. Is it probable? Well that depends entirely on what's plugged into what and what is configured in which way. I cannot answer that with the information you've provided.
[02:03] <owh> Man I *love* clients who at the end of a five month project want their server back *now*, rather than 72 hours from now when it's finally finished :|
[02:06] <thomas_newbie__> owh: what I'm trying to get at here is, now that I have a server that is accepting incoming connections, what extra security flawls could I have added? How does one intrude an internal network? through the webserver first?
[02:07] <owh> thomas_newbie__: When packets arrive from the outside world they can be crafted to look like they're internal, thus creating the illusion of local traffic. This may then be used to gain access.
[02:07] <thomas_newbie__> owh: gain access to what? MY computer FIRST?
[02:08] <owh> br
[02:08] <owh> brb
[02:09] <thomas_newbie__> owh: i'm sorry if I'm being very vague
[02:11] <owh> thomas_newbie__: I didn't really want to get into a big discussion, there are not enough hours in my day as it is. My point was that if you are getting *any* traffic from anywhere, it can be used to fake things making it possible to escalate privileges. As I said, I cannot make more comment with what you've given in the way of information.
[02:12] <thomas_newbie__> owh: ok ty
[02:12] <owh> np
[02:16] <jords> touch: cannot touch `this': Permission denied
[02:17] <thomas_newbie__> jords: ?
[02:23] <thomas_newbie__> if I wanted to change my webserver port number how would people be able to connect through their browser?
[02:27] <leonel>  http://youserver.com:thenewport
[02:30] <thomas_newbie__> leonel: what i don't understnad
[02:31] <leonel> if you changed the port  from  80  to  lets say   85
[02:31] <leonel>  to access your server would be
[02:32] <leonel>  http://yourserver.com:85
[02:33] <thomas_newbie__> leonel: yes but people won't type that in :S
[02:34] <thomas_newbie__> brb take a shit
[03:07] <jords> thomas they'll have to
[03:08] <jords> a normal web server must run on port 80 if you don't want people to have to specify the port... or you can do a redirect to send people who access on port 80 to port whatever with most registrars/ dns nameserver providers
[03:09] <jords> so yourserver.com is redirected to yourserver.com:85
[03:20] <XiXaQ> good morning.
[03:23] <thomas_newbie__> hey XiXaQ
[03:23] <thomas_newbie__> XiXaQ: whats up remember me :)
[03:24] <XiXaQ> yup.
[03:24] <thomas_newbie__> hey questino is PAM a good thing for me to set up for my apache webserver
[03:24] <XiXaQ> I just woke up, so I'm having my first cup of coffee, preparing myself mentally for the installation of a CalDAV server.
[03:25] <thomas_newbie__> coooool
[03:25] <thomas_newbie__> XiXaQ: you see I want to secure my internal network
[03:25] <XiXaQ> secure it from what?
[03:26] <thomas_newbie__> XiXaQ: intruders.....hackers....viruses....etc
[03:27] <XiXaQ> I don't think any one thing you do will protect you from all of that.
[03:27] <thomas_newbie__> XiXaQ: .....well i gotta do something to help
[03:28] <XiXaQ> you should do something, yes, that's wise.. I'd identify the weak points and fix those. How? I don't know.
[03:29] <XiXaQ> I'm still trying to make my systems work as they should. Once they do, I'll secure the system as much as I can. Security is an ongoing process though.
[03:29] <zul> thomas_newbie__; you might want to check google for locking down apache and things like that
[03:30] <thomas_newbie__> i see
[03:30] <XiXaQ> avoid the private messages please.
[03:30] <thomas_newbie__> my bad
[03:31] <XiXaQ> probably the easiest way to protect computers in a lan, is to protect the lan itself.
[03:32] <XiXaQ> if you have a router with a firewall, then that can help alot.
[03:32] <thomas_newbie__> yes i have a modem then router that splits 2 connections...1 leads to my servers, the other to another PC
[03:33] <thomas_newbie__> well so should I use PAM?
[03:33] <XiXaQ> for a private lan, I'd say that's good enough if you configure it properly.
[03:33] <XiXaQ> I'm not sure what you'd want PAM to do. d
[03:34] <XiXaQ> you already have PAM, don't you?
[03:34] <thomas_newbie__> my professor suggested I use it
[03:34] <thomas_newbie__> you mean by default install?
[03:34] <thomas_newbie__> i dunno
[03:34] <XiXaQ> what did he suggest you do with it?
[03:35] <thomas_newbie__> he said I could use it as a firewall, aswell as use it to monitor suspicious activity
[03:37] <XiXaQ> I'm not sure what he meant by that. Sure, you can setup ubuntu as a gateway, using iptables to route and not route traffic. I'm not sure what role PAM would play in that though. Perhaps you could use it to provide a single sign-on for your network computers.
[03:41] <XiXaQ> personally, I'd rely on your router, unless you're doing this because you want to do it, and learn how to do it.
[03:43] <thomas_newbie__> just my 1 router? maybe i should get another between me and the first router
[03:44] <kgoetz> arvo all
[03:51] <XiXaQ> thomas_newbie__, I don't know.
[03:52] <thomas_newbie__> XiXaQ: alright thanks
[04:09] <XiXaQ> sleep is a really cool invention. It makes all tasks seem abit lighter :)
[04:09] <XiXaQ> today, I think I'll get my mail/LAMP/CalDAV/LDAP-server working. That'd be really nice.
[04:10] <kgoetz> never tried caldev, but i may be able to help with teh others.. perhaps... a tiny bit.. :|
[04:10] <XiXaQ> I'd be grateful :)
[04:12] <kgoetz> :)
[04:14] <XiXaQ> LDAP is completely unknown territory for me, so I guess that'll be the biggest obstacle, followed by caldav.
[04:15] <kgoetz> mmm. ldap was hard (for me)
[04:16] <XiXaQ> perhaps it's mostly frightening, what with all the weird item stuff, like ou, dc, etc?
[04:17] <kgoetz> getting stuff to auth against its reasonably hard (at first), and if you dont understnad how a Directory works, its harder again
[04:19] <XiXaQ> do you mean gaining access to the directory itself, or authentication for other services?
[04:20] <kgoetz> install ldapscripts , ldap-util(s?), and ldapvi for starters :)
[04:20] <XiXaQ> well, actually, ldap will be the last step. :)
[04:20] <kgoetz> i'd advise against it :)
[04:20] <XiXaQ> oh?
[04:21] <kgoetz> if your authenticating against it, you want it there early to test against
[04:21] <kgoetz> unless your setting everything up seperately, then pointing them all to it somehow
[04:22] <XiXaQ> you're talking about single sign-on?
[04:22]  * kgoetz tries to understand perl and logwatch :S
[04:22] <kgoetz> yes, or using postfix (slash your mail server) to check for valid users, etc
[04:26] <XiXaQ> I see. Well, I'm working towards a production system, but at this point, I'm just experimenting and learning. Since mail, web and calendar sharing is most important, I'll do that first. Then I'll add LDAP for contact management, and then probably look into single sign-on and identity management. I also think those are the most complicated services?
[04:27] <kgoetz> probably an ok way to do it
[07:34] <owh> nijaba: Would there be interest in making the ubuntu-jeos-builder install the vmware-tools as an option? Also I figured out how to deal with the perl locale errors.
[07:35] <nijaba> owh: sure, that would be nice :)
[07:36] <owh> The work-around for the perl is to preface the command with LANG=C, and after the build completes, in the machine itself locale-gen "foobar"
[07:37] <siretart> hi!
[07:37] <owh> nijaba: I'm not sure how I should implement the vmware-tools build in a managable/maintainable way, because it requires the .tgz file from the .iso (I suppose you could specify it on the cmd line), and then it requires the installation of the build tools, compilation, answering yes a lot.
[07:38] <owh> nijaba: I'm loathe to just hack it in, but I'm happy to take some comment on the issue.
[07:38] <nijaba> owh: If one can just specify which tgz file to use, that would be a good start
[07:39] <nijaba> and I don't see a way away from the yes answering part, but we should ask soren...
[07:39] <XiXaQ> owh, I've followed that updated blog, and I can't get it working. Same errors as yesterday.
[07:39] <owh> nijaba: That's pretty trivial. Lemmie see if I can "encourage the vmware build script" to accept input.
[07:39] <XiXaQ> krb5-config not found.
[07:40] <XiXaQ> it is, of course, possible that the source has changed since he wrote that blog.
[07:40] <owh> XiXaQ: Yeah, I did get past that point, but I had a little distraction at this end. I'm hoping to spend some time on it shortly.
[07:40] <XiXaQ> what did you do?
[07:40] <owh> XiXaQ: I also noted that the other blog post got the source from a different place and another post that recommends getting python_xattr from within the run -s, rather than a package.
[07:41] <siretart> I'm trying to unstall ubuntu 7.10 on my ultrasparc60, using software raid (raid1, mirroring) on 2 disks. Installation went file, however the installed system fails to boot: http://paste.ubuntu-nl.org/51536/
[07:41] <owh> XiXaQ: In the URL's I showed you last night - uh, yesterday your time - there was a whole lot of extra information. I'll digg them up again in a mo.
[07:41] <XiXaQ> I can scroll :)
[07:41] <siretart> I'm aware of https://wiki.ubuntu.com/sparc/KnownIssues, and I left an empty partition (1mb) at the beginning. however, that didn't help
[07:42] <owh> nijaba: Lemmie have a quick play with a simple redirect, like the chpasswd code does.
[07:42] <nijaba> owh: fine
[07:42] <owh> XiXaQ: Yeah, but I also had additional information :)
[07:42] <XiXaQ> oh, ok.
[07:48] <owh> XiXaQ: Here's the information I've collected so far on installing the Apple iCal server onto Ubuntu: http://paste.ubuntu-nl.org/51537/
[07:48] <XiXaQ> great.
[07:48] <owh> XiXaQ: The forum post especially indicates that we're pretty close. Some of those postings were a hour old yesterday.
[07:48] <XiXaQ> were you able to get it up and running, you said?
[07:48] <siretart> hm. it didn't even bring up my 2nd raid device.. grrr
[07:49] <owh> XiXaQ: No, the command line barfed with missing command caldav.
[07:49] <XiXaQ> oh.
[07:49] <owh> XiXaQ: I suspect that the reason people are reporting success is because I'm using JEOS, they're using ubuntu-server.
[07:49] <owh> XiXaQ: I really don't want to install server if I don't have to just now.
[07:50] <owh> XiXaQ: So, likely we're talking about a missing package.
[07:50] <owh> XiXaQ: I suppose we could play with auto-apt.
[07:51] <owh> XiXaQ: That will load everything it asks for, but it means that an autoconf will succeed for all its options, so it will ask for c, gcc, gcc+ and autoapt will get them all :(
[07:51] <owh> Of course I might be remembering all that wrong :)
[07:52] <XiXaQ> owh, well. I'm using ubuntu server. I can't get it working.
[07:52] <owh> Version?
[07:52] <XiXaQ> both 710 and 804.
[07:53] <owh> On the 710, try the #13 post from the forum to the letter.
[07:53] <XiXaQ> I wish someone could assemble a real explanation instead of just referring to other posts without any links. It's very difficult to follow.
[07:53] <XiXaQ> "install the packages from the other guide"..
[07:53] <owh> Oh, one mo.
[07:55] <owh> XiXaQ: Doh, you only get the one post with the URL I gave you, here's a better URL: http://ubuntuforums.org/showthread.php?t=650443&page=2
[07:55] <owh> XiXaQ: You're looking for #13
[07:56] <XiXaQ> that's the one I'm looking at.
[07:56] <XiXaQ> people say 704 and 710 as if desktop and server install is the same thing.
[07:57] <owh> XiXaQ: Yeah, but the #13 post specifically says 7.10 server
[07:58] <XiXaQ> ok, I'll blank my server and give it another go from there. :)
[07:58] <owh> XiXaQ: Also, timeshifter only installs the packages from those two blogs, but follows the instructions from the jl42 blog.
[08:01] <XiXaQ> ok. Here we go :)
[08:02] <owh> XiXaQ: Post #17 is also from timeshifter.
[08:03] <XiXaQ> I'll skip the python2.4 package, since 2.5 is already installed. Don't you think?
[08:05] <owh> XiXaQ: I'm following it to the letter.
[08:05] <owh> XiXaQ: I figure make it work first, then break it :)
[08:05] <XiXaQ> it doesn't take too long to revert to a snapshot, so I'll try :)
[08:06] <owh> XiXaQ: I'm also using apt-get rather than what I'd normally use, aptitude.
[08:07] <soren> owh: We have the free version of the vmware-tools in the archive now. open-vm-tools.
[08:08] <owh> soren: You beauty!
[08:08] <XiXaQ> it actually required python2.4
[08:08]  * owh jumps for joy!
[08:08] <XiXaQ> soren, that's _great_!
[08:08] <XiXaQ> soren, in hardy apt repository?
[08:08] <owh> nijaba: Did you see what soren just told us?
[08:09] <soren> XiXaQ: And as of alpha 3, the appropriate kernel modules are included in -virtual (and the other kernel flavours as well, actually).
[08:09] <soren> XiXaQ: Yes, in hardy.
[08:09] <owh> soren: So, can I use that for my jeos/gutsy install?
[08:09] <XiXaQ> grand!
[08:13] <owh> soren: Was that a silly question I asked ?
[08:16] <owh> XiXaQ: It's downloading a different version of the server, it's not taking nearly as long as yesterday.
[08:16] <XiXaQ> this is looking much better.
[08:17] <XiXaQ> I'm configuring it now, so we'll know shortly :)
[08:17]  * owh is running ./run -s
[08:17] <owh> Just finished.
[08:18] <owh> XiXaQ: Well there's lots on the console, but it appears to be running.
[08:22] <owh> XiXaQ: What's happening at your end?
[08:22] <XiXaQ> I went out for a cigarette before trying :)
[08:23] <owh> Heh :)
[08:23] <soren> owh: It won't work for gutsy, no :(
[08:23] <owh> XiXaQ: Mine is running, but I cannot connect to it yet.
[08:23] <owh> soren: Can I back-port it?
[08:23] <owh> soren: I'd rather not go to hardy just yet for a production machine.
[08:23] <soren> owh: Well... Yes, I don't see why not.
[08:24] <soren> owh: There's even a open-vm-tools-source package that you can use to provide the kernel modules (using module-assistant)
[08:24] <owh> soren: Just to be clear, this will allow me to shut down the guest in a nice way, rather than remote power-off?
[08:25] <soren> owh: It should, yes.
[08:25] <owh> soren: I'll have a looksee after I've got this (*&&^% iCal server running :)
[08:25] <XiXaQ> owh, are you connecting from the same machine or from another one?
[08:25] <owh> Thanks muchly!
[08:25] <owh> XiXaQ: From outside.
[08:26] <owh> Hmm, that's a point.
[08:26] <XiXaQ> the config is set to only accept from 127.0.0.1 it looks like.
[08:26] <owh> Lemmie see.
[08:26] <owh> XiXaQ: But if you remove the address it's supposed to bind to all.
[08:26] <XiXaQ> blank for all, it sais. I tried that, but I haven't run it yet, so I don't know if it'll work.
[08:27]  * owh is installing telnet :)
[08:27] <XiXaQ> it's looking very good.
[08:27] <XiXaQ> where do I setup accounts?
[08:27] <owh> Dunno yet :)
[08:27] <owh> IIRC the QuickStartGuide URL tells you that
[08:28] <XiXaQ> cams blog sais its in accounts.xml in /usr/local/CalendarServer/conf.
[08:28] <owh> Well if you followed the other install it will be in /opt/iCalServer/CalendarServer/conf
[08:29] <owh> XiXaQ: My console is full of IOError, what is yours doing?
[08:29] <XiXaQ> it's looking good. No errors.
[08:29] <owh> Is it silent?
[08:30] <owh> My fstab line is like this: UUID=b3f3f4bb-98cd-47b4-9830-f9e7061a81b6 opt       ext3    user,rw,user_xattr        0       1
[08:30] <XiXaQ> no, it outputs alot of messages, but all good ones.
[08:31] <owh> The fstab's the only thing I'm not sure I got right.
[08:32] <XiXaQ> looks like this: http://rafb.net/p/DzWvHH25.html
[08:32] <owh> XiXaQ: Yeah, mine doesn't look like that. Can you show me your fstab?
[08:32] <XiXaQ> oh.. Ignore the first 69 lines :)
[08:33] <XiXaQ> your fstab looks good.
[08:33] <owh> I just unmounted /opt and then did mount -a, now when I run it I get: # ./run
[08:33] <owh> bash: ./run: /bin/bash: bad interpreter: Permission denied
[08:34] <XiXaQ> oh.. :/
[08:34] <XiXaQ> I'm still not able to connect from another machine though. I'll have to have another look at the config.
[08:35] <owh> Yeah, it really doesn't like me :)
[08:38] <owh> XiXaQ: Ah, I cannot exec on this partition at the moment :)
[08:38] <XiXaQ> I am able to connect using w3m on the server though, but that's not very easily interpreted.
[08:38] <owh> XiXaQ: Does yours show user,rw,user_xattr, or does it show defaults,user_xattr
[08:38] <XiXaQ> seems to ignore my configuration changes..
[08:39] <XiXaQ> UUID=94a96528-c889-45a1-bc98-d9d02ecdd59c /               ext3    defaults,errors=remount-ro,user_xattr 0       1
[08:39] <owh> Riiiight.
[08:40] <owh> XiXaQ: Niiice, now I get what you get :)
[08:40] <owh> And I can connect locally.
[08:40] <XiXaQ> perhaps I'll help if I try to edit the right configuration file.. :)
[08:40] <owh> ROTFL
[08:41] <XiXaQ> it did :)
[08:41] <owh> Whoot!
[08:41] <owh> Remote and all!
[08:42] <XiXaQ> it's caldavd-dev, not caldavd.
[08:42] <XiXaQ> yes :)
[08:42] <owh> Well, that's step 1 done.
[08:42] <owh> Now I did come across a link that talked about how to make Thunderbird talk to this IIRC.
[08:43] <owh> So, the magic was the svn source and making sure that the fstab entry was right.
[08:43] <owh> Lemmie document that somewhere :)
[08:43] <XiXaQ> I'm not able to connect from evolution yet though.
[08:44] <owh> XiXaQ: One step at a time my friend.
[08:44] <XiXaQ> yup.
[08:44] <owh> Today you achieved a running server :)
[08:48] <XiXaQ> that's true :)
[08:49] <XiXaQ> it would be nice if I could use it for something as well though. :)
[08:49] <owh> That is also true. ATM I'm documenting my steps.
[08:50] <owh> XiXaQ: This is how I did it: http://paste.ubuntu-nl.org/51540/
[08:50] <owh> XiXaQ: Basically post #13
[08:55] <XiXaQ> right. Me too.
[08:55] <XiXaQ> I thought I'd actually confirm that it's working, and not just running before I start documenting.
[08:56] <owh> XiXaQ: Except that there are a few others pulling out their hair too...
[08:57] <XiXaQ> yes, I am going to document it using both 710 server and hardy, but I'm reluctant to say that it's a working setup before I'm actually able to use it.
[08:58] <owh> I'll add the disclaimer :)
[08:59] <owh> Hows this as a disclaimer: Note that this just makes it run, we haven't done any configuration, haven't confirmed we can actually use it, that it won't fill up your hard disk or kill kittens.
[09:07] <XiXaQ> heh
[09:07] <XiXaQ> I don't like disclaimers.
[09:08] <XiXaQ> well, I've gotten one step closer. Evolution seems to recognize, and connect properly, but when I'm trying to add a new calendar entry, it sais Authentication Required. I have entered username and password though.
[09:12] <owh> XiXaQ: Does the console show anything?
[09:12] <XiXaQ> 2008-01-11 09:26:54+0100 [-] [caldav-8008]  [HTTPChannel,25,84.236.191.26] 'Authentication failed: nonce-count value out of sequence: 3 should be one more than 1'
[09:13] <XiXaQ> I agree.. 3 _should_ be more than 1.
[09:15] <owh> HEHE
[09:16] <owh> Bug #160190
[09:16] <ubotu> Launchpad bug 160190 in evolution "Evolution cannot authenticate against caldavd" [Undecided,New] https://launchpad.net/bugs/160190
[09:17] <owh> XiXaQ: There is a work-around in that bug.
[09:18] <owh> AFK ..dinner..
[09:26] <XiXaQ> hey.. I think it works..
[09:28] <XiXaQ> it does indeed!
[09:28] <XiXaQ> I'll go get some food too then! :)
[10:21] <XiXaQ> owh, did you do the apt-get install's like you write, or one by one?
[10:26] <XiXaQ> we also need to make scripts to start the server at boot, and script in /etc/init.d to control it.
[10:26] <XiXaQ> how do we do that?
[10:28] <owh> XiXaQ: Gotta go and get some fuel, but yes, the apt-gets were done as I wrote them.
[10:28] <owh> XiXaQ: I'll be back in about an hour or so.
[10:30] <XiXaQ> ok :)
[10:33] <nawty> Hi! :) I'm stuck after updating my ubuntu dapper (which was booting fine) to gutsy (through the releases one by one)
[10:34] <nawty> it seems to now boot and go up to the initramfs prompt, with a message about the /dev/..../by-uid/... being in use
[10:34] <nawty> I've attempted to make it use /dev/hd* values instead, and from there it seems to give me a message about the device not existing, but i do an 'ls' in /dev/, and they're there.
[10:34] <nawty> the original -server kernels work, just the later ones, and the -xen ones don't.
[10:35] <nawty> I've since moved to hardy, in an attempt to see if it was a bug somewhere, but alas, the same thing, unless i boot from an old old old (dapper) kernel.
[10:35] <nawty> Anyone have any idea on where to start?
[10:35] <Nafallo> nawty: have yu got evms installed? if so, do you use it?
[10:35] <Nafallo> you even
[10:37] <nawty> Evms would only be installed if it's on -server by default, although i'm not sure.
[10:37] <nawty> Give me a moment to see if there's a /dev/evms*
[10:37] <Nafallo> nawty: dpkg -l evms
[10:38] <nawty> nafallo, need to do a reboot to an old kernel quick first
[10:38] <Nafallo> nawty: evms was installed by default back in dapper.
[10:38] <nawty> ah, forgot about that
[10:38] <nawty> let me get rid of that then ;)
[10:38] <Nafallo> :-)
[10:39] <nawty> evms is on it's way out
[10:40] <nawty> i read somewhere about the dual UUID thingie generated by EVMS
[10:40] <nawty> that be it then?
[10:40] <nawty> evil ibm.
[10:40] <nawty> 'i are in your linux, breaking your boot!'
[10:41] <nawty> quick way to regenerate all initrd?
[10:41] <nawty> (s)
[10:46] <Nafallo> initramfs? the post-remove should do that I believe?
[10:49] <nawty> only did the active kernel for some reason
[10:50] <nawty> but as i had to boot into a long old one :P
[10:50] <nawty> and i wanted a newwer one regenerated
[10:50] <nawty> i just -reconfigured the xen one manually.
[10:50] <nawty> perfect boot ;) Thanks Nafallo
[10:57] <Nafallo> no worries :-)
[11:35] <owh> XiXaQ: Hiya.
[11:36] <owh> XiXaQ: Just dropping in to say that something's come up at this end and I won't be able to do anything tonight. I'm on LP onno-itmaze, drop me an email.
[13:21] <tjaalton> soren: ok, I'm ready to test kvm.. I've installed virt-manager and python-virtinst, what else do I need?
[13:22]  * soren is on the phone
[13:22] <tjaalton> :)
[13:33] <tjaalton> there doesn't seem to be a gui for creating guests yet
[13:44] <soren> tjaalton: That's what virt-manager is supposed to do.. Well, among other things.
[13:44] <tjaalton> but it's not there yet?
[13:44] <soren> Sort of.
[13:45]  * soren is still on the phone
[13:45]  * tjaalton reads the wiki howto's
[13:46] <tjaalton> er, kvm howto's from wiki
[13:49] <soren> tjaalton: It's sort of tricky..
[13:50] <soren> tjaalton: If you're a member of the libvirt group, you can connect to qemu:///system, which gives you privileges to set up various networking stuff etc., but virt-manager is too stupid to understand this. It only looks to see if you're root.
[13:50] <soren> ...so
[13:50] <soren> you probably want to run run virt-manager as root to start the installation.
[13:51] <soren> ...and then afterwards you can connect as your regular user.
[13:51]  * soren is *Really* going to lunch now.
[13:52] <tjaalton> soren: ok, I'll try. Thanks!
[13:52] <tjaalton> have a nice meal :)
[13:59] <tjaalton> 1h22min until alpha3 is downloaded.. time to visit the post office then
[14:01] <zul> morning
[14:02] <ScottK> morning
[14:05] <jords> morning
[14:05] <jords> it's 3am for me :S
[14:38] <_ruben> 3am .. that must be aussieland or smth .. since its 3pm here ;)
[14:39] <_ruben> well .. 3:38 by now
[15:19] <nxvl_work> mathiaz: around?
[15:23] <tjaalton> soren: hum, virt-manager complains that it cannot connect (running as root), and suggests to verify that libvirtd is running
[15:23] <soren> tjaalton: Is it?
[15:23] <soren> :)
[15:24] <tjaalton> no, can't find a single file with that name :)
[15:24] <tjaalton> so maybe I'm missing something
[15:24] <soren> libvirt-bin is your friend.
[15:25] <tjaalton> ok, is there a pseudopackage to pull all of this?
[15:25] <tjaalton> alright, now we're talking :)
[15:27] <tjaalton> heh, no Ubuntu on the OS list :)
[15:27] <soren> Doh.. :)
[15:32] <tjaalton> ok, so X fails miserably with kvm :)
[15:32] <soren> Oh, really?
[15:32] <tjaalton> well, it drops into failsafeX
[15:33] <tjaalton> but kvm rocks, now that I finally have hardware to support it properly
[15:33]  * soren has only really tested it with server or cli installes
[15:33] <soren> installs, even.
[15:34] <tjaalton> I took the livecd, since there already are bugs that it fails somewhat
[15:35] <soren> tjaalton: I can hardly remember which card it emulates.. It's not a Cirrus, is it?
[15:36] <tjaalton> not sure yet, forgot to change the kb layout
[15:36] <tjaalton> so can't check the log :)
[15:37] <soren> tjaalton: oh?
[15:37] <tjaalton> it was broken somehow
[15:38] <soren> lspci says it's a Cirrus Logic GD 5446.
[15:39] <tjaalton> yes, the "bios" screen also says that it's cirrus
[15:39] <soren> Oh, ok.
[15:39] <tjaalton> hmm, I can't make it boot the cd image again?
[15:39] <soren> I forget how you do that :)
[15:40] <tjaalton> heh
[15:41] <soren> ..from the gui, that is.
[15:43] <XiXaQ> is there a memoserv on this network?
[15:44] <XiXaQ> or, can someone decipher this message? <owh> XiXaQ: Just dropping in to say that something's come up at this end and I won't be able to do anything tonight. I'm on LP onno-itmaze, drop me an email.
[15:45] <XiXaQ> wth is an LP onno-itmaze? :)
[15:49] <tjaalton> soren: ok, so I destroyed the image, created a new one and now it fails to boot the cd, just hangs with a black terminal
[15:51] <soren> XiXaQ: https://edge.launchpad.net/~onno-itmaze
[15:51] <XiXaQ> ah! :)
[15:51] <soren> tjaalton: Er..  No clue. :)
[15:51] <XiXaQ> thanks soren :)
[15:52] <soren> tjaalton: virt-manager needs some serious love, IMO. As I said: I usually drive kvm from the commandline.
[15:52] <soren> XiXaQ: no worries :)
[15:53] <XiXaQ> I'm writing a howto for CalDAV on the wiki, but I could use some help: http://wiki.ubuntu.com/CalendarServer
[15:53] <tjaalton> soren: heh ok, this is from redhat right?
[15:53] <soren> tjaalton: It is. Completely fresh version (from this morning).
[15:53] <tjaalton> ooh
[15:53] <soren> tjaalton: We get them faster than Fedora :)
[15:53] <soren> I find that amusing :)
[15:55] <tjaalton> ah, now I found the place for the image..
[15:55] <tjaalton> theres another device for it, hdc
[15:56] <tjaalton> and it's removed on shutdown :/
[15:57] <tjaalton> and while recreating it assumes it's a normal partition <shrug>
[15:58] <soren> Huh?
[15:59] <tjaalton> uh, no.. it's just not that intuitive
[15:59] <tjaalton> you can select the cd image as "source" and then specify cdrom as "target"
[15:59] <soren> Ah..
[15:59] <tjaalton> at least I found that confusing
[16:00] <soren> The reason it went missing after the first run is due to a weird assumption that you only need the CD during install and never again.
[16:00] <soren> ...so it's only connected during the first run.
[16:00] <tjaalton> yeah, and it wont boot from it even if you add it again
[16:00] <soren> No, there's no way to specify boot device.
[16:00] <soren> ...that I've found anyway.
[16:01] <soren> Ah.. Typo in the vnc code. Ctrl-Alt-Del doesn't work.
[16:02] <tjaalton> so should I file bugs against virt-manager?
[16:02] <soren> Oh, yes, please.
[16:02] <soren> That would be lovely.
[16:03] <tjaalton> I guess the plumbing is good
[16:03] <soren> The basic building blocks are there... It just needs a lot of love.
[16:05] <tjaalton> I like the way vmware works, since it's much like what a decent pc does
[16:05] <tjaalton> I mean booting wise
[16:05] <tjaalton> press F12 to start netboot, or "anykey" to boot from cd etc
[16:06] <soren> tjaalton: That would be nifty, yes.
[16:06] <tjaalton> but maybe bios deficiencies can be worked around from the gui
[16:06] <soren> Yeah, I think that's the idea.
[16:06] <tjaalton> it just calls kvm?
[16:07] <soren> Not entirely.
[16:07] <soren> It asks the libvirt deamon to start kvm.
[16:07] <soren> That daemon attaches itself to kvm so that you can attach new devices at runtime and such.
[16:07] <soren> ...migrate it to another node.
[16:08] <soren> ...detach devices...
[16:08] <soren> that sort of thing.
[16:08] <tjaalton> ok, but it should be pretty trivial to specify the boot media
[16:08] <soren> Quite.
[16:08] <soren> It's a virt-manager limitation.
[16:08] <soren> libvirt supports it.
[16:08] <tjaalton> yeah
[16:12] <tjaalton> it's been a wet dream of mine to run all the supported distro versions as virtual machines, and I've tried vmware a couple of times now.. but I also like to run the latest devel release, so when vmware modules are not available the setup is unusable
[16:13] <tjaalton> and now it seems that I finally can do it
[16:13] <tjaalton> and keep it
[16:13] <soren> tjaalton: Yeah. I've had them all running in vmware as well, but I'm moving them over to kvm one by one now.
[16:15] <tjaalton> hah, no bugs against virt-manager :)
[16:15] <tjaalton> or no users :)
[16:15] <soren> no users, probably.
[16:16] <soren> :)
[16:16] <soren> Apart from me, and I don't bother filing the bugs. I just fix them :)
[16:16] <tjaalton> that's good, you'll hear a lot from me then :)
[16:17]  * soren just heard from his new ISP that his new house will be connected to the Intertubes on February 8th
[16:17] <soren> \o/
[16:18] <soren> Should be just in time for the move.
[16:23] <tjaalton> heh
[16:42] <genii> Does anyone know how to go about obtaining a block of telephone numbers in Canada? http://www.cnac.ca/ and the crtc homepage are extremely obtuse on this subject.
[16:43]  * ScottK looks around in /topic for that....
[16:46] <genii> ScottK: Heh :) I figured if any ppl in here running asterisk or similar on ubuntu boxes might know is all
[17:46] <zul> soren: so what a 2400 baud modem?
[17:47] <soren> zul: 20Mbit down, 2 Mbit up.
[17:47] <soren> In theory.
[17:47] <zul> soren: cool dsl?
[17:47] <soren> The other end of the cable is ~450 yards away, so it might be slightly less than that.
[17:47] <soren> Yeah, DSL kind of thing.
[17:47] <ScottK> Sounds like what we get with fiber here.
[17:47] <soren> Not too pricey, either.
[17:47] <zul> nfity
[17:48] <soren> Around £40/mo.
[17:48] <zul> thats kind of expensive
[17:48] <soren> ScottK: Wow. With fiber, I'd get... Loads more.
[17:48] <soren> zul: Not in Denmark.
[17:48] <zul> how much are you paying now?
[17:49] <soren> zul: About the same for 10Mbit down and 384 kbit up.
[17:49] <ScottK> The phone company here (Verizon) is pushing fiber to the house.  I've got the slow one which is (IIRC) 15 MB down and 2MB up.
[17:49] <soren> Fiber is *very* expensive here in most places.
[17:49] <leonel> plop ..
[17:49] <soren> To the tune of at least £1000 for installation.. and that's if you're lucky.
[17:50] <zul> i just have cable i think its like $40/month (20 ukp/month)
[17:50] <zul> soren: at least its not isdn
[17:50] <soren> 20Mbit downstream is fine.
[17:52] <soren> Oh, well, I've got to run.
[17:52]  * soren calls it a day.
[17:53] <ScottK> Good night soren
[18:15] <figginator> Hello, does ubuntu server 6.06 need to run a firewall or is it secure by its self? I understand that I should turn off and remove services/programs I'm not using but running a standard lamp install leave me vulnerable
[18:15] <ScottK> figginator: That's a matter of some controversy.  By default it isn't listening to any outside ports and so a firewall offers little if any advantage.
[18:16] <ScottK> The LAMP install does, of course, listen to outside port.
[18:16] <figginator> ScottK: so if I'm running the LAMP you suggest I run a firewall
[18:17] <ScottK> It look at what ports are open and decide yourself.  If you are listening on port 80, you really can't firewall it and still have a web server.
[18:18]  * ScottK runs one primarily to let the kernel filter out traffic from abusive sources without bothering any applications.
[18:18] <figginator> scottk: ok, so basiclly running a firewall and then opening up specific ports like 80 and 21 don't really offer great advantages
[18:18] <ScottK> Not great, no.
[18:19] <genii> figginator: A page here with some server hardening tips
[18:19] <genii> http://docs.indymedia.org/view/Sysadmin/ImcSecurityServerHardeningDebian
[18:19] <ScottK> OTOH, other than the time invested in managing it, it doesn't hurt.
[18:19] <figginator> scottk: what is the kerne\l filter you run?
[18:20] <figginator> genii: thanks thats exactly what i'm looking fore
[18:20] <ScottK> iptables
[18:20] <genii> figginator: Anytime
[18:20] <figginator> I'm kinda new to ubuntu servers and I just want to make sure I'm not doing something dumb and leaving it wide open
[18:20]  * ScottK doesn't run the LAMP stack, so shouldn't be taken as a definitive answer.
[18:21] <figginator> scottk: is there a tutorial that you know of that explains how to configure iptables for a cookie cutter lamp box?
[18:22] <ScottK> Not that I know of, but I haven't looked.
[18:22] <figginator> ok
[18:23] <genii> figginator: A good place to check normally for this stuff is on the howtoforge, I seem to recall previously they had ubuntu iptables tutorials there
[18:24] <ScottK> Anything written for Debian will likely work out reasonably well for Ubuntu too.
[18:25] <genii> I just found the official one (perhaps not specifically LAMP related however) https://help.ubuntu.com/community/IptablesHowTo
[18:27] <figginator> Thanks again genii
[18:27] <ScottK> Anything in the community section isn't "official", but most things I've seen are reasonably good.
[18:27] <genii> ScottK: Well OK stating it as "official" was over-reaching
[18:27] <genii> figginator: np
[20:11] <h00s> I have a problem with ubuntu server 7.10 installed on usb stick/disk (corsair voyager 1gb). After 1 week of running, server just died and showed errors like 'rejecting I/O to dead device'. After reboot everything is ok again. What could be the problem?
[20:16] <leonel> acpi ??
[20:18] <h00s> so, i should disable it and try without it?
[20:30] <Landon> I recently got a VPS set up with Feisty on it, I was wondering if there was any harm in using gutsy repos so I could update some stuff like fail2ban
[20:48] <ScottK> h00s: How old is the box you're using it on?
[20:57] <h00s> ScottK: it's 2 months old :) Intel 201GLY motherboard, SiS964L, Celeron 1.33
[20:57] <ScottK> What's the chipset?
[20:58] <h00s> sis964
[21:00] <h00s> sry, it's SiS662 - http://www.intel.com/products/motherboard/D201GLY/index.htm
[21:00]  * ScottK would wonder if that chipset has proper kernel support yet.  I'd suggest consulting Google.
[21:01] <h00s> ok, thank you for the advice
[21:09] <Landon> so, would it be safe for the most part to use gutsy repos on a feisty system? (just so long as I didn't do apt-get upgrade or something liek that)
[21:12] <h00s> Landon: i was always told that doing such thing is not safe. new software can overwrite dependencies and that dependencies could be used by other software too, so updating one program could break other ones.
[21:12] <Landon> oh good point
[21:13] <Landon> so I'm basically left to do a dist-upgrade on the VPS account?
[21:13] <Landon> I figured that might break more stuff
[21:14] <h00s> you could try build that program from source?
[21:16] <Landon> wouldn't I still need to update dependences for it that might break other programs?
[21:18] <h00s> i think it wouldn't (usr directory?) I would like someone confirm this because i'm not sure
[21:18] <nealmcb> owh - thanks for the link to your launchpad account - glad to meet you!
[21:19] <nealmcb> owh/soren - so what is up with open-vm-tools, libvirt, etc.  do open-vm-tools help with folks running kvm/qemu?