/srv/irclogs.ubuntu.com/2009/01/05/#ubuntu-server.txt

=== fenris__ is now known as fenris-
=== fenris- is now known as ejat
nemoego	I have two ubuntu servers, alpha acts as DHCP/TFTP/NFS server from which beta does a TFTP boot with NFS root. All this works ok, but beta will disappear from the network periodically: i.e. ping reports 'Destination host unreachable' and ongoing samba transfers timeout. logging in to beta locally and running a command will make it reachable again for a while. What's happening here?	00:50
yann2	nemoego > I had a similar issue once	00:54
yann2	are you using network bonding?	00:54
nemoego	yann2: don't think so, that's using multiple interfaces with one IP, right?	00:56
yann2	yes	00:56
yann2	my other question would be, is the server virtualized	00:56
yann2	a stupid guess could also be: you have an IP conflict somewhere and the switch gets confused	00:57
yann2	try assigning another IP	00:57
nemoego	the nfs root was originally made with a virtual machine, but it's running on metal now, DHCP doesn't assign IPs in the range beta is in, and i think if I change IPs i will lose my NFS root, no?	00:58
yann2	well just check there is no conflict at swtich level	00:59
nemoego	yeah, there are 6 machines on the network and the 2 have static IPs and the rest are getting dynamic IPs from the server properly	01:00
nemoego	it's almost like beta is forgetting it has an IP until I force it to access the NFS share...	01:01
yann2	I bet it's more the switch that gets confused with the mac address :P	01:02
yann2	or maybe I'm wrong, but this is what I would investigate :)	01:02
nemoego	how would I go about that?	01:02
yann2	when you say	01:07
yann2	logging in to beta locally and running a command will make it reachable again	01:07
yann2	that command has to be network related?	01:07
yann2	or a simple ls is enough?	01:08
yann2	is it a manageable switch?	01:08
nemoego	since it's an NFS root, any command forces access to the NFS server (alpha), also the first command takes 30-60 seconds, subsequent commands are instant	01:09
nemoego	switch is a cheap wifi router	01:09
nemoego	also, i notice this problem mostly because it interrupts my samba transfers to beta, so i'm communicating with the machine when it disappears	01:11
msucoder	Has anyone here fooled with webcamd before?	01:48
danielm_mc	yoza - is there an easy way to upgrade 32-bit hardy heron to 64-bit hardy w/o complete re-install? URI plz... :-)	03:49
pteague	suggestions for a mail server simply for sending mail from a lamp server? debating postfix or sendmail	08:43
Jeeves_	never choose sendmail	08:43
pteague	that bad? or just no good options?	08:45
hads	postfix	08:46
Jeeves_	Exim	08:46
hads	:)	08:46
Jeeves_	ssmtp	08:46
Jeeves_	Net::SMTP	08:46
hads	mail()	08:47
Jeeves_	Net::Telnet	08:47
Jeeves_	echo, cat, \|, netcat	08:47
henkjan	pteague: just stay with the default postfix install	08:47
hads	pteague: Postfix is easy and works out of the box on Ubuntu	08:48
pteague	at this point i'd like to just get `php -r 'mail( "valid@email.com", "testing", "this is a test email." );';` to work :)	08:48
pteague	k	08:48
* henkjan hands an exchange 2k3 install cd to Jeeves_		08:48
pteague	um, which configuration thing should i choose? internet site, internet w/smarthost, satellite system... ?	08:49
Jeeves_	henkjan: Bah!	08:49
pteague	i know when i'm behind cox i have to use their mail servers :(	08:49
hads	Internet site usually if you're an Internet site :)	08:49
pteague	this is home file/web server ... & test server	08:50
kraut	moin	08:50
hads	pteague: Then you'll probably want to use your ISP's mail server as a smarthost.	08:50
pteague	probably won't be receiving email except via fetchmail ...	08:50
pteague	ok, what should i use as the system mail name? my main site's domain or cox.net ?	08:52
hads	your.domain.co.au	08:57
pteague	the smtp relay host i'm guessing is the smpt.isp.com mail server i need to send through	09:00
AnAnt	Hello, does ubuntu provide some web-based tool for managing the server ?	12:26
_ruben	!ebox	12:36
ubottu	ebox is a web-based GUI interface for administering a server. It is designed to work with Ubuntu/Debian style configuration management. See https://help.ubuntu.com/community/eBox	12:36
_ruben	AnAnt: ^^	12:36
AnAnt	ok	12:52
spiekey	hello!	13:00
spiekey	this might be a little Off-Topic but i need some hints or opinions for NAS/SAN :)	13:01
spiekey	i would like to save about 4-6TB. I could just use a Debian Box with a Raid5 controller and SATA. Or maybe just a JBOD attached by eSATA?	13:01
spiekey	or should i not use a operating system at all and use an appliance?	13:02
ProfFalken	spiekey: you might be better off looking a a server/server cluster that connects to a SAN backend via fibre-channel SCSI. I've use infortrend int eh past and that seems to work pretty well if its of any help?	13:09
=== GTDuffman is now known as MaxPower
=== MaxPower is now known as MaxPower99
AnAnt	_ruben: thanks	13:54
vorian	ScottK: when would be a good time to cover the server migration you mentioned last week? :)	14:13
ScottK	Now isn't so bad.	14:13
vorian	excellent	14:13
ScottK	I did do a bit of work on it over my Christmas holiday, so there are some removals pending.	14:13
ScottK	Currently we have DB4.2 -> 4.7 in the archive.	14:14
ScottK	The goal is to get that down to as few as possible.	14:14
vorian	ok	14:14
ScottK	Currently 4.2 needs to stay due to some openldap oddities.	14:14
ScottK	zul: Did openldap ever get working on later than 4.2?	14:14
ScottK	Most things are on 4.6/4.7.	14:15
ScottK	So the goal is to kill of 4.3/4.4/4.5.	14:15
ScottK	Each of them still has a few rdepends.	14:15
zul	ScottK: probably I havent checked in a while though	14:15
ScottK	I did get to file a removal bug on one of them.	14:15
ScottK	zul: Could you add that to your Jaunty list of stuff to do?	14:15
ScottK	It'd be nice to get that one out of Main and maybe even out of the archive.	14:16
ScottK	vorian: So look at the rdepends for each binary and then see if you can get them to work with a later version.	14:16
ScottK	You can also look in Debian for patches as they were trying to do the same thing for Lenny.	14:17
vorian	ScottK: is this just for jaunty? or 8.04+?	14:17
ScottK	vorian: Jaunty.	14:18
vorian	roger	14:18
zul	ScottK: you mean my never-ending-todo-list-that-grows-ever-bigger-by-the-second?	14:18
ScottK	zul: Yes or the "list-of-stuff-to-get-mathiaz-to-do".	14:19
domas	hi! why the heck doesn't oprofile recognize vmlinux?	14:21
domas	root@db25:/a# opcontrol --vmlinux=/boot/vmlinux-debug-2.6.24-22-server	14:21
domas	The specified file /boot/vmlinux-debug-2.6.24-22-server does not seem to be valid	14:21
domas	:)	14:21
* domas reviews 'opcontrol'		14:23
domas	ah, found the problem %)	14:24
domas	dependancy bug	14:24
domas	anyone would know why rsync would be hitting sys% that much, with such profile: http://p.defau.lt/?hkE20oFLHK1UQYzFisbnMg	14:26
Shoopuf	Any reason why I wouldn't want to run a sudo aptitude update/install/safe-upgrade?	14:28
Shoopuf	And anyone know some good software to test the security of my server?	14:29
a_ok	is there a way i can prevent apt from starting/ stopping services?	14:31
a_ok	daemons/init scripts whatever you want to call them	14:31
ProfFalken	Shoopuf: what kind of server is it? (DB/LAMP/LDAP?) there'll be a tool to test it!	14:36
Shoopuf	ProfFalken: LAMP	14:37
domas	I smell a regression somewhere :(	14:39
ProfFalken	Shoopuf: http://www.howtoforge.com/apache_security_testing_with_nikto - it's a bit old (dapper) but it refers to Nikto (http://www.cirt.net/nikto2) which will help you.	14:40
ProfFalken	anyone in here know why I wouldn't be able to su from root to another user without typing the passwords?	14:46
domas	what the heck	14:47
domas	if I rsync single file, it is copied at 100MB/s	14:47
domas	if I rsync that same file as part of directory copy, it is copied at 10MB/s	14:48
domas	and most of time is spent in kernel	14:48
ProfFalken	w00t! Fixed it - /etc/pam.d/su did not have "auth sufficient /lib/security/rootok.so". it all works now... :o)	14:59
eolo999	hi, "virsh -c qemu:///system shutdown machine-name" doesn't stop my machine...	15:03
eolo999	hi i cannot shutdown kvm machines!	15:13
eolo999	someone can help me?	15:13
Shoopuf	ProfFalken: oh dear ;P	15:27
Shoopuf	Got it to run but don't understand most of the output. :P	15:30
ball	eolo999: what kind of kvm machines?	15:33
Shoopuf	Is there a way for me to password-protect one particular directory if someone tries to navigate to it with a URL?	15:35
Shoopuf	i know there's a way but what's the best way :)	15:37
ProfFalken	Shoopuf: look into .htaccess files - they rock! As for Nikto, I've not used it for a while but I'm sure Google can help you with the results... ;o)	15:43
Shoopuf	ProfFalken: yah i found the site that lists what each error is... http://osvdb.org/show/osvdb/3092	15:44
jussi01	does anyone know how to fix locales stuff? http://paste.ubuntu.com/100395/	16:01
zul	sommer: ping	16:02
ProfFalken	jussi01: dpkg-reconfigure locales	16:02
jussi01	ProfFalken: ahh, thanks!	16:02
ball	Is NFS the natural choice for serving up filespace from Ubuntu Server to Xubuntu?	16:06
soren	ball: Most of the time, I use Samba.	16:07
sommer	zul: yl	16:07
sommer	zul: err yo	16:07
vorian	ScottK: what is the specific argument for apt-rdepends to work it's magic?	16:08
ball	Hello soren, haven't seen you for about a hundred years.	16:09
soren	ball: I've never left :)	16:09
ScottK	vorian: apt-cache rdepends libdb4.5	16:09
zul	sommer: where is the ebox stuff again?	16:10
vorian	i thought it was apt-rdepends -r/b or something like that	16:10
vorian	ah	16:11
vorian	ok	16:11
vorian	thanks ScottK	16:11
sztomi_	17:08 < sztomi> I'm trying to establish an ssh connection between two ubuntu boxes. The problem is that whenever I set a static ip address on the server, it gets reset after a few seconds. I managed to connect once, but a few minutes later, the connection was frozen, and when I checked, the static IP was reset on the server. Can you help me?	16:11
sztomi_	17:08 < sztomi> I'm trying to establish an ssh connection between two ubuntu boxes. The problem is that whenever I set a static ip address on the server, it gets reset after a few seconds. I managed to connect once, but a few minutes later, the connection was frozen, and when I checked, the static IP was reset on the server. Can you help me?	16:11
vorian	It looks like 4.6 is the one that needs work	16:11
sztomi_	sry	16:11
ScottK	vorian: True, but it'd be nice to finish off 4.3/4.4/4.5 and get them removed.	16:12
ScottK	Of course those are mostly the hard ones left.	16:12
ball	sztomi_: did you tell your DHCP server to provide the same IP address consistently to the machine you're trying to ssh into?	16:13
vorian	ScottK: all i see in .3/.4/.5 are libdb4.-dev and db4.-util	16:13
vorian	4.2 and 4.6 have a bunch yet	16:13
ScottK	vorian: You need to look at all the binaries.	16:14
ScottK	vorian: e.g. apt-cache rdepends libdb4.5++	16:14
vorian	ahhh, ok	16:14
* vorian is slow		16:15
ScottK	vorian: apt-cache showsrc db4.5 will show you a list.	16:15
vorian	nod :)	16:15
* vorian gets cracking		16:15
sommer	zul: in my PPA: https://launchpad.net/~asommer/+archive	16:16
vorian	holy moly, that's a bunch of stuff	16:16
sztomi_	ball: I forgot it: I'm trying to establish a point-to-point connection, so no dhcp.	16:20
ball	sztomi_: point-to-point between two machines in the same room?	16:22
ball	...or between two sites?	16:22
sztomi_	ball: same room	16:35
sztomi_	I want to transfer files from one box to another	16:35
sztomi_	brb	16:38
sztomi	re	16:39
ball	sztomi: are both machines on the same physical LAN?	16:40
sztomi	they are connected with a crossover ethernet cable	16:40
ball	ah good	16:40
ball	Did you statically-assign IP addresses to the interface on each machine?	16:40
sztomi	yes	16:41
sztomi	but on the server it keeps reseting to dhcp	16:41
sztomi	after a few minutes	16:41
dinsdale07	hello - I think I have a security problem on one of my server. I find this in the access.log for apache.	16:42
dinsdale07	213.155.227.229 - - [28/Dec/2008:23:03:09 +0100] "\x16\x03\x01" 501 412 "-" "-"	16:42
dinsdale07	what does the x16\x03 ... mean. I guess the 501 and 412 are the apache response codes.	16:43
ball	sztomi: okay, so you need to find out how to configure your box for static IP	16:43
dinsdale07	It looks as if a foreign IP has made a http request to another server. - which is kind of worrieing.	16:44
sztomi	I did configure it. I even connected once, but after a minute or two it just reseted (only on the server).	16:44
sztomi	I did: ifconfig eth1 ipaddr	16:44
sztomi	ifconfig eth1 down	16:44
sztomi	then up	16:44
sztomi	when I check it, it's there	16:45
sztomi	but one minute later, it isn't	16:45
ball	That machine is not also connected to a LAN?	16:48
ball	(other than the two-node LAN formed by the crossover cable)	16:49
sztomi	it is	16:49
sztomi	there are two interfaces	16:49
ball	okay, my guess is the Ubuntu server box is confused.	16:50
sztomi	eth0 is connected to lan	16:50
sztomi	eth1 is the one I'm trying to connect with the other box	16:50
ball	Hopefully someone here knows how to tell it to be a DHCP client on only one of its interfaces	16:50
ball	I'm really interested in this because it's on my list of things to do this week.	16:50
ProfFalken	ball: dhclient ethx	16:52
ball	ProfFalken: how do you configure that permanently?	16:54
=== specialK1vin is now known as specialKevin
sztomi	this looks promising: http://dirn.name/2008/11/how-to-set-static-ip-on-ubuntu-810-intrepid-ibex/	17:05
sztomi	but what is that nameserver stuff for?	17:07
Deeps	you can probably not worry about your resolv.conf if you're configuring a static ip on the same subnet as the dhcp pool	17:08
Deeps	also remember to `ps ax\|grep dhclient` and kill any dhclient processes that are running	17:08
ball	Deeps: these are two separate LANs though	17:11
ball	physically separate	17:11
=== kirkland` is now known as kirkland
sztomi	it works fine	17:14
ProfFalken	ball: I configure it in /etc/network/interfaces in the same way I configure a Debian Server.	17:34
=== espacious_ is now known as espacious
=== jmarsden_ is now known as jmarsden\|work
finite9	hello. ive used CentOS for years and im moving to Ubuntu server, but im perplexed that when trying to install mdadm, it has dependencies on citadel-server, citadel-mta etc. what is that???	18:30
finite9	those dependencies should not exist	18:30
jmedina	finite9: did you ever try to install citadel?	18:35
finite9	no why?	18:35
jmedina	here mdadm install without problems	18:35
jmedina	could you pastebin your apt-get intall output?	18:35
jmarsden\|work	apt-cache show mdadm \| grep Depends: # does not show a dependency on citadel here either...	18:36
finite9	yes, mdadm will install, but it also wants to install citadel-server which I do not want. I do not understand why mdadm forces me to install a mail server. it does not list citadel as a dependency in apt-cache showpkg, but it does have mail-transport-agant, and that probably depends on citadel	18:37
finite9	yep sure	18:37
domas	how to avoid kswapd deadlocks? :)	18:37
finite9	sorry not sure how to paste bin? how do you do that or do you just mean paste it into this window?	18:37
jmarsden\|work	finite9: You should probably install ssmtp (minimal mail server) and then mdadm.	18:38
jmarsden\|work	It wants one se it can email you error when the software RAID fails...	18:38
finite9	ok..makes sense. i used mailx on centos maybe that will fulill the dependency	18:39
jmarsden\|work	BTW which version of Ubuntu server are you using; the Intrepid version of mdadm does not seem to have this dependency	18:39
jmarsden\|work	mailx is not a mail server...	18:39
finite9	yepp it is a fresh intrepid installation with only xserver-xorg xserver-xorg-core and fluxbox installed on the base install	18:40
jmarsden\|work	finite9: For use of pastebin go to http://paste.ubuntu.com -- it is a way of providing many lines of info to IRC users without flooding the channel.	18:40
finite9	http://paste.ubuntu.com/100477/	18:41
finite9	is that how you do it? just provide url---+	18:41
jmarsden\|work	Yes. Ah, OK, it recommends mail-transport-agent ... try sudo apt-get install --no-install-recommends mdadm	18:42
jmarsden\|work	If you really do not want an MTA	18:42
finite9	do I need the MTA to get local mail reports from mdadm? I do want to receive mail about mdadm. I was a bit confused...I realise now that mailx is not a mail server.. I was simply using the "mail" program on Centos to read local mail and see reports from mdadm	18:44
finite9	thanks for the --no-install-recommends tip. that did the trick, but what can I install as a base minimum to get local mail? just ssmtp?	18:45
jmarsden\|work	finite9: ssmtp is for outgoing mail via some smarthost (such as your ISP's mail server)	18:49
jmarsden\|work	If you need a real local email server, you'd want something more like postfix and dovecot	18:49
finite9	jmarsden: thanks. will check how CentOS is setup and install equivalent on Ubuntu	18:57
muge2510	o route to hos	19:19
muge2510	zzz	19:41
uvirtbot`	New bug: #313960 in dnsmasq "Please update dnsmasq hardy packages to version 2.46" [Undecided,Invalid] https://launchpad.net/bugs/313960	19:46
uvirtbot`	New bug: #291843 in pango-graphite (main) "firefox crashes like mad with double free or corruption (dup-of: 286119)" [Undecided,New] https://launchpad.net/bugs/291843	20:07
uvirtbot`	New bug: #309539 in samba (main) "firefox 3.0.4 / 3.0.5 + libnss_wins ibex netswitch samba = firefox crash (dup-of: 286119)" [Undecided,New] https://launchpad.net/bugs/309539	20:11
pteague_work	i'm liking some of the new changes in intrepid :)	20:16
eolo999	!raid	20:43
ubottu	raid is Tips and tricks for RAID and LVM can be found on https://help.ubuntu.com/community/Installation/SoftwareRAID wto and http://www.tldp.org/HOWTO/LVM-HOWTO - For software RAID, see https://help.ubuntu.com/community/FakeRaidHowto	20:43
MatBoy	he guys I'm figuring out if I shall use Debian or Ubuntu for a web/mail/dns server... this because of sudo	20:45
MatBoy	I have build my own management script and I don't want to sudo everything	20:45
MatBoy	I mean in my script	20:45
andol	MatBoy: What does sudo has to do with the choice Debian vs. Ubuntu? You can go either way with both distributions.	20:50
MatBoy	andol: I need to change my script ?	20:50
MatBoy	I need to sudo all stuff	20:50
MatBoy	or is there a way to get around it ?	20:51
andol	MatBoy: why would you need to change your scripts?	20:51
MatBoy	andol: because every command needs to be a sudo command ?	20:51
andol	MatBoy: why?	20:52
aurigus	not if you run the script as sudo	20:52
MatBoy	andol: because I need to restart apache, change configfiles, all from scripts	20:52
MatBoy	aurigus: yes, but how would you want to do that ?	20:53
MatBoy	I mean, I can make a user, sysadmin	20:53
andol	MatBoy: Take a look inside /etc/init.d/ Do you see any sudo in them?	20:53
MatBoy	that user should not need to enter teh rootpassword everytime... or itś SUDO password	20:53
MatBoy	andol: apache restart requiers sudo	20:54
MatBoy	*requirs	20:54
andol	MatBoy: yes, but you were talking about having to change your scripts. Just because you use sudo to run a script doesn't mean you have to change it.	20:55
MatBoy	andol: why not ?	20:55
andol	MatBoy: But yes, if you really prefer a normal root account, there is nothing stopping you from enabling it in Ubuntu.	20:56
MatBoy	andol: no, why don't I need to edit my scripts ? every command needs "sudo"	20:56
zoopster	MatBoy: apache restart requires sufficient permissions to restart...sudo provides that without compromising the security of the system to an extreme	20:56
MatBoy	zoopster: yes, but itś nicer to do stuff as root so you never have issues with config files, restarts, so on	20:57
andol	MatBoy: Because, if you start the script with sudo, everything launched from inside that scripts inherits the same permissions.	20:57
aurigus	MatBoy: if you run the script with sudo, any process forked with that script is already sudoed	20:57
aurigus	someone please correct me if i am wrong, i am a relative ubuntu noob	20:58
MatBoy	aurigus: but you might understand how many scripts I have ?	20:58
eolo999	hi someone knows a way to !!&#$%@! shutdown a kvm machine?	20:58
zoopster	MatBoy: you can do things as root if you wish...not smart, but all you need to do is change the root password and what aurigus says is true	20:58
eolo999	virsh doesn't work	20:58
aurigus	kvm?	20:58
aurigus	the system attached to the kvm?	20:58
andol	aurigus: You've gotten it right.	20:58
aurigus	andol: ah good. I am more familar with RH based systems :)	20:59
MatBoy	zoopster: I will not discuss the security issues as I know huge companies like ebay/google use root a lot and see the disadvanatages too of sudo from time to time... so	20:59
eolo999	aurigus: Kernel Based Virtual Machine	20:59
aurigus	ah, darn duplicate acronyms	20:59
andol	aurigus: same kernel, same security model :)	20:59
eolo999	ehhe	20:59
eolo999	eheh	20:59
zoopster	MatBoy: then simply change the password...Ubuntu creates a hash for the root password by default...you can change it if you wish	20:59
zoopster	eolo999: you should be able to kill it's process, no?	21:00
eolo999	zoopster: so easy?!	21:00
eolo999	thanks	21:01
Deeps	MatBoy: so just run the scripts as a root user, instead of your unprivledged user?	21:01
zoopster	eolo999: the beauty of KVM over XEN for sure	21:01
Deeps	MatBoy: if you run scripts that need root privs as a non-root user, you need sudo. if you dont want to use sudo, run the scripts as a privledged user	21:01
Deeps	MatBoy: that, mind, is exactly the same in debian and in ubuntu	21:01
Deeps	MatBoy: unless you setuid the processes your scripts call	21:02
Deeps	MatBoy: that would be a security issue	21:02
Deeps	MatBoy: `sudo su -` will give you a root shell in ubuntu, at which point you can assign a root password.	21:02
Deeps	(and stop using sudo)	21:03
Nafallo	Deeps: sudo -i is the offical practise actually :-)	21:03
Deeps	sudo -i, sudo -s, sudo su -, sudo bash, so many options	21:03
Deeps	the 'correct' sudo way to define your root pass would be sudo passwd root	21:04
Deeps	i guess	21:04
Nafallo	MatBoy: check man sudoers. if your scripts are in the same directory it would be a few chars and you could sudo without password. not that I would recommend it...	21:04
Deeps	sudo smells, eitherway	21:04
eolo999	zoopster: thx	21:05
zoopster	eolo999: no problemo.	21:06
Nafallo	sudo is awesome if you know how to use it ;-)	21:06
zoopster	Nafallo: that is the key...us impatient people can barely RTFM	21:06
Deeps	Nafallo: do you check your $PATH and ensure whenever you use sudo that you're calling /usr/bin/sudo?	21:06
Deeps	Nafallo: whenever you're away from your terminal, do you make sure it's locked so nobody can use it?	21:07
Nafallo	Deeps: the locking, yes. the path... if I have it in scripts.	21:07
Deeps	i mean when you're using a terminal	21:07
Nafallo	I use my laptop and ssh mostly :-)	21:08
Nafallo	if I have to serial or so, I log out once sshd is up again :-)	21:08
Deeps	because if you dont check your $PATH or dont explicitly call /usr/bin/sudo (opting for 'sudo' instead and letting your $PATH get you to /usr/bin), then your at as much risk as if you enable passwordless sudo	21:08
Deeps	your userlevel account is compromised, your PATH is altered, sudo ends up taking you to ~/.hidden/sudo for example, which is a nice wrapper that stores your input and feeds it to the real sudo so you dont realise	21:09
Deeps	ofc if your userlevel account is compromised through password breakage, attacker doesn't need to go that far either	21:09
Nafallo	I realise the dangers, yes.	21:10
Deeps	(this is true of attempting to break into root through su as well mind)	21:10
Deeps	my point being that passwordless sudo isn't really much of a risk unless you're actively monitoring against this kind of attack	21:10
Nafallo	security through obscurity once you choose the level you're confident being at.	21:10
Nafallo	if I'd like to have a secure server I would disconnect all cards and lock it in a bunker...	21:11
Nafallo	s/cards/cords/	21:11
Deeps	(this pretty much being the justification openssh/debian has for enabling ssh root logins by default)	21:11
lukehasnoname	Anyone read "Pro Ubuntu Server Administration"?	21:12
Deeps	while i'd argue against that, as 'root' is a known login, while my username is not. however, unless you treat your user account as a privledged account, assuming that once someone gets into your account they'll effectively have root privs, and protect it accordingly, you're at risk	21:12
MatBoy	Deeps: mhh, you know most enterprise CP solutions even do stuff as root ?	21:16
uvirtbot`	New bug: #314173 in samba (main) "package samba-common 2:3.2.3-1ubuntu3.4 failed to install/upgrade: Unterprozess post-installation script gab den Fehlerwert 1 zurück" [Undecided,New] https://launchpad.net/bugs/314173	21:16
aurigus	lukehasnoname: link?	21:18
lukehasnoname	http://www.amazon.com/Ubuntu-Server-Administration-Sander-Vugt/dp/1430216220/ref=pd_bbs_sr_1?ie=UTF8&s=books&qid=1231189989&sr=8-1	21:18
Deeps	MatBoy: yep, because the people operating their servers know what they're doing. sudo's great for people who dont. minimizes the risk of stuff going wrong. is more of a hinderance than useful if you know what you're doing though.	21:18
aurigus	then nope	21:18
lukehasnoname	I read the "beginning" book, and it was alright, had some info I didn't know before. I think the "Beginning LTS" book he put out had some productive updates.	21:18
MatBoy	Deeps: I kinda know what I do ;)	21:19
MatBoy	but Ubuntu has newer packages than debian has...	21:19
MatBoy	and in my opinion ubuntu is faster than debian from time to time	21:19
Deeps	MatBoy: ok, 'sudo's still nothing to make a choice between debian and ubuntu though. package versions, stability, drivers, those'd be things to look at.	21:20
MatBoy	Deeps: yes, but I want to leave the system as native as it can be	21:20
MatBoy	Ubuntu wins in packages ;) for sure	21:20
Deeps	"as native" means?	21:20
Deeps	ubuntu has more recent versions yes, but newer isnt always better, really depends on what your server's purpose is	21:20
MatBoy	Deeps: install packages and keep settings as the system sets them by default on OS level	21:21
Deeps	ok	21:21
MatBoy	I see controlpanels even package their own packages for apache which I never liked	21:21
MatBoy	and don't understand	21:21
Deeps	you'll need to check the packages in debian and ubuntu's default configurations to see if they suit your needs, you'll probably find little difference between debian and ubuntu packages mind	21:21
MatBoy	yep true, but I trust Ubuntu more these days if I may be honest	21:22
Deeps	whatever makes you happy	21:22
MatBoy	Debian left me in the dark on Userlevel (WS) the first time, and server was not that nice also :)	21:22
MatBoy	Deeps: Ubuntu ;) why do you think I'm here ?? :p	21:22
Deeps	debian is designed for servers, ubuntu was designed for desktops	21:23
Deeps	you can get a gui for debian but it's not very well polished	21:23
MatBoy	Deeps: true, but Ubuntu server is very perfect !!	21:23
Deeps	again, depends on your needs	21:23
lukehasnoname	I'm having a huge internal conflict	21:23
lukehasnoname	Opensolaris vs. Ubuntu for my test environment	21:23
MatBoy	lukehasnoname: take some paracetamol :D	21:23
Deeps	i find it's good enough for most of my needs, but not all	21:23
lukehasnoname	Crossbow, ZFS and Sun's docs are so nice	21:24
MatBoy	Deeps: what ? debian ?	21:24
Deeps	ubuntu	21:24
lukehasnoname	but Ubuntu is Linux, and it more used, with more tools	21:24
MatBoy	Deeps: and you prefer debian in some cases ?	21:24
Deeps	lukehasnoname: there's a ubuntu/opensolaris crossover distro, opensolaris kernel, gnu userland with ubuntu packages	21:24
Deeps	MatBoy: yep	21:24
Deeps	lukehasnoname: so you get native zfs while sticking to familiar toosl	21:24
MatBoy	Deeps: I know what you mean... but Ubuntu holds more SW	21:24
lukehasnoname	Nexenta?	21:25
Deeps	that might be the one	21:25
Deeps	sounds right	21:25
Deeps	i've heard they lack the resources to actually make it worthwhile, but that may just be dirty talk from solaris fanboys	21:25
zoopster	lukehasnoname: nexenta is correct	21:26
zoopster	Deeps: Everyone is lacking resources...I've been talking with their CEO and they seem to be doing quite well even signing on some interesting new vad's	21:27
Deeps	nice	21:28
lukehasnoname	It's always saddened me that one of the most functional and inspiring open source projects, Ubuntu, restricted itself by using Linux instead of BSD (Solaris wasn't open at the time).	21:28
Deeps	i might apply, nobody i can see is hiring	21:28
Deeps	all my interviews in the last 3 months have been "we'd love to take you on, but we've just halted all new external hires, sorry!"	21:29
Deeps	wasting my time	21:29
lukehasnoname	Deeps: same with my main internship opportunity this past month	21:29
Deeps	sucks dunnit	21:29
lukehasnoname	ya	21:30
Deeps	gonna start calling them all up again tomorrow though, see if the new financial quarter reopens opportunity	21:30
lukehasnoname	where do you live, and what job are you looking for?	21:30
Deeps	currently at my parents home in spain, just came from 3 months in dublin, moving to the uk end of the month to try my luck there	21:31
Deeps	and anything with linux systems and/or networks	21:31
lukehasnoname	same	21:31
lukehasnoname	well	21:31
lukehasnoname	the job part, as an intern	21:31
Deeps	although i'm biting the bullet and getting MCSE certified before i leave	21:31
Deeps	since there's more windows jobs than linux jobs these days	21:31
lukehasnoname	probably a good call	21:31
Deeps	and right now a job's a job	21:31
lukehasnoname	I'm going to get CCNA	21:31
lukehasnoname	and maybe look into LPI or some other Linux cert	21:32
lukehasnoname	along with the college degree I'm working on	21:32
Deeps	gl	21:33
lukehasnoname	thanks	21:33
lukehasnoname	I'm also constantly on the lookout for good business ideas, to start on my own	21:33
* ProfFalken is off to bed... good night everyone...		21:34
lukehasnoname	night	21:34
uvirtbot`	New bug: #314170 in freeradius (universe) "Freeradius package outdated" [Undecided,New] https://launchpad.net/bugs/314170	22:05
genii	Is Diameter supposed to be superceding Radius?	22:20
Deeps	diameter = 2r	22:22
Deeps	:D	22:22
genii	Deeps: Heh. I meant the one here rather :) http://www.opendiameter.org/	22:25
uvirtbot`	New bug: #311487 in openldap (main) "ldap n-way multi master from Ubuntu Server guide" [Undecided,Incomplete] https://launchpad.net/bugs/311487	22:59
=== liberfiasco is now known as libervisco

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!