=== fReAkY[t] is now known as freaky[t] [00:41] Im still stuck with this apache thread high memory usage problem. [00:53] is that the python-dns affected by CVE-2008-1447 bug? [00:53] kees: The DNS protocol, as implemented in (1) BIND 8 and 9 before 9.5.0-P1, 9.4.2-P1, and 9.3.5-P1; (2) Microsoft DNS in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2; and other implementations allow remote attackers to spoof DNS traffic via certain cache poisoning techniques against recursive resolvers, related to insufficient randomness of DNS transaction IDs and source ports, aka "DNS Insufficient Socket Entropy Vulnerability. [00:53] lp is timing out on me [01:28] What is the officially supported mail server in Ubuntu 8 [01:29] or moreso the safest MDA and MTA for someone new to it [01:33] exim and postfix are probably the most common. I prefer postfix myself. [01:55] I see a lot of postings on postfix I take it it's been around a lot longer than exim? [01:57] I should investigate what I'm about to say, but I think you're wrong, and postfix is actually quite recent [01:57] FSVO 'recent' [01:58] Yeah, I'm not sure on the histories but Postfix isn't old at all. [01:59] Oh hmm now I take it I will need a separate pop server on top of postfix? [01:59] It is well used and proven though [01:59] that's what I was looking for! [01:59] proven [01:59] Yes the MTA is separate to IMAP/POP. I use Dovecot for that myself, there are plenty of others. [02:00] courier is quite popular [02:00] you can also hand the mail to courier or postfix and have them deliver local mail [02:01] which has the advantage of being able to do sieve [02:01] Dovecot too [02:01] errr [02:01] right :) [02:01] s/or postfix/or dovecot/ [02:01] Ah, I get it :) [02:01] * hads is slow today [02:02] sieve = serverside filtering/sorting of mail [02:02] something like procmail [02:02] Too much messing with threads is breaking my brain [02:02] but less dangerous [02:03] The challenge is: I just figured out virtual hosting on Apache for two of my sites. Now I want to have a small mail server (if there is such a thing) so that I can access my mail remotely [02:03] also this is my way of getting away from windows server and into linux--head first. [02:03] postfix with dovecot or courier, with system users or virtual users [02:04] There are quite a few howtos for those setups around - they are quite popular. [02:08] ok time to get reading I just set up the mx record (have to wait about 24hrs) and I'll need at least a weekend to drill through the basics [02:08] then another week of questions. [02:09] so I am not sure if this channel is appropriate or will I need to find a specific channel to ask questions on the specifics? [02:10] This channel is appropriate for questions regarding how to do things with an Ubuntu server, for really specific things you may be better off with #postfix or whatever. [02:11] that's fair well you both gave me a good head start I'm at the beginning of the Ubuntu help on postfix..figured I'd start there for reading. [02:12] runes: first thing you want to figure out is wether you want to use system users or virtual users [02:13] lots of things will depend on that [02:15] virtual is usually a good idea if you have multiple domains [02:15] system users mostly only when you have users with shell accounts that expect to read their mail to (remotely or not) [02:16] New bug: #247439 in openldap2.3 (main) "Remove openldap2.3 source package from intrepid archive" [Undecided,New] https://launchpad.net/bugs/247439 [02:16] virtual users *is* harder to set up though [02:16] Agreed. [02:17] Although if you may need to move to it later on it's probably a good idea just to bite the bullet. [02:17] akthough you should be aware that unless you use the secure versions of POP and IMAP you will be sending your system password over the wire in clear text [02:18] which tends to be... well, not a good idea :P [02:18] Yeah :) [04:18] kees: Yes. [04:19] kees: That's already been disclosed in the Debian bug. My uncertainty was about the rest of the discussion. [04:34] hi all. other then wondershaper, does anyone know an easy way to get started with some form of shaping/trafic control? [05:10] Why is it that apache seems to have a 120MB ram limit per thread ? === freaky[t] is now known as fReAkY[t] === jords_ is now known as jords [07:06] I'm having a issue with getting ntop to think that my local traffic is local - eg I've set the "Virtual NetFlow Interface Network Address" to 192.168.1.1/255.255.255.0, but It still seems to think that 192.168.1.101 is a remote ip... [09:18] good day everyone ... [09:19] any chance that amavisd-new 2.6.x will be backported for 8.04? DKIM support is a big plus in this version [09:20] Hi Guys [09:20] is there a console way to search files that contain certain text line? [09:20] i'm a newbie [09:21] Look at grep. [09:21] is not a combination of grep and something [09:22] grep looks for stuff in files. [09:22] venil: grep "text" files [09:22] 'grep -r "Shopping list" .' (without the single quotes) will search recursively starting in the current directory for a file containing the string "Shopping list" [09:23] venil: -i = case insenstivie ; -n line number ; -R recursive directory search [09:23] err -r [09:25] RockHound: Same. [09:26] thanks, i'll try that [09:26] RockHound: -r, -R, and --recursive have the same effect. [09:26] i think there's even one more way to do it. [09:27] soren: well ... good ;) === chmac7 is now known as chmac === chmac is now known as chmac_away [11:24] Hi, [11:26] Do anybody know how can I change the eth3 name to eth1? My Network Card was broken and I had to buy another one, but now Ubuntu recognices it as eth3 instead of eth1 [11:27] pubo: check /etc/iftab [11:28] maswan, ok, thanks! [11:30] maswan, do you know which package creates iftab? I see that I don't have it on my /etc: $ /usr/lib/udev/migrate-iftab.pl [11:30] /etc/iftab does not exist to convert [11:33] pubo: udev generates the names ... don't have iftab either [11:34] on gentoo there was a persistant rule for the names based on mac address [11:34] Hm. If you don't have an iftab, then I don't know what generates the names. [11:34] We set it up during (FAI) installation [11:36] maswan: udev does not generate those names? via /etc/udev/rules.d/75-persistent-net-generator.rules [11:36] ? [11:39] RockHound: Hm. it might on a default install, I wouldn't know. I don't have any of those. :) [11:41] <_ruben> you need to edit /etc/udev/rules.d/70-persistent-net.rules [11:41] <_ruben> (or just delete it, it will be generated at boot) [11:41] _ruben: that is what I was looking for [11:41] perfect [11:41] ScottK: bug #247409 is public debian bug #490217 (as you know-- you commented on it) [11:41] jdstrand: Bug 247409 on http://launchpad.net/bugs/247409 is private [11:41] Debian bug 490217 in python-dns "python-dns vulnerable to CVE-2008-1447 DNS source port guessable" [Grave,Open] http://bugs.debian.org/490217 [11:42] so pubo: see _ruben's post [11:42] ScottK: ah you unprivated it already [11:44] oh, that was the debian bug-- anyhoo, I unprivated the launchpad bug [11:45] (between that and the stub resolver Debian advisory, there is really nothing that isn't already publuic in there) [11:45] public [12:06] _ruben, sorry, I was on coffe :P [12:07] _ruben, then, I only have to delete that archive and linux will generate a new one at the next system start? [12:08] hi all, question regarding routing... where is the best place to put static route? [12:08] 7 [12:09] ups, sorry :) [12:12] <_ruben> pubo: yeah .. any nics that arent configured in that file, will be after a reboot [12:13] <_ruben> micheluntu: in /etc/network/interfaces .. as an "up" script [12:13] _ruben, I've deleted it, but eth3 still being eth3 :(. I'm going to edit now to see... [12:13] <_ruben> and you did reboot? [12:14] _ruben: is it executed if i do ifdown ethx [12:14] ? [12:15] sorry, ifup ethx [12:15] <_ruben> micheluntu: no, thats what "down" scripts are for ;) [12:15] sure :-/ [12:15] _ruben, yes :S [12:15] ok.. i'll try, thanks [12:16] <_ruben> pubo: strange .. pastebin the contents of the rules file [12:17] _ruben, but the reboot didn't generate a new one file... maybe using: ip link set dev eth3 name eth1.... I'm going to test tit [12:18] <_ruben> pubo: which one did you delete ? /etc/udev/rules.d/75-persistent-net-generator.rules or /etc/udev/rules.d/70-persistent-net.rules ? [12:24] jdstrand: Thanks. I wasn't sure. [12:24] np [12:29] _ruben, 75 [12:29] I've tested with ip link set... and it appears that works === Vernon is now known as CrummyGummy [12:32] pubo: it was 70 which you should have deleted [12:32] RockHound, ok, I'm going to test ti [12:35] if you delete 75, then it will not work [12:35] as 75 generated 70 ... [12:35] so you will have to restore 75 [12:35] Great videos from Daniel Holbach on the UbuntuDeveloper-channel regarding MOTU-development. I write an article about them om Swedish TechWorld Open Source-mag. [12:35] "I wrote" [12:38] RockHound, now it works :).... Fortunately I moved 75 to /root instead of delete it. I undo the changes and removed 70 and now everything works!! Thanks all!! [12:41] pubo: yw === ogra_ is now known as ogra [12:46] heya === fReAkY[t] is now known as freaky[t] [13:52] after doing an apt-get update, is there a flag to view/list upgradable packages without needing to get into aptitude? [13:53] "apt-get upgrade" ? [13:53] And just say "no"? [13:53] Or "apt-get upgrade -s" if you must. [13:55] soren: Thanks [13:58] and when apt says "the following packages have been kept back", that means? [13:58] they should be marked for removal I guess? [13:59] <_ruben> no, they most likely depend on extra packages to be installed [13:59] <_ruben> apt-get dist-upgrade would pull those in as well [14:00] when was 8.04.1 released? [14:01] or what should the current issue read? [14:01] <_ruben> not so long ago [14:01] <_ruben> one week ago [14:01] and doing an apt-get upgrade should get me on that issue withouth needing to do a dist-upgrade correct? [14:02] gegema: right [14:02] <_ruben> no, kernel upgrades among others usually (always?) are pulled in via dist-upgrade [14:02] sorry for asking dumb Q.s... I am still learning [14:03] hrrm.. . not _ruben and lukehasnoname are giving me contradicting answers [14:03] <_ruben> as long as there are "kept back" packages, you are not fully up to date [14:06] go with _r [14:06] _ruben: [14:06] zul: ping [14:06] kirkland: yo [14:07] zul: yo, so about bug 247389 [14:07] Launchpad bug 247389 in ecryptfs-utils "ecryptfs-utils build should not depend on libltspi or libopencryptoki-dev " [Unknown,Fix released] https://launchpad.net/bugs/247389 [14:07] zul: debian upstream is not going to drop those build deps [14:07] kirkland: why not? [14:07] zul: but i think we should for now [14:07] zul: because they don't really care about main vs. universe ;-) [14:08] kirkland: yeah [14:08] zul: what do you recommend? [14:08] thats fine with me then [14:08] zul: if we take that patch, removing those 2 build deps, it saves us 3+ more MIRs [14:09] zul: and we're not using/needing the support [14:09] sounds good [14:09] zul: if the MIRs go very well, or if we want TPM and opencryptoki support in the future, well then we just MIR them, right? [14:10] yeah what do those packages do in the first place? [14:10] TPM is the trusted computing chip that's on most modern motherboards [14:10] ecryptfs has basic support for it [14:11] for instance, you could use a key embedded in your TPM for your ecryptfs mount [14:11] which would mean that that ecryptfs mount COULD ONLY work with your motherboard [14:12] kirkland: im thinking we just might as well add those MIR then so we dont have have a delta with debian and we might want those features in the future [14:13] zul: okay [14:13] sound reasonable? === jjesse_ is now known as jjesse [15:48] * freeflying [15:55] sorry, type wrong [16:19] jdstrand: hiya, you around? [16:20] kirkland: hi! [16:20] jdstrand: i could use a few minutes of your time today ideally to get auth-client-config handling the ecryptfs pam module [16:20] kirkland: no problem-- do you have the profiles already? [16:21] jdstrand: i don't [16:21] jdstrand: see https://wiki.ubuntu.com/EncryptedPrivateDirectory [16:21] jdstrand: the Testing section [16:22] jdstrand: i need to add one line to /etc/pam.d/common-auth, and one to /etc/pam.d/common-session [16:22] jdstrand: and I pulled the source to auth-client-config [16:22] kirkland: right, just at the end of a standard configuration, correct? [16:22] jdstrand: yes, that's fine [16:23] kirkland: this should be shipped as part of the pam ecryptsfs package-- is that the plan? [16:23] (nice spelling) [16:23] jdstrand: I think so, until which point slangasek has his magic pam configurator operational [16:24] * jdstrand is a fan of ecryptsfs _and_ the interwebs [16:24] ^^^ spoken as Emperor Palpitine [16:24] kirkland: Error: "^^" is not a valid command. [16:24] ^^^ spoken as Emperor Palpitine [16:24] it's Palpatine [16:25] jdstrand: if you have little bit time take a look in Bug #247612 [16:25] emgent: Bug 247612 on http://launchpad.net/bugs/247612 is private [16:25] * kirkland isn't right after the last round of lightning bolts from the Emp, after misspelling his name :-) [16:25] kirkland: all you need to do is setup a proistine system for ecryptfs (ie no other pam changes), then do: [16:25] auth-client-config -S [16:25] kirkland: this outputs your current pam and nss to to stdout [16:26] jdstrand: http://pastebin.ubuntu.com/26683/ [16:26] lemme fix the spacing [16:26] kirkland: redirect that to a file, remove the nss_* and pam_account and pam_password lines, name it something sensible, and it's done [16:26] wowsers [16:27] kirkland: well, you need to add it to the package still (drop it in /etc/auth-client-config/profile.d) [16:27] jdstrand: would this be something to give to debian, or Ubuntu-only change? [16:27] kirkland: a-c-c isn't in debian [16:27] jdstrand: ah [16:29] that will likely change, but for now, that is how it is [16:30] kirkland: don't bother with the spacing-- just make it right in /etc/pam.d, then use auth-colient-config -S [16:30] jdstrand: yup [16:30] kirkland: what you pasted doesn't have the session entry [16:31] jdstrand: i just fixed that [16:31] can you repaste? [16:31] jdstrand: sure [16:31] jdstrand: http://pastebin.ubuntu.com/26684/ [16:32] jdstrand: do you have a sample package I can model the packaging bits after? [16:32] kirkland: ok, now remove nss_* pam_account and pam_password, and change the date string to be something meaningful, like [ecryptfs_standard] [16:34] jdstrand: http://pastebin.ubuntu.com/26685/ [16:35] jdstrand: i wrote that to a file called: pam_ecryptfs.auth-client-config [16:36] kirkland: you didn't change anything in pam_account or pam_password, so remove those lines too [16:37] kirkland: I mean, if they need to be that, then leave them, but if not, remove them [16:37] jdstrand: http://pastebin.ubuntu.com/26686/ [16:39] kirkland: I suggest naming it 'ecrypts', so that you have the file /etc/auth-client-config/ecryptfs [16:39] k [16:39] kirkland: once you put it in there, you can do: 'auth-client-config -l' and see if the profile pops up [16:39] jdstrand: well, the packaging can install it as such [16:39] * jdstrand nods [16:40] jdstrand: within the package, though, i was going to call it debian/pam_ecryptfs.auth-client-config [16:40] kirkland: but for testing it, just drop it in there now and moake sure it works [16:40] * jdstrand nods again [16:41] jdstrand: do you have a package that uses this, that I might emulate? [16:42] kirkland: ldap-auth-config [16:43] * delcoyote hi [16:43] kirkland: once it's in there, can do: [16:44] auth-client-config -n -p ecryptfs_standard -t pam-auth ; auth-client-config -n -p ecryptfs_standard -t pam-session [16:44] for a dry run [16:44] kirkland: remove the '-n' for a real run [16:44] k [16:45] * jdstrand notes it is probably convenient to use a comma separated list for '-t' [16:45] * jdstrand goes to fix that [16:47] I am looking to swap my servers hard drive with a larger one. How do I go about doing that and keeping all the data? Any help would be great! [16:48] jdstrand: hmm, "auth-client-config -p ecryptfs_standard -t pam-auth ; auth-client-config -n -p ecryptfs_standard -t pam-session,pam-auth" ... does that go in debian/rules? [16:49] kirkland: that second command needs to drop ',pam-auth' (a-c-c can only handle one -t option at a time right now) [16:49] oh [16:49] okay, so two calls [16:49] kirkland: re rules> no, that is what the user will run to enable ecryptfs in pam [16:50] kirkland: in a bit, those two commands will become: [16:50] auth-client-config -p ecryptfs_standard -t pam-auth,pam-session [16:50] jdstrand: right [16:50] jdstrand: okay, i suppose this helps somewhat [16:50] jdstrand: but it still doesn't solve what I thought i was solving [16:51] jdstrand: avoiding having to do the pam setup post installation [16:51] kirkland: there are mechanisms in place in auth-client-config to make it work in packaging, but as a policy isn't in effect and slangasek is doing a different implementation, then just leave it to the user [16:51] jdstrand: okay, thanks. [16:51] jdstrand: let me get a debdiff tested and available for your review [16:52] kirkland: you can read /usr/share/doc/auth-client-config/README for ideas on package integration [16:52] jdstrand: well, i'll hold off until we see whether or not slangasek's implementation is good to go [16:52] kirkland: but that is likely more than you want to do right now [16:53] jdstrand: right ;-) [16:55] kirkland: keep in mind, while this doesn't help greatly in terms of what is outlined in Testing, it does allow you to ship a configuration that is known to work, and the wiki won't have to change. You can also add other profiles to /etc/auth-client-config/ecrypts-- eg [ecryptfs_advanced], or whatever [16:56] kirkland: it also provides an easy way to disable ecryptfs (one command as opposed to hand editing to config files) [16:56] s/to config/two config/ [16:56] jdstrand: that's a good point, thanks. [16:58] jdstrand: something like http://pastebin.ubuntu.com/26689/ [16:58] kirkland: but the use of auth-client-config, or steve's method, or a combination is really what needs to be implemented :) use of auth-client-config just makes it easier [16:58] jdstrand: oh, yeah, i totally understand that [16:59] kirkland: you don't need a Pre-Depends-- just add /etc/auth-client-config/profile.d to 'dirs' (which you've already done) [16:59] kirkland: I suggest using 'Suggests' instead of Pre-Depends [17:00] kirkland: ecryptfs will work just fine aithout a-c-c [17:00] k [17:00] jdstrand: build gripes: dh_install --fail-missing --sourcedir=debian/tmp [17:00] cp: cannot stat `debian/tmp/pam_ecryptfs.auth-client-config': No such file or directory [17:00] * jdstrand goes to download the thing [17:09] there are a lot of build-deps... [17:10] does anyone know the best way to purge an ldap database besides just removing /var/lib/ldap/* and /var/backups/unknown-...ldapdb and re inserting the nodes via dpkg-reconfigure slapd and ldapadd? [17:11] is that even the right way to do this? [17:12] jdstrand: to ecryptfs-utils? [17:12] jdstrand: i'm working a couple of MRs related to that now [17:12] kirkland: from a pristine schroot, yeah [17:12] zul: doko approved pkcs11-helper \o/ [17:29] jdstrand: hmm, i'm missing something obvious [17:29] kirkland: the problem is that the profile is not copied into debian/tmp/etc/auth-client-config/profile.d [17:29] jdstrand: right [17:30] jdstrand: what should handle that? something rules, I suspect [17:30] kirkland: your libecryptfs0.dirs file makes etc/auth-client-config/profile.d created in debian/libecryptfs0 [17:30] but the profile is copied there either [17:31] jdstrand: is my syntax in libecryptfs0.install correct? [17:31] jdstrand: should it be ../pam_ecryptfs.auth-client-config etc/auth-client-config/profile.d [17:33] kirkland: I'm not used to seeing it like that [17:33] kirkland: I think just having /etc would be enough [17:40] kirkland: your syntax looks fine based on the manpage (hey, I learned something!) [17:40] jdstrand: the ../ bit? [17:40] jdstrand: b/c, that actually works! [17:40] kirkland: no, just the bit [17:41] jdstrand: oh, i got that straight from ldap-auth-config [17:41] jdstrand: see ldap-auth-config.install [17:41] hmm, I might have actually did that [17:41] (ldap-auth-config.install) [17:41] jdstrand: you're so money you don't even know it! [17:41] apparently I'm flaking out right now :) [17:46] kirkland: a cleaner approach is in debian/libecryptfs0.install have: [17:46] /etc/auth-client-config/profile.d/pam_ecryptfs.auth-client-config [17:46] kirkland: then in rules: [17:46] dh_install --list-missing --sourcedir=debian/tmp -Xpam_ecryptfs.auth-client-config [17:47] and in rules: [17:47] cp $(CURDIR)/debian/pam_ecryptfs.auth-client-config $(CURDIR)/debian/libecryptfs0/etc/auth-client-config/profile.d [17:47] after the MAKE command [17:47] jdstrand: would s/pam_ecryptfs.auth-client-config/acc-ecryptfs/g be more consistent? [17:48] kirkland: basically, we install the file into the libecrypts0 dir (as expected), then tell dh_install to skip that file when doing debian/tmp [17:49] kirkland: I have no preference as to the name [17:49] jdstrand: which section of rules does the -Xacc-ecryptfs bit go? [17:50] kirkland: it should *not* be named 'acc-ecryptfs' after install though-- files with acc- are installed by auth-client-config itself [17:50] jdstrand: oh [17:50] it's a convention, not a hard-n-fast rule [17:50] but there is no reason not to follow it [17:50] jdstrand: that's fine [17:51] jdstrand: i'll call it ecryptfs.acc in the source package [17:51] compact enough [17:51] kirkland: I like the installed named as 'ecryptfs'-- it is easy [17:51] jdstrand: okay, and i'll install it as 'ecryptfs' [17:51] kirkland: as for the -X... part-- just add it to the end of the dh_install line that already exists in binary-arch [17:52] jdstrand: the existing line has "fail-missing" ... yours "list-missing" ? [17:53] * kirkland tries a build... [17:53] kirkland: err, yeah-- good point. it should be fail-missing [17:53] kirkland: coolness please add it to the seeds then :) [17:53] jdstrand: k, i'm building with that now [17:53] kirkland: I tried list-missing in testing [17:55] zul: i may need some instruction/documentation on doing that (later) [17:56] kirkland: cool you might not have access either [17:56] * kirkland doesn't have much access at all [17:56] * kirkland is entirely at the mercy of bribing a bunch of other people to sponsor his work :-) [18:00] jdstrand: okay, cool, that built, and installed properly! [18:00] \o/ [18:00] jdstrand: let me try the runtime command to enable.... [18:11] jdstrand: what do you think of http://pastebin.ubuntu.com/26708/ ? [18:15] kirkland: hold on [18:30] kirkland: you reference debian/acc-ecryptfs in the changelog. [18:31] jdstrand: shite, okay [18:31] kirkland: I've updated it-- other than that it looks good [18:31] kirkland: do you want me to upload? [18:31] jdstrand: let me attach it to the bug [18:31] kirkland: I build on amd64, did package upgrade testing, and tested auth-client-config profile integration [18:32] jdstrand: same here [18:32] kirkland: let me know when to upload [18:33] jdstrand: patch at https://bugs.launchpad.net/ubuntu/+source/ecryptfs-utils/+bug/247641 [18:33] Launchpad bug 247641 in ecryptfs-utils "pam_ecryptfs.so insertion into the pam stack" [Wishlist,In progress] [18:33] kirkland: does that mean it's ready to fly? [18:34] jdstrand: yup, good by me, i fixed the changelog [18:34] jdstrand: other than that it's identical [18:34] jdstrand: sad that we have to diverge from debian, but hopefully it's temporary [18:35] ecryptfs-utils fly, ecryptfs-utils fly [18:36] into the light of the dark black night [18:36] kirkland: uploaded [18:36] jdstrand: thanks, i'm updating the wiki page now [18:36] kirkland: it's a minor divergence that will help our users [18:36] jdstrand: definitely, a million thanks for your help [18:36] np [18:36] :) [18:40] jdstrand: do we care about hppa build failure? [18:40] jdstrand: well, yes, but what do you mean specifically? [18:41] jdstrand: i just got a failed-to-build error for ecryptfs-utils with your upload for hppa [18:41] that was fast [18:41] jdstrand: okay, instructions updated at: https://wiki.ubuntu.com/EncryptedPrivateDirectory#head-4a2aa7460fdca18bfe78bb1283becff406bbc13c [18:41] jdstrand: it built last time [18:43] kirkland: it's an apt error [18:43] jdstrand: i was just investigating that [18:43] jdstrand: okay, not our fault :-) [18:43] kirkland: no [18:44] jdstrand: no, it is our fault? [18:44] kirkland: it is not our fault [18:44] jdstrand: ;-) [18:44] I submitted to retry the build [18:55] kirkland: it built fine the 2nd time [18:57] jdstrand: cool, thanks. [18:58] jdstrand: i just need the fix from Debian in 50-2 that makes mount.ecryptfs_private setuid [18:59] jdstrand: ideally, i'll get that in and merged by Monday, and we can have an ~/Private setup party in Lexington next week ;-) [18:59] kirkland: guess you get to practice merging :) [18:59] ok cool [18:59] jdstrand: yup [18:59] \o/ [19:00] mathiaz: I might be able to help regarding moving bugs to a renamed package [19:01] mathiaz: any progress on the web app packaging standard? [19:02] mathiaz: i have a couple of simple, small PHP web apps that I'd like to get some assistance packaging from scratch next week [19:02] mathiaz: the good news is that they don't use a DB [19:05] kirkland: have you looked at the packaging of phpmyadmin? [19:06] Chipzz: negative [19:06] kirkland: take a look at that; maybe that will give you some idea's? [19:06] s/'// [19:06] Chipzz: mathiaz had raised some issues with the way webapps are/not packaged with Ubuntu at UDS [19:07] Chipzz: if phpmyadmin's packaging is a model to be followed, i can do that [19:07] Chipzz: however, i was under the impression that none were considered "ideal" [19:08] I'm not saying it's a model; it is however something you can take a look at to get some inspiration [19:08] Chipzz: cool, thanks for the pointer [19:14] hi everyone... [19:14] how can I increase entropy in kernel? [19:16] is there anybody... [19:17] be patient, a lot of these guys are working. they'll get to you in time, most of the time. [19:19] :-/ [19:28] bdmurray: kwel - where is your magic script ? [19:28] kirkland: no progress on the web app packaging standard [19:29] mathiaz: I don't have one yet but ogasawara or I should be able to help [19:29] bdmurray: ok - persia suggested to move them by hand while reviewing them [19:30] bdmurray: which could be a good idea in this case as there aren't so many bugs [19:30] mathiaz: right, I saw that. I think it really depends on the volume. If you are on top of them and know they are all valid just move them - otherwise reviewing during the process makes sense. [19:34] Is there a tool (web query engine?) to easily determine if a given dns resolver (not under my control) is now properly doing random source ports (e.g. a tool that asks it to resolve an address at a domain that the tool can work with to see what source port the requests come in on?) [19:36] Not that I know of. If you control the DNS server it's asking, you can capture data via tcpdump and check. [19:41] nealmcb: Have you tried http://www.doxpara.com/ ? [19:42] urr, surely you can see the source port of incoming packets [19:45] this may be a rediculous Q... but here goes. When doing a "history" command and I get a list of my previous commands, is there a way to select say the 200th command, so I doint have to up arrow 200 times to get to it? [19:45] or is my only option to just copy and paste that command [19:45] ! [19:47] hmm.. tried history number before asking this Q... and just tried !history number and I get -bash: history: too many arguments [19:49] Nicke_ yup - that's the ticket! Dan's own checker on the sidebar at http://www.doxpara.com/ . Though I suggest you don't expect it to be too smart. I see a lack of randomness that it didn't in my dns server [19:52] nealmcb: yeah.. I only know that it detected my own dns server as vulnerable before I updated it, and said it was fine after.. but I don't see that as any guarantee ;) [19:56] how can I increase entropy in kernel? [19:57] tolun: get the machine to do interesting things - maybe df /usr or something like that [19:58] or move your mouse etc [20:02] nealmcb, it is a server which is far away and i am connecting via ssh [20:02] and ubuntu server does not accepts my inputs [20:02] from ssh [20:03] I want that server should do entropy by itself [20:03] :( [20:04] I mean that it is not accepts inputs as an entropy action.... [20:07]