/srv/irclogs.ubuntu.com/2008/05/15/#ubuntu-server.txt

soren	a) install the security update b) replace all your ssh keys (both dsa and rsa)	00:00
soren	b) does not include the host keys as those will be handled by the security update itself.	00:00
owh	InsomniaCity: An added benefit of your advice is that in composing the message I made a generic version which made me think of other past clients who may be affected and who may not have a current sysadmin.	00:02
arooni-mobile	how do i regenerate my keys on my dev boxes (keys i will copy over to the server's ~/.ssh/authorized_keys file)?	00:07
hads	ssh-keygen	00:08
arooni-mobile	do i need to restart my computer before doing that agian	00:08
arooni-mobile	my dev boxes which are running ubuntu	00:09
hads	Nope, reboots are only needed for kernel upgrades.	00:10
arooni-mobile	ok great	00:12
arooni-mobile	Enter passphrase (empty for no passphrase): necessary or not?	00:18
hads	Yes! passphrase-less keys are A Bad Thing	00:19
hads	Without a passphrase anyone who gets your private key will be able to access any server which has your public key.	00:20
LeChacal	what is a .phtml file and why all of a sudden is my web server severing this file and not my normal index.php file	00:30
arooni-mobile	i was ssh'd into a gutsy box and was running: sudo apptitue update; sudo apptitude dist-upgrade; then accidentally closed the ssh window. now i see: E: Could not get lock /var/lib/dpkg/lock - open (11 Resource temporarily unavailable); E: Unable to lock the administration directory (/var/lib/dpkg/), is another process using it? (what should i do? is update still running)?	00:36
hads	ps ax \| grep aptitude	00:36
hads	LeChacal: .phtml is usually a PHP file.	00:40
hads	LeChacal: Assuming you are using apache it will serve index files in the order specified with the DirectoryIndex directive.	00:41
macd	arooni-mobile, just rm the lock file, and kill all apt process, and restart the dist-upgrade, if it gives you more errors, clean out the cached packages in /var/cache/apt/archives/* and /var/cache/apt/archives/partial/*	00:45
hads	And run in screen :)	00:47
macd	yes, that too	00:47
macd	Has anyone had troubles with sshd after upgrade, newly generated keys from updated ssh/ssl gives errors when trying to auth via key on ssh, http://pastie.caboo.se/197206	00:47
arooni-mobile	what does run in screen mean	00:47
macd	screen is your best friend	00:47
hads	http://www.kuro5hin.org/story/2004/3/9/16838/14935	00:48
macd	when using ssh, as soon as you login type "screen", then do your stuff, to disconnect from ssh, and not loose your terminal type crtl a+d or accidental disconnects leave your terminal running	00:48
macd	then ssh back in, and screen -r to resume, if you have more thanone screen running it'll give you pid's	00:48
arooni-mobile	sweet action	00:49
macd	yah	00:49
macd	arooni-mobile, you tried mod_rails yet?	00:49
arooni-mobile	macd, nope still running mongrel clusters	00:49
arooni-mobile	have you?	00:49
macd	no, I use that upload_progress plugin for mongrel, and can't figure out any other way to handle that	00:50
macd	If I could find a way to route uploads themselves to mongrel and have mod_rails handle everything else I'd be in good luck	00:50
ajmitch	hads: got all your boxes in order now? :)	00:52
hads	ajmitch: Yeah, finally :) Except one SSL cert that's getting re-signed. You?	00:54
ajmitch	yeah, it's pretty much just been ssh host keys	00:54
hads	Most of the host keys were OK here as they were upgrades from Sarge or something, a few user keys. The main thing was checking everything.	00:55
* macd is still having problems		00:58
* owh loves spam filters, especially those that block incoming emails from a system administrator to the end user :-\|		01:07
owh	How do I coerce module-assistant to use my source packages, rather than the ones it thinks it knows about?	01:09
* owh is thinking of madwifi specifically.		01:10
LeChacal	ok i am my web server isn't severing my page anymore if you go to the site it just makes you download the page but it is the page with a .phtml file and it does it if i point to any php page so i think i some how broke php i have tried rebooting but that didnt do anything how can i restart php or something	01:33
owh	LeChacal: PHP is run from within the server, there is no need to "restart" it. Most likely you have one of two problems, either PHP isn't actually activated as a module, or the mime-type mapping does not include a mapping for PHP.	01:43
LeChacal	owh: well how would it get turned off is my first question then how do i fix this, all i have done is install postfix, dovecot, and squirrelmail and before i did that everything was working i have now removed all three of these	01:45
owh	LeChacal: Well, installing squirrelmail is the only thing I can think that may have done anything as the other two don't use PHP at all. I'd start with checking the logs in the /var/log/apache* tree.	01:47
endeavormac	i insert my ubuntu server disk, start up the machine, and then without hitting anything it immediately goes to language select and stalls	01:48
endeavormac	usb legacy support in bios, right?	01:50
endeavormac	i'll try it out	01:50
LeChacal	owh: i dont see anything in logs just me restarting apache a few times nothing else in errors	01:50
LeChacal	owh: well back to fixing for a minute if i just make a link from the php5 files in mods-available to mods-enabled and restart apache should that put php back	01:53
owh	LeChacal: What does this return: grep -ri php /var/log/apache* - specifically look for notices in the error.log	01:53
owh	LeChacal: Fixing a problem is not just a case of jumping in, first you find out what is broken, then you figure out how to fix it.	01:54
LeChacal	owh: well that just dumbed all of my access.log file and error.log file which i had looked at before and didnt see anything	01:56
LeChacal	i can pastbin if you think you would see something	01:56
owh	LeChacal: My error log has this kind of notice: [Sun May 11 16:03:45 2008] [notice] Apache/2.2.4 (Ubuntu) PHP/5.2.3-1ubuntu6.3 configured -- resuming normal operations	01:57
owh	LeChacal: That indicates that PHP is actually active.	01:57
owh	LeChacal: If you do not see any PHP results at all, then the module is not enabled.	01:58
LeChacal	owh: i have one of thoughts also but it was a few hours ago before i started installing mail stuff everyone after that is just apache	01:58
owh	LeChacal: What does this tell you: sudo a2enmod php5	01:59
LeChacal	owh: Module php5 installed; run /etc/init.d/apache2 force-reload to enable.	01:59
owh	LeChacal: Do that.	02:00
LeChacal	owh: doing that didnt seem to affect php i dont see it restarting in the log i only see apache restarting and going to the site shows now difference	02:01
owh	LeChacal: Does the error.log show PHP?	02:02
LeChacal	owh: nothing about php	02:03
owh	LeChacal: What does dpkg -l 'php*' tell you that is installed?	02:03
owh	LeChacal: Better still, what does dpkg -l 'php' tell you - specifically, is libapache2-mod-php5 installed?	02:05
LeChacal	owh: it says that ibapache2-mod-php5 is installed and is version 5.2.4-2ubuntu5	02:06
owh	LeChacal: What does sudo dpkg-reconfigure libapache2-mod-php5 give you?	02:06
endeavormac	well now i have a new problem. i'm using my motherboard's raid to put two 640gb hdds together in raid 0. when i start to install ubuntu server, it tells me ata1.00: exeception Emask 0x0 SAct 0x0 SErr.... etc	02:07
endeavormac	does anyone know if there's something special i need to do?	02:08
owh	endeavormac: Is that hardware RAID or software RAID?	02:08
endeavormac	hardware over the mobo	02:08
LeChacal	owh: that restarted apache and in the log i see php restarting but it didnt change the site	02:08
owh	endeavormac: Just because your motherboard comes with on-board RAID does not mean that it's hardware RAID!	02:09
owh	LeChacal: So, now you can see PHP in error.log?	02:09
endeavormac	well as far as i know the RAID has already been set up through the bios. i already created the raid0 with 32kb stripe.	02:10
owh	endeavormac: That is no guarantee at all.	02:11
endeavormac	does ubuntu server have a wiki or something where i can find more information on this?	02:12
owh	endeavormac: If it was in fact hardware RAID, then the installer would only see one drive. By adding kernel modules it might then be able to monitor the RAID device. If you see other things, then it is likely to be software RAID. I'm looking for a nice URL for you.	02:12
LeChacal	owh: i see this in the log ' Apache/2.2.8 (Ubuntu) PHP/5.2.4-2ubuntu5 with Suhosin-Patch configured -- resuming normal operations' and if you go to www.muncc.marmoinacademy.org see what you get but i found if you go to www.muncc.marmionacademy.org/index.php the page comes up which it didnt before\	02:12
owh	LeChacal: So, now you need to find out why you get an error on the first link. Check error.log	02:13
endeavormac	i just don't understand the point of setting up raid through the motherboard, and then again through the OS	02:13
owh	endeavormac: The problem is that manufacturers are saving a few cents by not including actual hardware RAID.	02:14
endeavormac	god damn manufacturers	02:14
_ZeuZ_	Guys, I've developed an easy to use HTB script for traffic shaping, directed to ISPs... And I would like your thoughts on it to make it part of Ubuntu server...	02:14
owh	_ZeuZ_: Come to the next ubuntu-server meeting and raise it.	02:15
_ZeuZ_	owh, I'm on the mailing list, but, I don't remember when is it going to be...	02:16
LeChacal	owh: i see this in error.log near when i tried to visit [client ...] Negotiation: discovered file(s) matching request: /var/www/index.php (None could be negotiated).	02:16
_ZeuZ_	I know the script needs refinement, still it would be a hit to make ubuntu-servers to go higher on the sky..	02:16
owh	endeavormac: I cannot currently locate the link I was looking for. The best start is to google for your motherboard and raid and see what comes up.	02:16
owh	LeChacal: Well, start by googling with that error and see what you find.	02:17
owh	!meeting	02:17
ubottu	Team meetings are held in #ubuntu-meeting - See « /msg ubottu logs » for transcripts.	02:17
owh	Hmm	02:17
owh	!nex-meeting	02:17
ubottu	Factoid nex-meeting not found	02:17
owh	!next-meeting	02:17
ubottu	Factoid next-meeting not found	02:17
owh	Crap	02:17
endeavormac	i'm reading now and it seems that you can just hook up two hard drives, no raid through the mobo, and then when you install ubuntu server and are partioning drives you can do some voodoo magic and raid0	02:17
owh	endeavormac: Yes, that is Linux Software RAID, that is different again.	02:18
macd	endeavormac, above all value hardware raid first ;)	02:18
owh	endeavormac: To make it "simple" there are three types of RAID.	02:18
endeavormac	what's the performance like on linux software raid	02:18
endeavormac	if i can get 120megabytes/sec red/write from two hdds, i'm good	02:18
macd	endeavormac, maybe on a FC/U320 set, but nothing ata	02:19
owh	endeavormac: Hardware RAID, an actual card that has an on-board CPU that talks to drives and does magic. It shows the drives to the OS as one drive. Fake RAID, which tries to do the same, but requires that the main CPU take care of things - needs a driver. Linux Software RAID, using the Kernel to talk to multiple disks.	02:19
owh	_ZeuZ_: https://wiki.ubuntu.com/ServerTeam/Meeting	02:20
hads	Hardware is good, software is good, I don't see the point in fake.	02:20
owh	Ditto :)	02:20
endeavormac	yeah screw fake	02:21
endeavormac	booze + linux = success	02:21
endeavormac	i mean raid through linux kernel = success	02:21
endeavormac	thanks	02:21
owh	LeChacal: It appears that your issues come from a rewrite condition.	02:22
_ZeuZ_	so Wednesday right? gosh... one week more until I can release it? I'm not only seeking to include it in ubuntu-server but to improve it... currently it's a pretty basic ToS and QoS clasifiying with bandwidth shaping for different terminals on the lan, or on the outside...	02:23
owh	_ZeuZ_: Not next Wednesday, the one after.	02:23
owh	_ZeuZ_: Everyone is in Prague :)	02:23
owh	_ZeuZ_: I'm not at all suggesting that it will be included. What you'll get is a bunch of ubuntu-server people listening to what you have to say and making suggestions.	02:24
_ZeuZ_	Hmm.. perhaps I can send it to the mailing list...	02:24
macd	yes do , b/c I want to see	02:25
owh	_ZeuZ_: Well, you can start the conversation there, yes.	02:25
LeChacal	owh: rewrite condition? doesn't mean anything to me. can you link me to the site you have found and/or tell me some more about this	02:25
owh	LeChacal: Is there a .htaccess file in the server root?	02:31
owh	+webserver document root that is	02:31
owh	LeChacal: This describes the issue in another way: http://www.webmasterworld.com/apache/3161107.htm	02:33
LeChacal	owh: well i am not sure what you call server root but the only place that i have a .htaccess file is in a squirrelmail folder not anywhere near what i would call root	02:35
owh	LeChacal: What does this return: sudo grep -ri multiview /etc/apache*	02:36
LeChacal	owh: i get this http://paste.ubuntu.com/12176/	02:39
owh	LeChacal: Well, that looks pretty normal - though you should not make a habit of leaving backup files with ~ lying around.	02:43
macd	LeChacal, owh have you tried 'sudo a2enmod php5'	02:43
owh	macd: It's running, just doing weird stuff as well :)	02:43
owh	LeChacal: Which files do you have in /var/www	02:43
owh	macd: www.muncc.marmoinacademy.org - borked www.muncc.marmionacademy.org/index.php - woring	02:44
owh	+k	02:44
macd	what about the DirectoryIndex portion of the apache2.conf file?	02:44
LeChacal	owh: i was changing that right now after reading that link that you sent me because i have several files that start with index and they have different endings	02:44
owh	macd: Well, the site was working before squirrelmail got installed. Now it doesn't work anymore.	02:44
* owh just loves PHP installers that break running web-sites.		02:45
macd	LeChacal, what does "grep -i index.php /etc/apache2/apache2.conf"	02:45
macd	LeChacal, return when you issue it (damn cr)	02:45
LeChacal	macd: that returns nothing	02:46
* owh has to go back to work and wanders off.		02:47
macd	LeChacal, then we know your problem, add index.php to the DirectoryIndex directive in /etc/apache2/apache2.conf	02:47
* _ZeuZ_ Notified it's intentions to add it's Routing, QoS, MAC+IP control and Traffic Shaping/managing and limiting to the ubuntu-server distro		02:48
LeChacal	macd: i will do that for the future but moving all any file that started with index out of the root of /var/www fixed my problem also	02:49
macd	LeChacal, yeah, this just lets it serve index.php even if index.html is present	02:50
macd	LeChacal, FYI also thats apache admin101 ;)	02:51
LeChacal	macd: yes and i think both you and owh for the help i just got thrown in to running this server so i have a bigger learning curve to over then i thought i see	02:53
macd	LeChacal, if your doing alot of apache stuff, its a good bookmark http://wiki.apache.org/httpd/ also has user contributed things for some simplified tasks	02:53
owh	LeChacal: Pleasure.	02:54
LeChacal	macd & owh: i meant i thank both of you	02:54
macd	LeChacal, anytime	02:54
endeavormac	by software raid through the kernel, we're talking about LVM, right?	02:55
hads	software RAID is software RAID, LVM is LVM :)	02:56
endeavormac	ok	02:58
hads	Two completely separate but often used together.. bah, they left.	02:58
owh	hads: You get that :)	03:01
hads	:)	03:01
ajmitch	yay, got my debian password back	03:02
hads	:)	03:02
LeChacal	owh & macd: now that i have solved my problem do ether of you have suggestions on squirrelmail or another webmail program before i go back to reading on it and apache	03:03
owh	LeChacal: Sorry, don't do webmail, I let google handle that :)	03:03
_ZeuZ_	So do I xD	03:04
hads	I put roundcube on one server where people wanted webmail. Seems not too bad.	03:04
giovani	roundcube is pretty experimental imo	03:05
giovani	I've had issues with it	03:05
giovani	very limited on featureset -- but it's AJAX so everyone thinks it's the greatest thing since sliced bread	03:05
* macd seconds roundcube for how nice it looks		03:06
hads	I don't use it myself, users seem to think it's OK though.	03:06
LeChacal	looking at roundcube makes me think i should have just stayed with gentoo server	03:09
owh	LeChacal: Well, personally I cannot think of a better way to self-inflict pain, but if that's what you like, go for it.	03:11
macd	LeChacal, he you could spend time emerging, or drinking beers with friends, but thats your choice ;)	03:12
macd	Like I say, why compile when you can apt.	03:12
LeChacal	owh: i the reason i say is because a lot of what i was reading on it was on gentoo, and the server was once gentoo before i took over and i hated gentoo	03:12
hads	It's a PHP application, nothing to do with package management really.	03:12
giovani	LeChacal: how does roundcube relate to gentoo?	03:13
LeChacal	nothing really it was just reminding me of my gentoo nightmares	03:13
giovani	and your nightmares make you think you should stay with gentoo? huh?	03:13
LeChacal	no away from it very far away	03:14
giovani	<LeChacal> looking at roundcube makes me think i should have just stayed with gentoo server	03:14
LeChacal	giovani: ok bad wording there, looking back now	03:15
owh	On a completely different note, how do I make module-assistant use my source packages, rather than the ones it knows about? I need to deploy madwifi source drivers on an end-user machine which will need to be able to deal with kernel updates without needing me to recompile and install stuff. Last time I looked, m-a + included madwifi was borked.	03:16
macd	owh, the command line arg is -h	03:21
owh	Whoa, not all at once ;-)	03:21
macd	err -k	03:22
owh	macd: Excellent, just what I needed. Tah.	03:22
macd	man module-assistant FTW ;)	03:23
macd	I couldnt remember myself, and I just built for 2.6.25	03:23
owh	macd: Funny, that's what I was reading - now I'm trying to find out how to put it in the automatic configuration / conf file :)	03:23
macd	yeah, that could be fun	03:24
owh	I've just found the environment variable, that's a start.	03:24
owh	KERNELDIRS	03:24
* owh cannot recall if m-a does an automatic rebuild when the kernel changes.		03:25
luckyone	hello everyone. can anyone help me get svn setup? I am seeing svn: PROPFIND of '/trunk//': 405 Method Not Allowed	03:28
firecrotch	luckyone: this error is when you try to browse to the svn repository in a web browser?	03:31
firecrotch	luckyone: http://readlist.com/lists/subversion.tigris.org/users/4/21441.html this may help you	03:32
luckyone	firecrotch: not when I use a browser, via browser it works fine	03:39
luckyone	firecrotch: it is when I try to use the subclicpse svn plugin	03:39
macd	luckyone, are you using javaHL with subclipse?	03:41
luckyone	macd: YES	03:43
luckyone	macd: sorry for the caps!	03:43
luckyone	macd: at least I think so	03:44
macd	Let me pop open eclipse and see what the other one is, b/c I had that problem a while back myself	03:44
luckyone	org.tigris.subversion.javahl.ClientException	03:46
macd	yeah, theres another layer of abstraction that subversion can use, and its not JavaHL	03:47
macd	I just can't recall where it is, or how to change it	03:47
macd	Im poking around eclipse, but I dont see it	03:47
macd	well, on the good side, looks like the ruby plugin got some updates ;)	03:49
luckyone	hah	03:50
luckyone	I just installed subclipse	03:50
rhineheart_m	I can't mtr yahoo.com nor do sudo apt-get update... But I can access webpages from the outside.. and I can even ssh to the box.. any idea?	06:10
kraut	moin	07:55
mohamed_	is there h ow setup openswan vpn client ?	08:09
=== mdz_ is now known as mdz
sgrover	Q: I have openvpn installed and can connect to my vpn with network manager. Any easy way to automagically run a script (to mount directories) once the vpn connection is made?	08:58
sgrover	I want to set up automatic mounting of the Samba shares when the VPN connection is established.	08:58
sgrover	Grey area between desktop/server, so my appologies if this is not quite on topic.. But don't think it's that far off topic.. :)	08:59
yann2	hello :)	09:00
yann2	I wanted to know: Do canonical plans to provide training for particular parts of Ubuntu? Like KVM, samba/ldap/win integration etc?	09:00
nealmcb	sgrover: perhaps you can use dbus to talk to network manager? it might have a callback for that. there may be easier ways also - just a thought	09:01
nealmcb	yann2: you might also ask in #ubuntu-training (?) or ask canonical directly	09:02
yann2	thanks :)	09:03
sgrover	nealmcb: thanks for the lead. Was hoping there would be an existing tool. Probably easiest to just script it directly and put an icon on the desktop to the script...	09:04
sgrover	bypass network manager for the VPN connection...	09:04
* nealmcb nods		09:04
nealmcb	but playing with dbus is fun also :-)	09:04
sgrover	(that and I'm not very familiar with dbus at this time)	09:05
sgrover	off to google I go then.. :)	09:05
nealmcb	but yeah - not so much a server thing....	09:05
sgrover	but not fully a desktop thing either.. :)	09:06
sgrover	and you were able to give me more of a tip than I got in #ubuntu (no response there)	09:07
* nealmcb heads towards the UDS hotel.....		10:24
bip	hello anybody has experience using tape units with ubuntu-server ?	10:37
bip	i have a fresh installed 7.10 server but mt commands get non answer	10:37
bip	any hint will be gladly received thanx	10:38
vcorreia	hello everyone	11:36
vcorreia	has anyone been using ebox with hardy?	11:36
vcorreia	if so, what do you make of the integration?	11:37
elliotjhug	hi all, got a user called 'manageen' who logs in repeatedly every 3/4mins - I never added this user. Is there a check I can do over either their activities - or can I set the account to expire? (Or is there any other action you would suggest?)	11:37
soren	elliotjhug: I'd recommend, you unplug the machine, shut it down, remove the disk, and carefully check every single bit on it.	11:41
soren	elliotjhug: If someone's logging onto it and you didn't create the user, you've most likely been compromised somehow.	11:42
elliotjhug	is it likely to be a virus or what?	11:43
elliotjhug	I only checked because I noticed unusual network activity	11:43
Deeps	it's likely that you've been rooted	11:46
Deeps	in that, someone has gained root privledges on your machine, and created that account	11:46
elliotjhug	Deeps: Thanks - well I've just changed my root password (and an account with sudo)	11:46
Deeps	recommended course of action would be, as soren said, to shut down the machine immediately	11:47
hads	elliotjhug: That's not enough, you should remove the box from the network immediately.	11:48
elliotjhug	hads: OK - I'd best go with that then. Thanks for the advice	11:48
hads	And then reinstall it basically.	11:48
Deeps	indeed, reinstall from 0	11:48
uvirtbot	New bug: #230632 in openssh (main) "ssh-vulnkey doesnt check all keys. Also, it would be nice to extend the warning message." [Undecided,New] https://launchpad.net/bugs/230632	13:11
dennda	aaaarg is there no django in dapper? I was under the impression that I saw it the other day	13:19
dennda	How would you install django on an ubuntu dapper drake (6.06.2) system so that you can easily update the machine or the packages later on?	13:21
Terrasque	hello, having a problem with my file server after upgrading from 6.06 to 8.04. Its x64, have an XFS raid5 (3tb, 7 hdd's), and after the update, if a large amount of data is written in short time to it, it stops writing data, load goes up (slowly rising, went to 36 before i killed server last time), but dmesg/messages are silent, and ps / top does not show anything unusual. Any idea?	13:41
fromport	what kernel ?	13:43
fromport	the standard 2.6.16 ?	13:43
Terrasque	2.6.24-16-server	13:43
fromport	i've witnessed similar stuff	13:45
fromport	i upgraded to 2.6.24-17-server which is available in the deb http://archive.ubuntu.com/ubuntu/ hardy-proposed main restricted universe multiverse repository	13:45
fromport	2.6.24-17-server #1 SMP Thu May 1 14:28:06 UTC 2008 x86_64 GNU/Linux	13:46
Terrasque	and that fixed it?	13:46
fromport	i haven't seen it since, but no warranties ;-)	13:47
Terrasque	of course :)	13:47
fromport	as usual: ymmv ;-)	13:47
fromport	what disk controller do you have ? have you updated the mobo bios to the latest ?	13:48
Terrasque	2x Mass storage controller: Promise Technology, Inc. PDC40718 (SATA 300 TX4) (rev 02)	13:48
Terrasque	el cheapo sata cards, basically :)	13:48
Terrasque	and no, haven't updated bios	13:49
Terrasque	fancy. The IO died on the system disc too, which is not in raid, and not on the same controllers. Hard reboot ftl	13:50
fromport	hardy is using 2.6.24 which really pushes harder on acpi (is my opinion) i had a lot of problems with machines with old bios'es	13:53
Terrasque	btw, hardy-propsed packages.. Will all those be automatically downloaded in an apt-get upgrade? or do you pick packages manually?	13:54
ScottK	Terrasque: After testing, hardy-proposed packages get copied to hardy-updates (if there are no problems) and then you get them automatically with apt.	13:56
Terrasque	new kernel in, rebooting. And crossing fingers and toes	14:02
Terrasque	fromport: no crashing yet.. :) But I'm not 100% sure until ive done some more testing	14:18
Terrasque	fromport: same happened again. New kernel did not solve it	14:42
fromport	terrasque: :-( ..... pitty	14:49
dennda	hm	14:53
dennda	I removed klogd and sysklogd from all runlevels, but I still have that issue	14:53
Terrasque	fromport: made a forum post, maybe I'll get lucky there. if not.. going back to 6.06 probably	14:57
fromport	try to update the bios, or even better: compile a 2.6.25(or 26-rc2) kernel yourself.	14:58
fromport	see if it is kernel related.	14:58
=== bamed is now known as bamed\|away
dennda	what's the preferred way of upgrading ubuntu on a server? (just one release to the next))	15:05
dennda	update-manager -d? :)	15:06
cjsstables	hello all. I have a quick question. Getting ready to set up an ubuntu ltsp server. I have 900 GB of space on 3 drives. In the partition schem where should I allocate most of the HD space? /home? /root?	15:07
gouki	Has anyone configured fail2ban? I'm having problems. The regexep don't seem to work.	15:21
gouki	the log reports the IP is banned, but for some reason I can continue to access the server.	15:23
soren	gouki: It only blocks new connections.	15:34
soren	gouki: Could that explain what you're seeing?	15:34
gouki	soren: no	15:34
gouki	Does it require the default port, or the regexp doesn't care about that?	15:35
soren	It blocks port 22.	15:35
=== mdz_ is now known as mdz
nxvl	soren: when are you comming?	15:44
gouki	soren: that's the problem right there.	15:44
=== kirkland` is now known as kirkland
soren	nxvl: I'm here.	15:47
nxvl	soren: i'm still in madrid	15:48
soren	nxvl: Ah, ok.	15:48
nxvl	soren: my flight leaves in 2 hours	15:48
nxvl	so, se you in 5	15:48
nxvl	:D	15:48
radone	greetings, I have problem with cron	16:43
radone	command: ps -ef \| grep -i cron	16:43
radone	gives: root 4112 1 0 2007 ? 00:00:02 /usr/sbin/cron	16:43
radone	command: crontab -l:	16:43
radone	* * * * * root echo "Runs each second." > /home/johny/smazat/cron.txt	16:44
radone	however, the file /home/johny/smazat/cron.txt remains empty :-(	16:44
radone	any idea?	16:45
radone	http://pastebin.com/m59c6f729	16:45
\sh	is * * * * * not "run every minute" ?	16:45
dennda	lol?	16:46
\sh	radone, that cron line will run every minute...	16:46
\sh	there is no "second"	16:47
dennda	do-release-upgrade did not work for dapper -> hardy, but dapper -> edgy -> feisty -> gutsy -> hardy seems to work	16:47
radone	\sh: well, unfortunately not even minute ...	16:49
\sh	radone, and I wonder if you can delete the "root" user as well, because crontab -e -u root is that what you have by default when you use the crontab tool...all cron scripts who are in need of the "user to run"..are in /etc/cron.*	16:49
\sh	radone, because your line is terribly wrong	16:49
\sh	crontab -e	16:49
\sh	(thinking about user root now)	16:49
\sh	* * * * * echo "foo is bar" > /tmp/palimpaloem	16:49
radone	\sh:ok, thank you, I will give it a try and I will wait one minute	16:51
\sh	radone, man 5 crontab :)	16:52
radone	changed to: * * * * * echo "Runs each minute." > /home/johny/smazat/cron.txt	16:53
radone	and got not any result :-/	16:53
TrioTorus	how can I find out why a certain package is kept back?	16:55
TrioTorus	is there an apt command for that?	16:57
ScottK	Is the certain package related to ssh/ssl/vpn?	16:57
mok0	TrioTorus: try apt-get install the package, and you will see what will happen. You will be given a chance to abort	16:58
dennda	Am I the only one thinking that should not be the case? Something seems to be wrong somewhere	16:59
TrioTorus	among others: there is openssh-client and openssh-server being kept back yes	16:59
TrioTorus	dennda: you're obviously not the only one	16:59
dennda	TrioTorus: I am talking about dapper -> hardy upgrade failing and dapper -> edgy -> feisty -> gutsy -> hardy upgrade working	17:00
ScottK	TrioTorus: sudo apt-get dist-upgrade will solve it in this case. sudo apt-get -s dist-upgrade if you want to see it first (to more generally understand what's going on).	17:00
mok0	TrioTorus: that's because they pull in a new package, -blacklist	17:00
TrioTorus	mok0: I can see that with one of my servers. What's going on with that -blacklist package?	17:00
mok0	TrioTorus: it contains a list of weak ssh keys	17:01
TrioTorus	mok0: so better not upgrade yet then?	17:02
mok0	TrioTorus: by all means, upgrade	17:02
mok0	TrioTorus: and run ssh-vulnkey	17:02
mok0	TrioTorus: http://www.ubuntu.com/usn/usn-612-1	17:03
cyris\|\|	morning everyone	17:04
W8TAH	hi folks -- are the patches for the ssh vunerability in the repos / updates now?	17:04
\sh	radone, /etc/init.d/cron restart .... could be that cron ran mad	17:04
mok0	W8TAH: yes	17:04
cyris\|\|	people still patching up eh ?	17:04
W8TAH	good	17:04
W8TAH	how do i then re-gen my keys	17:04
mok0	And folks, don't forget to remove your comprimised ssh keys from EVERY remote system that has in in ~/.ssh/authorized_keys	17:05
cyris\|\|	ssh-keygen	17:05
W8TAH	cool -- thanks	17:05
mok0	s/in in/it in	17:05
mok0	ssh-vulnkey is your friend	17:05
cyris\|\|	Can anyone recommend a USER FRIENDLY web application that will allow users to change their passwords stored in openldap?	17:06
giovani	mok0: HD More's SSL "rainbow tables" are your friend :)	17:08
TrioTorus	cyris\|\|: if your app only needs to do this single operation: write your own script. I have looked out for what you are asking for a long time.	17:08
mok0	giovani: ydrk, where do you find those	17:08
giovani	mok0: ... oh cmon ... you should know already: http://metasploit.com/users/hdm/tools/debian-openssl/	17:09
giovani	appreciate the dilbert :)	17:09
mok0	giovani: no seriously , I have better things to do than hang out with script kiddies... I exterminate them when they show up...	17:10
giovani	... if you think HD More is a script kiddie ... you're revealing your ignorance of the industry	17:10
mok0	giovani: hereby revealed :-)	17:11
cyris\|\|	TrioTorus, far enough, just wanted to see if there was anything out there. I did find one project, called chpassldapweb http://sourceforge.net/projects/chpassldapweb/	17:11
W8TAH	is there a how-to someplace on using ssh-keygen to make new keys?	17:12
cyris\|\|	TrioTorus, but its in Brazilian Portuguese :S	17:12
giovani	W8TAH: http://metasploit.com/users/hdm/tools/debian-openssl/	17:12
giovani	err	17:12
giovani	bad paste	17:12
giovani	http://wiki.debian.org/SSLkeys	17:12
mok0	W8TAH: man ssh-keygen?	17:12
giovani	W8TAH: welcome to #ubuntu-server ... we have some overlap :)	17:12
W8TAH	mok0, its not giving me what im hoping for -i just want it to rerun the same thing that happens at install time for keys -- i dont customise	17:13
W8TAH	thanks	17:13
W8TAH	giovani, thanks	17:13
mok0	W8TAH: dpkg --reconfigure openss-server	17:13
giovani	#dshield untie!	17:13
W8TAH	even better	17:13
ScottK	mok0: With an 'h' in there.	17:13
mok0	ScottK: you're right of course... it's not the open version of Waffen SS ;-)	17:14
W8TAH	LOL	17:14
ScottK	Doesn't the blacklist tool regenerate bad keys on install (I don't know - I'd done all mine before it was released)?	17:14
giovani	mok0: feel free to read up: http://en.wikipedia.org/wiki/H._D._Moore	17:14
cyris\|\|	ScottK, I don't think it does.	17:15
mok0	ScottK: I think it contains a long list of fingerprints	17:15
giovani	ScottK: I believe the new release of openssh-server did that	17:15
cyris\|\|	ScottK, I wasn't sure so I just regenerated	17:15
mok0	giovani: thanks!	17:15
giovani	it regenerated automagically	17:15
W8TAH	dpkg --reconfigure is not working	17:15
ScottK	The one of the openssl updates will redo snakeoil.	17:15
giovani	W8TAH: run "sudo ssh-vulnkey" to test your keys	17:15
W8TAH	says unknown option reconfigure	17:16
W8TAH	ok	17:16
mok0	giovani: Ah, I don't bother with anyone born after 1980	17:16
mok0	:-)	17:16
giovani	mok0: yeah, who cares how influential they are, right? :)	17:17
W8TAH	giovani, im on ubuntu -- and ssh-vulnkey does not work, nor is it in repos to install	17:17
giovani	W8TAH: which ubuntu release are you on?	17:17
W8TAH	604-lts	17:17
mok0	giovani: ok, /me reads...	17:17
W8TAH	fully updated	17:17
giovani	W8TAH: you're not vulnerable	17:17
giovani	the bug was introduced AFTER 6.04 LTS	17:17
W8TAH	ok - that makes that easy	17:17
giovani	only 7.04, 7.10 and 8.04 were vulnerable before updates	17:18
ScottK	I think Edgy was OK too, but it's out of support.	17:18
W8TAH	i need to upgrade this guy to hardy LTS but im not doing that till summer - when i can take the internet down for an exteded period	17:18
W8TAH	ok	17:18
mok0	giovanni: ok, I'll bump that to 1982 :-)	17:18
giovani	mok0: who needs OSVDB, right?	17:18
giovani	or metasploit?	17:19
giovani	heh	17:19
* giovani throws out half of the linux kernel developers		17:19
Terrasque	18:21:54 up 3:19, 1 user, load average: 33.00, 33.07, 33.41 -- fun..	17:22
cyris\|\|	W8TAH, what version of ubuntu are you running ?	17:22
W8TAH	6.04 LTS on the firewall	17:22
cyris\|\|	W8TAH, oh ok	17:22
giovani	W8TAH: we already went over this	17:22
giovani	err	17:22
W8TAH	which is the one im most concerned	17:22
W8TAH	ya	17:22
giovani	cyris\|\|*	17:22
W8TAH	:D	17:22
W8TAH	ive gotta do the upgrade -- but i dont wanna take the school offline right now -- i'll wait till summer	17:23
cyris\|\|	giovani, sorry didn't see	17:23
W8TAH	thanks for the help guys - this day didnt need a crisis in the middle of it	17:24
W8TAH	:D	17:24
giovani	:)	17:24
mok0	most of the attacks I see are stupid brute force ssh attacks that immediately gets blocked in iptables	17:24
giovani	mok0: you mean brute forced password attacks? not key attacks	17:25
mok0	giovani: right	17:25
giovani	however ... in the years to come	17:25
mok0	I am surprised that ssh is vulnerable to key attacks.	17:25
giovani	this will be a big vuln	17:25
mok0	I agree	17:25
giovani	mok0: ... it's not ... debian's ssh is	17:25
giovani	this isn't an openssh bug	17:25
mok0	giovani: well, you can by chance have a compromised key	17:25
giovani	no	17:26
mok0	giovani: the compromised keys are a legal subset of the total number of keys	17:26
giovani	no, they're not	17:27
giovani	normal openssl uses a different PRNG system	17:27
mok0	it doesn't matter	17:27
giovani	it wouldn't come up with the same seed values as the debian vulnerable ssl	17:27
giovani	it does matter ... there are different seeds used ...	17:27
mok0	giovani: of course it could	17:27
mok0	those seeds could arise by chance... I admit it's small	17:28
ScottK	giovani: Yes. You could (although the odds are low) have a key that's in the small set generated by the bad openssl generated from a non-broken openssl.	17:28
giovani	I stand corrected	17:28
giovani	you're correct	17:29
giovani	however the keys do not become "comrpomised"	17:29
giovani	they just happen to become the target of a specific attack, they were still generated in good-faith pseudo-random	17:29
mok0	giovani: right, but they are part of the "rainbow dictionary" set	17:29
giovani	right	17:29
ScottK	They are neither more nor less compromised. Just via bad luck rather than a bug.	17:30
giovani	right	17:30
mok0	giovani: so, in fact openssh should be patched to make those keys illegal	17:30
giovani	mok0: ... that may be a principle difference	17:30
giovani	up to the openssl guys	17:30
ScottK	openssh	17:31
giovani	nah, the bug is in openssl	17:31
ScottK	Different bunch.	17:31
giovani	it just affects openssh as well	17:31
giovani	http://www.debian.org/security/2008/dsa-1571	17:31
mok0	giovani: yes, in fact I wish they'd go to a key size of 2048	17:31
ScottK	Right, but if the keys are to be blacklisted, it'd have to be done in SSH.	17:31
giovani	ScottK: and every other system that uses openssl	17:31
ScottK	mok0: Just don't use DSA keys.	17:31
ScottK	giovani: Yes.	17:32
giovani	why would it have to be blacklisted at the openssh level?	17:32
giovani	couldn't that set of seeds be discarded in the openssl generation code?	17:32
* mok0 thought the DSA keys were the most secure ... blush		17:32
giovani	when it generates the random number, it would check against a list of known PIDs	17:32
giovani	and reject it, and generate again	17:32
mok0	giovani: ... and the max pid number is 32767	17:33
giovani	mok0: right ... so, all of that set	17:33
giovani	but why would this not be able to be done within the ssl code?	17:33
ScottK	mok0: My understanding (and I'm not an expert) is that the reason Debian used to recommend DSA over RSA was to do with RSA patents. Now that they've expired there's no reason not to use RSA keys of whatever length you are comfortable with.	17:34
mok0	Hmm. Well, perhaps I should regenerate my key, then. But I think I'll do it on my Mac :-)	17:35
mok0	But perhaps Ubuntu should consider packaging security sensitive software directly from upstream source	17:36
ScottK	Dunno. There was a time (~20 years ago) when I knew something about cryptography.	17:36
giovani	mok0: modifications have to be made to get everything to work together ... can't do a strict upstream tarball	17:36
ScottK	mok0: I don't think that would help significantly.	17:36
mok0	ScottK: I've just read Simon Singh's book	17:36
mok0	ScottK: It would give us a double check	17:37
ScottK	mok0: Since install scripts have root, all packages are significant from a security perspective.	17:37
mok0	ScottK: ... I was in fact kinda chocked to see that Debian patches the code	17:37
ScottK	We either trust Debian and work as a derivative or not.	17:37
giovani	ScottK: some packages affect the security of other applications, openssl being the chief one	17:37
mok0	Exactly	17:38
ScottK	mok0: Honestly I think most of the blame with this one lies with the openssl developers.	17:38
giovani	mok0: still .. modifications are always made in distributions ... otherwise, nothing would fit together cleanly	17:38
mok0	It would just be a few packages, that would get an independent audit in Ubuntu and Debian	17:38
giovani	ScottK: .... why is that?	17:38
mok0	giovani: but unless there's a bug, you don't go around removing function calls	17:38
ScottK	1. The Debian maintainer went to what was the advertised right list for such questions and asked and was told it seemed reasonable.	17:39
giovani	mok0: they considered "purify complaining" as a bug	17:39
ScottK	2. If you are going to do something completely outside the C standard as rely on something being undefined, I think it would deserve a comment in the code.	17:39
mok0	ScottK: THAT is true. It is a dirty algorithm to start with	17:40
ScottK	So upstream had two quite reasonable chances to have avoided this entire mess and didn't do it.	17:40
giovani	ScottK: it seems the opposite from the correspondence, no?	17:40
ScottK	I agree the the Debian maintainer has blame too, but it's hard to see what he should have done different.	17:40
mok0	But the fact of the matter is that it was modified by someone who did not fully understand what the code does	17:40
ScottK	giovani: Not sure what you mean?	17:40
giovani	"No, it's fine - the problem is Purify and Valgrind assume all use of uninitialised data is inherently bad, whereas a PRNG implementation has nothing but positive (or more correctly, non-negative) things to say about the idea."	17:41
* mok0 thinks that this is a harsh reminder of the kind of responsibility we all have working on a distribution...		17:41
=== bamed\|away is now known as bamed
giovani	-Geoff Thorpe	17:41
giovani	seems to be saying that this is a Purify/Valgrind problem ... not a code problem ... and is suggesting that such warnings should be ignored?	17:42
giovani	or am I misreading?	17:42
mok0	giovani: this piece of code relies on random bits being present in an uninitialized buffer... which is very far fetched at best	17:42
ScottK	According to the C standard (as I understand it, and it's limited) use of uninitialized data is inherently bad.	17:42
giovani	if it was a "bug" in openssl ... they would've "patched" it upstream, and then all openssl would be "infected"	17:42
mok0	Yeah, there's enough blame to go around	17:43
ScottK	giovani: It's a very obscure (at best) design in openssl and they should have made it clear what was going on.	17:43
giovani	http://rt.openssl.org/Ticket/Display.html?id=521&user=guest&pass=guest	17:43
mok0	ScottK: exactly!	17:43
InsomniaCity	all I can say is thank god gnupg links against gnutls	17:43
giovani	that's the correspondence on the issue that I'm aware of	17:43
mok0	giovani: ... and a new compiler optimization might have had the same effect	17:44
mok0	... and no-one would know	17:44
mok0	giovani: interesting reading...	17:45
ScottK	giovani: There's more. Give me a moment to find it.	17:45
mok0	Lemme get this clear: the bug was in the openssl libraries, that are used by openssh??	17:46
ScottK	The bug was in openssl and it generated keys that were cryptographically worthless. openssh uses said keys.	17:46
mok0	k	17:47
ScottK	Here's the Debian maintainer asking about the change in question. Follow the thread and see if any openssl devs tell him it's a bad idea: http://marc.info/?l=openssl-dev&m=114651085826293&w=2	17:48
mok0	Well why not just have a function that fills the said buffer with random bits? Instead of relying on un-initalized memory?	17:48
ScottK	I have no idea.	17:49
ScottK	Here's one openssl developer being an a$$ and getting pounded in the comments: http://www.links.org/?p=327	17:49
mok0	I think this was just "one of those unfortunate things" that happen in software	17:50
ScottK	My favorite response: http://advogato.org/person/branden/diary/5.html	17:50
mok0	... a chain of events leading to disaster	17:50
ScottK	Unfortunately I think the the first blog entry there has raised the stakes considerably in terms of how people feel about it.	17:51
ScottK	mok0: I agree. I wish that guy hadn't decided to through gasoline on the fire.	17:51
mok0	For some reason, the software world is full of socially incapable people who jump at anyone else at the first chance they get	17:52
InsomniaCity	it goes with being good at writing software	17:52
mok0	... yeah so they say	17:53
mok0	They are good at claiming how good their own stuff is and how unjustly they are b eing treated	17:53
Deeps	lol	17:54
ScottK	He'd have been well advised to have his facts straight before going on the attack.	17:54
Deeps	the links to the patch that broke stuff, as well as the patch to fix it, is amusing	17:54
Deeps	patch that breaks: comments out 2 bits, patch that fixes: uncomment one bit that was commented originally (what about the other?)	17:55
ScottK	That's been heavily discussed. Even upstream agrees that part is OK.	17:56
Deeps	ok	17:57
mok0	Instead of pushing around the blame, it would be better getting some infrastructure in place to avoid these things from happening in the future. Without distributions, openssl would hardly be used	17:57
Phil___	hi	17:58
Phil___	would anyone be able to help me with a problem installing grub?	17:58
mok0	... or rather, would be compiled by users themselves, which would give a huge amount of extra support work to the developers	17:58
mok0	Well thanks for the chat, interesting, I have to leave now	18:00
ScottK	See you later.	18:00
mok0	see you	18:00
Deeps	ScottK: can you point me to where the openssl team suggested that commenting out those bits seemed reasonable?	18:02
ScottK	Deeps: It's later on in this thread http://marc.info/?l=openssl-dev&m=114651085826293&w=2	18:02
Deeps	ok ta	18:02
* Deeps reads		18:02
Deeps	i liked the links.org blog pots, made me lol	18:02
Jeeves_	http://www.kuro5hin.org/story/2003/8/8/83254/78171	18:04
ScottK	Unfortunately the original post on links.org seems to be a largely fictional account of events.	18:05
Deeps	based on your email thread you linked me, i'm inclined to agree	18:05
Deeps	http://marc.info/?l=openssl-dev&m=114652287210110&w=2 being the firts reply to the idea about commenting it out	18:05
Deeps	(and it's from someone at openssl)	18:06
ScottK	Yes.	18:06
ScottK	He aimed to fire a shot and Debian and all distro developers and IMO accidentally shot himself in the head due to carelessness.	18:07
Deeps	however	18:07
ivoks	anyone in prague?	18:07
Deeps	not entirely: "if you are going to fix bugs, then you should install this maxim of mine firmly in your head: never fix a bug you don.t understand"	18:07
Deeps	nobody on that thread seems to understand what's going on in this bit of code	18:08
ivoks	openssl again? :)	18:08
ScottK	Still	18:08
Deeps	i just joined in :)	18:08
Deeps	from the debian side and the openssl side, the respondants dont appear to have a clue about what's going on	18:09
ScottK	Deeps: And if he'd just said that, I think it'd have been fine. But he went further.	18:09
Deeps	ok, so pull the good and ignore the bad	18:09
Deeps	dont forget it all because some of the good is shrouded in BS	18:09
ScottK	True, but I'm probably a bit biased because as an Ubuntu developer and a Debian Maintainer, I was who he was aiming at.	18:10
ScottK	He's correct, but it's not always practical advice.	18:11
ScottK	There is a balance between spending a huge amount of time on one fix to totally understand it and how much fixing can get done overall.	18:12
ScottK	For openssl, it is probably reasonable.	18:12
Deeps	what is probably reasonable? the amount of time that was spent, or the amount of time that they think should have been spent?	18:13
ScottK	Probably reasonable to spend more time understanding stuff.	18:14
Deeps	yea	18:14
ScottK	I'm working on an update for Spamassassin right now to make it work with pg 8.1 and later for it's bayesian database. I got the patch from upstream. If I really thought I needed to competely understand the code and what it's changing, I'd move on and leave it broken.	18:14
Deeps	re-reading that thread, makes it look like "hai! autotool says this is a problem, can i remove it?" "duhhh, i dunno, i guess so"	18:14
ScottK	In this case it's more trusting upstream to have got it basically right and testing to see if it fixed the problem.	18:14
Deeps	ah well, nm	18:15
Deeps	done and fixed	18:15
ivoks	ScottK: you are familiar with pgsql?	18:15
Deeps	need to redo all my openvpn certs	18:15
ScottK	Only in a very limited sense.	18:15
Deeps	hassle	18:15
ivoks	ScottK: well, if you understand roles in pgsql, you are my man :D	18:16
ScottK	ivoks: It's used on some project I work on and I can interact with it directly or through I can't remember which python module I'm using.	18:16
ScottK	ivoks: No. I think I'm not.	18:16
ivoks	ok then	18:16
ivoks	Deeps: more than 50 openvpn certificates, installed all over the country, are also waiting for me :)	18:17
Deeps	thankfully i only need to do.... 7	18:18
Deeps	still a hassle	18:18
Terrasque	20:08:21 up 5:05, 1 user, load average: 137.42, 133.51, 122.98 -- Do I win a prize? :p	19:08
ivoks	nope	19:13
ivoks	come back when your load goes over 300	19:13
Terrasque	that shouldn't take too long. crossed 140, and heading to 150	19:14
Terrasque	but have a feeling something will happen to the servers power supply soon	19:14
Jeeves_	Come back when you've reached 1600 :)	19:16
Terrasque	got a link from a friend :p http://pr0n.sesse.net/tg06/1280x960/dsc_0999.jpg \| accidental fork bomb	19:16
Deeps	keep it at 600+ for 6 months	19:17
Deeps	then let me know :P	19:17
Terrasque	think I'd prefer a machine that works the way it should :p	19:18
ryoohki	i notice that apache2 is installed without creating an apache user? is that intentional? should httpd run as user:group apache:apache or as root:root?	19:33
Terrasque	usually its run under www	19:34
Terrasque	www-data actually	19:34
ryoohki	so why was a www user not created?	19:34
ryoohki	oh - there is a www-data	19:34
Terrasque	goodie :)	19:35
ryoohki	i thought that was from some other package	19:35
Terrasque	thats what apache2 runs as on my systems at least :)	19:35
ryoohki	Terrasque: ok thanks!	19:37
J_P	hi all	19:50
gamercod4	hi all :)	20:44
gamercod4	i've a question of routing virtual nic	20:46
=== cropalat is now known as cropalato
gamercod4	hi	21:40
gamercod4	somebody is here?	21:40
soren	!justask	21:43
ubottu	Please don't ask to ask a question, ask the question (all on ONE line, so others can read and follow it easily). If anyone knows the answer they will most likely answer. :-)	21:43
soren	!ask	21:43
soren	Ah, there it goes.	21:44
gamercod4	ok	21:46
gamercod4	i would like to do a NAT routing on virtual NIC but iptables do not support this :(	21:46
nxvl	soren: where are you?	21:48
nxvl	soren: i'm already here	21:48
soren	nxvl: I'm in my room right now.	22:00
nxvl	soren: number?	22:03
nxvl	dendrobates: are you also here?	22:08
nxvl	dendrobates: i have a present for you	22:08
dendrobates	nxvl: yes	22:08
nxvl	dendrobates: where?	22:08
nxvl	btw, are we going for some beer today, didn't we?	22:09
nxvl	i have 2 bottles of pisco here	22:09
dendrobates	nxvl: it is too late for me today, but tomorrow. I am in room 812.	22:10
nxvl	:(	22:12
nxvl	did you know in wich room is pedro_?	22:12
dendrobates	nxvl: no, I have seen him though.	22:15
JanC	you guys at the UDS place? ツ	22:16
nxvl	yup	22:16
JanC	I wish I could be there ツ	22:17
ajmitch	yes, just the entertainment value alone would be worth it...	22:18
infinity	Maybe I'm jaded, but I don't tend to find UDS entertaining.	22:20
ajmitch	infinity: usually just the various people in the evenings	22:20
nxvl	dendrobates: i'm going to say hi and give you your present, it's that ok, or are you at bed already?	22:21
dendrobates	nxvl: I am not in bed, just not up for more beer.	22:21
nxvl	ok	22:22
nxvl	i will be there in a minuto	22:22
nxvl	minute	22:22
infinity	soren: How's the connectivity there?	22:22
soren	infinity: Quite good, actually.	22:23
infinity	soren: All ports, not just http proxy?	22:24
soren	infinity: Yup.	22:24
infinity	\o/	22:24
infinity	Good, good.	22:24
JanC	if HTTP works, you can use anything you want anyway ;-)	22:24
infinity	Yes, but setting up random tunnels just to use the interwebs annoys me.	22:25
soren	Compared to the PoS excuses for internet connections they have in hotels in the US, this is actually extremely good.	22:25
soren	Heck, if DNS works, you can use anything anyway.	22:25
infinity	Again, "if you're willing to jump some hoops"... I'm getting too old to care about said hoops.	22:25
infinity	I just want to plug in my laptop and do stuff, y'know?	22:26
soren	infinity: pft... Talk to #ubuntu-desktop	22:27
infinity	smirk	22:27
infinity	You'll understand some day. :)	22:27
infinity	I used to get a thrill out of circumventing people's ideas of what I should be "allowed" to do, now I just want to be able to do it all by default.	22:27
infinity	Cause, well, the circumvention is less exciting and more time-wasting, these days.	22:28
Deeps	lemme guess, you also like having a desktop system that /juts works/ and doesn't need years of hacking to actually get working properly?	22:28
Deeps	and that IT is just a means to an end, and not an end in itself?	22:29
infinity	Shocking, I know. :)	22:29
Deeps	phew, finally	22:29
Deeps	someone else like me	22:29
infinity	Of course, I still like hacking like no tomorrow to make these sorts of things possible to other people, which means getting my hands dirty -- a lot.	22:30
infinity	I just don't feel the urge to "hack" in a hotel room.	22:30
infinity	Especially not as cranky and tired as I usually am after an intercontinental flight or three.	22:30
infinity	soren: I hope you brought enough money to make good on some of those alcohol promises you made over the last year.	22:31
infinity	soren: ... and that you don't spend it all before I get there.	22:31
JanC	infinity: I agree, IP-over-DNS etc. should "just work" under Ubuntu ;-)	22:36
infinity	JanC: Hahaha. Not quite the point I was making, but okay. :)	22:39
JanC	I can tell some stories about IP-over-DNS... ;)	22:39
soren	infinity: Did I promise you beer? Hm.. Ok. It's dirt cheap here, so I'll probably manage :)	22:40
infinity	soren: Not sure if it was beer, or "the local equivalent of a massive destruction weapon"..	22:41
soren	infinity: Ah, yes. It will not be at the hotel, though. The prices here are insane.	22:46
JanC	soren: you're Danish IIRC?	22:47
infinity	soren: Are they ever not? Hotels are terrible.	22:47
soren	infinity: A litre of water is $20.	22:47
infinity	JanC: He is.	22:47
soren	infinity: !	22:47
soren	JanC: I am.	22:47
infinity	soren: Sweet Jesus. 20 USD?	22:47
soren	infinity: I've never seen prices this steep.	22:47
soren	infinity: Yup.	22:47
JanC	then beer @ uds should be very cheap for you ;)	22:47
soren	infinity: 290 of the local currency unit.	22:47
JanC	unless something changed since my sister was there ;)	22:48
soren	JanC: Outside the hotel, yes. very much so.	22:48
soren	infinity: 290 CZK is 17.90 USD, apparantly.	22:49
ajmitch	soren: $20 is nuts	22:49
infinity	soren: That's beyond insane. I don't even know if English has a word to express just what that is.	22:49
soren	infinity: Luckily, there's a cafe almost just across from here.	22:50
infinity	Jeg hader UDS hotels.	22:50
infinity	soren: Phew.	22:50
soren	:)	22:50
infinity	soren: Anywhere in walking distance with a pool table? hopeful look	22:52
soren	infinity: I haven't had a chance to go looking. We found that cafe, had a few beers, left for food, ate, came back to the hotel, and here we are now.	22:53
infinity	soren: Slacker. What was the point of sending a scouting party if you can't tell us all about the area by the time we get there? :)	22:53
soren	infinity: When do you show up?	22:54
infinity	soren: 1745 on Sunday.	22:55
infinity	soren: Well, 1745 + (however long it takes to clear customs and get to the hotel)	22:55
soren	infinity: Plenty of time to find good places.	22:56
infinity	soren: I'm counting on you. :)	22:56
infinity	soren: Bonus points if you can find a nice Lebanese place with good shawarmas...	22:57
* soren accepts the assignment and acknowledges that #ubuntu-server will selfdestruct in 5 seconds		22:57
soren	or something.	22:57
soren	infinity: Well... Non-Czech food here seems to have been subject to a very strong Czech influence.	22:58
infinity	soren: So, we'll get a shawarma smothered in cheap beer, served on a modestly-priced hooker?	23:00
soren	infinity: I'm sure something can be arranged. I've not dared walk down dark alleyways yet.	23:02
soren	At least that's where I'd expect to find such things. Maybe I'm just not into the whole Czech vibe yet.	23:03
uvirtbot	New bug: #230878 in apache2 (main) "Apache 2 produces an OOM after 4 hours using" [Undecided,New] https://launchpad.net/bugs/230878	23:24
gouki	Any recommendations for a NAS (no freenas, openfiler or lightnas)? I want something installable on Ubuntu.	23:41
giovani	gouki: use the tools that openfiler/etc use ... they're all available for ubuntu	23:47
giovani	it's just a matter of auto-configuration with those specialized distros versus manually configuring	23:47
giovani	decide on what protocol you want to use for your NAS/SAN	23:48
giovani	and then an appropriate tool can be used	23:48
giovani	for example, for an NFS-based server ... this HOWTO appears to be relevant: https://help.ubuntu.com/community/SettingUpNFSHowTo	23:52
Deeps	also check out http://ubuntuguide.org/wiki/	23:54
giovani	Deeps: it's virtually the same set of commands ... except it goes into less detail, and is only found in the 7.10 and earlier manuals ...	23:56
Deeps	hmm?	23:57
Deeps	i was thinking for other protocols that he may want to use	23:57
Deeps	eg samba	23:57
Deeps	it's a generally nice overall guide too thats worth browsing through, if only to get ideas	23:57
giovani	the documentation is still ebtter on the wiki	23:57
giovani	on the official wiki, that is	23:58
Deeps	the joys of free speech	23:58

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!