[00:00] <Deeps> owh: which bit are you disagreeing with?
[00:01] <owh> ajmitch: Yes, the threshold to entry is low, which is both good and bad. I suspect it just means more work for me in the long-run. I've seen "secure" code that made me blanch - Credit Card details stored in clear text in a database table, no user password, really scary stuff.
[00:01] <owh> Deeps: No, I was laughing because ajmitch used the same phrase for Python.
[00:01] <Deeps> owh: hehe, yeah, it was intentional ;)
[00:02] <owh> Deeps: I knew that, and it drew a laugh :)
[00:02] <Deeps> :)
[00:18] <infinity> ajmitch: I beg to differ on one point.
[00:19] <ajmitch> why certainly
[00:19] <infinity> ajmitch: PHP's security record is much better than the world believes, in that 99% of PHP CVEs are based on the assumption that PHP should hold a user's hand WRT input validation, etc.
[00:19] <infinity> ajmitch: So, while it's true that these are bugs in PHP (because it attempts to do the hand-holding, and occasionally messes up), no other language I know of does the hand-holding in the first place.
[00:20] <infinity> ajmitch: Of course, if we had it my way, all web apps would be CGIs written in C, and all programmers would be literate, and capable of tying their own shoes...
[00:20] <ajmitch> sadly sometimes trying to do a task & failing can be worse than not trying at all
[00:20] <infinity> ajmitch: And PHP upstream is realising that as well, which is why they've dumped things like register_globals on the floor and such in recent releases.
[00:21] <ajmitch> I'm glad of that
[00:21] <infinity> "We can't validate this correctly, no matter how hard we try, so don't use it at all, and validate your own damned input."
[00:22] <infinity> In the end, my biggest complaints about PHP are twofold.
[00:22] <owh> infinity: Yes, I agree, most of the issues I come across are script based.
[00:22] <infinity> 1) I've had numerous arguments with upstream over the course of the last 6 years or so about thread-safety, and even when I provide patch after patch, they still refuse to "officially" support their TSRM backend.
[00:23] <infinity> 2) The barrier for entry for script writing is so low that people seem to literally stumble over it, and these are often not the people you want writing your software.
[00:23]  * ajmitch would never say that the barriers of entry are low for something like Zope
[00:24] <infinity> No, I wouldn't either.
[00:24] <owh> infinity: Think of 2) as an employment incentive for you :)
[00:24] <infinity> But I'm not positive that makes it "better", it just makes it more likely that the people using it successfully are, on average, a bit brighter.
[00:24] <ajmitch> sorry, some of my bitterness of struggles with plone in recent days are leaking through
[00:25] <infinity> PHP is a double-edged sword.  I love how easy it is to get into, I love how quickly one can bang out a surprisingly complex web app, I hate that most of the people doing so are doing so because it's the only language they're capable of learning, rather than doing so because they COULD use something harder, and decided not to.
[00:25] <owh> infinity: Not always. Because of integrated IDE's, it's just getting easier everywhere. Most of the "programmers" I come across have never heard of XOR and don't understand what a stack is, pretty basic concepts that they've never mastered. These are the people who write our current crop of end-user visible software.
[00:26] <infinity> The job I held before Canonical was writing PHP extensions in C for a company that wrote complex in-house PHP applications.
[00:26] <ajmitch> not requiring having long-running processes has been quite a bonus for PHP deployment
[00:26] <infinity> I was asked repeatedly by coworkers why I worked on anything PHP-related if I was obviously capable of working with lower-level languages, something they seemed rather jealous of.
[00:26] <owh> infinity: Heh
[00:27] <infinity> It just seemed odd to me, I guess.
[00:28] <infinity> I'd been doing "prototype in a RAD language, then reduce to C for speed" in Perl for ages, and no one asked that question there.
[00:28] <infinity> They'd never say "dude, why write perl modules when you clearly know C?!", it just made sense to prototype in perl, then drop down to C.
[00:28] <owh> I think we're actually seeing a dumbing down of our industry. I have spent the last week working with an embedded satellite tracker. The manufacturer refused to provide the message DTD without a 5-year NDA, and told me it was encoded. I spent 2 days decoding it. Just bits and bytes, simple.
[00:28] <infinity> But for PHP, the very idea of doing anything in C seems to scare people.
[00:29] <owh> And this wasn't the sales department either, this was their seniour software guy.
[00:30] <owh> infinity: But it's not limited to software development, it's right here, in server administration too.
[00:30] <infinity> I see the same pushback from the Python community, though for different reasons, I think.  I'm pretty sure Python programmers just think that Python is so whizz-bang and can do no wrong, that when you suggest rewriting a complex Python library as a C module, they can't fathom why you'd want to make their code "ugly" in such a vicious way.
[00:30] <ajmitch> owh: now you'll probably end up with legal action due to circumventing access restrictions or similar :)
[00:31] <owh> ajmitch: Well, we purchased the tracker, it sends messages to us which we need to use and we couldn't run Windows to do it. They can come and get me. I'm not in their country. I resisted temptation to email their DTD back to them :-)
[00:31] <ajmitch> I think it's partly due to a language becoming more popular, and less experienced programmers get involved
[00:31] <jiqiren> hardware is cheaper then people, why pay for expensive people when you can just buy 4 or 10X the hardware?
[00:32] <infinity> jiqiren: And, yes, that's generally the crux of the issue, at the business level, you're right.  Very little code these days should be profiled, because profiling costs more than hardware.
[00:32] <owh> jiqiren: Because that is rubbish. The cost is not in writing the code, the cost is in maintaining it.
[00:32] <jiqiren> owh: so can you maintain C or Python easier?
[00:32] <infinity> But this also means that the number of programmers CAPABLE of profiling code is slowly diminishing to the tiny subset of "crazy kernel and toolchain hackers" and such.
[00:32] <owh> jiqiren: I'm not saying that management agrees with my assessment, but that's the reality of it - mostly in "hidden costs".
[00:33] <owh> jiqiren: Well in the case of C, yes. It's much more structured and required to be so. That means that simple script authors cannot get started without training, something which PHP lacks.
[00:33] <owh> jiqiren: I cannot yet speak for Python.
[00:33] <infinity> owh: From a business POV, "maintenance" is largely a question of "how many people can I hire to replace you?"... It's way easier to find a PHP hack to look at your code when you quit than a C hacker to maintain your tree.
[00:34] <owh> infinity: Yes, but the hack will cost more money in the long run. Most issues are generated as a result of "results now" business model.
[00:34] <owh> infinity: I see less and less businesses wanting to be here 10 years from today.
[00:35] <infinity> owh: While possibly true, this line of reasoning will lead to all software being written in LISP. :)
[00:35] <jiqiren> owh: so I can hire a whole team of php kids - who bang away and get it going - or pay "too much" to get 1 good coder... If I pay for 1 good coder he should be figuring out new qiz-bang aps... not wasting his time tweaking a loop
[00:35] <owh> jiqiren: No, a heard of monkeys will never write Shakespeare.
[00:35] <owh> infinity: Well, that or COBOL :)
[00:36] <jiqiren> Well I don't hire a heard of monkeys, I hire a heard of college dropouts or fresh-out-of-college kids
[00:36] <owh> jiqiren: And in what way are they better than monkeys?
[00:36] <jiqiren> and I don't need Shakespeare, I need American Idol
[00:37] <owh> jiqiren: No, you just think you do.
[00:37] <owh> jiqiren: You illustrate my point exactly.
[00:37] <owh> jiqiren: The world does not progress with American Idol, but it does with Shakespeare.
[00:38] <jiqiren> with your narrow definition of progress
[00:38] <owh> jiqiren: Yesterday I was having a discussion about why Science Fiction is different from all other genres. Ideas are what matter.
[00:38] <owh> jiqiren: No, I mean where the world gains skills and insights into itself.
[00:38] <infinity> In the end, your business decisions will be dictated by what you need to get done, how quickly, and who you can hire to do it.
[00:39] <jiqiren> owh: you're talking academics. the business world has a bottom line
[00:39] <owh> I was just saying that the way it looks to me at the moment is that the world is becoming dumber.
[00:39] <infinity> At Canonical, we write a LOT of software in Python.  Some of that may have to do with a seemingly company-wide love affair with the language, but the other equally valid reality is that we can't hire 100 Colin Waton clones to do it all in C.
[00:39] <owh> jiqiren: But the academic view and the business view are not separate, they're a different side of the same coin.
[00:39] <jiqiren> I (and others) can argue it is becoming more efficient
[00:40] <infinity> Good programmers are hard to find, and even harder to hire.  Mediocre ones are reasonably plentiful.  Bad ones are a dime a dozen.
[00:40] <owh> infinity: And PHP attracts the latter :)
[00:40] <infinity> If I was still involved with PHP upstream, I might pretend to take offense at that. :P
[00:41] <owh> infinity: To clarify, I wasn't talking about upstream as such, but if the shoe fits :)
[00:41] <jiqiren> language doesn't directly relate to quality of software or the programmers
[00:41] <infinity> But, yes, I agree.  Making things simple invites the simple-minded to use it.  Not a fault of the language, so much, but it does make reading resumes and hiring people who aren't complete morons a bit tougher.
[00:41] <jiqiren> PHP and Python are popular, so there is just a bigger pool to go fishing in
[00:41] <jiqiren> RoR is next
[00:41]  * owh has to wave farewell from this stimulating conversation and be off.
[00:42] <Deeps> PHP is just as easy to pick up by the wrong people as Ubuntu
[00:42]  * owh resolves to check the irc logs :)
[00:42] <infinity> I once spent an entire afternoon trying to explain bitmasking to a CompSci grad.  It's a sad world.
[00:42] <owh> Later all.
[00:42] <jiqiren> l8r
[00:42] <Deeps> heh
[00:42] <Deeps> as a recent compsci grad, i hate to do this but...
[00:42] <Deeps> infinity: bitmasking?
[00:42] <jiqiren> lol
[00:42]  * ScottK really likes being able to go back to code he hasn't touched in two years and understand it and pick up work.  
[00:42]  * infinity cries.
[00:43] <ScottK> Another reason to like Python.
[00:43] <Deeps> infinity: gimme the short version
[00:44] <infinity> Deeps: PERMS=127; can_login=8; PERMS && can_login = let_him_in.
[00:44] <Deeps> ScottK: i get that with my java and my php
[00:44] <Deeps> infinity: gotcha
[00:44] <infinity> Deeps: Boolean logic seems to confuse... Everyone.
[00:44] <Deeps> ScottK: good coding practices mean you can do that with almost any language (i dont know C(++) so i cant comment)
[00:45] <infinity> This is a fine example of how people complete miss the point:
[00:45] <infinity> http://thedailywtf.com/Articles/Boolean-Integers.aspx
[00:45] <Deeps> infinity: I'm less confused than I was before your example
[00:45]  * Deeps waits the eternity firefox takes to load
[00:45] <infinity> (Note that those are all strings, there's no binary comparisons there AT ALL)
[00:46] <zul> I for one would welcome the monkeys
[00:46] <infinity> Err, integers actually, but then using string comparisons.
[00:46] <Deeps> lmao
[00:46] <jiqiren> Deeps: time to run FF3 Beta - much improved!
[00:47] <Deeps> jiqiren: time to run FF0.7, much quicker!
[00:47] <jiqiren> boooo, then all my plugins will break
[00:47] <Deeps> I run enough beta software on my laptop as it is without sticking a beta firefox on there on top (I run XP on my laptop ;)
[00:48] <Deeps> Ahh, booo me with my XP bashing, XP's actually pretty good, as far as an OS can be
[00:49]  * Deeps lulz
[00:49] <Deeps> 00:40:07 < twigathy_> http://www.uploadthis.co.uk/uploads/Twigathy/VirusesOnLinux.png <-- wine has got so good I have a fucking windows virus on my ubuntu machine
[00:49] <infinity> I think the limit of XP's usefulness to me can be summed up by its title in my GRUB menu.lst: "World of Warcraft OS 5.1, Service Pack 2"
[00:50] <Deeps> You're a wowfag? :/
[00:50] <infinity> Everyone has to have a vice.
[00:50] <Cahan> mine is excessive cruelty
[00:50] <Deeps> Cocain's less adictive
[00:50] <Deeps> and less of a vice
[00:50] <Deeps> srsly. I doped for 6 months and quit on the spot when I wanted to
[00:51] <Deeps> WoW, i played 1 week, and took me a month to quit :/
[00:51] <infinity> WoW's moderately cheaper, though.
[00:51] <Deeps> and drastically less fun!
[00:51] <jiqiren> Deeps: so you don't use like .... half+ of googles products? they are all in beta still! :)
[00:52] <Cahan> that's lack of willpower tbh, I've just right up quit WoW for months at a time before getting badgered to heal for some raid or another
[00:52] <Deeps> jiqiren: none of them run on my machine ;)
[00:52] <jiqiren> touché
[00:53] <Deeps> I've never looked back on wow, smoking or cigarettes, so I'm pleased enough with myself. I'm still hooked on crisps though (they were my cig substitute)
[00:53] <infinity> My wife plays, so it's a cheap way to spend "family time" together when bored.
[00:53] <Deeps> haha, nice
[00:54] <Deeps> I had a friend who communicated mostly with his wife over IRC
[00:54] <Deeps> She was deaf mind, so it made sense...
[01:38] <kneeki> Is there a way to get a GUI on ubuntu-server? The command line is frightening!
[01:40] <Cahan> the command line is warm and comforting
[01:40] <soren> Boo!
[01:40] <soren> :)
[01:40] <ScottK> kneeki: Look into ebox is you must.
[01:40] <ScottK> is/if
[01:40] <Cahan> but if you insist, "sudo apt-get install ubuntu-desktop"
[01:41] <ScottK> Cahan: In the long run command line will lead you to better understanding of your system.
[01:41] <ScottK> Yes, that too, but then you have to be physically at the server.
[01:41] <kneeki> ebox huh?
[01:41] <Cahan> Cahan, I know, but he asked for a GUI, no need to be elitist and refuse to help just because you prefer the CLI
[01:41] <Cahan> ScottK*
[01:41] <Nafallo> !ebox | kneeki
[01:42] <kneeki> awesome!
[01:42] <ScottK> I didn't.  I suggested ebox.
[01:42] <kneeki> thanks :)
[01:42] <kneeki> downloading now :)
[01:48] <Cahan> is there any reason to upgrade? are there bug fixes that you can only get by dist-upgrading? performance improvements?
[01:49] <mhm_jr> Cahan: I seem to have more free RAM since the upgrade
[01:50] <mhm_jr> I had to stress test my server just to make sure it used swap too. lol prior to my upgrade I usually had a little swap after log rotation and such...not since
[01:50] <Cahan> I'm actually still on Feisty >.>
[01:51] <kneeki> ﻿mhm_jr, what does your server do? Home server, or Work?
[01:51] <mhm_jr> home server, but semi-well used for a home server
[01:51] <kneeki> Ah, mine is a home server as well :)
[01:51] <mhm_jr> I use it from work too to troubleshoot our servers from off the network
[01:51] <kneeki> I'm pretty excited to microwave my windows disks. -_-
[01:52] <kneeki> mhm_jr: lol! I do the same thing. :)
[01:52]  * mhm_jr hasn't used windows since 98...and thats 1998 not windows 98
[01:52] <mhm_jr> :D
[01:52] <kneeki> haha!
[01:52] <mhm_jr> except the few times I'm forced to look at a windows server at work
[01:53] <kneeki> I decided to make the full switch yesterday.
[01:53] <kneeki> I was in such nerd rage, I even wrote a post on my Blog about it
[01:53] <kneeki> lol
[01:53] <mhm_jr> how long have you used it in general?
[01:53] <kneeki> Windows? Probably for the last uhm.... 16 years? Since Win '95
[01:53] <mhm_jr> no, linux
[01:54] <kneeki> Oh, off and on for the last 10 years. I'd install it, get confused, remove it, and I've been testing every version of Ubuntu since Edgy to see how easy it's become
[01:54] <kneeki> Now that I can play games (I'm a gamer) on 'nix w/o too much difficulty, I decided to make the full time switch
[01:55] <mhm_jr> ubuntu is certainly more friendly than most as a desktop...and it doesn't cripple the cli at all
[01:55] <kneeki> yeah :)
[01:55] <kneeki> I like the cli, but I'm still very new to it, so it is painful
[01:55] <mhm_jr> its the first distro I have more than a year straight without switching to something else just to see what it was like lol
[01:55] <kneeki> lol
[01:56] <kneeki> Good to hear :)
[01:56] <mhm_jr> been running it almost 2 years now :)
[01:56] <kneeki> ebox = 73% :(
[02:44] <pschulz01> G'day.. anyone here using openldap(slapd)?
[03:06] <dthacker> hi:  I've sethi: Iv'e set up an open vpn tunnel between my home and office.  I can successfully ping and login to the office over the tunnel.  I can't seem to hit the apache server running at the office using http://10.8.0.1.  Apache is up, and the default ubuntu config doesn't look like it's listening on an ip address.  Ideas to troubleshoot?
[07:55] <omnz0r> will a dos attack cause a firewall to shutdown/reboot?
[07:59] <_ruben> is possible, but doesnt have to happen .. (d)dos is rather wide subject
[08:50] <jiqiren> any xen users for the 8.04 release around?
[08:51] <jiqiren> I got xen "working" except for networking - is quite annoying
[09:14] <fromport> jiqiren: take a look at this bug report/thread which includes a workable solution: https://bugs.launchpad.net/bugs/204010
[09:15] <jiqiren> fromport: reading now
[09:18] <fromport> jiqiren: there have been some harsh words regarding this issue, least thing they could have done with the hardy release is mentioning there is a problem and refer to the solution. Missed change from canonical...
[09:19] <jiqiren> It took me forever to get the loop bs working
[09:20] <jiqiren> the annoying thing about loop disks is there is a patch in one of the bug reports... but I guess they want to sit on it for.... a long time.
[09:21] <fromport> is your hardware capable of KVM ? if so: switch. It's worth it.
[09:21] <jiqiren> nope, old machine
[09:22] <fromport> pitty ;-) same here only 40% of our machines are VT capable,so rest has to run with xen till it get's replaced
[09:23] <jiqiren> well I'm stuck with 100% of machines that can't run KVM. :(
[09:24] <jiqiren> (until I get around to buying new hardware)
[09:24] <jiqiren> but even when I do get new hardware - I'll likely keep the old around until they die
[09:27] <fromport> exactly what we do. but i must admit, i'm currently looking at http://www.supermicro.com/products/system/1U/6015/SYS-6015TW-T.cfm
[09:27] <fromport> with 4 quadcores i could probably replace 50% of our current servers ...
[09:28] <jiqiren> http://8anet.com/ <- much cheaper and compact
[09:29] <fromport> and free a lot of rackspace. I'm still figuring out powerconsumption. use iscsi box (trying openfiler at the moment) for storage.
[09:29] <jiqiren> specifically http://8anet.com/listprod.ihtml?parent=35
[09:30] <jiqiren> I used a lot of supermicro before, they are also good bang for buck
[09:35] <jiqiren> I guess I'll just run a kernel from some dude in Japan...
[09:38] <fromport> thanks for the info, will read the link when i have some spare time ;-)
[09:38] <fromport> the japanese kernel works, that's the good news ;-)
[09:40] <jiqiren> still installing, will let you know soon
[09:41] <fromport> hmm just took a quick peek at the site you mentioned, but those look exactly like the supermicro chassis. are those rebranded/oem sm's ?!
[09:43] <jiqiren> they sell supermicro
[09:43] <jiqiren> the chassis I like is the .5U
[09:43] <jiqiren> you can cram them in back to back
[09:43] <Deeps> wow, that xen bug's pretty bad
[09:43] <jiqiren> and they are only ~$400 for chassis/motherboard
[09:44] <jiqiren> once you put RAM/CPU, you are looking at a pretty badass server that takes up no room - and hecka cheap
[09:45] <fromport> :-) thanks a lot. and with the current euro <-> $ it's so cheap ... ;-)
[09:47] <jiqiren> you should also take a look at GlusterFS, screw buying nas/iSCSI
[09:48] <jiqiren> just cluster/replicate your filesystems into one big pool
[09:48] <jiqiren> if you lose a server... no problem the file is replicated somewhere else
[09:50] <fromport> looking at the wiki right now ;-)
[09:50] <jiqiren> well, the japanese dudes kernel works perfect... woot!
[09:50] <fromport> thanks a lot for you eye-openers ;-)
[09:51] <jiqiren> no problemo
[09:52] <jiqiren> I'm thrilled xen is working now
[09:52] <fromport> great ! both happy ! ;-)
[10:47] <owh> I've never worked in a no-swap environment and need to select a VPS capable of running Apache, PHP and either postfix or exim to hand incoming email over to a PHP script. The site is not expected to receive a high server load, but I'm unsure how I would go about selecting memory requirements. Other than TIAS, how do I do this?
[10:51] <hads> I'm playing around in the same sort of area myself so I don't know or have practical experience but I don't think I'd go for anything under 256MB
[10:51] <owh> How did you arrive at that figure?
[10:53] <Deeps> TIAS is probably the best approach. Set it up, throw 5-10x more load than you expect to recieve (if it's low load, this is still going to not be much), and monitor the memory usage
[10:53] <Deeps> nobody can tell you how much memory your scripts need
[10:54] <owh> Having never run out of memory, how can I expect it to react if I do?
[10:54] <hads> owh: From a completely unscientific approach of running bare metal servers for hte same sort of thing.
[10:54] <Deeps> try it and see on a machine that has enough memory ;)
[10:54] <hads> OOM killer :)
[10:54] <Deeps> btw, why cant you run swap?
[10:55] <owh> I can do better than that, create a VM locally, but I was trying to avoid that.
[10:55] <owh> Deeps: The VPS I'm looking at provides OpenVZ without swap and XEN with swap. I'm not informed enough to choose, so I'm looking at worst case scenario.
[10:56] <Deeps> Unless google has the answer, you'll probably need to do your own testing to determine your personal memory needs
[10:56] <Deeps> I'd pick the Xen over the OpenVZ
[10:56] <owh> Deeps: Why?
[10:56] <Deeps> mainly because you know whatever ram you get is actually permanently allocated to you, whereas with openvz you'll get contended ram
[10:57] <jiqiren> owh: you'll likely be on an oversold VPS anyway, so just hit the limit - and be sure your VPS provider has an option to "upgrade" your allocation.
[10:57] <Deeps> with xen, you cant oversell the ram (afaik)
[10:57] <owh> Deeps: The supplied documentation tells me that I get a guaranteed chunk of RAM, but that there is no swap or burst RAM.
[10:57] <owh> jiqiren: Fair point.
[10:58] <Deeps> owh: With OpenVZ, you'll be taking their word for that
[10:58] <Deeps> and eitherway, you should on both cases be able to create your own swap storage as a file.. less efficient than using a separate partition but it'll still do the job
[10:58] <owh> Deeps: Will there be a performance penalty for selecting Xen over OpenVZ?
[10:59] <Deeps> i think xen will give you better performance, google knows more though
[10:59] <hads> I'd agree in my limited knowledge
[10:59] <hads> BTW file based swap is apparently as good as partition based these days (on bare metal).
[10:59] <Deeps> the opinion of the internet at large is almost always better than the opinion in an irc channel
[10:59]  * owh is a vmware child :)
[11:00] <Deeps> vmware also lets you oversell ram
[11:00] <Deeps> and is significantly less efficient as you're virtualising an entire machine
[11:00] <owh> Deeps: I've never hosted anything on a VPS to date. I use VMware locally to test, that's all.
[11:01] <Deeps> vmware workstation is pretty good for that, aye
[11:01] <owh> server, but yes.
[11:02] <Deeps> linked clones baby and snapshot histories, absolutely vital, heh.
[11:04] <owh> Deeps: Yes, I do miss that a little :)
[11:04] <Deeps> it's worth every penny imo
[11:05] <owh> I purchased v3.x a long time ago. Since then my requirements have changed.
[11:15]  * owh is doing a TIAS, thanks all for your comments.
[13:06] <dthacker> hi:  I've sethi: Iv'e set up an open vpn tunnel between my home and office.  I can successfully ping and login to the office over the tunnel.  I can't seem to hit the apache server running at the office using http://10.8.0.1.  Apache is up, and the default ubuntu config doesn't look like it's listening on an ip address.  Ideas to troubleshoot?
[13:07] <dthacker> I should say that apache looks like it would listen on any ip address.
[13:09] <dthacker> It just occured to me I need to telnet to port 80 on the target server to see if it's listenin. It is.  Must be an apache config issue.
[13:44] <zul> morningn
[14:06] <sommer> hey zul
[14:29] <ctx144k> hello all
[14:29] <ctx144k> how to install postgresql 8.2 (server) on "ubuntu 8.04 server" ?
[14:33] <sommer> ctx144k: sudo apt-get install postgresql-8.2
[14:35] <ctx144k> ah, yes i already saw, really easy
[14:48] <Vlet> How does one get a saved iptables ruleset to automatically restore after restart?
[14:49] <ogra> use ufw
[14:49] <ogra> (well in hardy that is)
[14:50] <Vlet> Gonna have to do some reading I guess :)
[14:51] <ogra> on former systems: sudo sh -c 'iptables-save > /etc/my_iptables.conf
[14:51] <Vlet> hmm, does ufw support ip masquerading?
[14:51] <ogra> and add a line to /etc/network/interfaces: up iptables-restore < /etc/my_iptables.conf
[14:51] <gcleric> Vlet: http://www.faqs.org/docs/iptables/iptables-save.html
[14:51] <Vlet> super, thanks folks!
[14:51] <ogra> ufw does masquerading as well afaik
[14:52] <jdstrand> ufw doesn't inhibit masquerading, as it stores its rules in standard iptables-restore syntax
[14:52] <ogra> http://doc.ubuntu.com/ubuntu/serverguide/C/firewall.html
[14:52] <ogra> :)
[14:53] <jdstrand> ufw's cli doesn't help much though-- however, it has all the infrastructure to deal with anything iptables-restore can do
[14:54] <jdstrand> see 'man ufw' particularly the NOTES section if using ufw for more than a host-based firewall
[14:55] <Vlet> information overload :)
[14:55] <jdstrand> heh
[15:00] <ogra> Vlet, the doc i pasted has a nice explanation of doing masquerading with ufw (it says still "draft" though)
[15:02] <jdstrand> ogra: thanks! I forgot about that :)
[15:27] <stabeno_> I have an apache web server set up with an SSL certificate signed by VeriSign.  When connecting from Firefox with https I get an error: Secure Connection Failed
[15:27] <stabeno_>       
[15:27] <stabeno_>       
[15:27] <stabeno_>       
[15:27] <stabeno_>       
[15:27] <stabeno_>       
[15:27] <stabeno_>         
[15:27] <stabeno_>         
[15:27] <stabeno_>           
[15:27] <stabeno_> An error occurred during a connection to www.curvessmart.com.
[15:27] <stabeno_> SSL received a record that exceeded the maximum permissible length. (Error code: ssl_error_rx_record_too_long).  The apache error log returns: [client 0.0.0.0] Invalid method in request \x80L\x01\x03\x01.  Any ideas of what is wrong.
[16:08] <leonel> stabeno_: do you have  ssl enabled on apache ?   what error shows in your log files
[16:51] <stabeno_> leonel: I do have SSLEngine turned on.  The error in the log file is  The apache error log returns: [client 0.0.0.0] Invalid method in request \x80L\x01\x03\x01.
[17:28] <melter> is the dhcp client installed by default?
[17:42] <slangasek> nxvl: so, bug #189616 is still here... what more can we do to try to track this down?
[17:50] <tonyyarusso> melter: yeah, dhcli<tab> should show it
[17:50] <tonyyarusso> I'm doing an upgrade (command line, with do-release-upgrade) from 7.10 to 8.04, and it's giving a bunch of helpful messages (NIS, MySQL, and PostgreSQL stuff) - will these be written to a file as well?  (I'm writing them on dead trees right now.)
[17:52] <sommer> tonyyarusso: they should be in /var/log/dist-upgrade/, there's a couple of different log files
[17:52] <tonyyarusso> sommer: all right, thanks.
[17:52] <sommer> np
[17:56] <melter> tonyyarusso, the documentation implies that it needs to be installed by the user
[17:57] <tonyyarusso> melter: Really?  Lemme try actually looking on a real machine instead of in my head.
[17:58] <melter> "Ubuntu is shipped with both DHCP server and client. The server is dhcpd (dynamic host configuration protocol daemon). The client provided with Ubuntu is dhclient and should be installed on all computers required to be automatically configured. Both programs are easy to install and configure and will be automatically started at system boot."
[17:58] <melter> i couldn't remember if i installed it, or if it was installed automatically
[18:00] <tonyyarusso> melter: /sbin/dhclient3 is there on my server, and wasn't manually installed.
[18:36] <malcolmpdx> Morning.  I'm about to purchase a Dell SC1430 with a PERC 5/i card, and noticed that there were some forum posts from a year or so ago that indicated problems.  Can anyone tell me if Hardy supports this card?
[18:38] <nealmcb> ho ebox users (sommer?) - https://help.ubuntu.com/community/eBox  says to go to https://yourserver/ebox    but http://ebox-platform.com/usersguide/en/html/ebox-userguide-book.html says the B is capitalized.  My ebox vm is on a machine that is down.  But looks like a typo....
[18:38] <nxvl> slangasek: i can't reproduce it
[18:39] <nxvl> slangasek: even is a problem with the configuration or somthing else is wrong
[18:42] <nealmcb> looks like a problem at http://doc.ubuntu.com/ubuntu/serverguide/C/ebox.html  and https://help.ubuntu.com/8.04/serverguide/C/ebox.html also.  And can we refrain from closing urls with a period, e.g. at the end of a sentence?  Causes copy/paste problems.
[18:47] <sommer> nealmcb: sure, can you file a bug to remind me :) ?
[18:47] <nealmcb> sure - I just wanted someone to confirm it before I fix the wiki page
[18:58] <slangasek> nxvl: well, the configuration in question was provided in the bug report, so hopefully that's what you were using to try to reproduce it?
[18:58] <slangasek> nxvl: anyway, we seem to have a running theory now that's being pursued with IS
[19:19] <sommer> anyone have a second to check my blueprint https://blueprints.edge.launchpad.net/ubuntu-doc/+spec/intrepid-server-guide?  just wondering if I need to adjust/add anything :)
[19:20] <sommer> my first blueprint and all, heh
[19:25] <dendrobates> sommer: looking...
[19:25] <sommer> dendrobates: thanks, I modeled it on kirkland's doc-search blueprint
[19:26] <kirkland> dendrobates: btw...  newz2000 is taking my code from the doc-search and implementing it on search.ubuntu.com
[19:27] <kirkland> dendrobates: he's going to make it more user-friendly searching
[19:27] <dendrobates> kirkland: great news.
[19:27] <kirkland> dendrobates: he and mdke didn't like the code/manpage searching
[19:27] <kirkland> dendrobates: so, they're going to take what I started, and make a user search
[19:28] <kirkland> dendrobates: i'm going to pick that up, and make a "developer search" tool, which searches the user stuff, plus some developer resources
[19:28] <kirkland> dendrobates: such as code, manpages, packages, etc.
[19:28] <kirkland> dendrobates: in the end, i don't think we need to dedicate a lot of UDS time to this one
[19:28] <sommer> kirkland: that sounds cool
[19:28] <kirkland> dendrobates: as newz2000 is not attending UDS, and he's running with it
[19:29] <kirkland> dendrobates: i'll pick up the developer search in my spare time
[19:29] <kirkland> dendrobates: i do still think we should have one on manpages
[19:29] <kirkland> dendrobates: or just elmo/cjwatson/myself can discuss it over a beer?
[19:30] <kirkland> sommer: yeah, i think it will be good
[19:30] <dendrobates> kirkland: there are many websites with searchable manpages, do you think that it adds that much?
[19:31] <dendrobates> sommer: looks good
[19:31] <kirkland> dendrobates: um, point me to one that has Ubuntu's manpages....
[19:31] <kirkland> dendrobates: there's manpages.debian.net
[19:31] <sommer> dendrobates: cool, thanks for taking a look
[19:31] <kirkland> dendrobates: and a couple of RH/SUSE ones
[19:31] <kirkland> dendrobates: but neither I nor cjwatson (man upstream maintainer) know of one for Ubuntu's packages
[19:33] <kirkland> dendrobates: I do think it adds an important dimension to the sum total of our documentation
[19:33] <kirkland> dendrobates: especially on the server
[19:33] <kirkland> dendrobates: if you need to look something up, but you don't have the docs installed
[19:33] <kirkland> dendrobates: docs take up a lot of room ;-)
[19:35] <lamalex> Is there a way to install the LAMP meta-package after an install has completed?
[19:35] <Deeps> lamalex: tasksel -h
[19:42] <kirkland> jdstrand: hey, you around?
[19:43] <jdstrand> yep
[19:43] <jdstrand> kirkland: what's up?
[19:44] <kirkland> jdstrand: hey, per our conversation last week, i'm creating a meta package to install (kvm, virt-manager, libvirt-bin)
[19:44] <jdstrand> cool
[19:44] <kirkland> jdstrand: 1) was thinking of calling it ubuntu-vm-server
[19:44] <kirkland> jdstrand: 2) anything else necessary I should throw in there?
[19:44] <kirkland> jdstrand: thoughts?
[19:45]  * kirkland notes soren is out today
[19:45]  * kirkland also notes that jdstrand kicks butt as soren's backup :-)
[19:45] <jdstrand> kirkland: my first thought is that the meta package is really for desktop users, so the -server part in the name seems odd to me
[19:45] <jdstrand> heh, thanks-- I try :)
[19:45] <kirkland> jdstrand: okay
[19:46] <kirkland> jdstrand: i was thinking "server" because it's serving vm's
[19:46] <kirkland> jdstrand: ie, you can install virt-manager, and not serve the vm's
[19:46] <jdstrand> kirkland: just my opinion, but I think the name should more discoverable
[19:46] <kirkland> jdstrand: okay
[19:46] <jdstrand> kirkland: oh sure, but the point is so that some can do it *all*, not just server
[19:46] <jdstrand> s/some/someone/
[19:47]  * jdstrand thinks
[19:47] <kirkland> jdstrand: i'd like to meta-package together everything you'd need to host virtual machines
[19:47] <kirkland> jdstrand: manage them effectively
[19:47] <kirkland> jdstrand: use them efficiently (kvm)
[19:47] <jdstrand> kirkland: this is for universe?
[19:47] <kirkland> jdstrand: well, i was thinking main
[19:47] <kirkland> jdstrand: which is why qemu is not in there
[19:48] <kirkland> jdstrand: but universe does expand our possibilities (qemu, xen)
[19:48] <jdstrand> kirkland: then there isn't as much you can put in there, of course :)
[19:48] <jdstrand> xen is main isn't it?
[19:48] <kirkland> jdstrand: well, (kvm, libvirt-bin, virt-manager) are all main
[19:48] <kirkland> jdstrand: oh, is it?
[19:48] <zul> jdstrand: no just libxen for virt-manager
[19:49] <jdstrand> zul: ah, so that is why the source is in main
[19:49] <jdstrand> gotcha
[19:49] <kirkland> jdstrand: linux-image-xen is universe
[19:49] <jdstrand> kirkland: virt-viewer is a really nice vnc client that would be cool to have, but it is universe
[19:50] <kirkland> jdstrand: hmm, right
[19:50] <zul> kirkland: always has always will be.
[19:50] <jdstrand> kirkland: not strictly needed if using virt-manager, mind
[19:51] <jdstrand> kirkland: oh, and of course, ubuntu-vm-builder
[19:51] <kirkland> jdstrand: yeah
[19:51] <jdstrand> but again, universe
[19:51] <jdstrand> that one is handy
[19:51] <kirkland> jdstrand: i modeled the name on ubuntu-vm-builder
[19:51] <jdstrand> :)
[19:52] <kirkland> jdstrand: ubuntu-vm-host ?
[19:53] <kirkland> jdstrand: and ubuntu-vm-host-extras (being it's universe cousin with more fun stuff like ubuntu-vm-builder) ?
[19:53] <jdstrand> kirkland: maybe it's cause I mentioned it the other day, but I like ubuntu-virt
[19:53] <jdstrand> kirkland: oh I like the -extras idea
[19:53] <kirkland> jdstrand: ubuntu-virt and ubuntu-virt-extras ?
[19:53] <jdstrand> kirkland: I do like that, but I'm not sure I'm impartial
[19:53] <kirkland> jdstrand: hmm, i think the host bit is important, though, perhaps...  this is really meant to be the machine that hosts vm's
[19:53] <jdstrand> I might just be in a rut :)
[19:54] <kirkland> jdstrand: is ubuntu-virt-host too wordy?
[19:54] <jdstrand> kirkland: well, it will serve vms, it'll run vms, it'll create vms-- so a more general name might be good
[19:55] <kirkland> jdstrand: my concern is that ubuntu-virt to me implies just kvm
[19:55] <kirkland> jdstrand: as you said, serve/run/create
[19:55] <jdstrand> hmm, not to me *shrug*
[19:55] <jdstrand> kirkland: let's get others to weigh in
[19:55] <kirkland> jdstrand: should we move this to #ubuntu-virt ?
[19:55] <jdstrand> kirkland: I really like the -extras idea though
[19:56] <kirkland> jdstrand: i was thinking this was a server item
[19:56] <kirkland> jdstrand: thanks!  i think it'll work nicely
[19:57] <jdstrand> kirkland: hold on
[19:58] <kirkland> jdstrand: ?
[20:01] <jdstrand> kirkland: I think you may want to Depends on python-virtinst. While virt-manager will pull that in, in case virt-manager is removed, python-virtinst is very handy
[20:01] <kirkland> jdstrand: good advice
[20:02] <kirkland> jdstrand: i'm also hoping that we can do some debconfery that will setup group membership appropriately to.  perhaps pose a question, "which of these users do you want to add to kvm?  to libvirtd?"  explaining what each will do
[20:02] <kirkland> i understand soren's concern about doing that with the other packages
[20:02] <kirkland> but if this meta package is intended to ease install pain, i think this would be a good place to put it
[20:02] <kirkland> ie, not in the atomic packages
[20:03] <kirkland> but in this meta package
[20:04] <jjesse> wow atomic package that sounds dangerous
[20:06] <jdstrand> kirkland: I think that sounds reasonable.  I have seen at least one package that did something similar. you may want more of soren's opinion on that-- as you know, he is not a huge fan of packages updating groups
[20:06] <jdstrand> I can't remember what that package is though...
[20:08] <jdstrand> kirkland: there is a potential problem though, which is that this package is adding users to a group supplied by another package. what happens to the groups when the packages are removed?
[20:09] <jdstrand> kirkland: that may very well be solved in delgroup or similar, but I haven't done it
[20:09] <jdstrand> just something to think about
[20:58] <kirkland> jdstrand: good ideas
[21:29] <slicslak> kirkland, thx
[21:29] <slicslak> oops, wrong channel
[21:33] <nealmcb> sommer: re: https://wiki.ubuntu.com/IntrepidServerGuide - last I heard they recommended this for a spec template: https://wiki.ubuntu.com/SpecSpec
[21:34] <nealmcb> but I don't know why that wasn''t named SpecTemplate so it would show up as an option when creating specs - see e.g. https://wiki.ubuntu.com/HelpOnPageCreation
[21:44] <sommer> nealmcb: bonus, that's what I was looking for.  thanks
[21:44] <nealmcb> :-)
[21:45] <nealmcb> no response from the #ubuntu-doc folks about moving it yet.
[21:47] <sommer> ya, it may take a while before someone is around with rights to move the page
[21:48] <jay2> I tell you guys some people are really sick and think they can emulate what they think some of you guy well say :(
[21:53] <Fohdeesha> lucent
[22:37]  * delcoyote zztop
[22:38] <telexicon> how can i have grub install the base config files (menu.lst and the stages) but not install the bootloader into the MBR?
[23:07] <elventear> Hello. I am trying to convert an old isakmpd.conf setting to racoon.conf but I haven't been able to make it work. Anyone have any experience with both?
[23:14] <cyris|> for some reason, my users home directory permissions are owned by not there name, but there ID. The group is correct. Any ideas why this is?
[23:26] <soren> cyris|: The filesystem always stores ownership as the id's. If ls shows it as these id's instead of names, your nss settings are probably b0rken.
[23:26] <telexicon> ouch
[23:26] <cyris|> well, some of the users :S
[23:26] <telexicon> that sucks that this critical bug with xen got into ubuntu server LTS
[23:27] <soren> Oh, "this critical bug"?
[23:27] <telexicon> dang, and i was hoping to convince management that we could use 8.04 too
[23:27] <telexicon> yes
[23:27] <telexicon> this one: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/218126
[23:27] <telexicon> basically, DomUs kernel panic when loading the network driver
[23:29] <soren> telexicon: There's a fix in hardy-proposed.
[23:29] <telexicon> yea
[23:29] <telexicon> i understand
[23:29] <telexicon> but its broken on the ISO
[23:29] <soren> You presence on IRC suggests that you have internet access..
[23:30] <telexicon> ...
[23:30] <telexicon> this is for server deployments, its not like im testing all this on my own workstation
[23:31] <soren> Well, I don't know how you interact with your servers, but I'm guessing there must be some sort of means for you to move data from your workstation to your servers?
[23:31] <telexicon> yeah.. ssh
[23:33] <telexicon> the Dom0 is rhel 5
[23:33] <telexicon> so of course that works
[23:33] <soren> Yeah. Only Ubuntu can have bugs.
[23:34] <telexicon> i didnt say that
[23:34] <telexicon> but apparently only rhel can have QA
[23:35]  * soren goes back to being useful
[23:35] <telexicon> its just frustrating because i want linux to do well, i want ubuntu to do well
[23:36] <telexicon> but when i get people to try ubuntu, a lot of the apps are buggy or crash often, and that makes me look bad
[23:36] <infinity> telexicon: Dude, bugs happen, we fix them.  We're not going to re-roll CDs on every bug-fix, that's why -security and -updates exist.
[23:37] <telexicon> ok, i understand
[23:37] <infinity> telexicon: RHEL also releases bugfixes after they press CDs without shrinkwrapping a whole new set every week.  Honest.
[23:38] <telexicon> hmm, that kernel from proposed still doesnt work, its not the same error.. it just crashes the domain and doesnt tell me why now
[23:38] <telexicon> +
[23:38] <telexicon> er.. s/\+//
[23:43] <infinity> telexicon: Did you try Takahito's pre-compiled kernels from the bug log, rather than the one in -proposed?
[23:43] <telexicon> i haven't yet, but i plan on doing that
[23:43] <infinity> telexicon: AIUI, the one in -proposed is still partially broken, and was missing a commit.
[23:43] <telexicon> ah ok, cause it looks like the same bug still according to the kernel anic
[23:43] <telexicon> panic*
[23:44] <infinity> (Hence why it's in proposed, and not updates yet...)
[23:44] <telexicon> should i report that i still get the panic?
[23:44] <infinity> Can do, but the bug log already notes that the bug was only half-fixed.
[23:44] <infinity> "Tim, the current fix in the hardy git tree by Chuck is not complete.
[23:44] <infinity> This still causes the kernel BUG() in some environments."
[23:44] <infinity> "Drat. I'll pick this up on the next upload cycle, probably next week." - Time
[23:44] <telexicon> oh ok
[23:44] <infinity> s/Time/Tim/
[23:45] <telexicon> oh i just saw the last message and thought they did it early
[23:46] <infinity> Well, if Takahito's kernel works and the one in proposed doesn't, it won't HURT to add another comment to the bug to clarify that.
[23:46] <infinity> If not for the Stable Release Team, then at least for other users.
[23:46] <telexicon> ok
[23:46] <zul> no there was a bug in the patch, the patch to my patch was applied today you can check it out of the git tree if you want
[23:50] <telexicon> ok, Takahito's kernel works
[23:54] <Nafallo> patch to patch to patch to... :-)
[23:54] <Nafallo> ...infinity ;-)
[23:55] <telexicon> ok the kernel boots, but its hanging on the initscripts... im not having any luck today.. :-(
[23:55] <telexicon> hanging right after: * Reloading OpenBSD Secure Shell server's configuration sshd