[00:15] <tacone> hello, where and with which permissions shuold an ssl certificate .key file be stored to be usable with apache ?
[00:15] <tacone> is there a standard practice ?
[00:20] <emgent> zul: around ?
[00:20] <zul> emgent: not really
[00:21] <emgent> ok, if you like we can mail you about this.
[00:21] <zul> emgent: yes
[00:21] <emgent> ok thanks :)
[02:15] <kriel> So, in the past, I've had apt have a problem and lock up if it only half-downloads a package. So, I removed the entire /var/cache/apt directory to try and clear out apt's cache, hoping it would rebuild. ... it apparently didn't. Any ideas on fixing my blunder? I'd rather not wipe and reload..
[02:15] <wantok> kriel: you havent told us the error
[02:15] <wantok> kriel: and /var/cache/apt/partial is what your looking for
[02:15] <kriel> ... I nuked all of /var/cache/apt, that's the problem.
[02:15] <captbaritone> Can anyone tell me why if I zip the same file two different time, the resulting zip files have a different md5 hash?
[02:15] <kriel> here, have a pastebin. http://pastebin.com/d451157f0
[02:22] <tacone> kriel: I'd  try a dpkg-reconfigure apt . but I really have no idea if it may harm your system further or not, so try at your own risk.
[02:23] <kriel> It's not a production server, we're just trying to avoid a wipe and reload.
[02:23] <wantok> kriel: does /var/cache/apt/archives exit?
[02:23] <tacone> wantok: he wiped everything.
[02:24] <wantok> tacone: then he should probalby re-create everything ;)
[02:24] <tacone> lol, trying to reproduce on my intrepid chroot
[02:24] <wantok> captbaritone: files contents changed?
[02:24] <tacone> that's what the chroot is all about: have fun ! :-D
[02:24] <captbaritone> no
[02:25] <captbaritone> give it a try on your machine
[02:25] <tacone> ok I get the same error of him
[02:25] <tacone> uhm, no, seems not to work
[02:25] <kriel> byeh, got it. >> I'm not sure what the other guy did, because he dosen't know what dpkg-reconfig is, but whatever he did, apt's working again.
[02:26] <tacone> lol
[02:26] <tacone> not for me :D
[02:28]  * wantok bbs
=== Lunks is now known as Lunksa
=== Lunksa is now known as Lunks
[05:22] <Kamping_Kaiser> anyone tried ebox (from thier ppa, or the 8.04 repo) for adminging samba/nfs/squid with authentication (basically, a school proxy/server).
[05:23] <Kamping_Kaiser> well, anything similar :)
[05:23] <Kamping_Kaiser> i'm wondering if loosing the ability to admin by ssh+not being able to directly edit files is worth the "easy gui" for users
[06:42] <\sh> Kamping_Kaiser: my opinion, "don't use this software if you know how to edit config files manually" at least, I had my share of bad "webmin" experience in the past (means in the 90ties)
[08:11] <FuRom> Is there a linux alternative to using IECapt.exe (http://iecapt.sourceforge.net/) for generating website screenshots automatically?
[08:50] <kraut> moin
[08:56] <uvirtbot`> New bug: #259006 in php5 (main) "php5 and libtool 2.2 cause some PHP related packages to FTBFS" [High,Confirmed] https://launchpad.net/bugs/259006
[11:45] <kirkland> jdstrand: are you familiar with the "service" command on RH systems?
[11:46] <thefish> kirkland: thinking of adding that to ubuntu-server?
[11:47] <kirkland> at the very least....
[11:47] <kirkland> #!/bin/sh
[11:47] <kirkland> SCRIPT="$1"
[11:47] <kirkland> shift
[11:47] <kirkland> /etc/init.d/"$SCRIPT" $@
[11:47] <kirkland> thefish: but, yes
[11:47] <kirkland> trying to decide where's the best place to put it, thinking of sysvinit
[11:48] <thefish> couldnt say, but i like the idea
[11:48] <thefish> it helps a lot with windows server converts
[11:49] <thefish> they seem to be able to get their head around that a lot easier than /etc/init.d/xyz start
[11:50] <kirkland> thefish: true
[11:51] <kirkland> thefish: i've been using Ubuntu exclusively for years now, and i still accidentally type "service apache2 restart"
[11:53] <thefish> :)
[11:53] <vincentvdk> hello
[11:55] <thefish> kirkland: it would be nice to have as a kind of standard
[11:55] <thefish> we have mostly an ubu server shop, but there are some rhel boxen as well, so a similar set of service stuff would be useful
[11:56] <thefish> im sure there are quite a few places with mixed distros
[11:56] <kirkland> thefish: i don't have a RH box on hand...  does the "service" script do more than just put /etc/init.d in front of whatever you call?
[11:57] <thefish> kirkland: moment, ill see if i can ssh in (HQ firewall is being a bit iffy...)
[11:58] <maswan> kirkland: not according to a "man service" on centos5
[11:58] <kirkland> maswan: thx
[11:59] <jetole> is there an single sign on application out there that is portable? I mean I can't seam to replicate the AD LDAP to openLDAP and vice versa and I don't want the SSO to _HAVE_ to rely on either Linux or Windows
[11:59] <jdstrand> kirkland: not hugwly familiar with it-- I;ve used it a couple of times
[11:59] <jdstrand> hugely even...
[11:59] <maswan> well, it does a few other things, like a --full-restart which is a stop; start and a --status-all which is a for a in /etc/init.d/*; $a status
[11:59] <jetole> some way I can keep all login credentials on a linux and windows server and have them update each other?
[11:59] <maswan> but not anything significant
[11:59] <kirkland> jdstrand: okay, no worries...  i think i'm dropping it in sysvinit...  does that sound about the right place for it?
[12:01] <jdstrand> kirkland: I don't remember the nuances of the 'service' command. does it actually change symlinks, etc?
[12:02] <kirkland> jdstrand: not as far as I know
[12:02] <jdstrand> kirkland: or is it just a shorthand of doing /etc/init.d/<service> ...
[12:02] <kirkland> jdstrand: yes
[12:02] <maswan> jdstrand: no, it just runs them.
[12:02] <kirkland> jdstrand: very, very simple
[12:02] <maswan> jdstrand: chkconfig on the other hand...
[12:02] <maswan> or whatever tha'ts called
[12:02] <kirkland> jdstrand: trivial "enhancement" to an Ubuntu server, would make many a former RH admins less frustrated with Ubuntu
[12:03] <kirkland> chkconfig is more complex
[12:03] <kirkland> i'm not tackling that
[12:03] <maswan> I've spent all of a couple of hours trying to admin a rhel derivative, so I'm not exactly and expert. I know much more about AIX than RH.
[12:03] <jdstrand> kirkland: I think that would be the place, yes. however, if you consider future upstart scripts, then perhaps not
[12:04] <jdstrand> kirkland: I'd ping Keybuk
[12:04] <kirkland> jdstrand: hmm, good point.
[12:04] <kirkland> jdstrand: i'll talk to him
[12:04] <kirkland> jdstrand: dendrobates- was very supportive of this little patch
[12:04] <kirkland> jdstrand: maybe i'll get him to talk with Keybuk, since they're in a conference room together all week :-)
[12:05] <jdstrand> kirkland: sounds entriely reasonable :)
[12:32] <dendrobates-> kirkland: we need chkconfig too.
[12:32] <kirkland> dendrobates-: i agree... but that's highly none trivial, and potentially against debian policy
[12:33] <kirkland> non-trivial
[12:33] <dendrobates-> kirkland: colin thinks that some of the work has already been done.
[12:33] <kirkland> dendrobates-: for chkconfig?
[12:34] <kirkland> dendrobates-: that functionality is sort of handled on a per-package basis, with their /etc/default/* files, and debconf questions
[12:38] <kirkland> dendrobates-: tested/working patch attached to https://bugs.launchpad.net/ubuntu/+source/sysvinit/+bug/259043
[12:38] <uvirtbot`> Launchpad bug 259043 in sysvinit "Ubuntu Server would benefit from a "service" wrapper script" [Undecided,New]
[14:06] <Kamping_Kaiser> \sh, thanks for the comment. the root of the dilemma is that i know how to do the config, but i dont expect the recipents to (but i will be the ongoing support. grr)
=== chmac7 is now known as chmac
[14:43] <dendrobates-> sommer:  can you still make updates to the server guide?
[14:45] <sommer> dendrobates-: yeppers
[14:52] <dendrobates-> sommer: what do you think about adding a blub at the end that tells people that support is available?
[14:52] <dendrobates-> sommer: we keep having people tell us that they didn't know support was available for ubuntu.
[14:53] <sommer> dendrobates-: seems like a good idea to me
[14:54] <sommer> dendrobates-: is the end the best place for that?
[14:54] <sommer> dendrobates-: seems like it may fit as a subsection to the introduction section
[14:54] <dendrobates-> sommer: seems like it.
[14:55] <sommer> dendrobates-: is canonical the only place to get support?  just thinking that if other companies have offerings it may be good to list them
[14:56] <dendrobates-> sommer: just this url:  http://www.canonical.com/services/support
[14:58] <sommer> dendrobates-: okay, I'll add something... isn't there some type of partner program?  or does that not make sense in the "support" context?
[15:00] <ScottK> sommer and dendrobates-: What about http://www.ubuntu.com/support it seems a bit more inclusive.
[15:02] <sommer> both seem okay to me
[15:26] <w8tah> on a default setup of ubuntu heron server -- is there any kind of firewall running?  particularly one that might be interfearing with connections to a mysql server?
[15:26] <_ruben> installed: yes, running: no
[15:27] <w8tah> ok -- cuz i cant talk to my mysql server no matter what
[15:27] <w8tah> and i need to
[15:27] <w8tah> is it iptables or what?
[15:27] <ScottK-laptop> It's called ufw and it's essentially a simple iptables front end.
[15:28] <w8tah> ok
[15:28] <ScottK-laptop> By default it's disabled.
[15:28] <sommer> w8tah: you should double check /etc/mysql/my.cnf and make sure it's listening on more than the loopback address
[15:28] <w8tah> OOHHHH
[15:28] <w8tah> ok
[15:28] <w8tah> been too long since i set up a mysql server
[15:30] <w8tah> i need to bind the ip of the machine, right?
[15:30]  * w8tah blames getting old
[15:30] <sommer> w8tah: yeppers
[15:30] <w8tah> thanks
[15:30] <sommer> np
[15:31] <w8tah> that was it -- thanks a ton
[15:31] <sommer> heh, you're welcome
[15:32] <w8tah> soon as you said that i rememberd having to do something similar when i was running mysql under gentoo but its been over a year since i configured a Mysql server
=== folke is now known as afk_away
[16:09] <kirkland> soren: I'm getting an ubuntu-vm-builder failure: Error: Error opening /dev/shm/vm-builder-kivOw18719/root.raw: Invalid argument
[16:22] <soren> kirkland: That's because parted hates you.
[16:23] <soren> And me.
[16:24] <kirkland> soren: bummer, no workaround?
[16:24] <soren> kirkland: I have a patch that fixes it.
[16:25] <soren> kirkland: Until then... Er...
[16:25]  * soren thinks
[16:25] <kirkland> soren: will you be rolling out that patch in the next day or so?
[16:25] <soren> Yes. Until then, you should be able to get a bit further if you point your tmpdir at a non-tmpfs.
[16:56] <arakthor> is there a way to build a custom install cd (say I want to edit the packages installed by default etc. ) to basically streamline the installs where I work?
[17:03] <jmedina> arakthor: I have used Ubuntu Customization Kit (UCK)
[17:03] <jmedina> http://uck.sourceforge.net/
[17:06] <uvirtbot`> New bug: #259110 in samba (main) "Samba NT_STATUS_PASSWORD_MUST_CHANGE bug" [Undecided,New] https://launchpad.net/bugs/259110
[17:08] <arakthor> jmedina, does it do more than the language?
[17:08] <jmedina> arakthor: you can pre-install packages and configs
[17:08] <arakthor> awesome, I will have a look at it. thanks :)
[17:12] <arakthor> bleh, doesn't work with server cds
[17:12] <arakthor> thanks anyway
[17:14] <arakthor> found the wiki entry on customizing cds so I should be oK
[17:21] <zul> infinity: ping
=== anonimous is now known as YoMero
=== RoAk is now known as RoAkSoAx
[18:29] <ghetek> just making sure you guys can see this...
[18:29] <ghetek> anyone?
[18:29] <ScottK-laptop> Depends on what this is.
[18:30] <ghetek> this was just text, and thanks!
[18:45] <ghetek> hey guys, so i installed mdadm and i was working on creating a raid and somewhere in all of this i mistakenly created md0p1 md0p2 md0p3 and md0p4 how do i just remove these, kill my current array and start over in creating a software raid?
[18:54] <ghetek> hey guys i need to share out /dev/md0 to 2 different users on the system so that both users can mount this as a share in windows. can i get some help please? this si all in console
[19:15] <ghetek> guys ok so here is my issue i type in  sudo fdisk -l | grep NTFS | awk '{print $1}' and i get back "Disk /dev/sdc doesn't contain a valid partition table."
=== RoAk is now known as RoAkSoAx
[20:43] <ScottK> lamont: So the udns maintainer's response on cache poisoning is there's no point in source port TID randomization because DNSSEC is the only one true answer.  See Debian Bug #493599 for laughs.
[20:43] <uvirtbot`> Debian bug 493599 in udns "Transaction ID and Source Port not random enough" [Grave,Open] http://bugs.debian.org/493599
[20:43] <lamont> ScottK: he's right, btw.  Now get real. kthx
[20:43] <ScottK> He's right, of course, but it's rather beside the point.
[20:43] <lamont> until we have signed root and TLD zones, it doesn't matter
[20:43] <ScottK> Yep.
[20:44] <ScottK> So I don't think that in the meantime declining to change from trivially spoofable to spoofable with enough bandwidth and other conditions are right is a good approach.
[20:44] <lamont> of course, I expect that Kaminsky is just finding these bugs to help push global acceptance of DNSSEC :-p
[20:44] <lamont> it's acceptable only if you're not doing recursion. :-)
[20:45] <lamont> which has the advantage of meaning that you don't have a cache to poison....
[20:45] <ScottK> Yes.
[20:45] <ScottK> I'm still in favor of doing what one can.
[20:49] <maswan> lamont: well, some TLDs are signed. you just have to make sure those are in your resolvers trust path and you only care about domains under those TLDs...
[20:50] <ScottK> Would those be any TLDs I might care about?
[20:50] <maswan> I only know of .se, but there should be a handful of others too.
[20:51] <maswan> Of course, I don't know of anything _under_ .se that's signed, but I'm sure there might be something of value. :)
[21:08]  * ScottK ponders applying to ICANN for .signed as a TLD.
[21:30] <AtomicSpark> beyond https://help.ubuntu.com/8.04/serverguide/C/openldap-server.html , what do I need to do to setup a Linux "active directory"? I'm not even sure how to configure the clients to pull the users from the server.
[21:31] <lamont> ScottK: no hardy-backports love for postfix 2.5.4-1???
[21:32] <ScottK-laptop> lamont: There was no previous backport to update.
[21:32] <lamont> ah, ok
[21:33] <ScottK-laptop> It seems like ~2.5.2 to 2.5.4 is not so much of a change.
[21:34] <lamont> just the two CVEs :)
[21:35] <ScottK-laptop> Right, but you're going to deal with the only one a sane person has to worry about in a -security upload, so no worries.
[21:37] <lamont> right
[21:37] <lamont> and actually, that's done, just hasn't published. :-(
[21:41] <ScottK-laptop> Yes.  That gave me a chance to comment on Friday about how the security support is faster (sometimes) in backports than in -security.
[22:14] <tacone> zul: around ?
[22:28] <Fenix|work> Greetings
[22:28] <Fenix|work> I need some help with ubuntu-server and pure-ftpd
[22:28] <Fenix|work> I had it all working, now anonymous users don't work any longer
[22:28] <Fenix|work> I recently went from gutsy to hardy
[22:29] <Fenix|work> so I'm a bit perplexed as to what stopped
[22:29] <Fenix|work> anyone have any suggestions?
[22:41] <Fenix|work> ok, fixed my problem... apears my upgrade deleted the ftp user
[22:41] <Fenix|work> re-creating it and it works.
[23:33] <cxo_> When i do an apt-get upgrade linux-server, why does it say it's being "kept back"?
[23:54] <arakthor> you need to run apt-get dist-upgrade or use aptitude with U
[23:54] <erichammond> cxo_: I'll try to help out here.  If you want to upgrade your kernel, try "apt-get dist-upgrade" and you'll need to reboot afterward.