| mathiaz | jdstrand: well... there isn't so much documentation. It should just work | 00:02 |
|---|---|---|
| mathiaz | jcastro: ^^ | 00:02 |
| mathiaz | jcastro: obviously it doesn't... | 00:03 |
| jcastro | mathiaz: I will confirm with the new ppa version tomorrow and get back to you | 00:04 |
| jcastro | I have a few friends with AD/Linux setups and I just sent them a mail to get a hardy vm ready to test likewise. | 00:05 |
| mathiaz | jcastro: awesome. That is going to be of great help. | 00:07 |
| jcastro | mathiaz: I did AD integration in the past at my last job, and that was so painful I am taking an interest in getting feedback for this feature. | 00:08 |
| antdedyet | any known new efforts going into the recent openness of the M$ Exchange protocol? | 03:09 |
| antdedyet | Also, while I'm fishing for info ... Has there been sign of new efforts on the public domain release of DJB software? | 03:10 |
| antdedyet | on the latter question, I've have not seen new events as of earlier today on a few of the qmail community pages. | 03:11 |
| kgoetz | which protocol? | 03:12 |
| antdedyet | kgoetz: looks like the licensing agreement was for Samba related communications only, not Exchange. | 03:18 |
| kgoetz | antdedyet: as i understand it yeah :/ | 03:19 |
| antdedyet | The mental note on Exchange being opened was a wishlist during a conversation I had with a sysadmin buddy about the file and printer sharing protocols. | 03:21 |
| antdedyet | We both hate Exchange, except he gave in so he could use the mobile PDA stuff. | 03:22 |
| * antdedyet just uses an old brick for a phone | 03:22 | |
| ^Elfboy | how do u kill a program when kill #### dont work | 03:30 |
| antdedyet | ^Elfboy: "kill -9 $pid" doesn't work? | 03:30 |
| ^Elfboy | mark@thesource:~$ ps x | 03:31 |
| ^Elfboy | PID TTY STAT TIME COMMAND | 03:31 |
| ^Elfboy | 3943 ? S 0:00 ./psybnc | 03:31 |
| ^Elfboy | no | 03:32 |
| ^Elfboy | need the -9 ? | 03:32 |
| kgoetz | in what way does it 'not work'? | 03:32 |
| ^Elfboy | ok | 03:33 |
| ^Elfboy | well i added it with the -9 and it work | 03:33 |
| lando | anyone here know how to get an ubuntu server working with godaddy | 04:39 |
| lando | im not sure if i need to install dns software | 04:39 |
| ^Elfboy | ok how do i move 1 folder too another folder | 04:40 |
| ^Elfboy | in tem | 04:40 |
| kgoetz | mv | 04:40 |
| kgoetz | lando: 'working with'? | 04:40 |
| ^Elfboy | mv wiith foldername to other foldername | 04:40 |
| lando | well.. i just bought a domain from godaddy... and im wondering if it is as simple as adding my ip to the godaddy domain management | 04:41 |
| ^Elfboy | like mv x to a | 04:41 |
| seanh_ | lando: what do you mean? | 04:42 |
| seanh_ | you want to use your box as a dns server? | 04:42 |
| lando | no | 04:42 |
| lando | i want to host my site from my box but have a godaddy domain name | 04:42 |
| seanh_ | if you're using godaddys dns servers then all you need on your server is apache | 04:43 |
| seanh_ | and probably a firewall | 04:43 |
| faulkes- | lando: yes and no | 04:44 |
| faulkes- | the A record will work | 04:44 |
| faulkes- | the PTR record likely won't as that is assigned to provider specific DNS | 04:45 |
| faulkes- | well, actually, the A record may create problems with lame delegations, I can't remember if bind only does that for PTR's though | 04:45 |
| lando | mgm | 04:45 |
| lando | i mean mhm | 04:46 |
| faulkes- | so, for instance, if you try to send mail out via your domain, the reverse (ptr) won't resolve and many sites will reject the mail (although that is dependent on a number of factors) | 04:46 |
| faulkes- | lame delegations though are generally more bothersome messages than drop dead non functioning issues | 04:48 |
| lando | ah... u make no sense to me faulkes- ... | 04:48 |
| lando | i have added my ip to the a record. | 04:49 |
| kgoetz | lando: short answer is yes, but may not work as you expect | 04:49 |
| faulkes- | correct | 04:49 |
| * faulkes- is so glad he has access to a portable /23 | 04:51 | |
| faulkes- | solves so many issues when you have your own ip space | 04:51 |
| kgoetz | nice | 04:51 |
| faulkes- | anyways, it's late here, so off to bed I go, night people | 04:55 |
| kgoetz | later mate | 04:55 |
| ^Elfboy | man u guys are going to get sick of me | 06:20 |
| ^Elfboy | what would i need to get to show server info like hd ram and all that stuff | 06:21 |
| kgoetz | theres a few tools. | 06:22 |
| kgoetz | df -h/ free -m for example | 06:22 |
| Iulian | It's more better to read the manula. | 06:23 |
| Iulian | s/manula/manual | 06:23 |
| ^Elfboy | :) | 06:24 |
| Iulian | Also I bet you didn't read the topic. | 06:25 |
| ^Elfboy | yes i did | 06:26 |
| Iulian | Aww, by the way, good morning all. | 06:26 |
| ^Elfboy | lol | 06:26 |
| Iulian | ^Elfboy: Then you should be fine :) | 06:27 |
| Iulian | Yea, I just woke up. | 06:27 |
| ^Elfboy | and if ubuntu server use gentoo portage this wold be ezer:) | 06:27 |
| Iulian | Ubuntu is ubuntu and gentoo is gentoo. | 06:28 |
| ^Elfboy | :) | 06:28 |
| * Iulian *yawns* | 06:28 | |
| kgoetz | checking your ram is easier with portage? | 06:28 |
| ^Elfboy | i wnet with ubuntu server cose i did not fell like taking the time to set up netwoing and all that | 06:28 |
| ^Elfboy | everthing is ez | 06:29 |
| ^Elfboy | emerge is better the apt-get | 06:29 |
| ^Elfboy | :) | 06:29 |
| kgoetz | *cough* troll | 06:29 |
| ^Elfboy | lol | 06:29 |
| ^Elfboy | i was just statin my point | 06:30 |
| ^Elfboy | :) | 06:30 |
| ^Elfboy | not "troll" | 06:30 |
| ^Elfboy | my server is ubuntu | 06:30 |
| ^Elfboy | for a reason | 06:30 |
| pschulz01 | Question about /etc/network/if-ip.d | 06:44 |
| pschulz01 | Do all of the scripts get called everytime an interface is brought up? | 06:45 |
| Gargoyle | mormin all | 08:03 |
| _ruben | g'day | 08:31 |
| kraut | moin | 08:33 |
| nijaba | hello | 09:32 |
| Iulian | Hey | 09:38 |
| === `6og is now known as Kamping_Kaiser | ||
| ivoks | how about moving some parts of bacula to main, and leave some in universe? | 10:31 |
| ivoks | like GUI console; we could leave that in universe | 10:31 |
| === \sh_away is now known as \sh | ||
| spiekey | hello! | 11:49 |
| spiekey | any comments how i best upgrade libnss_ldap on dapper to a higher version? | 11:50 |
| spiekey | i need to get libnss_ldap version 245 on my box | 11:50 |
| Kamping_Kaiser | you can try backporting, but it may be a bit core to backport safely | 11:50 |
| spiekey | that sounds liek a real manual task?! :) | 11:51 |
| Kamping_Kaiser | i expect it will be. (being part of libnss) | 11:51 |
| spiekey | damn | 11:52 |
| Kamping_Kaiser | spiekey, do you need 245 specifically? | 11:53 |
| spiekey | anythign above would be fine | 12:03 |
| Kamping_Kaiser | whats special about it? | 12:04 |
| spiekey | i have this problem: http://osdir.com/ml/ldap.padl.nss/2006-09/msg00014.html | 12:05 |
| Kamping_Kaiser | i suspect you'll have to go with option 1. | 12:06 |
| Kamping_Kaiser | but hang around, someone else might know otherwise :) | 12:06 |
| Kamping_Kaiser | night mate :) | 12:07 |
| Kanashimi | Hey there. Trying to install bw_mod by compiling it with apxs2, I have apache2-prefork installed on the system as well as installed the apache2-prefork-dev package. When I try to load the module though I get the error: /usr/lib/apache2/modules/mod_bw.so: undefined symbol: apr_atomic_cas Is there some additional dev package I need to still install? | 12:07 |
| Kamping_Kaiser | Kanashimi, you have to install hte module against the source of the apache version you have installed | 12:08 |
| Kamping_Kaiser | but really gnight ;) | 12:08 |
| spiekey | Kamping_Kaiser: removing groups from nsswitch is not possible, whats the point in my ldap auth system then? ;) | 12:08 |
| Kanashimi | Hmm, I'm using the normal apache2 package and the normal dev package. | 12:08 |
| Kamping_Kaiser | spiekey, to auth users :) | 12:09 |
| spiekey | only the bloody vmware seems to have problems with it | 12:09 |
| Kamping_Kaiser | but i do understand what your saying | 12:09 |
| Kanashimi | Good night though if you're on your way out. | 12:09 |
| Kanashimi | Shouldn't the apache2 package and the dev package be the same given that both are of the most up to date version? | 12:10 |
| soren | spiekey: Backporting the package is not that hard. | 12:19 |
| soren | spiekey: I'm off to lunch now, I can help you afterwards. | 12:19 |
| spiekey | thanks! That would be great! | 12:27 |
| sigma_1234 | where can i get the pdf version of the ubuntu server handbook? | 12:27 |
| spiekey | http://www.google.de/search?hl=de&q=where+can+i+get+the+pdf+version+of+the+ubuntu+server+handbook%3F&btnG=Google-Suche&meta= | 12:32 |
| sigma_1234 | which link do you recommend from there? | 12:35 |
| spiekey | i dunno :) | 12:37 |
| sigma_1234 | i found one for 6.10 . how different is the latest version? | 12:40 |
| === joerlend__ is now known as XiXaQ | ||
| jjesse | i hate that i always miss these mtgs | 16:38 |
| === \sh is now known as \sh_away | ||
| mathiaz | hi jjesse | 16:58 |
| ScottK | jjesse: re your mail... Yes. We've defined some roles. We need to do more of it. | 16:59 |
| jjesse | hello mathiaz and ScottK | 17:03 |
| jjesse | yes i agree we ned to do more of it, wish i had more time to help and learn | 17:03 |
| * faulkes- yawns | 17:03 | |
| faulkes- | time to grab a coffee | 17:04 |
| ScottK | Hello jjesse | 17:04 |
| dendrobates | jcastro: are you around? | 17:33 |
| faulkes- | ScottK: the roles that have been defined, is this in a doc somewhere? | 17:47 |
| mathiaz | faulkes-: on the GettingInvolved page | 17:47 |
| ScottK | faulkes-: I have no idea. I pay as little attention to documented process and procedure stuff as I can get away with. mathiaz would be a better person to ask. | 17:48 |
| faulkes- | ok, so just there | 17:48 |
| === ScottK changed the topic of #ubuntu-server to: Ubuntu Server discussion and support || For general (not server specific) support visit #ubuntu || Get involved: https://wiki.ubuntu.com/ServerTeam/GettingInvolved || Guide to asking questions on IRC: http://www.sabi.co.uk/Notes/linuxHelpAsk.html || Ask questions that get answered: http://www.catb.org/~esr/faqs/smart-questions.html || Be patient. Don't ask to ask, just ask. || server guide: https://help.ubuntu.com/7.10/server/C/ || https://wik | ||
| ScottK | Urgh. Need to shorten it. | 17:51 |
| mathiaz | ScottK: yeah... that'd be a good idea ;) | 17:51 |
| === ScottK changed the topic of #ubuntu-server to: Ubuntu Server discussion and support || For general (not server specific) support visit #ubuntu || Get involved: https://wiki.ubuntu.com/ServerTeam/GettingInvolved || Guide to asking questions on IRC: http://www.sabi.co.uk/Notes/linuxHelpAsk.html || http://www.catb.org/~esr/faqs/smart-questions.html || Be patient. Don't ask to ask, just ask. || server guide: https://help.ubuntu.com/7.10/server/C/ || https://wiki.ubuntu.com/ServerTeam | ||
| ScottK | That fits. | 17:51 |
| faulkes- | mathiaz: will do re: second draft to list and w/ your comments | 18:00 |
| jcastro | dendrobates: yep | 18:37 |
| sommer | jdstrand: around? | 19:23 |
| jdstrand | yep | 19:24 |
| sommer | I whipped up a short ufw section, and was wondering if you'd be willing to take a look at it? | 19:24 |
| jdstrand | sure! | 19:24 |
| jdstrand | wehere? | 19:25 |
| sommer | it's pretty short, covers some examples from the man page | 19:25 |
| sommer | cool, I can email it to you since I haven't committed it yet | 19:25 |
| sommer | is it cool to send it to your address in lp? | 19:26 |
| jdstrand | yep | 19:26 |
| sommer | cool, thanks | 19:26 |
| ScottK | jdstrand: Did you see what we did for the security status of clamav in Dapper today? | 19:26 |
| jdstrand | ScottK: no | 19:26 |
| ScottK | jdstrand: Look at the top line https://launchpad.net/ubuntu/+source/clamav/+publishinghistory | 19:27 |
| ScottK | That wiped out at least a dozen CVEs. | 19:27 |
| jdstrand | \o/ | 19:28 |
| jdstrand | that's fantastic | 19:29 |
| ScottK | That was a multi-month project to get all the rdepends updated and testing. | 19:29 |
| ScottK | testing/ed | 19:29 |
| jdstrand | great! :) | 19:29 |
| ScottK | If you want to show up and cheer for my core-dev application at the Tuesday tech board meeting ... | 19:29 |
| jdstrand | I can cheer-- but you should know I'm not core-dev yet ;) | 19:30 |
| jdstrand | keescook: is though | 19:30 |
| jdstrand | s/:// | 19:30 |
| zul | ill bring my pom poms | 19:31 |
| ScottK | Heh. | 19:31 |
| jdstrand | ScottK: did you document all that went into that? I'd be happy to look at it and comment (somewhat) intelligenty on it for core-dev | 19:31 |
| ScottK | Yes I did | 19:32 |
| ScottK | Just a sec for links | 19:32 |
| ScottK | https://wiki.ubuntu.com/MOTU/Clamav?action=show https://launchpad.net/~ubuntu-clamav/+archive https://bugs.launchpad.net/ubuntu/dapper/+source/clamav/+bug/190187 | 19:34 |
| ubotu | Launchpad bug 190187 in clamav "Dapper clamav has multiple security issues that require upgrade to new version to fix" [High,Fix released] | 19:34 |
| ScottK | That didn't work out very well | 19:34 |
| ScottK | https://wiki.ubuntu.com/MOTU/Clamav?action=show - https://launchpad.net/~ubuntu-clamav/+archive - https://bugs.launchpad.net/ubuntu/dapper/+source/clamav/+bug/190187 | 19:34 |
| ScottK | I've removed the Dapper packages from the PPA because they are in the archive now, but they're listed in the bug. | 19:35 |
| dendrobates | jcastro: when you tried likewise yesterday, was in on ubuntu-desktop or ubuntu server? | 19:38 |
| jdstrand | ScottK: cool, I made a note of it and will read through it | 19:39 |
| ScottK | jdstrand: Thanks. | 19:39 |
| jdstrand | I may need reminding on Tuesday ;) | 19:39 |
| ScottK | Got it. | 19:39 |
| jcastro | dendrobates: desktop | 19:39 |
| dendrobates | jcastro: there is a known bug when using network-manager. Jerry is working on a fix. | 19:40 |
| jcastro | dendrobates: ah ok, thanks. | 19:41 |
| mathiaz | jdstrand: you can also stop by to support my core-dev application | 19:50 |
| jdstrand | mathiaz: sure :) | 19:50 |
| jdstrand | sommer: just read through your ufw section | 19:53 |
| jdstrand | shall I respond here or in email? | 19:53 |
| jdstrand | or diff? | 19:53 |
| sommer | jdstrand: either works for me | 19:57 |
| jdstrand | ok, how about here :) | 19:57 |
| jdstrand | first-- thanks! | 19:57 |
| sommer | np | 19:57 |
| sommer | thank you | 19:57 |
| jdstrand | your quote in the manpage doesn't format properly in yelp (on gutsy) | 19:57 |
| jdstrand | that wasn't right | 19:58 |
| jdstrand | your manpage quote isn't formatted properly in yelp | 19:58 |
| jdstrand | (that's better) | 19:58 |
| sommer | ya, I played with it a little to fit in the grey box | 19:58 |
| sommer | there may be a better way to represent that... I didn't do too much digging | 19:59 |
| jdstrand | this should be changed 'replace _port 22_ with _ssh_' | 19:59 |
| jdstrand | to 'replace _22_ with _ssh_' | 19:59 |
| jdstrand | ie 'port' is required in either case | 19:59 |
| sommer | ah, I'll change that | 20:00 |
| jdstrand | (it's only not required when using the simple syntax) | 20:00 |
| jdstrand | two other ideas: | 20:01 |
| sommer | sure | 20:01 |
| jdstrand | 1. ufw will support custom rules in its /etc/ufw/*.rules files, so it is not mutually exclusive to iptables | 20:01 |
| jdstrand | (ie you can add a NAT rule in there, but still use ufw for everything else if desired) | 20:02 |
| jdstrand | 2. you might mention the 'ufw logging on' and 'ufw logging off' in the Logging section | 20:02 |
| jdstrand | "If using, ufw..." or some such thing | 20:02 |
| sommer | ya, I was thinking about that too :) | 20:03 |
| jdstrand | I don't know if you want to use '1' or not, but the whole point of ufw is to make things easier, but without getting in the way of the admin | 20:04 |
| sommer | I think it could be mentioned, maybe in context with the section on masquerading | 20:04 |
| jdstrand | it has a robust way of dealing with chains and startup, so using just the files that are there without the cli would likely be quite useful for people | 20:04 |
| sommer | gotcha, I'll make those adjustments | 20:05 |
| sommer | thanks for the feedback, great stuff | 20:06 |
| jdstrand | you are really good at docs, so keep up the good work. another idea might be, since ufw is now installed by default, is to reorganize a bit | 20:06 |
| jdstrand | that is up to you of course | 20:06 |
| sommer | reorganize? the firewall section? | 20:06 |
| jdstrand | ie, if ufw were higher up, it would be easier to talk about the iptables rules on their own, or in the context of ufw | 20:06 |
| jdstrand | Tools would like become 'Other Tools | 20:07 |
| jdstrand | but then, maybe I am biased-- it's just an idea | 20:07 |
| * jdstrand knows he is biased :) | 20:07 | |
| ScottK | jdstrand: We ought to think about backporting ufw when you think it's ready. | 20:07 |
| sommer | sure, I'll take a look at it, I don't think the firewall section has really had any attention since it was first written | 20:08 |
| jdstrand | ScottK: it works fine on gutsy | 20:08 |
| jdstrand | it does need python 2.5 though | 20:08 |
| ScottK | jdstrand: So feisty and edgy should worl | 20:08 |
| ScottK | work | 20:08 |
| jdstrand | there are just a couple of python 2.5 things, so going to dapper wouldn't be horrific... | 20:09 |
| jdstrand | I'd have to think about that | 20:09 |
| jdstrand | ScottK: I imagine once we get closer to hardy release, we can revisit backporting | 20:10 |
| ScottK | sommer and jdstrand: One question I'm having right now is "I've got my iptables rules already, is UFW better or can I just ignore it" | 20:10 |
| mathiaz | I agree with jdstrand idea to put ufw first in the documentation | 20:10 |
| ScottK | jdstrand: Yes. When you're ready. Although backporting to Gutsy sooner is one way to get more testing. | 20:10 |
| mathiaz | it's the default and preferred way to handle firewalling. | 20:10 |
| jdstrand | ScottK: simple answer is if your firewall configuration is already working for you, don't change it | 20:10 |
| mathiaz | presenting iptables later on for customization makes sense. | 20:10 |
| jdstrand | (that is the sysadmin in me) | 20:11 |
| sommer | mathiaz: agreed, I'll give it some lovin this weekend | 20:11 |
| jdstrand | sommer: you may want to check out the /etc/ufw/*rules files to see how they work with custom rules | 20:12 |
| sommer | jdstrand: sure | 20:12 |
| jdstrand | sommer: the manpage only casually references it | 20:12 |
| jdstrand | I can change that if needed | 20:12 |
| sommer | jdstrand: I'll dig into them, but I think for now the man page covers them enough | 20:14 |
| jdstrand | sommer: also, especially if talking about FORWARDing stuff, look in /etc/default/ufw | 20:14 |
| sommer | roger that | 20:15 |
| faulkes- | question: are there likely to be any interactions between ufw and virt support | 20:16 |
| faulkes- | I know that at least in some cases, rules get added, such as with dnsmask and what not | 20:16 |
| jdstrand | sommer: NAT and segmented network firewalling are not supported in the cli, but everything is in place to allow an admin to do this with the ufw chains | 20:16 |
| faulkes- | so that virt networking (dhcp, other stuff) works | 20:16 |
| jdstrand | faulkes-: how is it added? | 20:17 |
| faulkes- | as I havent seen the virt stuff on gutsy yet, I know that at least on centos, when I boot up xen, rules get added to iptables to allow networking to the virtuals | 20:18 |
| jdstrand | faulkes-: if just added to the INPUT chain, shouldn't be a problem | 20:18 |
| jdstrand | the current chain setup is: | 20:18 |
| faulkes- | iirc, no, it's not added to the input chain | 20:18 |
| jdstrand | INPUT -> ufw-before-input -> ufw-user-input -> ufw-after-input -> policy of INPUT | 20:19 |
| mathiaz | faulkes-: you may wanna check kvm in hardy to figure out how things are done | 20:19 |
| jdstrand | faulkes-: testing in this regard would be great | 20:19 |
| mathiaz | faulkes-: the state of virtualization in gutsy isn't going to change. | 20:20 |
| mathiaz | faulkes-: it's on hardy that things can get fixed. | 20:20 |
| jdstrand | but if you simply do -A INPUT, it traverse all those chains and if no match, then hits this rule | 20:20 |
| faulkes- | http://paste.ubuntu.com/4356/ | 20:20 |
| faulkes- | that's from one of my centos boxen running xen's | 20:21 |
| jdstrand | faulkes-: ufw currently doesn't do anything with FORWARD | 20:21 |
| jdstrand | except set the policy in /etc/default/ufw | 20:21 |
| faulkes- | granted, I should be comparing apples to apples | 20:21 |
| * faulkes- nods | 20:21 | |
| jdstrand | faulkes-: flip that from 'DROP' to 'ACCEPT' and no worries | 20:21 |
| jdstrand | but testing is great! | 20:22 |
| faulkes- | was just a question because I know last meeting someone mentioned they needed to get dnsmasq working | 20:22 |
| faulkes- | and other stuff, related to virt/kvm stuff | 20:22 |
| faulkes- | and yes, testing would be great | 20:22 |
| faulkes- | I'm working to try and get soe suitable hardware available on which I can do that | 20:23 |
| faulkes- | s/soe/some | 20:23 |
| jdstrand | faulkes-: ufw doesn't help, but it also doesn't hinder in this regard | 20:23 |
| * faulkes- nods | 20:23 | |
| jdstrand | (I forgot to mention, you'd need to flip ip_forward in the normal way) | 20:24 |
| * faulkes- nods | 20:24 | |
| jdstrand | sommer: oh, not sure if it's worth mentioning in the docs, but ufw also supports ipv6 | 20:26 |
| sommer | jdstrand: ya, I thought about that, but personally I have 0 experience with it... been meaning to setup up an ipv6 network :-) | 20:27 |
| sommer | I'll add something about it | 20:27 |
| jdstrand | I have 1 experience | 20:27 |
| jdstrand | heh | 20:27 |
| sommer | personally I think it's just a myth... ;-) | 20:27 |
| jdstrand | I got a bug report on it | 20:28 |
| jdstrand | there is at least 1 user | 20:28 |
| sommer | heh, but it didn't work for him? | 20:28 |
| faulkes- | yes, I was here when he was encountering the issue iirc | 20:28 |
| jdstrand | no-- but I didn't expect it to when he filed | 20:28 |
| ScottK | I know at least one person running a Debian Lenny server on IPv6 without issue. | 20:29 |
| ScottK | All the stuff I'm upstream for I wrote to work equally well with IPv6 (although I've no proof it does). | 20:29 |
| ScottK | For Hardy, but LTS, we really do need to be thinking IPv6. | 20:30 |
| * faulkes- would concur | 20:30 | |
| sommer | it always seems like one of those things that people mean to do, but until they are forced to it's just put off | 20:30 |
| sommer | or maybe it's just me... | 20:30 |
| faulkes- | sommer: no, it's not just you | 20:31 |
| ScottK | Well the forced to part is likely to come up during Hardy's lifetime. | 20:31 |
| faulkes- | although the root servers recently started ipv6 support | 20:31 |
| ScottK | Some, not all. | 20:31 |
| * jdstrand was truly planning to implement it, and had various hooks to do it, but the report came in too soon ;) | 20:31 | |
| faulkes- | yes, some not all of the root servers | 20:32 |
| faulkes- | I think what we're saying is that we want to be forward looking on the ipv6 issue, rather than reacting to it | 20:32 |
| faulkes- | just my opinion though | 20:32 |
| * jdstrand nods | 20:33 | |
| faulkes- | iirc isn't there a mandated switch-over to ipv6 for the u.s. gov? | 20:33 |
| ScottK | "You don't need to become an expert in IPv6 stuff to be safe if you use UFW." would be a killer angle for uptake. | 20:33 |
| jdstrand | heheh | 20:34 |
| jdstrand | easy there-- it only handles firewalling | 20:34 |
| faulkes- | ease of use tends to trump most cards | 20:34 |
| ScottK | Right. | 20:34 |
| faulkes- | jdstrand: just you wait, we'll have it replacing init and xinetd as well | 20:35 |
| ScottK | But from an IPv4/6 security perspective I'd think firewall is the key thing I have to figure out. | 20:36 |
| faulkes- | but I agree with ScottK, it is a killer angle which would help adoption | 20:36 |
| ScottK | jdstrand: Do you support rate limiting? | 20:37 |
| jdstrand | ScottK: no qos type stuff yet | 20:37 |
| jdstrand | hardy+1 | 20:37 |
| jdstrand | (or more) | 20:37 |
| jdstrand | the backend is not much more than iptables-retore stype stuff | 20:38 |
| ScottK | I was thinking iptables type stuff. | 20:38 |
| jdstrand | there is software that already does a lot of this other stuff | 20:38 |
| jdstrand | (eg shorewall) | 20:38 |
| jdstrand | but that software is itself not super easy to get going | 20:38 |
| jdstrand | so I wrote ufw in such a way that switching out the backend would not be too difficult, if a more fully featured backend that existed could be used | 20:39 |
| ScottK | http://paste.ubuntu-nl.org/55267/ is what I use to keep ssh dictionary attackers from knocking on my door for to long | 20:39 |
| ScottK | I think that's sensible without the rest of the script. | 20:40 |
| jdstrand | sure | 20:40 |
| jdstrand | drop that into /etc/ufw/before.rules (adjust the -A INPUT) and voila | 20:41 |
| incorrect | i am debating if i should build myself a custom kernel for my game server using pre-emptive and high res timer | 20:41 |
| ScottK | Obviously that doesn't scale for boxes that lots of people have shell access to, but for the case where it's a small number of admins, it's an easy win. | 20:41 |
| incorrect | i am also debating about using the 2.6.24 kernel | 20:41 |
| faulkes- | ScottK: have you considered denyhosts? | 20:46 |
| faulkes- | although it's more general purpose in nature, it's what I use for dictionary based stuff | 20:46 |
| ScottK | faulkes-: I did. For my purposes 4 lines in iptables did what I needed, so no need to actually install an entire package and add low level complexit. | 20:47 |
| * faulkes- nods | 20:47 | |
| leonel | ScottK: I have that too but I've added fail2ban to block the smtp auth attempts | 20:48 |
| ScottK | I rate limit smtp auth attempts in postfix. | 20:49 |
| ScottK | heya leonel. Thanks again for all your help on clamav. We'd not have Dapper up to date now without your help. | 20:50 |
| incorrect | anyone know where i can get the server config from without having to install? | 20:51 |
| leonel | ScottK: no, thank you ! | 20:52 |
| mathiaz | incorrect: it should be in the git tree on kernel.ubuntu.com | 20:55 |
| mathiaz | incorrect: you can also install the binary package and the config will be under /boot | 20:56 |
| incorrect | without having to install :) | 20:56 |
| mathiaz | incorrect: there isn't any need to download the source deb. | 20:56 |
| mathiaz | incorrect: well - you can get the deb and extract the config file from it | 20:56 |
| incorrect | i am looking at building a 2.6.24 kernel | 20:56 |
| incorrect | seems to have some good features | 20:56 |
| incorrect | just wanted to make sure i don't spend hours tweaking | 20:57 |
| leonel | ScottK: was a great job with clamav thank you | 21:01 |
| ScottK | leonel: You're welcome. | 21:03 |
| incorrect | linux-image-server_2.6.22.14.21_amd64.deb doesn't contain a kernel | 21:05 |
| danp | is it possible to cross-compile packages for amd64 on an i386 xen guest? | 21:58 |
| === antdedye1_ is now known as antdedyet | ||
| ivoks | zul: here? | 22:15 |
| ivoks | zul: i'm already rewriting bacula's make_catalog_backup | 22:15 |
| ScottK | ivoks: Did you see my mail to the server ML about amavisd-new? | 22:17 |
| * antdedyet wonders if he will ever find reason to use anything other then backuppc for backups | 22:17 | |
| danp | hmm, i guess not | 22:17 |
| danp | my test didn't go so well | 22:17 |
| ivoks | ScottK: yes | 22:17 |
| ScottK | ivoks: OK. Over to you now then for tasksel update. | 22:17 |
| danp | it seems i would need to be able to run x86_64-linux-gnu-gcc | 22:17 |
| ivoks | antdedyet: backup of 15TB of data | 22:17 |
| ivoks | backuppc is just a fancy name for rsync script every unix admin already has :D | 22:18 |
| ivoks | ScottK: i'll update it during this week | 22:19 |
| danp | i tried "RESTORE" the other day. it took 30 minutes to copy 400M | 22:19 |
| ScottK | ivoks: Great. | 22:19 |
| antdedyet | ivoks: what about bacula allows you to do 15TB where backuppc would not? | 22:19 |
| ivoks | antdedyet: it stores on tapes | 22:19 |
| faulkes- | and tapes can be taken off-site, stored in a safe place in case of emergency | 22:20 |
| ScottK | antdedyet: ivoks has 6 days until feature freeze. Please distract him after that. ;-) | 22:21 |
| antdedyet | ivoks: oh, yuck. :( I had enough of tape storage with StorageTEK PowderHorns :( | 22:21 |
| antdedyet | ScottK: ah, ok :) | 22:21 |
| faulkes- | or, if you are the goverment, lost with all your information on them | 22:21 |
| antdedyet | faulkes-: nothing wrong with storing an on-disk backup server off-site. | 22:21 |
| faulkes- | if you have the bandwidth to regularly backup 15TB, go for it | 22:22 |
| antdedyet | faulkes-: incremental backups! | 22:22 |
| antdedyet | Anyway. :) | 22:22 |
| antdedyet | I will try out bacula when someone forks over tape drive. | 22:22 |
| antdedyet | I am interested in the mentoring program when you guys get something set in stone, btw | 22:23 |
| ScottK | faulkes-: Did you mean for your reply to my forums message to go to me or the ML? | 22:24 |
| faulkes- | hmmm, I may have just hit reply, i did mean for it to go to the ML | 22:25 |
| ScottK | It didn't go there. | 22:26 |
| * faulkes- nods | 22:26 | |
| * faulkes- will fix | 22:26 | |
| mathiaz | antdedyet: I'd love to here what you'd expect from such a program (if you reply to my email that would be great as I'm heading soon) | 22:27 |
| faulkes- | thanks for the headsup | 22:27 |
| antdedyet | mathiaz: sure thing; I will convert from lurker into activist. :) | 22:27 |
| * ScottK is a huge fan of mail clients with "Reply to List". | 22:28 | |
| faulkes- | well, I keep mail seperated for a number of things | 22:37 |
| faulkes- | normally I just use mutt | 22:38 |
| ScottK | Right, I keep mine separate too. If I'm in the ML folders, I always hit reply to list (except of course when I don't). | 22:38 |
| ivoks | man... i love python | 22:39 |
| ivoks | best thing since wheel | 22:39 |
| nxvl_work | ScottK: which mail client did you use? | 22:39 |
| ScottK | Kmail | 22:39 |
| nxvl_work | mm | 22:39 |
| nxvl_work | not a big fan of qt | 22:39 |
| nxvl_work | :P | 22:39 |
| * ScottK is not a fan at all of Gnome. So there you are. | 22:39 | |
| ivoks | mathiaz: i'll rewrite make_catalog_backup, new script will read bacula's config and wound't need to get username and password as arguments | 22:40 |
| ivoks | only name of catalog | 22:41 |
| mathiaz | ivoks: seems like a good option to me. | 22:43 |
| ivoks | it kind of pita to setup cause bacula's config can have multiple catalogs and spaces make no differens (nor do lower/uper casse latters), but it should be done in couple of hours | 22:45 |
| zul | ivoks: sweet | 23:36 |
| ivoks | i got it! :) | 23:46 |
Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!