[00:50] <nemoego> I have two ubuntu servers, alpha acts as DHCP/TFTP/NFS server from which beta does a TFTP boot with NFS root.  All this works ok, but beta will disappear from the network periodically: i.e. ping reports 'Destination host unreachable' and ongoing samba transfers timeout. logging in to beta locally and running a command will make it reachable again for a while. What's happening here?
[00:54] <yann2> nemoego > I had a similar issue once
[00:54] <yann2> are you using network bonding?
[00:56] <nemoego> yann2: don't think so, that's using multiple interfaces with one IP, right?
[00:56] <yann2> yes
[00:56] <yann2> my other question would be, is the server virtualized
[00:57] <yann2> a stupid guess could also be: you have an IP conflict somewhere and the switch gets confused
[00:57] <yann2> try assigning another IP
[00:58] <nemoego> the nfs root was originally made with a virtual machine, but it's running on metal now, DHCP doesn't assign IPs in the range beta is in, and i think if I change IPs i will lose my NFS root, no?
[00:59] <yann2> well just check there is no conflict at swtich level
[01:00] <nemoego> yeah, there are 6 machines on the network and the 2 have static IPs and the rest are getting dynamic IPs from the server properly
[01:01] <nemoego> it's almost like beta is forgetting it has an IP until I force it to access the NFS share...
[01:02] <yann2> I bet it's more the switch that gets confused with the mac address :P
[01:02] <yann2> or maybe I'm wrong, but this is what I would investigate :)
[01:02] <nemoego> how would I go about that?
[01:07] <yann2> when you say
[01:07] <yann2>  logging in to beta locally and running a command will make it reachable again
[01:07] <yann2> that command has to be network related?
[01:08] <yann2> or a simple ls is enough?
[01:08] <yann2> is it a manageable switch?
[01:09] <nemoego> since it's an NFS root, any command forces access to the NFS server (alpha), also the first command takes 30-60 seconds, subsequent commands are instant
[01:09] <nemoego> switch is a cheap wifi router
[01:11] <nemoego> also, i notice this problem mostly because it interrupts my samba transfers to beta, so i'm communicating with the machine when it disappears
[01:48] <msucoder> Has anyone here fooled with webcamd before?
[03:49] <danielm_mc> yoza - is there an easy way to upgrade 32-bit hardy heron to 64-bit hardy w/o complete re-install?  URI plz... :-)
[08:43] <pteague> suggestions for a mail server simply for sending mail from a lamp server? debating postfix or sendmail
[08:43] <Jeeves_> never choose sendmail
[08:45] <pteague> that bad? or just no good options?
[08:46] <hads> postfix
[08:46] <Jeeves_> Exim
[08:46] <hads> :)
[08:46] <Jeeves_> ssmtp
[08:46] <Jeeves_> Net::SMTP
[08:47] <hads> mail()
[08:47] <Jeeves_> Net::Telnet
[08:47] <Jeeves_> echo, cat, |, netcat
[08:47] <henkjan> pteague: just stay with the default postfix install
[08:48] <hads> pteague: Postfix is easy and works out of the box on Ubuntu
[08:48] <pteague> at this point i'd like to just get `php -r 'mail( "valid@email.com", "testing", "this is a test email." );';` to work :)
[08:48] <pteague> k
[08:48]  * henkjan hands an exchange 2k3 install cd to Jeeves_ 
[08:49] <pteague> um, which configuration thing should i choose? internet site, internet w/smarthost, satellite system... ?
[08:49] <Jeeves_> henkjan: Bah!
[08:49] <pteague> i know when i'm behind cox i have to use their mail servers :(
[08:49] <hads> Internet site usually if you're an Internet site :)
[08:50] <pteague> this is home file/web server ... & test server
[08:50] <kraut> moin
[08:50] <hads> pteague: Then you'll probably want to use your ISP's mail server as a smarthost.
[08:50] <pteague> probably won't be receiving email except via fetchmail ...
[08:52] <pteague> ok, what should i use as the system mail name?  my main site's domain or cox.net ?
[08:57] <hads> your.domain.co.au
[09:00] <pteague> the smtp relay host i'm guessing is the smpt.isp.com mail server i need to send through
[12:26] <AnAnt> Hello, does ubuntu provide some web-based tool for managing the server ?
[12:36] <_ruben> !ebox
[12:36] <_ruben> AnAnt: ^^
[12:52] <AnAnt> ok
[13:00] <spiekey> hello!
[13:01] <spiekey> this might be a little Off-Topic but i need some hints or opinions for NAS/SAN :)
[13:01] <spiekey> i would like to save about 4-6TB. I could just use a Debian Box with a Raid5 controller and SATA. Or maybe just a JBOD attached by eSATA?
[13:02] <spiekey> or should i not use a operating system at all and use an appliance?
[13:09] <ProfFalken> spiekey: you might be better off looking a a server/server cluster that connects to a SAN backend via fibre-channel SCSI.  I've use infortrend int eh past and that seems to work pretty well if its of any help?
[13:54] <AnAnt> _ruben: thanks
[14:13] <vorian> ScottK: when would be a good time to cover the server migration you mentioned last week? :)
[14:13] <ScottK> Now isn't so bad.
[14:13] <vorian> excellent
[14:13] <ScottK> I did do a bit of work on it over my Christmas holiday, so there are some removals pending.
[14:14] <ScottK> Currently we have DB4.2 -> 4.7 in the archive.
[14:14] <ScottK> The goal is to get that down to as few as possible.
[14:14] <vorian> ok
[14:14] <ScottK> Currently 4.2 needs to stay due to some openldap oddities.
[14:14] <ScottK> zul: Did openldap ever get working on later than 4.2?
[14:15] <ScottK> Most things are on 4.6/4.7.
[14:15] <ScottK> So the goal is to kill of 4.3/4.4/4.5.
[14:15] <ScottK> Each of them still has a few rdepends.
[14:15] <zul> ScottK: probably I havent checked in a while though
[14:15] <ScottK> I did get to file a removal bug on one of them.
[14:15] <ScottK> zul: Could you add that to your Jaunty list of stuff to do?
[14:16] <ScottK> It'd be nice to get that one out of Main and maybe even out of the archive.
[14:16] <ScottK> vorian: So look at the rdepends for each binary and then see if you can get them to work with a later version.
[14:17] <ScottK> You can also look in Debian for patches as they were trying to do the same thing for Lenny.
[14:17] <vorian> ScottK: is this just for jaunty? or 8.04+?
[14:18] <ScottK> vorian: Jaunty.
[14:18] <vorian> roger
[14:18] <zul> ScottK: you mean my never-ending-todo-list-that-grows-ever-bigger-by-the-second?
[14:19] <ScottK> zul: Yes or the "list-of-stuff-to-get-mathiaz-to-do".
[14:21] <domas> hi! why the heck doesn't oprofile recognize vmlinux?
[14:21] <domas> root@db25:/a# opcontrol --vmlinux=/boot/vmlinux-debug-2.6.24-22-server
[14:21] <domas> The specified file /boot/vmlinux-debug-2.6.24-22-server does not seem to be valid
[14:21] <domas> :)
[14:23]  * domas reviews 'opcontrol'
[14:24] <domas> ah, found the problem %)
[14:24] <domas> dependancy bug
[14:26] <domas> anyone would know why rsync would be hitting sys% that much, with such profile: http://p.defau.lt/?hkE20oFLHK1UQYzFisbnMg
[14:28] <Shoopuf> Any reason why I wouldn't want to run a sudo aptitude update/install/safe-upgrade?
[14:29] <Shoopuf> And anyone know some good software to test the security of my server?
[14:31] <a_ok> is there a way i can prevent apt from starting/ stopping services?
[14:31] <a_ok> daemons/init scripts whatever you want to call them
[14:36] <ProfFalken> Shoopuf: what kind of server is it? (DB/LAMP/LDAP?) there'll be a tool to test it!
[14:37] <Shoopuf> ProfFalken: LAMP
[14:39] <domas> I smell a regression somewhere :(
[14:40] <ProfFalken> Shoopuf: http://www.howtoforge.com/apache_security_testing_with_nikto - it's a bit old (dapper) but it refers to Nikto (http://www.cirt.net/nikto2) which will help you.
[14:46] <ProfFalken> anyone in here know why I wouldn't be able to su from root to another user without typing the passwords?
[14:47] <domas> what the heck
[14:47] <domas> if I rsync single file, it is copied at 100MB/s
[14:48] <domas> if I rsync that same file as part of directory copy, it is copied at 10MB/s
[14:48] <domas> and most of time is spent in kernel
[14:59] <ProfFalken> w00t! Fixed it - /etc/pam.d/su did not have "auth sufficient /lib/security/rootok.so". it all works now... :o)
[15:03] <eolo999> hi, "virsh -c qemu:///system shutdown machine-name" doesn't stop my machine...
[15:13] <eolo999> hi i cannot shutdown kvm machines!
[15:13] <eolo999> someone can help me?
[15:27] <Shoopuf> ProfFalken: oh dear ;P
[15:30] <Shoopuf> Got it to run but don't understand most of the output. :P
[15:33] <ball> eolo999: what kind of kvm machines?
[15:35] <Shoopuf> Is there a way for me to password-protect one particular directory if someone tries to navigate to it with a URL?
[15:37] <Shoopuf> i know there's a way but what's the best way :)
[15:43] <ProfFalken> Shoopuf: look into .htaccess files - they rock!  As for Nikto, I've not used it for a while but I'm sure Google can help you with the results... ;o)
[15:44] <Shoopuf> ProfFalken: yah i found the site that lists what each error is... http://osvdb.org/show/osvdb/3092
[16:01] <jussi01> does anyone know how to fix locales stuff? http://paste.ubuntu.com/100395/
[16:02] <zul> sommer: ping
[16:02] <ProfFalken> jussi01: dpkg-reconfigure locales
[16:02] <jussi01> ProfFalken: ahh, thanks!
[16:06] <ball> Is NFS the natural choice for serving up filespace from Ubuntu Server to Xubuntu?
[16:07] <soren> ball: Most of the time, I use Samba.
[16:07] <sommer> zul: yl
[16:07] <sommer> zul: err yo
[16:08] <vorian> ScottK: what is the specific argument for apt-rdepends to work it's magic?
[16:09] <ball> Hello soren, haven't seen you for about a hundred years.
[16:09] <soren> ball: I've never left :)
[16:09] <ScottK> vorian: apt-cache rdepends libdb4.5
[16:10] <zul> sommer: where is the ebox stuff again?
[16:10] <vorian> i thought it was apt-rdepends -r/b or something like that
[16:11] <vorian> ah
[16:11] <vorian> ok
[16:11] <vorian> thanks ScottK
[16:11] <sztomi_> 17:08 < sztomi> I'm trying to establish an ssh connection between two ubuntu boxes. The problem is that whenever I set a static ip address on the server, it gets reset after a few  seconds. I managed to connect once, but a few minutes later, the connection was frozen, and when I checked, the static IP was reset on the server. Can you help me?
[16:11] <sztomi_> 17:08 < sztomi> I'm trying to establish an ssh connection between two ubuntu boxes. The problem is that whenever I set a static ip address on the server, it gets reset after a few  seconds. I managed to connect once, but a few minutes later, the connection was frozen, and when I checked, the static IP was reset on the server. Can you help me?
[16:11] <vorian> It looks like 4.6 is the one that needs work
[16:11] <sztomi_> sry
[16:12] <ScottK> vorian: True, but it'd be nice to finish off 4.3/4.4/4.5 and get them removed.
[16:12] <ScottK> Of course those are mostly the hard ones left.
[16:13] <ball> sztomi_: did you tell your DHCP server to provide the same IP address consistently to the machine you're trying to ssh into?
[16:13] <vorian> ScottK: all i see in .3/.4/.5 are libdb4.*-dev and db4.*-util
[16:13] <vorian> 4.2 and 4.6 have a bunch yet
[16:14] <ScottK> vorian: You need to look at all the binaries.
[16:14] <ScottK> vorian: e.g. apt-cache rdepends libdb4.5++
[16:14] <vorian> ahhh, ok
[16:15]  * vorian is slow
[16:15] <ScottK> vorian: apt-cache showsrc db4.5 will show you a list.
[16:15] <vorian> nod :)
[16:15]  * vorian gets cracking
[16:16] <sommer> zul: in my PPA: https://launchpad.net/~asommer/+archive
[16:16] <vorian> holy moly, that's a bunch of stuff
[16:20] <sztomi_> ball: I forgot it: I'm trying to establish a point-to-point connection, so no dhcp.
[16:22] <ball> sztomi_: point-to-point between two machines in the same room?
[16:22] <ball> ...or between two sites?
[16:35] <sztomi_> ball: same room
[16:35] <sztomi_> I want to transfer files from one box to another
[16:38] <sztomi_> brb
[16:39] <sztomi> re
[16:40] <ball> sztomi: are both machines on the same physical LAN?
[16:40] <sztomi> they are connected with a crossover ethernet cable
[16:40] <ball> ah good
[16:40] <ball> Did you statically-assign IP addresses to the interface on each machine?
[16:41] <sztomi> yes
[16:41] <sztomi> but on the server it keeps reseting to dhcp
[16:41] <sztomi> after a few minutes
[16:42] <dinsdale07> hello - I think I have a security problem on one of my server. I find this in the access.log for apache.
[16:42] <dinsdale07> 213.155.227.229 - - [28/Dec/2008:23:03:09 +0100] "\x16\x03\x01" 501 412 "-" "-"
[16:43] <dinsdale07> what does the x16\x03 ... mean. I guess the 501 and 412 are the apache response codes.
[16:43] <ball> sztomi: okay, so you need to find out how to configure your box for static IP
[16:44] <dinsdale07> It looks as if a foreign IP has made a http request to another server.  - which is kind of worrieing.
[16:44] <sztomi> I did configure it. I even connected once, but after a minute or two it just reseted (only on the server).
[16:44] <sztomi> I did: ifconfig eth1 ipaddr
[16:44] <sztomi> ifconfig eth1 down
[16:44] <sztomi> then up
[16:45] <sztomi> when I check it, it's there
[16:45] <sztomi> but one minute later, it isn't
[16:48] <ball> That machine is not also connected to a LAN?
[16:49] <ball> (other than the two-node LAN formed by the crossover cable)
[16:49] <sztomi> it is
[16:49] <sztomi> there are two interfaces
[16:50] <ball> okay, my guess is the Ubuntu server box is confused.
[16:50] <sztomi> eth0 is connected to lan
[16:50] <sztomi> eth1 is the one I'm trying to connect with the other box
[16:50] <ball> Hopefully someone here knows how to tell it to be a DHCP client on *only* one of its interfaces
[16:50] <ball> I'm really interested in this because it's on my list of things to do this week.
[16:52] <ProfFalken> ball: dhclient ethx
[16:54] <ball> ProfFalken: how do you configure that permanently?
[17:05] <sztomi> this looks promising: http://dirn.name/2008/11/how-to-set-static-ip-on-ubuntu-810-intrepid-ibex/
[17:07] <sztomi> but what is that nameserver stuff for?
[17:08] <Deeps> you can probably not worry about your resolv.conf if you're configuring a static ip on the same subnet as the dhcp pool
[17:08] <Deeps> also remember to `ps ax|grep dhclient` and kill any dhclient processes that are running
[17:11] <ball> Deeps: these are two separate LANs though
[17:11] <ball> physically separate
[17:14] <sztomi> it works fine
[17:34] <ProfFalken> ball: I configure it in /etc/network/interfaces in the same way I configure a Debian Server.
[18:30] <finite9> hello.  ive used CentOS for years and im moving to Ubuntu server, but im perplexed that when trying to install mdadm, it has dependencies on citadel-server, citadel-mta etc.  what is that???
[18:30] <finite9> those dependencies should not exist
[18:35] <jmedina> finite9: did you ever try to install citadel?
[18:35] <finite9> no why?
[18:35] <jmedina> here mdadm install without problems
[18:35] <jmedina> could you pastebin your apt-get intall output?
[18:36] <jmarsden|work> apt-cache show mdadm | grep Depends:   # does not show a dependency on citadel here either...
[18:37] <finite9> yes, mdadm will install, but it also wants to install citadel-server which I do not want.  I do not understand why mdadm forces me to install a mail server.  it does not list citadel as a dependency in apt-cache showpkg, but it does have mail-transport-agant, and that probably depends on citadel
[18:37] <finite9> yep sure
[18:37] <domas> how to avoid kswapd deadlocks? :)
[18:37] <finite9> sorry not sure how to paste bin?  how do you do that or do you just mean paste it into this window?
[18:38] <jmarsden|work> finite9: You should probably install ssmtp (minimal mail server) and then mdadm.
[18:38] <jmarsden|work> It wants one se it can email you error when the software RAID fails...
[18:39] <finite9> ok..makes sense.  i used mailx on centos maybe that will fulill the dependency
[18:39] <jmarsden|work> BTW which version of Ubuntu server are you using; the Intrepid version of mdadm does not seem to have this dependency
[18:39] <jmarsden|work> mailx is not a mail server...
[18:40] <finite9> yepp it is a fresh intrepid installation with only xserver-xorg xserver-xorg-core and fluxbox installed on the base install
[18:40] <jmarsden|work> finite9: For use of pastebin go to http://paste.ubuntu.com -- it is a way of providing many lines of info to IRC users without flooding the channel.
[18:41] <finite9> http://paste.ubuntu.com/100477/
[18:41] <finite9> is that how you do it? just provide url---+
[18:42] <jmarsden|work> Yes.  Ah, OK, it *recommends* mail-transport-agent ... try sudo apt-get install --no-install-recommends mdadm
[18:42] <jmarsden|work> If you really do not want an MTA
[18:44] <finite9> do I need the MTA to get local mail reports from mdadm?  I do want to receive mail about mdadm.  I was a bit confused...I realise now that mailx is not a mail server..  I was simply using the "mail" program on Centos to read local mail and see reports from mdadm
[18:45] <finite9> thanks for the --no-install-recommends tip. that did the trick, but what can I install as a base minimum to get local mail?  just ssmtp?
[18:49] <jmarsden|work> finite9: ssmtp is for outgoing mail via some smarthost (such as your ISP's mail server)
[18:49] <jmarsden|work> If you need a real local email server, you'd want something more like postfix and dovecot
[18:57] <finite9> jmarsden: thanks.  will check how CentOS is setup and install equivalent on Ubuntu
[19:19] <muge2510> o route to hos
[19:41] <muge2510> zzz
[19:46] <uvirtbot`> New bug: #313960 in dnsmasq "Please update dnsmasq hardy packages to version 2.46" [Undecided,Invalid] https://launchpad.net/bugs/313960
[20:07] <uvirtbot`> New bug: #291843 in pango-graphite (main) "firefox crashes like mad with double free or corruption (dup-of: 286119)" [Undecided,New] https://launchpad.net/bugs/291843
[20:11] <uvirtbot`> New bug: #309539 in samba (main) "firefox 3.0.4 / 3.0.5 + libnss_wins ibex netswitch samba = firefox crash (dup-of: 286119)" [Undecided,New] https://launchpad.net/bugs/309539
[20:16] <pteague_work> i'm liking some of the new changes in intrepid :)
[20:43] <eolo999> !raid
[20:45] <MatBoy> he guys I'm figuring out if I shall use Debian or Ubuntu for a web/mail/dns server... this because of sudo
[20:45] <MatBoy> I have build my own management script and I don't want to sudo everything
[20:45] <MatBoy> I mean in my script
[20:50] <andol> MatBoy: What does sudo has to do with the choice Debian vs. Ubuntu? You can go either way with both distributions.
[20:50] <MatBoy> andol: I need to change my script ?
[20:50] <MatBoy> I need to sudo all stuff
[20:51] <MatBoy> or is there a way to get around it ?
[20:51] <andol> MatBoy: why would you need to change your scripts?
[20:51] <MatBoy> andol: because every command needs to be a sudo command ?
[20:52] <andol> MatBoy: why?
[20:52] <aurigus> not if you run the script as sudo
[20:52] <MatBoy> andol: because I need to restart apache, change configfiles, all from scripts
[20:53] <MatBoy> aurigus: yes, but how would you want to do that ?
[20:53] <MatBoy> I mean, I can make a user, sysadmin
[20:53] <andol> MatBoy: Take a look inside /etc/init.d/ Do you see any sudo in them?
[20:53] <MatBoy> that user should not need to enter teh rootpassword everytime... or itś SUDO password
[20:54] <MatBoy> andol: apache restart requiers sudo
[20:54] <MatBoy> *requirs
[20:55] <andol> MatBoy: yes, but you were talking about having to change your scripts. Just because you use sudo to run a script doesn't mean you have to change it.
[20:55] <MatBoy> andol: why not ?
[20:56] <andol> MatBoy: But yes, if you really prefer a normal root account, there is nothing stopping you from enabling it in Ubuntu.
[20:56] <MatBoy> andol: no, why don't I need to edit my scripts ? every command needs "sudo"
[20:56] <zoopster> MatBoy: apache restart requires sufficient permissions to restart...sudo provides that without compromising the security of the system to an extreme
[20:57] <MatBoy> zoopster: yes, but itś nicer to do stuff as root so you never have issues with config files, restarts, so on
[20:57] <andol> MatBoy: Because, if you start the script with sudo, everything launched from inside that scripts inherits the same permissions.
[20:57] <aurigus> MatBoy: if you run the script with sudo, any process forked with that script is already sudoed
[20:58] <aurigus> someone please correct me if i am wrong, i am a relative ubuntu noob
[20:58] <MatBoy> aurigus: but you might understand how many scripts I have ?
[20:58] <eolo999> hi someone knows a way to !!*&*#$%@! shutdown a kvm machine?
[20:58] <zoopster> MatBoy: you can do things as root if you wish...not smart, but all you need to do is change the root password and what aurigus says is true
[20:58] <eolo999> virsh doesn't work
[20:58] <aurigus> kvm?
[20:58] <aurigus> the system attached to the kvm?
[20:58] <andol> aurigus: You've gotten it right.
[20:59] <aurigus> andol:  ah good. I am more familar with RH based systems :)
[20:59] <MatBoy> zoopster: I will not discuss the security issues as I know huge companies like ebay/google use root a lot and see the disadvanatages too of sudo from time to time... so
[20:59] <eolo999> aurigus: Kernel Based Virtual Machine
[20:59] <aurigus> ah, darn duplicate acronyms
[20:59] <andol> aurigus: same kernel, same security model :)
[20:59] <eolo999> ehhe
[20:59] <eolo999> eheh
[20:59] <zoopster> MatBoy: then simply change the password...Ubuntu creates a hash for the root password by default...you can change it if you wish
[21:00] <zoopster> eolo999: you should be able to kill it's process, no?
[21:00] <eolo999> zoopster: so easy?!
[21:01] <eolo999> thanks
[21:01] <Deeps> MatBoy: so just run the scripts as a root user, instead of your unprivledged user?
[21:01] <zoopster> eolo999: the beauty of KVM over XEN for sure
[21:01] <Deeps> MatBoy: if you run scripts that need root privs as a non-root user, you need sudo. if you dont want to use sudo, run the scripts as a privledged user
[21:01] <Deeps> MatBoy: that, mind, is exactly the same in debian and in ubuntu
[21:02] <Deeps> MatBoy: unless you setuid the processes your scripts call
[21:02] <Deeps> MatBoy: *that* would be a security issue
[21:02] <Deeps> MatBoy: `sudo su -` will give you a root shell in ubuntu, at which point you can assign a root password.
[21:03] <Deeps> (and stop using sudo)
[21:03] <Nafallo> Deeps: sudo -i is the offical practise actually :-)
[21:03] <Deeps> sudo -i, sudo -s, sudo su -, sudo bash, so many options
[21:04] <Deeps> the 'correct' sudo way to define your root pass would be sudo passwd root
[21:04] <Deeps> i guess
[21:04] <Nafallo> MatBoy: check man sudoers. if your scripts are in the same directory it would be a few chars and you could sudo without password. not that I would recommend it...
[21:04] <Deeps> sudo smells, eitherway
[21:05] <eolo999> zoopster: thx
[21:06] <zoopster> eolo999: no problemo.
[21:06] <Nafallo> sudo is awesome if you know how to use it ;-)
[21:06] <zoopster> Nafallo: that is the key...us impatient people can barely RTFM
[21:06] <Deeps> Nafallo: do you check your $PATH and ensure whenever you use sudo that you're calling /usr/bin/sudo?
[21:07] <Deeps> Nafallo: whenever you're away from your terminal, do you make sure it's locked so nobody can use it?
[21:07] <Nafallo> Deeps: the locking, yes. the path... if I have it in scripts.
[21:07] <Deeps> i mean when you're using a terminal
[21:08] <Nafallo> I use my laptop and ssh mostly :-)
[21:08] <Nafallo> if I have to serial or so, I log out once sshd is up again :-)
[21:08] <Deeps> because if you dont check your $PATH or dont explicitly call /usr/bin/sudo (opting for 'sudo' instead and letting your $PATH get you to /usr/bin), then your at as much risk as if you enable passwordless sudo
[21:09] <Deeps> your userlevel account is compromised, your PATH is altered, sudo ends up taking you to ~/.hidden/sudo for example, which is a nice wrapper that stores your input and feeds it to the real sudo so you dont realise
[21:09] <Deeps> ofc if your userlevel account is compromised through password breakage, attacker doesn't need to go that far either
[21:10] <Nafallo> I realise the dangers, yes.
[21:10] <Deeps> (this is true of attempting to break into root through su as well mind)
[21:10] <Deeps> my point being that passwordless sudo isn't really much of a risk unless you're actively monitoring against this kind of attack
[21:10] <Nafallo> security through obscurity once you choose the level you're confident being at.
[21:11] <Nafallo> if I'd like to have a secure server I would disconnect all cards and lock it in a bunker...
[21:11] <Nafallo> s/cards/cords/
[21:11] <Deeps> (this pretty much being the justification openssh/debian has for enabling ssh root logins by default)
[21:12] <lukehasnoname> Anyone read "Pro Ubuntu Server Administration"?
[21:12] <Deeps> while i'd argue against that, as 'root' is a known login, while my username is not. however, unless you treat your user account as a privledged account, assuming that once someone gets into your account they'll effectively have root privs, and protect it accordingly, you're at risk
[21:16] <MatBoy> Deeps: mhh, you know most enterprise CP solutions even do stuff as root ?
[21:16] <uvirtbot`> New bug: #314173 in samba (main) "package samba-common 2:3.2.3-1ubuntu3.4 failed to install/upgrade: Unterprozess post-installation script gab den Fehlerwert 1 zurück" [Undecided,New] https://launchpad.net/bugs/314173
[21:18] <aurigus> lukehasnoname: link?
[21:18] <lukehasnoname> http://www.amazon.com/Ubuntu-Server-Administration-Sander-Vugt/dp/1430216220/ref=pd_bbs_sr_1?ie=UTF8&s=books&qid=1231189989&sr=8-1
[21:18] <Deeps> MatBoy: yep, because the people operating their servers know what they're doing. sudo's great for people who dont. minimizes the risk of stuff going wrong. is more of a hinderance than useful if you know what you're doing though.
[21:18] <aurigus> then nope
[21:18] <lukehasnoname> I read the "beginning" book, and it was alright, had some info I didn't know before. I think the "Beginning LTS" book he put out had some productive updates.
[21:19] <MatBoy> Deeps: I kinda know what I do ;)
[21:19] <MatBoy> but Ubuntu has newer packages than debian has...
[21:19] <MatBoy> and in my opinion ubuntu is faster than debian from time to time
[21:20] <Deeps> MatBoy: ok, 'sudo's still nothing to make a choice between debian and ubuntu though. package versions, stability, drivers, those'd be things to look at.
[21:20] <MatBoy> Deeps: yes, but I want to leave the system as native as it can be
[21:20] <MatBoy> Ubuntu wins in packages ;) for sure
[21:20] <Deeps> "as native" means?
[21:20] <Deeps> ubuntu has more recent versions yes, but newer isnt always better, really depends on what your server's purpose is
[21:21] <MatBoy> Deeps: install packages and keep settings as the system sets them by default on OS level
[21:21] <Deeps> ok
[21:21] <MatBoy> I see controlpanels even package their own packages for apache which I never liked
[21:21] <MatBoy> and don't understand
[21:21] <Deeps> you'll need to check the packages in debian and ubuntu's default configurations to see if they suit your needs, you'll probably find little difference between debian and ubuntu packages mind
[21:22] <MatBoy> yep true, but I trust Ubuntu more these days if I may be honest
[21:22] <Deeps> whatever makes you happy
[21:22] <MatBoy> Debian left me in the dark on Userlevel (WS) the first time, and server was not that nice also :)
[21:22] <MatBoy> Deeps: Ubuntu ;) why do you think I'm here ?? :p
[21:23] <Deeps> debian is designed for servers, ubuntu was designed for desktops
[21:23] <Deeps> you can get a gui for debian but it's not very well polished
[21:23] <MatBoy> Deeps: true, but Ubuntu server is very perfect !!
[21:23] <Deeps> again, depends on your needs
[21:23] <lukehasnoname> I'm having a huge internal conflict
[21:23] <lukehasnoname> Opensolaris vs. Ubuntu for my test environment
[21:23] <MatBoy> lukehasnoname: take some paracetamol :D
[21:23] <Deeps> i find it's good enough for most of my needs, but not all
[21:24] <lukehasnoname> Crossbow, ZFS and Sun's docs are so nice
[21:24] <MatBoy> Deeps: what ? debian ?
[21:24] <Deeps> ubuntu
[21:24] <lukehasnoname> but Ubuntu is Linux, and it more used, with more tools
[21:24] <MatBoy> Deeps: and you prefer debian in some cases ?
[21:24] <Deeps> lukehasnoname: there's a ubuntu/opensolaris crossover distro, opensolaris kernel, gnu userland with ubuntu packages
[21:24] <Deeps> MatBoy: yep
[21:24] <Deeps> lukehasnoname: so you get native zfs while sticking to familiar toosl
[21:24] <MatBoy> Deeps: I know what you mean... but Ubuntu holds more SW
[21:25] <lukehasnoname> Nexenta?
[21:25] <Deeps> that might be the one
[21:25] <Deeps> sounds right
[21:25] <Deeps> i've heard they lack the resources to actually make it worthwhile, but that may just be dirty talk from solaris fanboys
[21:26] <zoopster> lukehasnoname: nexenta is correct
[21:27] <zoopster> Deeps: Everyone is lacking resources...I've been talking with their CEO and they seem to be doing quite well even signing on some interesting new vad's
[21:28] <Deeps> nice
[21:28] <lukehasnoname> It's always saddened me that one of  the most functional and inspiring open source projects, Ubuntu, restricted itself by using Linux instead of BSD (Solaris wasn't open at the time).
[21:28] <Deeps> i might apply, nobody i can see is hiring
[21:29] <Deeps> all my interviews in the last 3 months have been "we'd love to take you on, but we've just halted all new external hires, sorry!"
[21:29] <Deeps> wasting my time
[21:29] <lukehasnoname> Deeps: same with my main internship opportunity this past month
[21:29] <Deeps> sucks dunnit
[21:30] <lukehasnoname> ya
[21:30] <Deeps> gonna start calling them all up again tomorrow though, see if the new financial quarter reopens opportunity
[21:30] <lukehasnoname> where do you live, and what job are you looking for?
[21:31] <Deeps> currently at my parents home in spain, just came from 3 months in dublin, moving to the uk end of the month to try my luck there
[21:31] <Deeps> and anything with linux systems and/or networks
[21:31] <lukehasnoname> same
[21:31] <lukehasnoname> well
[21:31] <lukehasnoname> the job part, as an intern
[21:31] <Deeps> although i'm biting the bullet and getting MCSE certified before i leave
[21:31] <Deeps> since there's more windows jobs than linux jobs these days
[21:31] <lukehasnoname> probably a good call
[21:31] <Deeps> and right now a job's a job
[21:31] <lukehasnoname> I'm going to get CCNA
[21:32] <lukehasnoname> and maybe look into LPI or some other Linux cert
[21:32] <lukehasnoname> along with the college degree I'm working on
[21:33] <Deeps> gl
[21:33] <lukehasnoname> thanks
[21:33] <lukehasnoname> I'm also constantly on the lookout for good business ideas, to start on my own
[21:34]  * ProfFalken is off to bed... good night everyone...
[21:34] <lukehasnoname> night
[22:05] <uvirtbot`> New bug: #314170 in freeradius (universe) "Freeradius package outdated" [Undecided,New] https://launchpad.net/bugs/314170
[22:20] <genii> Is Diameter supposed to be superceding Radius?
[22:22] <Deeps> diameter = 2r
[22:22] <Deeps> :D
[22:25] <genii> Deeps: Heh. I meant the one here rather :)  http://www.opendiameter.org/
[22:59] <uvirtbot`> New bug: #311487 in openldap (main) "ldap n-way multi master from Ubuntu Server guide" [Undecided,Incomplete] https://launchpad.net/bugs/311487