[00:39] <_ZeuZ_> Hello guys, hope you received my email from the mailing list... what do you think about my little script?
[00:52]  * _ZeuZ_ Feels ignorated...
[01:07] <owh> _ZeuZ_: You have to remember that not every body is doing Ubuntu full-time. For example I'm self-employed and I'm volunteering my time to the project because in the long term both I and my clients benefit. Others have different motivations.
[01:08] <_ZeuZ_> I know, I'm also at university, while working for TodoSoft and trying to start my own security team at savajesoft.net my style is pretty secure until now... savajesoft.net/site/index.php
[01:52] <gouki> giovani: thank you
[02:19] <pteague> yay, i finally got rid of my grub error 17, but now i'm just getting a grub prompt
[02:31] <_ZeuZ_> pteague, why not just doing update-grub after installing it?
[02:31] <_ZeuZ_> pteague, first remove it (apt-get purge grub) then reinstall it (apt-get install grub) and then make it update and configure itself with update-grub
[02:41] <pteague> first time i've been able to even get to anything from grub other than the Error 17... i can't even get to a linux terminal to run apt
[02:43] <pteague> if you can tell me what i need to do in order to get grub to actually load the kernel i'll be happy to do whatever's needed with apt :)
[02:44] <flotishtu> how to auto configure    dpkg-reconfigure ipmasq       .(no need to press enter or yes/no again and again) just one command. ?
[02:44] <_ZeuZ_> pteague, well, you have any working OS there that you can access?
[02:45] <_ZeuZ_> flotishtu, I really don;t trust that server, I rather do masquerading myself through iptables
[02:45] <_ZeuZ_> Though, you'll have to pass the parameters, or you can do something like assume yes, letme review what;s the glitch to make it do that
[02:47] <flotishtu> _ZeuZ_ how
[02:47] <flotishtu> ok
[02:48] <_ZeuZ_> flotishu: check the mailing list, you'll see a script I made for that...
[02:49] <pteague> nope, new install of ubuntu-server
[02:49] <flotishtu> _ZeuZ_ what list?
[02:49] <_ZeuZ_> pteague: boot from a live-cd
[02:50] <_ZeuZ_> flotishtu, read the topic and you'll find what you need to know
[02:50] <flotishtu> _ZeuZ_ ^_-
[02:51] <_ZeuZ_> You might also find this: http://bulma.net/body.phtml?nIdNoticia=1794&nIdPage=6 intresting
[02:51] <pteague> i installed fedora 9 which actually booted & seemed to fix the detection error i was having before... reinstalled ubuntu-server again & now i'm stuck at grub... think i'll have to burn a cd for *buntu desktop
[02:51] <_ZeuZ_> pteague, come again? you are now on fedora, right?
[02:52] <Centaur5> Does apt-cacher need inetutils-inetd or can you use xinetd now?
[02:53] <_ZeuZ_> ONe does not have any relationship (exept perhas some dependencie) with the other, Centaur5
[02:55] <Centaur5> _ZeuZ_: well I didn't have any inetd package installed before but apt-cacher was the only thing that broke upgrading from Gutsy to Hardy and /var/log/apt-cacher/error.log says no running inetd server so I was wondering if it mattered which one I chose.
[02:56] <_ZeuZ_> I don;t see any realtion and theoretically it shouldn;t be there any
[02:56] <pteague> no, i was initially having problems getting anything... "GRUB loading... \ Error 17" & that was it...  guy from local lug is a fedora chump & suggested i install fedora... so i installed fedora & it started right up with no problems... but i'm trying to set up a debian based server so that doesn't get me anywhere in the long term so i deleted the partitions & reinstalled ubuntu-server & got the grub prompt
[02:58] <Centaur5> _ZeuZ_: Okay, I'll keep trying to fix it then.  Do you think it would be wise to use apt-cacher-ng now that it's in repositories?
[02:59] <pteague> this box used to dual-boot win/linux as it's my old desktop... only difference is it now has an extra drive in it attached to a new sata pci card
[03:43] <pteague> ok, i installed kubuntu 8.04, rebooted & ended up at a grub prompt again ;)
[03:58] <ScottK> For Kubuntu help, try #kubuntu
[04:09] <cyris|> hows it going everyone?
[06:28] <nealmcb> hmm - it seems I'd want a version of ssh-vulnkey that runs on dapper so I can see if folks have uploaded bad keys to it - but the USN only provides post-dapper updates - anyone have a dapper version?
[06:39] <hotmonkeyluv> when installing ubuntu server, where is the option to install the bootloader to a different partition (or does it automatically install it to /boot no matter where that partition is?)?
[06:43] <nealmcb> ﻿﻿Looks like dowkd.pl is the easy option most anywhere:  http://wiki.debian.org/SSLkeys#head-45e521140d6b8f2a0f96a115a5fc616c4f1baf0b
[06:45] <randomwalker> i upgraded openssh after the recent vulnerability report, and now my authorized_keys stopped working
[06:46] <randomwalker> i freshly copied the id_rsa.pub from the client, but still no go
[06:46] <randomwalker> any ideas?
[08:09] <kraut> moin
[08:28] <kraut> moin
[09:30] <RockHound> hi everyone ... is there a way that I can force an openldap 2.3.x to be installed on hardy instead of 2.4.x?
[09:35] <nxvl> RockHound: we are just on an openldap talk at FOSS Camp
[09:35] <nxvl> but yes
[09:35] <nxvl> i think you can
[09:36] <nxvl> just you need to install it by hand
[09:36] <nxvl> downloading the .deb
[09:41] <RockHound> okay ... thank .. ran into real troubles with syncprov and syncrepl ...
[09:42] <RockHound> so the deb of feisty should work?
[09:42] <nxvl> i think
[09:42] <RockHound> will try my best
[09:42] <nxvl> search the gusty ones if there are some
[09:42] <nxvl> or just package it by yourself
[09:42] <nxvl> :D
[09:43] <RockHound> gutsy is what i meant
[11:31] <AnRkey> does anyone here know why M$ outlook 2k3 hangs when it opens and tries to connect to a postfix server?
[11:31] <AnRkey> i am using dovecot
[11:34] <ivoks> so, postfix or dovecot? :)
[11:34] <ivoks> one is for sending mail, and the other for recieving
[11:46] <AnRkey> ivoks, soz for not answering, i was cruising through the forums
[11:47] <AnRkey> this is my problem >> http://ubuntuforums.org/showthread.php?p=4971185#post4971185
[11:47] <AnRkey> Outlook 2k3 hangs when it tries to connect to dovecot-imapd
[11:48] <ivoks> so, your users are in mysql?
[11:50] <ivoks> (today is not my day; not sure why...)
[11:50] <AnRkey> mysql?
[11:50] <ivoks> yes
[11:51] <AnRkey> no
[11:51] <AnRkey> i am using unix accounts
[11:51] <ivoks> ok
[11:51] <AnRkey> default install
[11:51] <ivoks> you've setup mail_location in dovecot.conf?
[11:53] <\sh> plain or login mech?
[11:53] <soren> AnRkey: Which version of Ubuntu?
[11:54] <AnRkey> 7.10
[11:54] <AnRkey> i see now that the thread is about mysql too
[11:54] <AnRkey> i don't think that is the prob as my install has the same issue
[11:55] <ivoks> well, i can't tell you that this combination works on at least 10 my mail servers :)
[11:55] <AnRkey> can't or can
[11:55] <ivoks> i'm sure it's configuration problem
[11:55] <ivoks> can
[11:55] <ivoks> sorry
[11:55] <AnRkey> :P
[11:56] <AnRkey> i am soooo close to being finished too :D
[11:56] <ivoks> are you using maildir or mbox format?
[11:56] <AnRkey> maildir
[11:56] <ivoks> ok, so did you set up mail_location in dovecot?
[11:56] <AnRkey> do you know how to increase the verbosity of the logging?
[11:56] <AnRkey> checking
[11:56] <ivoks> #mail_debug = no
[11:56] <ivoks> and even
[11:56] <ivoks> #auth_debug = no
[11:57] <ivoks> #auth_verbose = no
[11:57] <AnRkey> ahh ok
[11:57] <AnRkey> thanks
[11:57] <AnRkey> mail_location is not set no
[11:57] <ivoks> heh
[11:57] <AnRkey> but TB and OE both work fine
[11:58] <ivoks> maildir:~/Maildir
[11:58] <ivoks> i guess you've setup postfix to use maildir?
[11:59] <AnRkey> yes
[11:59] <AnRkey> i followed this guide without all the SSL stuff https://help.ubuntu.com/community/Postfix
[12:00] <ivoks> then fix dovecot to user maildir
[12:00] <AnRkey> so set the mail_location to mail_location = maildir:~/Maildir
[12:00] <ivoks> oe ant thunderbird probably work, but don't show you your mails :)
[12:00] <AnRkey> they both show and send emails
[12:00] <ivoks> oe ant? omg... time for food :D
[12:01] <AnRkey> oe ant? << ?
[12:03] <Myrtti> I've got a question. I've got a virtual server, dapper 6.06.2 which I plan to update to hardy. the person hosting the virtual server says I've got to update to libc6-xen and remove libc6. I'd love to do the update with sudo do-release update, though. Will I run into trouble if I do the upgrade with do-release update and not the way he says it should be done, namely fiddling with the sources.list, installing the libc6-xen and removing the libc6?
[12:04] <Myrtti> and then doing aptitude safe-upgrade?
[12:04] <AnRkey> ivoks,
[12:04] <AnRkey> Task 'Checking for new mail in subscribed folders on 192.9.201.6.' reported error (0x800CCC0F) : 'Outlook is unable to download folder (null) from the IMAP e-mail server for account 192.9.201.6. Error: The TCP/IP connection was unexpectedly terminated by the server. If you continue to receive this message, contact your server administrator or Internet service provider (ISP).'
[12:04] <AnRkey> thats what i get now
[12:06] <ivoks> Myrtti: i think that would work fine... libc6-xen provides libc6
[12:06] <Myrtti> I know, but I still cringe at the idea of upgrading that way
[12:07] <ivoks> AnRkey: try subscribing to some folders trough oe
[12:07] <Myrtti> makes my skin crawl
[12:07] <ivoks> Myrtti: do do-release-upgrade, and when it is over, install libc6-xen
[12:07] <AnRkey> ivoks, ok
[12:07] <Myrtti> I managed to break several installations of Debian back in the days of pre-ubuntu-existance that way
[12:08] <Myrtti> ivoks: you think that could do it too?
[12:09] <ivoks> Myrtti: just do it
[12:42] <Myrtti> here it goes then.
[12:42] <Myrtti> *sigh*
[13:12] <reya276> morning
[13:14] <reya276> If users that are on a windows client connecting to ubuntu using "winscp" software for sftp/ssh will that connection be compromised due to this ssh vulnerability issue? Keep in mind I have already applied the updates to openssh and ssl
[13:15] <normanm> reya276, if the pubkeys they use are affected yes.. if not no
[13:16] <reya276> ﻿normanm: ok is there a way for me to reset those keys mainly for the windows users connecting to the server
[13:17] <reya276> because other ubuntu PC automatically let's the users know they can't connect
[13:18] <Terrasque> reya276: do they use key based auth? or password based?
[13:18] <normanm> reya276, find /home -name authorized_keys -exec ssh-vulnkey {} \;
[13:19] <normanm> if they use not key based out it is not affected anyway
[13:20] <Terrasque> normanm: "ssh-vulnkey -a" will check all users
[13:20] <normanm> Terrasque, oh ok ;-)
[13:20] <normanm> so no need for find ;-)
[13:20] <Terrasque> correct :)
[13:21] <normanm> Terrasque, but find is such a nifty tool =P
[13:21] <Terrasque> true, true. But no need to overuse :p
[13:22] <Terrasque> I'm sure you could have chained in grep and xargs too if you really wanted, but .. simple is good :D
[13:22] <reya276> ﻿Terrasque: well they have to put in their passwords to be able to logon to their home directories, but their is some sort of key authentication
[13:22] <Terrasque> reya276: well, "sudo ssh-vulnkey -a" will tell you all weak keys on the system
[13:23] <Terrasque> if they're used or not, it will show them
[13:24] <reya276> thank you guys, let me try this
[13:25] <reya276> oh I got this message
[13:25] <reya276> sudo: ssh-vulnkey: command not found
[13:26] <reya276> ﻿Terrasque: that command is not working for me
[13:30] <Terrasque> then upgrade :)
[13:30] <Terrasque> its included in the latest upgrade
[13:31] <reya276> I though I did, I'm running fiesty 7.04
[13:31] <Terrasque> did you do upgrade, or dist-upgrade?
[13:31] <Terrasque> the new openssh packages pulls a new package too, so you need to use dist-upgrade
[13:32] <reya276> I did sudo apt-get update then sudo apt-get upgrade
[13:32] <reya276> yes but if I do dist-upgrade means that my OS will be update right?
[13:33] <Terrasque> no
[13:34] <Terrasque> its called "dist-upgrade" for historical reasons :) but basically, upgrade only updates existing packages, and will not for example download a new package. dist-upgrade will do that. Historically (and most of the times now) it was used to upgrade to a newer version with new packages (and removed old packages).
[13:34] <Terrasque> it will show what it will do and ask for confirmation first, so you can doublecheck that nothing weird happens
[13:38] <reya276> yes I was able to
[13:48] <rysiek> hi all
[13:49] <rysiek> I am trying to set-up syslog to log remote messages (i.e. set-up a syslogd *server*)
[13:49] <rysiek> the thing I cannot find anything on is: is there a way of telling syslog "log messages from SOME_IP to /var/log/SOME_IP.log"
[13:50] <rysiek> man syslog.conf tells me only about how to send my log messages to a remote syslogd server
[13:50] <rysiek> so does google
[13:50] <rysiek> any ideas?
[13:50] <Myrtti> ivoks: busted, segfaulted
[13:52] <ivoks> do-release-upgrade is python script
[13:52] <ivoks> it doesn't segfault :)
[13:53] <TrioTorus> installing ebox on 8.04: http://pastebin.com/m73a88b0a what password is being asked for here? root? ebox user?
[13:56] <mok0> TrioTorus: spooky
[13:57] <Myrtti> LALALALALALALA
[13:57] <TrioTorus> mok0: when I tried first time around, the ebox users was being added to the system and to the adm group
[13:58] <Terrasque> ivoks: I've seen python runtime segfault :D
[13:58] <Myrtti> ivoks: dpkg segfaults
[13:58] <Myrtti> dpkg --configure -a does a cowardly exit and runs to a nearby forest
[13:58] <stickystyle> TrioTorus: Never touched ebox, but if i had to guess by looking at the install log you posted, its asking for a pass for the SSL key file probably.
[13:59] <stickystyle> TrioTorus: since it looks like one already exists.
[13:59] <mok0> TrioTorus: try looking in the postinst script
[14:02] <ivoks> Myrtti: you should at least paste output to pastebin or something
[14:02] <Myrtti> I'm trying the magic tricks first
[14:03] <Jeeves_> http://www.prevented.net/~mark/bit/openssl-remote-vulncert
[14:13] <MatBoy> huh ? my systems doesn't recognize updatedb anymore
[15:27] <glycoknob> hi
[15:27] <glycoknob> is it possible to disable openvpn-vulnkeys? i'm aware of the problems and new keys are on the way but i'd like to have running deamon
[15:28] <ScottK> jdstrand_: ^^^
[15:29] <jdstrand_> glycoknob: there is not currently an option to disable it no. if you were really determined, you could move openvpn-vulnkey out of the way and put a script in it's place
[15:29] <jdstrand_> s/it's/its/
[15:34] <glycoknob> works thanks
[15:34] <jdstrand_> glycoknob: I am not recommending doing that though :)
[16:45] <cyris||> If I take a password, hash it with ssha, and then take the same password and hash it again with ssha, will i get the same hash?
[16:46] <dennda> What's the easiest way to set up a fully functional mailing server on ubuntu hardy? (Which programs, for example?) On Debian Etch I use postfix and dovecot
[16:46] <dennda> cyris||: yes, that's the theory. but you won't be able to reproduce the passwort from the hash
[16:47] <cyris||> dennda, right, i understand that, then hrm why are we getting a different hash value for the same password entered :S
[16:49] <ivoks> dennda: exactly the same; postfix + dovecot + postfix/dovecot for sasl
[16:49] <ivoks> there are even docs for doing that
[16:51] <m1r> hello
[16:51] <ivoks> dennda: https://help.ubuntu.com/community/PostfixDovecotSASL
[16:54] <cyris||> dennda, lots of guides on howtoforge as well
[17:57] <c1|freaky> is there any possibility to have a directory ona linux server mounted or whatever on a windows vista machine? so i can make changes directly there (save/read) etc.?
[18:01] <cyris||> c1|freaky, check out samba
[18:01] <c1|freaky> it's a server somewhere on the internet
[18:02] <c1|freaky> no LAN
[18:04] <cyris||> c1|freaky, you may need to run a vpn then,or get some software to map a drive over ssh
[18:04] <cyris||> c1|freaky, thats assuming you have ssh access to this machine
[18:04] <c1|freaky> yes i have
[18:05] <cyris||> c1|freaky, novel also has netdrive, maps ftp sites, but thats insecure :S
[18:05] <c1|freaky> ok thank you
[18:06] <cyris||> pretty dead in here today, i smell a long weekend :D
[18:06] <Deeps> samba works over the internet
[18:06] <cyris||> well, its a long weekend in canada anyways
[18:06] <Deeps> you probably dont want to do samba over an unsecured link though, heh
[18:07] <InsomniaCity> yeah, its dead easy to do over an ssh tunnel
[18:13] <Deeps> wtf are you doing in here noob?
[18:13] <InsomniaCity> watching you ofc
[18:13] <Deeps> saucy
[21:21] <specialK> so if ssh-vulnkey says a key is unknown should I just assume that key is weak/comprimised
[21:31] <cyris||> specialK, good question, id regenerate
[21:32] <cyris||> my co-worker is about finished writing a php script that updates a users userPassword attribute in ldap, and he is interested in making this available for anyone who wants it. Is sourceforge the best place for this?
[21:34] <ScottK> There are lots of good places to host open source software projects.  That's one.  Google Code it another.  Some people speak highly of Launchpad for the purpose.
[21:34] <cyris||> ScottK, oh right Launchpad! :D
[21:34] <giovani> specialK: unless you have specific knowledge of where/when the key was generated, regenerate it
[21:35] <Myrtti> cyris||: there are people who don't like launchpad because it's proprietary, and dislike google because it's $evil_global_corporate
[21:35] <ScottK> Personally as an Ubuntu developer I find it highly confusing to deal with upstreams that are also on LP, but in theory it's supposed to be great.
[21:35] <ScottK> All three of the ones I mentioned are proprietary.
[21:35] <cyris||> Myrtti, haha yeah i hear ya
[21:35] <ScottK> I don't like Launchpad also because it's hard to use.
[21:35] <ScottK> There is also gforge.
[21:36] <Myrtti> ScottK: sourceforge too?
[21:36] <ScottK> And other FOSS based services.
[21:36] <ScottK> Yes.  What they release and what they use are very different things.
[21:36] <Myrtti> hm
[21:36] <ScottK> Gotta run.
[21:36] <cyris||> ScottK, thanks later
[21:36] <Myrtti> never thought of that before
[21:57] <macd> On gutsy sshd, when a user logs out, its leaving a stale session, is anyone else experiencing this, (only started a after the second sshd update)
[22:16] <vcorreia> hello everyone
[22:16] <vcorreia> has anyone tried ubuntu's ebox new integration
[22:16] <vcorreia> ?
[22:17] <cyris||> vcorreia, i played with in a few weeks ago for like 30mins thats it
[22:17] <vcorreia> what do u make of it?
[22:17] <cyris||> vcorreia, um its alright
[22:18] <vcorreia> i've noticed that the ebox developers have already launched new  eBox 0.11.100  ubuntu specific packages
[22:19] <vcorreia> cyris, i'm testing them as we speak
[22:19] <vcorreia> cyris, thanks for your feedback
[22:20] <cyris||> vcorreia, sorry i can't provide any more feedback, i didn't use it that long
[22:21] <cyris||> vcorreia, what do you plan on using it for?
[22:22] <vcorreia> cyris, no problem :) i've used the debian implementation, but as soon as i heard they'd be porting it to ubuntu.... ahhh it was bliss :)
[22:24] <cyris||> vcorreia, so you use it on production machines?
[22:25] <vcorreia> cyris, i have used it on a semi-devel/production environment
[22:27] <vcorreia> cyris, i administer some production ubuntu servers and if i could use ebox with ubuntu, it would be perfect, harmony-wise
[22:27] <cyris||> :D
[22:29] <vcorreia> cyris, just the fact that it supports 802.1q is, on its own, excellent
[22:43] <cyris||> vcorreia, sexy
[22:44] <vcorreia> cyris, indeed