[00:41] <osmosis_> Im still stuck with this apache thread high memory usage problem.
[00:53] <kees> is that the python-dns affected by CVE-2008-1447 bug?
[00:53] <kees> lp is timing out on me
[01:28] <runes> What is the officially supported mail server in Ubuntu 8
[01:29] <runes> or moreso the safest MDA and MTA for someone new to it
[01:33] <hads> exim and postfix are probably the most common. I prefer postfix myself.
[01:55] <runes> I see a lot of postings on postfix I take it it's been around a lot longer than exim?
[01:57] <Chipzz> I should investigate what I'm about to say, but I think you're wrong, and postfix is actually quite recent
[01:57] <Chipzz> FSVO 'recent'
[01:58] <hads> Yeah, I'm not sure on the histories but Postfix isn't old at all.
[01:59] <runes> Oh hmm now I take it I will need a separate pop server on top of postfix?
[01:59] <hads> It is well used and proven though
[01:59] <runes> that's what I was looking for!
[01:59] <runes> proven
[01:59] <hads> Yes the MTA is separate to IMAP/POP. I use Dovecot for that myself, there are plenty of others.
[02:00] <Chipzz> courier is quite popular
[02:00] <Chipzz> you can also hand the mail to courier or postfix and have them deliver local mail
[02:01] <Chipzz> which has the advantage of being able to do sieve
[02:01] <hads> Dovecot too
[02:01] <Chipzz> errr
[02:01] <Chipzz> right :)
[02:01] <Chipzz> s/or postfix/or dovecot/
[02:01] <hads> Ah, I get it :)
[02:01]  * hads is slow today
[02:02] <Chipzz> sieve = serverside filtering/sorting of mail
[02:02] <Chipzz> something like procmail
[02:02] <hads> Too much messing with threads is breaking my brain
[02:02] <Chipzz> but less dangerous
[02:03] <runes> The challenge is: I just figured out virtual hosting on Apache for two of my sites.  Now I want to have a small mail server (if there is such a thing) so that I can access my mail remotely
[02:03] <runes> also this is my way of getting away from windows server and into linux--head first.
[02:03] <Chipzz> postfix with dovecot or courier, with system users or virtual users
[02:04] <hads> There are quite a few howtos for those setups around - they are quite popular.
[02:08] <runes> ok time to get reading I just set up the mx record (have to wait about 24hrs) and I'll need at least a weekend to drill through the basics
[02:08] <runes> then another week of questions.
[02:09] <runes> so I am not sure if this channel is appropriate or will I need to find a specific channel to ask questions on the specifics?
[02:10] <hads> This channel is appropriate for questions regarding how to do things with an Ubuntu server, for really specific things you may be better off with #postfix or whatever.
[02:11] <runes> that's fair well you both gave me a good head start I'm at the beginning of the Ubuntu help on postfix..figured I'd start there for reading.
[02:12] <Chipzz> runes: first thing you want to figure out is wether you want to use system users or virtual users
[02:13] <Chipzz> lots of things will depend on that
[02:15] <hads> virtual is usually a good idea if you have multiple domains
[02:15] <Chipzz> system users mostly only when you have users with shell accounts that expect to read their mail to (remotely or not)
[02:16] <Chipzz> virtual users *is* harder to set up though
[02:16] <hads> Agreed.
[02:17] <hads> Although if you may need to move to it later on it's probably a good idea just to bite the bullet.
[02:17] <Chipzz> akthough you should be aware that unless you use the secure versions of POP and IMAP you will be sending your system password over the wire in clear text
[02:18] <Chipzz> which tends to be... well, not a good idea :P
[02:18] <hads> Yeah :)
[04:18] <ScottK> kees: Yes.
[04:19] <ScottK> kees: That's already been disclosed in the Debian bug.  My uncertainty was about the rest of the discussion.
[04:34] <kgoetz> hi all. other then wondershaper, does anyone know an easy way to get started with some form of shaping/trafic control?
[05:10] <osmosis> Why is it that apache seems to have a 120MB ram limit per thread ?
[07:06] <jords> I'm having a issue with getting ntop to think that my local traffic is local - eg I've set the "Virtual NetFlow Interface Network Address" to 192.168.1.1/255.255.255.0, but It still seems to think that 192.168.1.101 is a remote ip...
[09:18] <RockHound> good day everyone ...
[09:19] <RockHound> any chance that amavisd-new 2.6.x will be backported for 8.04? DKIM support is a big plus in this version
[09:20] <venil> Hi Guys
[09:20] <venil> is there a console way to search files that contain certain text line?
[09:20] <venil> i'm a newbie
[09:21] <soren> Look at grep.
[09:21] <venil> is not a combination of grep and something
[09:22] <soren> grep looks for stuff in files.
[09:22] <RockHound> venil: grep "text" files
[09:22] <soren> 'grep -r "Shopping list" .' (without the single quotes) will search recursively starting in the current directory for a file containing the string "Shopping list"
[09:23] <RockHound> venil: -i = case insenstivie ; -n line number ; -R recursive directory search
[09:23] <RockHound> err -r
[09:25] <soren> RockHound: Same.
[09:26] <venil> thanks, i'll try that
[09:26] <soren> RockHound: -r, -R, and --recursive have the same effect.
[09:26] <soren> i think there's even one more way to do it.
[09:27] <RockHound> soren: well ... good ;)
[11:24] <pubo> Hi,
[11:26] <pubo> Do anybody know how can I change the eth3 name to eth1? My Network Card was broken and I had to buy another one, but now Ubuntu recognices it as eth3 instead of eth1
[11:27] <maswan> pubo: check /etc/iftab
[11:28] <pubo> maswan, ok, thanks!
[11:30] <pubo> maswan, do you know which package creates iftab? I see that I don't have it on my /etc: $ /usr/lib/udev/migrate-iftab.pl
[11:30] <pubo> /etc/iftab does not exist to convert
[11:33] <RockHound> pubo: udev generates the names ... don't have iftab either
[11:34] <RockHound> on gentoo there was a persistant rule for the names based on mac address
[11:34] <maswan> Hm. If you don't have an iftab, then I don't know what generates the names.
[11:34] <maswan> We set it up during (FAI) installation
[11:36] <RockHound> maswan: udev does not generate those names? via /etc/udev/rules.d/75-persistent-net-generator.rules
[11:36] <RockHound> ?
[11:39] <maswan> RockHound: Hm. it might on a default install, I wouldn't know. I don't have any of those. :)
[11:41] <_ruben> you need to edit /etc/udev/rules.d/70-persistent-net.rules
[11:41] <_ruben> (or just delete it, it will be generated at boot)
[11:41] <RockHound> _ruben: that is what I was looking for
[11:41] <RockHound> perfect
[11:41] <jdstrand> ScottK: bug #247409 is public debian bug #490217 (as you know-- you commented on it)
[11:42] <RockHound> so pubo: see _ruben's post
[11:42] <jdstrand> ScottK: ah you unprivated it already
[11:44] <jdstrand> oh, that was the debian bug-- anyhoo, I unprivated the launchpad bug
[11:45] <jdstrand> (between that and the stub resolver Debian advisory, there is really nothing that isn't already publuic in there)
[11:45] <jdstrand> public
[12:06] <pubo> _ruben, sorry, I was on coffe :P
[12:07] <pubo> _ruben, then, I only have to delete that archive and linux will generate a new one at the next system start?
[12:08] <micheluntu> hi all, question regarding routing... where is the best place to put static route?
[12:08] <pubo> 7
[12:09] <pubo> ups, sorry :)
[12:12] <_ruben> pubo: yeah .. any nics that arent configured in that file, will be after a reboot
[12:13] <_ruben> micheluntu: in /etc/network/interfaces .. as an "up" script
[12:13] <pubo> _ruben, I've deleted it, but eth3 still being eth3 :(. I'm going to edit now to see...
[12:13] <_ruben> and you did reboot?
[12:14] <micheluntu> _ruben: is it executed if i do ifdown ethx
[12:14] <micheluntu> ?
[12:15] <micheluntu> sorry, ifup ethx
[12:15] <_ruben> micheluntu: no, thats what "down" scripts are for ;)
[12:15] <micheluntu> sure :-/
[12:15] <pubo> _ruben, yes :S
[12:15] <micheluntu> ok.. i'll try, thanks
[12:16] <_ruben> pubo: strange .. pastebin the contents of the rules file
[12:17] <pubo> _ruben, but the reboot didn't generate a new one file... maybe using:   ip link set dev eth3 name eth1.... I'm going to test tit
[12:18] <_ruben> pubo: which one did you delete ? /etc/udev/rules.d/75-persistent-net-generator.rules or /etc/udev/rules.d/70-persistent-net.rules ?
[12:24] <ScottK> jdstrand: Thanks.  I wasn't sure.
[12:24] <jdstrand> np
[12:29] <pubo> _ruben, 75
[12:29] <pubo> I've tested with ip link set... and it appears that works
[12:32] <RockHound> pubo: it was 70 which you should have deleted
[12:32] <pubo> RockHound, ok, I'm going to test ti
[12:35] <RockHound> if you delete 75, then it will not work
[12:35] <RockHound> as 75 generated 70 ...
[12:35] <RockHound> so you will have to restore 75
[12:35] <nandersson> Great videos from Daniel Holbach on the UbuntuDeveloper-channel regarding MOTU-development. I write an article about them om Swedish TechWorld Open Source-mag.
[12:35] <nandersson> "I wrote"
[12:38] <pubo> RockHound, now it works :).... Fortunately I moved 75 to /root instead of delete it. I undo the changes and removed 70 and now everything works!! Thanks all!!
[12:41] <RockHound> pubo: yw
[12:46] <emgent> heya
[13:52] <gegema> after doing an apt-get update, is there a flag to view/list upgradable packages without needing to get into aptitude?
[13:53] <soren> "apt-get upgrade" ?
[13:53] <soren> And just say "no"?
[13:53] <soren> Or "apt-get upgrade -s" if you must.
[13:55] <gegema> soren: Thanks
[13:58] <gegema> and when apt says "the following packages have been kept back", that means?
[13:58] <gegema> they should be marked for removal I guess?
[13:59] <_ruben> no, they most likely depend on extra packages to be installed
[13:59] <_ruben> apt-get dist-upgrade would pull those in as well
[14:00] <gegema> when was 8.04.1 released?
[14:01] <gegema> or what should the current issue read?
[14:01] <_ruben> not so long ago
[14:01] <_ruben> one week ago
[14:01] <gegema> and doing an apt-get upgrade should get me on that issue withouth needing to do a dist-upgrade correct?
[14:02] <lukehasnoname> gegema: right
[14:02] <_ruben> no, kernel upgrades among others usually (always?) are pulled in via dist-upgrade
[14:02] <gegema>  sorry for asking dumb Q.s... I am still learning
[14:03] <gegema> hrrm.. . not _ruben and lukehasnoname are giving me contradicting answers
[14:03] <_ruben> as long as there are "kept back" packages, you are not fully up to date
[14:06] <lukehasnoname> go with _r
[14:06] <lukehasnoname> _ruben:
[14:06] <kirkland> zul: ping
[14:06] <zul> kirkland: yo
[14:07] <kirkland> zul: yo, so about bug 247389
[14:07] <kirkland> zul: debian upstream is not going to drop those build deps
[14:07] <zul> kirkland: why not?
[14:07] <kirkland> zul: but i think we should for now
[14:07] <kirkland> zul: because they don't really care about main vs. universe ;-)
[14:08] <zul> kirkland: yeah
[14:08] <kirkland> zul: what do you recommend?
[14:08] <zul> thats fine with me then
[14:08] <kirkland> zul: if we take that patch, removing those 2 build deps, it saves us 3+ more MIRs
[14:09] <kirkland> zul: and we're not using/needing the support
[14:09] <zul> sounds good
[14:09] <kirkland> zul: if the MIRs go very well, or if we want TPM and opencryptoki support in the future, well then we just MIR them, right?
[14:10] <zul> yeah what do those packages do in the first place?
[14:10] <kirkland> TPM is the trusted computing chip that's on most modern motherboards
[14:10] <kirkland> ecryptfs has basic support for it
[14:11] <kirkland> for instance, you could use a key embedded in your TPM for your ecryptfs mount
[14:11] <kirkland> which would mean that that ecryptfs mount COULD ONLY work with your motherboard
[14:12] <zul> kirkland: im thinking we just might as well add those MIR then so we dont have have a delta with debian and we might want those features in the future
[14:13] <kirkland> zul: okay
[14:13] <zul> sound reasonable?
[15:48]  * freeflying 
[15:55] <freeflying> sorry, type wrong
[16:19] <kirkland> jdstrand: hiya, you around?
[16:20] <jdstrand> kirkland: hi!
[16:20] <kirkland> jdstrand: i could use a few minutes of your time today ideally to get auth-client-config handling the ecryptfs pam module
[16:20] <jdstrand> kirkland: no problem-- do you have the profiles already?
[16:21] <kirkland> jdstrand: i don't
[16:21] <kirkland> jdstrand: see https://wiki.ubuntu.com/EncryptedPrivateDirectory
[16:21] <kirkland> jdstrand: the Testing section
[16:22] <kirkland> jdstrand: i need to add one line to  /etc/pam.d/common-auth, and one to  /etc/pam.d/common-session
[16:22] <kirkland> jdstrand: and I pulled the source to auth-client-config
[16:22] <jdstrand> kirkland: right, just at the end of a standard configuration, correct?
[16:22] <kirkland> jdstrand: yes, that's fine
[16:23] <jdstrand> kirkland: this should be shipped as part of the pam ecryptsfs package-- is that the plan?
[16:23] <jdstrand> (nice spelling)
[16:23] <kirkland> jdstrand: I think so, until which point slangasek has his magic pam configurator operational
[16:24]  * jdstrand is a fan of ecryptsfs _and_ the interwebs
[16:24] <kirkland> ^^^ spoken as Emperor Palpitine
[16:24] <kirkland>  ^^^ spoken as Emperor Palpitine
[16:24] <bdmurray> it's Palpatine
[16:25] <emgent> jdstrand: if you have little bit time take a look in Bug #247612
[16:25]  * kirkland isn't right after the last round of lightning bolts from the Emp, after misspelling his name :-)
[16:25] <jdstrand> kirkland: all you need to do is setup a proistine system for ecryptfs (ie no other pam changes), then do:
[16:25] <jdstrand> auth-client-config -S
[16:25] <jdstrand> kirkland: this outputs your current pam and nss to to stdout
[16:26] <kirkland> jdstrand: http://pastebin.ubuntu.com/26683/
[16:26] <kirkland> lemme fix the spacing
[16:26] <jdstrand> kirkland: redirect that to a file, remove the nss_* and pam_account and pam_password lines, name it something sensible, and it's done
[16:26] <kirkland> wowsers
[16:27] <jdstrand> kirkland: well, you need to add it to the package still (drop it in /etc/auth-client-config/profile.d)
[16:27] <kirkland> jdstrand: would this be something to give to debian, or Ubuntu-only change?
[16:27] <jdstrand> kirkland: a-c-c isn't in debian
[16:27] <kirkland> jdstrand: ah
[16:29] <jdstrand> that will likely change, but for now, that is how it is
[16:30] <jdstrand> kirkland: don't bother with the spacing-- just make it right in /etc/pam.d, then use auth-colient-config -S
[16:30] <kirkland> jdstrand: yup
[16:30] <jdstrand> kirkland: what you pasted doesn't have the session entry
[16:31] <kirkland> jdstrand: i just fixed that
[16:31] <jdstrand> can you repaste?
[16:31] <kirkland> jdstrand: sure
[16:31] <kirkland> jdstrand: http://pastebin.ubuntu.com/26684/
[16:32] <kirkland> jdstrand: do you have a sample package I can model the packaging bits after?
[16:32] <jdstrand> kirkland: ok, now remove nss_* pam_account and pam_password, and change the date string to be something meaningful, like [ecryptfs_standard]
[16:34] <kirkland> jdstrand: http://pastebin.ubuntu.com/26685/
[16:35] <kirkland> jdstrand: i wrote that to a file called: pam_ecryptfs.auth-client-config
[16:36] <jdstrand> kirkland: you didn't change anything in pam_account or pam_password, so remove those lines too
[16:37] <jdstrand> kirkland: I mean, if they need to be that, then leave them, but if not, remove them
[16:37] <kirkland> jdstrand: http://pastebin.ubuntu.com/26686/
[16:39] <jdstrand> kirkland: I suggest naming it 'ecrypts', so that you have the file /etc/auth-client-config/ecryptfs
[16:39] <kirkland> k
[16:39] <jdstrand> kirkland: once you put it in there, you can do: 'auth-client-config -l' and see if the profile pops up
[16:39] <kirkland> jdstrand: well, the packaging can install it as such
[16:39]  * jdstrand nods
[16:40] <kirkland> jdstrand: within the package, though, i was going to call it debian/pam_ecryptfs.auth-client-config
[16:40] <jdstrand> kirkland: but for testing it, just drop it in there now and moake sure it works
[16:40]  * jdstrand nods again
[16:41] <kirkland> jdstrand: do you have a package that uses this, that I might emulate?
[16:42] <jdstrand> kirkland: ldap-auth-config
[16:43]  * delcoyote hi
[16:43] <jdstrand> kirkland: once it's in there, can do:
[16:44] <jdstrand> auth-client-config -n -p ecryptfs_standard -t pam-auth ; auth-client-config -n -p ecryptfs_standard -t pam-session
[16:44] <jdstrand> for a dry run
[16:44] <jdstrand> kirkland: remove the '-n' for a real run
[16:44] <kirkland> k
[16:45]  * jdstrand notes it is probably convenient to use a comma separated list for '-t'
[16:45]  * jdstrand goes to fix that
[16:47] <Thorsten11> I am looking to swap my servers hard drive with a larger one.  How do I go about doing that and keeping all the data?  Any help would be great!
[16:48] <kirkland> jdstrand: hmm, "auth-client-config -p ecryptfs_standard -t pam-auth ; auth-client-config -n -p ecryptfs_standard -t pam-session,pam-auth" ... does that go in debian/rules?
[16:49] <jdstrand> kirkland: that second command needs to drop ',pam-auth' (a-c-c can only handle one -t option at a time right now)
[16:49] <kirkland> oh
[16:49] <kirkland> okay, so two calls
[16:49] <jdstrand> kirkland: re rules> no, that is what the user will run to enable ecryptfs in pam
[16:50] <jdstrand> kirkland: in a bit, those two commands will become:
[16:50] <jdstrand> auth-client-config -p ecryptfs_standard -t pam-auth,pam-session
[16:50] <kirkland> jdstrand: right
[16:50] <kirkland> jdstrand: okay, i suppose this helps somewhat
[16:50] <kirkland> jdstrand: but it still doesn't solve what I thought i was solving
[16:51] <kirkland> jdstrand: avoiding having to do the pam setup post installation
[16:51] <jdstrand> kirkland: there are mechanisms in place in auth-client-config to make it work in packaging, but as a policy isn't in effect and slangasek is doing a different implementation, then just leave it to the user
[16:51] <kirkland> jdstrand: okay, thanks.
[16:51] <kirkland> jdstrand: let me get a debdiff tested and available for your review
[16:52] <jdstrand> kirkland: you can read /usr/share/doc/auth-client-config/README for ideas on package integration
[16:52] <kirkland> jdstrand: well, i'll hold off until we see whether or not slangasek's implementation is good to go
[16:52] <jdstrand> kirkland: but that is likely more than you want to do right now
[16:53] <kirkland> jdstrand: right ;-)
[16:55] <jdstrand> kirkland: keep in mind, while this doesn't help greatly in terms of what is outlined in Testing, it does allow you to ship a configuration that is known to work, and the wiki won't have to change.  You can also add other profiles to /etc/auth-client-config/ecrypts-- eg [ecryptfs_advanced], or whatever
[16:56] <jdstrand> kirkland: it also provides an easy way to disable ecryptfs (one command as opposed to hand editing to config files)
[16:56] <jdstrand> s/to config/two config/
[16:56] <kirkland> jdstrand: that's a good point, thanks.
[16:58] <kirkland> jdstrand: something like http://pastebin.ubuntu.com/26689/
[16:58] <jdstrand> kirkland: but the use of auth-client-config, or steve's method, or a combination is really what needs to be implemented :)  use of auth-client-config just makes it easier
[16:58] <kirkland> jdstrand: oh, yeah, i totally understand that
[16:59] <jdstrand> kirkland: you don't need a Pre-Depends-- just add /etc/auth-client-config/profile.d to 'dirs'  (which you've already done)
[16:59] <jdstrand> kirkland: I suggest using 'Suggests' instead of Pre-Depends
[17:00] <jdstrand> kirkland: ecryptfs will work just fine aithout a-c-c
[17:00] <kirkland> k
[17:00] <kirkland> jdstrand: build gripes: dh_install --fail-missing --sourcedir=debian/tmp
[17:00] <kirkland> cp: cannot stat `debian/tmp/pam_ecryptfs.auth-client-config': No such file or directory
[17:00]  * jdstrand goes to download the thing
[17:09] <jdstrand> there are a lot of build-deps...
[17:10] <delly84> does anyone know the best way to purge an ldap database besides just removing /var/lib/ldap/* and /var/backups/unknown-...ldapdb  and re inserting the nodes via dpkg-reconfigure slapd and ldapadd?
[17:11] <delly84> is that even the right way to do this?
[17:12] <kirkland> jdstrand: to ecryptfs-utils?
[17:12] <kirkland> jdstrand: i'm working a couple of MRs related to that now
[17:12] <jdstrand> kirkland: from a pristine schroot, yeah
[17:12] <kirkland> zul: doko approved pkcs11-helper \o/
[17:29] <kirkland> jdstrand: hmm, i'm missing something obvious
[17:29] <jdstrand> kirkland: the problem is that the profile is not copied into debian/tmp/etc/auth-client-config/profile.d
[17:29] <kirkland> jdstrand: right
[17:30] <kirkland> jdstrand: what should handle that?  something rules, I suspect
[17:30] <jdstrand> kirkland: your libecryptfs0.dirs file makes etc/auth-client-config/profile.d created in debian/libecryptfs0
[17:30] <jdstrand> but the profile is copied there either
[17:31] <kirkland> jdstrand: is my syntax in libecryptfs0.install correct?
[17:31] <kirkland> jdstrand: should it be ../pam_ecryptfs.auth-client-config etc/auth-client-config/profile.d
[17:33] <jdstrand> kirkland: I'm not used to seeing it like that
[17:33] <jdstrand> kirkland: I think just having /etc would be enough
[17:40] <jdstrand> kirkland: your syntax looks fine based on the manpage (hey, I learned something!)
[17:40] <kirkland> jdstrand: the ../ bit?
[17:40] <kirkland> jdstrand: b/c, that actually works!
[17:40] <jdstrand> kirkland: no, just the <file> <dir> bit
[17:41] <kirkland> jdstrand: oh, i got that straight from ldap-auth-config
[17:41] <kirkland> jdstrand: see ldap-auth-config.install
[17:41] <jdstrand> hmm, I might have actually did that
[17:41] <jdstrand> (ldap-auth-config.install)
[17:41] <kirkland> jdstrand: you're so money you don't even know it!
[17:41] <jdstrand> apparently I'm flaking out right now :)
[17:46] <jdstrand> kirkland: a cleaner approach is in debian/libecryptfs0.install have:
[17:46] <jdstrand> /etc/auth-client-config/profile.d/pam_ecryptfs.auth-client-config
[17:46] <jdstrand> kirkland: then in rules:
[17:46] <jdstrand> dh_install --list-missing --sourcedir=debian/tmp -Xpam_ecryptfs.auth-client-config
[17:47] <jdstrand> and in rules:
[17:47] <jdstrand> cp $(CURDIR)/debian/pam_ecryptfs.auth-client-config $(CURDIR)/debian/libecryptfs0/etc/auth-client-config/profile.d
[17:47] <jdstrand> after the MAKE command
[17:47] <kirkland> jdstrand: would s/pam_ecryptfs.auth-client-config/acc-ecryptfs/g be more consistent?
[17:48] <jdstrand> kirkland: basically, we install the file into the libecrypts0 dir (as expected), then tell dh_install to skip that file when doing debian/tmp
[17:49] <jdstrand> kirkland: I have no preference as to the name
[17:49] <kirkland> jdstrand: which section of rules does the -Xacc-ecryptfs bit go?
[17:50] <jdstrand> kirkland: it should *not* be named 'acc-ecryptfs' after install though-- files with acc- are installed by auth-client-config itself
[17:50] <kirkland> jdstrand: oh
[17:50] <jdstrand> it's a convention, not a hard-n-fast rule
[17:50] <jdstrand> but there is no reason not to follow it
[17:50] <kirkland> jdstrand: that's fine
[17:51] <kirkland> jdstrand: i'll call it ecryptfs.acc in the source package
[17:51] <kirkland> compact enough
[17:51] <jdstrand> kirkland: I like the installed named as 'ecryptfs'-- it is easy
[17:51] <kirkland> jdstrand: okay, and i'll install it as 'ecryptfs'
[17:51] <jdstrand> kirkland: as for the -X... part-- just add it to the end of the dh_install line that already exists in binary-arch
[17:52] <kirkland> jdstrand: the existing line has "fail-missing" ... yours "list-missing" ?
[17:53]  * kirkland tries a build...
[17:53] <jdstrand> kirkland: err, yeah-- good point. it should be fail-missing
[17:53] <zul> kirkland: coolness please add it to the seeds then :)
[17:53] <kirkland> jdstrand: k, i'm building with that now
[17:53] <jdstrand> kirkland: I tried list-missing in testing
[17:55] <kirkland> zul: i may need some instruction/documentation on doing that (later)
[17:56] <zul> kirkland: cool you might not have access either
[17:56]  * kirkland doesn't have much access at all
[17:56]  * kirkland is entirely at the mercy of bribing a bunch of other people to sponsor his work :-)
[18:00] <kirkland> jdstrand: okay, cool, that built, and installed properly!
[18:00] <jdstrand> \o/
[18:00] <kirkland> jdstrand: let me try the runtime command to enable....
[18:11] <kirkland> jdstrand: what do you think of http://pastebin.ubuntu.com/26708/ ?
[18:15] <jdstrand> kirkland: hold on
[18:30] <jdstrand> kirkland: you reference debian/acc-ecryptfs in the changelog.
[18:31] <kirkland> jdstrand: shite, okay
[18:31] <jdstrand> kirkland: I've updated it-- other than that it looks good
[18:31] <jdstrand> kirkland: do you want me to upload?
[18:31] <kirkland> jdstrand: let me attach it to the bug
[18:31] <jdstrand> kirkland: I build on amd64, did package upgrade testing, and tested auth-client-config profile integration
[18:32] <kirkland> jdstrand: same here
[18:32] <jdstrand> kirkland: let me know when to upload
[18:33] <kirkland> jdstrand: patch at https://bugs.launchpad.net/ubuntu/+source/ecryptfs-utils/+bug/247641
[18:33] <jdstrand> kirkland: does that mean it's ready to fly?
[18:34] <kirkland> jdstrand: yup, good by me, i fixed the changelog
[18:34] <kirkland> jdstrand: other than that it's identical
[18:34] <kirkland> jdstrand: sad that we have to diverge from debian, but hopefully it's temporary
[18:35] <jdstrand> ecryptfs-utils fly, ecryptfs-utils fly
[18:36] <jdstrand> into the light of the dark black night
[18:36] <jdstrand> kirkland: uploaded
[18:36] <kirkland> jdstrand: thanks, i'm updating the wiki page now
[18:36] <jdstrand> kirkland: it's a minor divergence that will help our users
[18:36] <kirkland> jdstrand: definitely, a million thanks for your help
[18:36] <jdstrand> np
[18:36] <jdstrand> :)
[18:40] <kirkland> jdstrand: do we care about hppa build failure?
[18:40] <jdstrand> jdstrand: well, yes, but what do you mean specifically?
[18:41] <kirkland> jdstrand: i just got a failed-to-build error for ecryptfs-utils with your upload for hppa
[18:41] <jdstrand> that was fast
[18:41] <kirkland> jdstrand: okay, instructions updated at: https://wiki.ubuntu.com/EncryptedPrivateDirectory#head-4a2aa7460fdca18bfe78bb1283becff406bbc13c
[18:41] <jdstrand> jdstrand: it built last time
[18:43] <jdstrand> kirkland: it's an apt error
[18:43] <kirkland> jdstrand: i was just investigating that
[18:43] <kirkland> jdstrand: okay, not our fault :-)
[18:43] <jdstrand> kirkland: no
[18:44] <kirkland> jdstrand: no, it is our fault?
[18:44] <jdstrand> kirkland: it is not our fault
[18:44] <kirkland> jdstrand: ;-)
[18:44] <jdstrand> I submitted to retry the build
[18:55] <jdstrand> kirkland: it built fine the 2nd time
[18:57] <kirkland>  jdstrand: cool, thanks.
[18:58] <kirkland> jdstrand: i just need the fix from Debian in 50-2 that makes mount.ecryptfs_private setuid
[18:59] <kirkland> jdstrand: ideally, i'll get that in and merged by Monday, and we can have an ~/Private setup party in Lexington next week ;-)
[18:59] <jdstrand> kirkland: guess you get to practice merging :)
[18:59] <jdstrand> ok cool
[18:59] <kirkland> jdstrand: yup
[18:59] <jdstrand> \o/
[19:00] <bdmurray> mathiaz: I might be able to help regarding moving bugs to a renamed package
[19:01] <kirkland> mathiaz: any progress on the web app packaging standard?
[19:02] <kirkland> mathiaz: i have a couple of simple, small PHP web apps that I'd like to get some assistance packaging from scratch next week
[19:02] <kirkland> mathiaz: the good news is that they don't use a DB
[19:05] <Chipzz> kirkland: have you looked at the packaging of phpmyadmin?
[19:06] <kirkland> Chipzz: negative
[19:06] <Chipzz> kirkland: take a look at that; maybe that will give you some idea's?
[19:06] <Chipzz> s/'//
[19:06] <kirkland> Chipzz: mathiaz had raised some issues with the way webapps are/not packaged with Ubuntu at UDS
[19:07] <kirkland> Chipzz: if phpmyadmin's packaging is a model to be followed, i can do that
[19:07] <kirkland> Chipzz: however, i was under the impression that none were considered "ideal"
[19:08] <Chipzz> I'm not saying it's a model; it is however something you can take a look at to get some inspiration
[19:08] <kirkland> Chipzz: cool, thanks for the pointer
[19:14] <tolun> hi everyone...
[19:14] <tolun> how can I increase entropy in kernel?
[19:16] <tolun> is there anybody...
[19:17] <lukehasnoname> be patient, a lot of these guys are working. they'll get to you in time, most of the time.
[19:19] <tolun> :-/
[19:28] <mathiaz> bdmurray: kwel - where is your magic script ?
[19:28] <mathiaz> kirkland: no progress on the web app packaging standard
[19:29] <bdmurray> mathiaz: I don't have one yet but ogasawara or I should be able to help
[19:29] <mathiaz> bdmurray: ok - persia suggested to move them by hand while reviewing them
[19:30] <mathiaz> bdmurray: which could be a good idea in this case as there aren't so many bugs
[19:30] <bdmurray> mathiaz: right, I saw that.  I think it really depends on the volume.  If you are on top of them and know they are all valid just move them - otherwise reviewing during the process makes sense.
[19:34] <nealmcb> Is there a tool (web query engine?) to easily determine if a given dns resolver (not under my control) is now properly doing random source ports (e.g. a tool that asks it to resolve an address at a domain that the tool can work with to see what source port the requests come in on?)
[19:36] <ScottK> Not that I know of.  If you control the DNS server it's asking, you can capture data via tcpdump and check.
[19:41] <Nicke__> nealmcb: Have you tried http://www.doxpara.com/ ?
[19:42] <Deeps> urr, surely you can see the source port of incoming packets
[19:45] <gegema> this may be a rediculous Q... but here goes. When doing a "history" command and I get a list of my previous commands, is there a way to select say the 200th command, so I doint have to up arrow 200 times to get to it?
[19:45] <gegema> or is my only option to just copy and paste that command
[19:45] <zul> !<history number>
[19:47] <gegema> hmm.. tried history number before asking this Q... and just tried !history number and I get -bash: history: too many arguments
[19:49] <nealmcb> Nicke_ yup - that's the ticket!  Dan's own checker on the sidebar at ﻿http://www.doxpara.com/ .  Though I suggest you don't expect it to be too smart.  I see a lack of randomness that it didn't in my dns server
[19:52] <Nicke__> nealmcb: yeah.. I only know that it detected my own dns server as vulnerable before I updated it, and said it was fine after.. but I don't see that as any guarantee ;)
[19:56] <tolun> how can I increase entropy in kernel?
[19:57] <nealmcb> tolun: get the machine to do interesting things - maybe df /usr or something like that
[19:58] <nealmcb> or move your mouse etc
[20:02] <tolun> nealmcb, it is a server which is far away and i am connecting via ssh
[20:02] <tolun> and ubuntu server does not accepts my inputs
[20:02] <tolun> from ssh
[20:03] <tolun> I want that server should do entropy by itself
[20:03] <tolun> :(
[20:04] <tolun> I mean that it is not accepts inputs as an entropy action....
[20:07] <tolun> does not server generate random bytes for entropy by itself?
[20:09] <nealmcb> tolun: yes, but if it isn't doing much it can take time. disk activity should help which is why I suggested df /usr
[20:11] <tolun>  owwww
[20:11] <tolun> sorry...
[20:11] <tolun> let me check this pls...
[20:11] <tolun> ;)
[20:12] <nealmcb> dooh - I mean du /usr ....
[20:12] <nealmcb> df is much too efficient :/
[20:18] <nealmcb> tolun: ^
[20:18] <tolun> nealmcb, still I am testing...
[20:18] <tolun> and still it did not achived my problem...
[20:18] <tolun> :(
[20:21] <trakinas> im having troubles with ssh
[20:22] <trakinas> first thing: the keys arent being loaded. though i have removed and re-generated them
[20:22] <trakinas> second thing: i cannot connect to the server anymore.
[20:22] <trakinas> even after doing this: http://markus.revti.com/index.php/2007/12/05/245/
[20:24] <nealmcb> so I'd like to run dan's script at ﻿doxpara.com/, which uses javascript, from a server.  what handy javascript-enabled text mode browsers are out there again?  our elinks doesn't seem to have spidermonkey which would do some javascript
[20:24] <Wicky656> how do you set limits in /etc/security/limits.conf to unlimited or is that even possible?
[20:24]  * nealmcb hoped he'd eventually find a relevant, on-topic question :)
[20:25] <tolun> nealmcb, it did not worked
[20:25] <tolun> :(
[20:25] <nealmcb> did you run du (not df like I said at first)?
[20:26] <nealmcb> and exactly what are you doing?
[20:28] <tolun> yes
[20:28] <tolun> it has been stoped
[20:30] <nealmcb> tolun: see e.g. http://bentham.k2.t.u-tokyo.ac.jp/notebook/?p=241
[20:31] <tolun> ok
[20:31] <tolun> and what else?
[20:32] <nealmcb> I'd say, maybe, at a shell do this in the background just before generating your key:  "du / &"  or "ls -Rl / > /dev/null &"
[20:32] <nealmcb> so it runs while you generate
[20:32] <tolun> thank you nealmcb...
[20:33] <tolun> i will try all of them...
[20:36] <nealmcb> tolun: or generate it on a desktop and copy it to the server....
[20:38] <tolun> i think i found it... which included in your link address...
[20:38] <tolun> egd is a solution i think...
[20:38] <tolun> of course i have to try it...;)
[20:40] <tolun> nealmcb, really thanks for all... I will try it and inform you... of course if you need know...;)
[20:42] <nealmcb> tolun: np
[21:35] <bitsbam_> hello anyone use a dell poweredge ?
[21:45] <nealmcb> bitsbam_: you might get better answers if you ask your underlying question
[21:45] <bitsbam_> thanks, i need to know the procedure to power down a hard drive for a hot-swap replacement
[21:46]  * nealmcb doesn't know :(
[21:46] <Nafallo> ehrm. hotswap is yank out, put in new? :-)
[21:46] <Nafallo> that's how I do it on HPs anyway. works fine.
[21:47] <nealmcb> the "hammer" approach :)  I would have guessed it, but didn't want to steer someone wrong
[21:48] <Nafallo> just take care if the machine starts rebuilding the array or something.
[21:49] <Nafallo> you want to wait until it doesn't do that before you put in the new drive or you might loose the array.
[21:52] <nealmcb> cool - I learned a nice emacs tip last night: tramp has a "sudo" mode, so you can edit /sudo::/etc/resolv.conf  without firing up another emacs
[21:53] <bitsbam_> well, last night, i yanked a drive, and slid a new one in place, but it never showed anything other than the blinking amber lights for drive failure, put the old drive back in it blinked amber for a bit, then green
[22:08] <bitsbam_> I suppose most of this would point to a drive failure ? It is a brand new drive.
[22:11] <solexious_> [q] My server seems to hang on restarts, how can i find out how as it seend to be after ssh is stopped
[22:11] <solexious_> seems*
[23:30] <Chipzz> hrrrrm
[23:30] <Chipzz> anyone here running debian testing?
[23:31] <Chipzz> I just upgraded some servers from php5 5.2.5 to 5.2.6, and I hit max connections pretty fast
[23:32] <Chipzz> appears to be a problem with apache threads (especially those to localhost; for the server reloading - WTF is apache doing this crap in the first place) hanging in the closing state for too long
[23:34] <Chipzz> mentioning this because that version may be hitting intrepid...
[23:37] <bitsbam_> anyone have a more correct procedure for readying a drive to be removed and hot swapped than just yanking the thing out of a dell poweredge server?