[00:01] <mathiaz> zul: is there a reason why mysql-5.0 is not based on the debian package? mysql-5.0.75 is already available from the unstable repository
[00:13] <RediXe> Is there a way to restore postconf back to default?
[00:17] <zul> mathiaz: checkout the REPORT for the merge
[00:22] <mathiaz> zul: http://merges.ubuntu.com/m/mysql-dfsg-5.0/REPORT? there is one conflict in one patch.
[00:22] <zul> mathiaz: ergh
[00:22] <zul> not when I looked at it
[00:38] <lukehasnoname> Is it just me or is virt-manager crippled?
[00:42] <hads> Just you
[00:42] <owh> :)
[00:48] <lukehasnoname> sigh
[00:53] <owh> lukehasnoname: What is wrong? Did a dog eat your cat?
[00:56] <lukehasnoname> FFFFFFFFFFUUUUUUUUU
[00:56] <lukehasnoname> kvm disabled in bios
[00:56] <lukehasnoname> that is better than a more severe problem
[00:57] <hads> Pretty annoying if it's at a data centre though :)
[00:57] <lukehasnoname> true
[00:59] <lukehasnoname> is it bad that I have to jiggle my PCI NIC for Ubuntu to get past the "Configuring Network devices" process?
[01:00] <lukehasnoname> The card doesn't line up right with the back panel so I can't screw it in.
[01:01] <lukehasnoname> and virt-manager has no option for doing any sort of managing of remote virtual hosts
[01:01] <owh> lukehasnoname: No, that's pretty standard for cheap hardware ;-)
[01:02] <owh> lukehasnoname: Remote virtual hosts are supported with virt-manager.
[01:02] <lukehasnoname> ...
[01:03] <lukehasnoname> I have my server, with kvm running and installed. I have my laptop, which is connected to the server with virt-manager over ssh
[01:03] <lukehasnoname> I have no options showing in the GUI on doing anything.
[01:05] <owh> lukehasnoname: File -> Open Connection
[01:05] <lukehasnoname> done
[01:06] <lukehasnoname> I'm connected
[01:07] <owh> lukehasnoname: Your sense of humour needs a little tweaking my son.
[01:07] <lukehasnoname> ...
[01:07] <lukehasnoname> I'll effing screenshot it
[01:08] <lukehasnoname> I hit file > open connection. I connect via ssh to the IP of my server
[01:08] <lukehasnoname> with the root password
[01:08] <lukehasnoname> root is in the libvirtd group
[01:08] <lukehasnoname> then I see the connection as 'active' in the main window
[01:08] <lukehasnoname> Now
[01:08] <lukehasnoname> From there, where should I see things to manage/create VMs on that host?
[01:09] <lukehasnoname> unless I'm mistaking how VMM works
[01:10] <lukehasnoname> ... because I'm connecting to a physical machine expecting to be able to create, delete, shutdown, etc. all the VMs on that machine.
[01:16] <lukehasnoname> damnit owh
[01:24] <_Cid> Anyone here good with Sieve? :)  I am trying to create a script to delete blatant spam (based on score) - so far, I fail :/
[01:24] <_Cid> and not only that ...it does weird stuff - like delete mails that are whitelisted etc etc (so yeah, I commented out that idea)
[01:35] <uvirtbot`> New bug: #315303 in samba (main) "smbclient crashes on "mget" command" [Undecided,New] https://launchpad.net/bugs/315303
[01:54] <barby>  vot for me  http://www.uby.ro/show.php?c=1&val=17279
[01:54] <barby> vot for me  http://www.uby.ro/show.php?c=1&val=17279
[01:54] <barby> vot for me  http://www.uby.ro/show.php?c=1&val=17279
[01:54] <barby> vot for me  http://www.uby.ro/show.php?c=1&val=17279
[01:54] <barby> vot for me  http://www.uby.ro/show.php?c=1&val=17279
[01:54] <barby> vot for me  http://www.uby.ro/show.php?c=1&val=17279
[01:54] <barby> vot for me  http://www.uby.ro/show.php?c=1&val=17279
[01:54] <blahnana> stylish
[01:54] <barby> love all
[01:54] <barby> :D
[01:54] <barby> :X:X
[01:54] <barby> vot for me  http://www.uby.ro/show.php?c=1&val=17279          :X:X
[01:55] <barby> i`m a sexy blondysh vot for me  http://www.uby.ro/show.php?c=1&val=17279
[01:55] <barby> :X:X
[01:55] <jjesse> umm can someone kick?
[01:55] <blahnana> barby, is that really you on that link?
[01:55] <barby> vot for me  http://www.uby.ro/show.php?c=1&val=17279
[01:55] <barby> yes
[01:55] <barby> :X
[01:55] <barby> vot for me  http://www.uby.ro/show.php?c=1&val=17279          hot
[01:55] <barby> vot for me  http://www.uby.ro/show.php?c=1&val=17279         for yahoo or msn
[01:55] <barby> vot for me  http://www.uby.ro/show.php?c=1&val=17279         or web cam
[01:55] <blahnana> can I email you my CC details?
[01:55] <jjesse> ok time to stop spamming
[01:55] <barby> vot for me  http://www.uby.ro/show.php?c=1&val=17279      :)
[01:56] <barby> vot for me boy`s?
[01:56] <barby> vot for me  http://www.uby.ro/show.php?c=1&val=17279         :X
[01:56] <Kamping_Kaiser> !ops barby spamming
[01:56] <Kamping_Kaiser> bah.
[01:56] <Kamping_Kaiser> !op
[01:56] <jjesse> !op
[01:56] <Kamping_Kaiser> silly bot, !ops used to work.
[01:57] <Kamping_Kaiser> vorian, thanks :)
[01:57] <vorian> no problemo
[01:57]  * jjesse cheers for vorian
[01:58] <vorian> no bot in here eh?
[02:03] <RediXe> Any idea why with postfix when I run telnet localhost smtp -> connects ehlo example.com  nothing happens?
[02:10] <joe-mac> hellooooo, anybody here who can i answer a simple question about udeb files?
[02:11] <Kamping_Kaiser> !ask
[02:12] <joe-mac> thanks Kamping_Kaiser but i've been asking this particular question all day and no one seems to know
[02:13] <joe-mac> so here goes, i've got a udeb that for some reason is not in the server install tree. it's partman-auto-raid. all i need to do is make d-i recognize it. that's it. seems to be the most difficult task, and it's looking like i may actually have to build a whole cd for it
[02:14] <Kamping_Kaiser> joe-mac, not tried preseeding myself, but have you checked the debian install guide? iirc it contains a section on preseeding
[02:14] <joe-mac> yes, i spent the better part of day with it
[02:14] <joe-mac> my preseed file is absolutely fine
[02:15] <joe-mac> the problem is that ubuntu for some unknown reason does not include partman-auto-raid, but has EVERY other partman-auto* udeb, oh and also references partman-auto-raid in the docs
[02:15] <joe-mac> it's like some kind of cruel joke
[02:16] <Kamping_Kaiser> joe-mac, sounds like something worth filing a bug on, it may have been omitted by mistake
[02:16] <joe-mac> so, all i need to do afaict is get d-i to see the partman-auto-raid udeb whichc i have downloaded from launchpad
[02:16] <joe-mac> Kamping_Kaiser: I'd agree however I found a post that seemed to indicate it was also missing in feisty, and it is in the 'universe' tree so idk maybe there is a reason they leave it out
[02:17] <Kamping_Kaiser> joe-mac, that sounds like the reason then. when you said its meantioned in the doco, did you mean the wiki, or the offical shipped doco?
[02:18] <joe-mac> the wiki on preseeding explicitly shows how to use partman-auto-raid
[02:18] <joe-mac> i am on my home box now, but i have it bookmarked at work, let me see if i can google it
[02:19] <joe-mac> this might be it, this is a text only vt100 so bare with me, https://help.ubuntu.com/8.04/installation-guide/i386/preseed-using.html
[02:23] <Kamping_Kaiser> joe-mac, could be a bug in the doco. (I wouldnt like to say it is until its confirmed thats the link though)
[02:25] <joe-mac>  so yea if you go to that link
[02:25] <joe-mac> then click next like twice, you'll be able to see the section on partitioning with raid
[02:26] <joe-mac> i'd really like to be able to just add a udeb in the pool and add it in the Packages file, i mean rebuilding a whole cd tree for one package seems ridiculous
[02:27] <Kamping_Kaiser> I'm sure theres other ways to get the package in, I just cant remember them
[02:28] <joe-mac> i tried doing like a preseed/early_command or something like that, and have it run apt-install partman-auto-raid, but it didn't work, and i really didn't expect it to since it's a .udeb anyways, just shooting in the dark
[03:12] <Bangers> is it possible to control Vmware ESXi from Ubuntu?  ie. Uploading a virtual machine (created from vmbuilder), then start it?
[04:12] <_Cid> anyone here good with Sieve scripts? - been trying to get it to act on spam rating ...I fail :/
[04:40] <mlopezqc> hello people, anyone have successfully configured virtualbox with host interface in 8.10?
[04:41] <mlopezqc> the only thing is stopping me is that the system insists in giving an ipv6 address to the tap0 device
[04:42] <mlopezqc> and must be addressless
[05:05] <jmarsden> mlopezqc: It worked for me following the info at https://help.ubuntu.com/community/VirtualBox#Networking on 8.10 (amd64)
[05:48] <nandemonai> Heya guys.
[05:48] <nandemonai> Quick question..
[05:49] <nandemonai> Lately I've noticed twice now that my ethernet has essentially dropped out on one machine. No ping, no resolv nothing. Light stays on and everything else seems to work fine though..
[05:50] <nandemonai> restarting networking of manually ifdown/ifup doesn't seem to fix it but a reboot does.
[05:50] <nandemonai> Any ideas on where I should be looking? Nothing in /var/log/messages of interest.
[05:51] <blahnana> could potentially be the driver for the card, or the card's hardware
[05:51] <blahnana> rebooting would reinitialise the hardware, firmware, and software
[05:52] <nandemonai> Ahh of course.
[05:52] <nandemonai> I hadn't though about that..
[05:52] <nandemonai> Hmm, you think that would show up in the kernel log or some such?
[05:52] <blahnana> yeah it's not particularly helpful, I know
[05:53] <nandemonai> Well it's another avenue to look into cause I was stumped.
[07:58] <daredevilthere> I need to setup LTSP for my home laptop to boot ubuntu
[08:18] <SmokeyD> hey people, for my understanding: the use of snort (or any other IDS) is purely so you can watch the logs and see when someone tries to break in?
[08:18] <SmokeyD> I mean, the doesn't prevent anything does it?
[08:19] <jmarsden> SmokeyD: How you use it is up to you; you could easily set things up to actively reset TCP streams that snort says are bad, in real time, for example...
[08:19] <SmokeyD> jmarsden: ok, that sounds more interesting
[08:20] <SmokeyD> jmarsden: are there any recommended setups for snort? I have set it up loggin to mysql and wathcing the logs with BASE, but I would rather have snort so some preventive stuff
[08:21] <_ruben> IDS = detection; IPS = prevention; the I and S remain the same
[08:21] <SmokeyD> :)
[08:21] <_ruben> snort can do IPS as well i think, no experience with it though
[08:21] <jmarsden> Have you fully tweaked is to make sure you get zero false positives from it?  Otherwise, reacting to alerts could be... embarrassing -- you'd be killing of real traffic from real customers.
[08:21] <jmarsden> s/is/it/
[08:21] <SmokeyD> jmarsden that is true
[08:21] <SmokeyD> so you recommend running snort only on IDS, and when sure that no false positives are present, turn to IPS
[08:22] <SmokeyD> do many users use snort as IDS only? Or also IPS?
[08:23] <_ruben> we used to use logsnorter (snort clone which uses syslog as input instead of the actual traffic), but when our network increased it became too large to handle
[08:24] <jmarsden> SmokeyD: You may want to read the Snort docs... including the Snort FAQ, which has a question about generating iptables rules based on alerts... http://www.snort.org/docs/faq/3Q06/node102.html
[08:25] <SmokeyD> jmarsden, thanks
[08:52] <kraut> moin
[09:13] <SmokeyD> wow, here are some interesting articles: http://www.freeos.com/projdetails/2/13/
[10:27] <SmokeyD1> hey people. Would it be wise to chattr +a my syslog auth.log and messages log files? Or would that break logrotate?
[10:27] <_ruben> why would you want that ?
[10:27] <_ruben> especially auth.log can hold sensitive info
[10:29] <SmokeyD1> _ruben: that is why. I only want to enable appending to the log, not removing files.
[10:30] <SmokeyD1> To prevent people who shouldn't be there from removing log entries
[10:30] <SmokeyD1> I am not talking about chmod but chattr.
[10:37] <lapo> hi
[10:43] <_ruben> SmokeyD1: you shouldnt be writing to those files manually
[10:43] <_ruben> those are written to by syslogd
[10:47] <_ruben> and either way, logrotate would most likely kill the attrib on next run
[10:56] <SmokeyD1> _ruben: I know I shouldn't be writing to those logs manually
[10:56] <SmokeyD1> that was not my question
[10:57] <SmokeyD1> I am concerned that  a hacker who gains access to my system will erase the log entries before leaving
[10:57] <SmokeyD1> one way to make that harder is to chattr +a the logfile so you can only append to the file, not delete from it
[10:57] <SmokeyD1> I am wondering though if that would cause any unforseen problems
[10:58] <SmokeyD1> for instance with logrotate indeed
[11:02] <y000069> hi. i have a Dlink network card with driver, but i don't know how to compile the driver
[11:02] <lapo> SmokeyD1: can't you just use remote logging?
[11:02] <y000069> i'm using Ubuntu 8.04
[11:03] <SmokeyD1> lapo: hmm, maybe a better idea indeed.
[11:04] <lapo> SmokeyD1: I think it will brake logrotate, you should use prerotate/postrotate scripts to set/unset a attribute
[11:05] <SmokeyD1> lapo: thanks.
[11:05] <lapo> SmokeyD1: I don't see it as a big security improvement
[11:05] <SmokeyD1> hmm, I was thinking the same. Since logrotate can do chattr -a, why couldn't a hacker
[11:06] <lapo> indeed
[11:10] <_ruben> if you care about your logfiles, remote logs are pretty much the only decent solution
[11:10] <_ruben> then again, if the hacker has root, he can disable the remote logging as well .. though you'd still have the logs upto that point in time
[11:10] <lapo> SmokeyD1: a good paranoid solution would be to log on the serial port
[11:11] <SmokeyD1> lapo: :) yeah. But that is impossible for me :) I am running a virtual machine somewhere else
[11:12] <lapo> SmokeyD1: then it's easier, put up another vm which does logging only, you won't even need cables :-)
[13:07] <SmokeyD1> hey people. Is there any reason why /var/lib/php5 should be world writable
[13:09] <SmokeyD1> it has the permissions drwx-wx-wt   2 root     root
[13:11] <wjlroe> oh yes, mine too, not sure why that is...
[13:11] <wjlroe> it looks like it's all session temporary files
[13:12] <SmokeyD1> wjlroe: yeah so world writable would mean that any user could do stuff to sessions
[13:12] <SmokeyD1> isn't that a security issue?
[13:12] <wjlroe> no, because a normal user can create files in there, but not read them
[13:12] <SmokeyD1> that is true
[13:12] <wjlroe> i mean, it can't read files already in there
[13:13] <wjlroe> i suppose it avoids permission problems as to what user apache/php is running under
[13:13] <SmokeyD1> yeah ok
[13:13] <SmokeyD1> so if I set up my apache correctly (add users apache is running under to www-data) I could set group owner to www-data and chmod to 664
[13:14] <wjlroe> in theory, yes, there are also some cron files dealing with cleaning up session, you might want to check they will be ok still
[13:15] <wjlroe> but i think they run as root so shouldn't be a problem
[13:15] <SmokeyD1> cool. I might do that, allthough it's not really necessary
[13:54] <SmokeyD1> hey people. Is it wise to comment out rules in /etc/snort/rules files? I keep getting MS-SQL Worm propagation attempts for instance, but I don't run MS-SQL server so I don't care about them
[13:55] <SmokeyD1> would it be safe to comment it out?
[14:02] <heath|work> man... I just setup a new vm with the newest vitualbox.  They have made networking much easier than before! Finally!
[14:02] <henkjan_> virtualbox 2.1 is great indeed!
[14:56]  * Jeeves_ is installing two kvm-servers
[15:06] <johnwards> Does anyone know the reasoning behind shipping with the php suhosin patch installed by default
[15:06] <johnwards> and why i can't remove it without recompiling the debs (!)
[15:07] <johnwards> i am a massive ubuntu fan because of its flexablity and I have been convincing the bosses to move to ubuntu server. But it makes my life more difficult when i have to recompile for every release
[15:30] <uvirtbot`> New bug: #315500 in samba (main) "samba did not upgrade successfully..." [Undecided,New] https://launchpad.net/bugs/315500
[15:48] <orudie> hi, quick question. I have perl v. 5.10 installed, i need version 5.8 instead. When i do sudo apt-get remove perl, it wants to free up 181 mb , and one of the packages that it wants to remove is apache2
[15:48] <_Cid> auch ...
[15:49] <_Cid> I would think it would not delete any of your conf files though (or do backup)   so maybe remove it ...then re-apply apache2?
[15:49] <orudie> i cant remove apache 2 lol
[15:50] <orudie> it wants to remove mysql server too lol
[15:50] <orudie> in the list of packages
[15:50] <_Cid> hehe, pretty intrusive ...
[15:51] <orudie> 182 mg freed? my system is like 320 meg total lol
[15:51] <_Cid> hehehe
[15:51] <_Cid> can you do a install of perl --force?
[15:51] <_Cid> the old version ...I wonder if apt-get would replace it then
[15:52] <_Cid> or look at 'dpkg --force-help'
[15:52] <orudie> _Cid, http://pastebin.com/m64cf5ec5
[15:52] <_Cid> you can uninstall a package, forcefully - without dependencies
[15:53] <_Cid> dpkg -r --force-all perl    ..I would think    <insert standard disclaimer here>
[15:53] <orudie> i need to know for sure i cant screw this up lol
[15:54] <_Cid> dont you have some silly little package installed you dont need you could practise on (something that got dependencies)
[16:17] <orudie> _Cid, can you please tell me how to do this ?
[16:18] <_Cid> the perl thingy?
[16:19] <_Cid> dpkg -r --force-all perl  would be how to get rid of the package without the dependencies ....but I really do not know the consequences ( in terms of, will anything be damaged)  -  do you really need an old version of perl that bad? :-)
[16:20] <orudie> _Cid, yes cause the other thing that i'm trying to install only works with the older 1
[16:21] <_Cid> well.... hopefully all the other packages just need perl ..and not perl 5.10 ...I would   'dpkg -r --force-all perl ; <install the perl package you want>  and hope everything keeps working ;-)
[16:28] <orudie> _Cid, after doing dpkg -r --force-all perl , i guess it uninstalled but then i tried perl -version it sill shows its isntalled and version 5.10
[16:29] <Faust-C> orudie: how are you uninstalling
[16:29] <Faust-C> unless you do apt-get autoremove apache2
[16:29] <Faust-C> mysql should be left alone
[16:29] <Faust-C> but then again ive been wrong
[16:29] <orudie> what does this command do dpkg -r --force-all perl  ?
[16:30] <orudie> removes perl without dependencies ?
[16:30] <_Cid> you should double check your self in the man files or so - but that is how I read it
[16:30] <orudie> _Cid, ok i ran the dpkg -r --force-all perl command
[16:31] <_Cid> cool, try to install your new (or old) version of perl now
[16:31] <orudie> _Cid, sudp apt-get install perl 5.8 ?
[16:32] <_Cid> the deb repositories keep the latest version..we will need to look in archives or so
[16:33] <_Cid> I thought you already had it installed
[16:33] <_Cid> I mean, downlaoded
[16:33] <_Cid> lets have a look
[16:33] <orudie> ok :)
[16:34] <_Cid> whats this package that requires 5.8 btw?
[16:34] <orudie> its called hlstatsx
[16:35] <orudie> stats system for a game server
[16:35] <_Cid> weird that it cannot run on perl 5.10
[16:36] <_Cid> so, it looks like fiesty came with 5.8 - what ubuntu are you running on?
[16:36] <orudie> this is what their developer replied http://www.hlxcommunity.com/forums/viewtopic.php?f=3&t=223
[16:37] <_Cid> You can remove the -CSDA from the first line in hlstats.pl to get it mostly working, but there will be situations that will cause the daemon to crash.    not an option? :-)
[16:37] <LaserJock> geeze, this place is packed :-)
[16:37] <orudie> why do i want it to crash ?
[16:38]  * ScottK waves at LaserJock from the crowd.
[16:38] <orudie> or it should be fine ?
[16:38] <LaserJock> ScottK: I'm wondering if the there are any webapp packaging types in the server team
[16:39] <ScottK> What kind of webapp?
[16:39] <LaserJock> ScottK: an educational one that's PHP and uses either MySQL or PostgreSQL
[16:39] <orudie> _Cid, should i try to reinstall it by sudo apt-get install perl ?
[16:39] <_Cid> orudie:  no idea what he means with some crashing, heh - and no idea how soon his 1.5 will come out ....   I think your best bet is to add the backport deb file to your apt, and install via that - know how to do that?
[16:40] <orudie> _Cid, nope lol
[16:40] <LaserJock> ScottK: we have packages for it, but there's some bugs and I'd like more of a server person's view
[16:41] <orudie> _Cid, maybe i should try it with perl 5.10  and remove the -CSDA ?
[16:41] <_Cid> orudie:  I think it might be easier
[16:41] <_Cid> orudie:  then you dont have to deal with all the backport stuff
[16:41] <orudie> so should i do , sudo apt-get install perl ?
[16:41] <ScottK> LaserJock: I suspect that zul would probably be your man for at least MySQL stuff.
[16:42] <_Cid> orudie:  yup
[16:42] <ScottK> LaserJock: He or mathiaz probably know best who else.
[16:42] <orudie> _Cid, ok installed without errors wheew
[16:43] <LaserJock> ScottK: do you think an email to the mailing list would be a good place to start?
[16:43] <ScottK> LaserJock: Yes.
[16:45] <orudie> _Cid, the -CSDA option is already commented out :(
[16:56] <jmarsden> LaserJock: I'm not a MOTU, and not on the server team, but I *am* trying to help get a wep app packaged in time for Jaunty (WebGUI)... no time tight now, but if you catch me when I am back from work ~8 hours from now maybe I can take a look at your packaging and comment -- perhaps we can learn from each other?  Or I'll look for your email on the list, if I remember :)
[16:57] <LaserJock> jmarsden: k
[16:57] <ScottK> jmarsden is also going to test an SELinux SRU sometime before Intrepid goes out of support, IIRC?
[17:19] <jmarsden|work> ScottK: I'd be very interested in testing an SeLinux SRU,having tried to get selinux working on Intrepid and failed... ... is there an SRU I can test?
[17:20] <ScottK> jmarsden: Didn't we talk about this before.
[17:20] <ScottK> Maybe I'm confused.
[17:20] <jmarsden|work> I think so... I asked about the issue, and you pointed me to a bug number, I think that's about all though?
[17:22] <jmarsden|work> I'll look back through my IRC logs and see what I can find, but probably not right away...
[17:23] <ScottK> jmarsden: It was Bug #308350
[17:23] <uvirtbot`> Launchpad bug 308350 in setools "FTBFS on amd64 and lpia due to dpkg-buildpackage failure." [Medium,Fix committed] https://launchpad.net/bugs/308350
[17:23] <jmarsden|work> ScottK: Thanks.
[17:23] <ScottK> Since it's a build failure, testing would be to see that it's at least no worst than what was there before.
[17:23] <jmarsden|work> :) OK.
[17:23] <ScottK> The bug points to instructions on how to install from -proposed.
[17:23] <ScottK> Just comment in the bug after you test.
[17:29] <_Cid> !paste
[17:29] <_Cid> http://paste.ubuntu.com/102842/
[17:51] <orudie> _Cid, how can i execute a cron job ?
[17:51] <_Cid> Cron job are basically a scheduler - runs a command on a given interval
[17:51] <_Cid> like every 10 minutes..once a day   etc etc
[17:52] <_Cid> I wonder ...
[17:52] <_Cid> !cron
[17:52] <_Cid> hah :)
[17:52] <genii> !crontab
[17:52] <genii> Hm
[17:52] <_Cid> I win!
[17:52]  * genii feeds _Cid a cookie
[17:52]  * _Cid wont eat it ..noooo - it goes in a frame on the wall!
[17:54] <genii> orudie: When I forget the crontab file layout, I refer back to http://www.adminschoice.com/docs/crontab.htm
[17:54] <genii> You may find it useful
[18:31] <Doonz> Hey guys i installed Firestarter on my Ubuntu box. The home netwrok is being routed through the ubuntu box. Everything is working except for my internet has severely slowed down. Any ideas or suggestions to start dealing with this?
[18:31] <Doonz> Hey guys i installed Firestarter on my Ubuntu box. The home netwrok is being routed through the ubuntu box. Everything is working except for my internet has severely slowed down. Any ideas or suggestions to start dealing with this?
[18:31] <Doonz> sorry for the double
[18:39] <zoopster1> Doonz: and it speeds up after disabling the firewall?
[18:40] <Doonz> kills the internet connection
[18:42] <zoopster> Doonz: so you are using NAT then. I just use UFW and notice no diff, but I'm also not logging much...so I might not be much help since I don't know what changes Firestarter makes
[18:43] <Doonz> ok
[18:43] <Doonz> thanx
[18:46] <zoopster> Doonz: firestarter is only a front end...so you need to see what changed since adding it if that is when you noticed the slow down
[18:47] <zoopster> Doonz: it could be something unrelated
[18:47] <Doonz> see
[18:47] <Doonz> the thing is i went from a hardware router
[18:47] <Doonz> but it only had a 10mbit wan link so i figure great can use my ubuntu box as a firewall a router for my windows netork
[18:48] <Doonz> but since then its beeen extremely slow browsing web pages and thing
[18:48] <zoopster> Doonz: ah...you went from a hw router to a sw router...so you need to optimize it...that has nothing to do with firestarter.
[18:48] <jmarsden|work> Doonz: Check the logs that firestarter makes of denied traffic, it may be denying something you need?
[18:49] <Doonz> ok
[18:50] <Doonz> jmarsden|work:  what would it be denying that i need?
[18:50] <Doonz> zoopster: what would i need to optimize and how would i go about doing that?
[18:50] <jmarsden|work> DNS??  Who knows, read the logs :)
[18:50] <Doonz> Dns is fine or else i wouldnt be browing the net
[18:51] <Doonz> Hostname: sserver1 - OS: Linux 2.6.27-9-generic/i686 - CPU: 2 x Intel(R) Xeon(TM) (3400.072 MHz) - Processes: 149 - Uptime: 7d 10h 47m - Load Average: 0.25 - Memory Usage: 458.81MB/2023.76MB (22.67%) - Disk Usage: 1870.05GB/6088.28GB (30.72%)
[18:51] <Doonz> thats the system its one
[18:51] <_Cid> not true ...  if it waits for 2 timeouts before finding a good one fx, that would work - but slow everything down
[18:51] <jmarsden|work> No, it could be blocking traffic to one server and you then wait for a while and then retry to a different one, or it could be allowing UDP DNS but not TCP DNS, or ...
[18:51] <Doonz> ok so what ports would that be?
[18:52] <Doonz> port 53 is allowed for all clients
[18:52] <zoopster> Doonz: look at the logs to see what is happening
[18:52] <jmarsden|work> Doonz: Do not guess, read the logs... really.
[18:52] <_Cid> how is browsing from the actual box, snappy or sluggish?
[18:52] <Doonz> as snappy as it was prior to this
[18:52] <xinel> i want to create an ssh tunnel from eth2 to the outside world and allow anyone from eth0 to connect through it, any ideas?
[18:53] <Doonz> where would the logs be kept?
[18:53] <zoopster> Doonz: even more reason to dig into your logs further to see what may be getting blocked or otherwise slowing you down
[18:53] <_Cid> Doonz:  DNS could be ok then - I am going to echo what everyone else already said ..search your log files for suspicious behaviour .... if you think its the firewall, you could perhaps try to act as a router without the firewall to isolate the issue?
[18:53] <_Cid> !log
[18:54] <_Cid> darn :P    check /var/log
[18:54] <Doonz> i thouthg of that but when i turn off the firewall no internet works
[18:54] <zoopster> Doonz: so you need to enable NAT only...but don't bother...dig into the logs see what is happening and that will probably guide you where you need to go
[18:54] <Doonz> hmm nothing in the log directory from firestarter
[18:55] <jmarsden|work> Doonz: There is an Events page in its GUI that should show everything it blocks, and you can load/import the stuff from its logs, probably from /var/log/messages
[18:56] <Doonz> Hehe i secured my box and disabled remote admin from the outside world
[18:56] <jmarsden|work> You can't ssh to it?
[18:57] <Doonz> im ssh into atm
[18:57] <Doonz> but i cant see the gui
[18:57] <jmarsden|work> Then you can run X apps over the SSH link... right?
[18:57] <Doonz> oh really
[18:57] <_Cid> if you dont know which log to look into ... checking date stamps to see recent entrides is a good start ....and then  use  tail on the files to see what is happening
[18:57]  * Doonz is a linux newbie
[18:57] <_Cid> tail -f if youw ant it to keep updating
[18:58] <_Cid> you can ignore all log files ending on .gz btw ...they are older - part of the log rotation
[18:58] <Doonz> yeah
[18:58] <Doonz> im curious about this xapp over ssh
[19:00] <genii> Doonz: x apps over internet are so laggy you will wich for cli back
[19:00] <genii> *wish
[19:00] <Lamo> I'm going crazy trying to setup Bugzilla3 on my Intrepid Server. I've installed via apt and set all the passwords per this guide http://www.hacksawlabs.com/index.php?option=com_content&view=article&id=55:install-bugzilla-on-ubuntu-810&catid=36:system-administration&Itemid=53 yet i get 404 when going to http://192.168.1.108/bugzilla3?
[19:01] <Doonz> oh ok
[19:01] <jmarsden|work> Doonz: You can learn where the logs are, or you can use X over SSH... your call :)
[19:02] <jmarsden|work> I'd strongly suspect they are in /var/log/messages
[19:03] <jmarsden|work> genii: Doonz has a 10mbps link, so X at 10Mbps should be sane enough...
[19:07] <Doonz> its actually 25
[19:07] <Doonz> so how would i get x to work over ssh
[19:09] <xinel> hrmms say i got an .ovpn, .crt .key file and installed openvpn where would i put the files to get it all to work?
[19:10] <genii> Doonz: At any rate, down and dirty: in /etc/ssh/sshd_config:  X11Forwarding yes              then restart sshd server: sudo /etc/init.d/ssh restart        then when login remote, use switch:  -X  (I like also -v and -C)     to start an X app:   xterm & appname
[19:55] <nijaba> kirkland: as soon as finished pushing, lp:~nijaba/screen-profiles/windows has the goodies you wanted...
[19:56] <kirkland> nijaba: wicked!
[19:56] <kirkland> nijaba: i just added load average, and memory info to the status bar :-)
[19:56] <kirkland> nijaba: loadavg from mdeslaur
[19:56] <nijaba> \o/
[20:06] <nijaba> kirkland: whenever the push ends you'll have:
[20:06] <nijaba> 1/ a way to dismiss the help window
[20:07] <nijaba> 2/ a way to enable disable default screen
[20:07] <nijaba> 3/ create new screen allows to add to defaults
[20:07]  * nijaba hopes that will please jdstrand
[20:08] <jdstrand> nijaba: sounds fantastic :)
[20:08] <kirkland> nijaba: outstanding!
[20:09]  * nijaba wonders how long the push will take at 300B/s
[20:09]  * nijaba only has 30 min of batery left :(
[20:43] <kirkland> nijaba: cool, i'm merging now
[20:44] <nijaba> kirkland: what?  but it looks like my push is not complete... is it?
[20:44] <kirkland> nijaba: oh ...
[20:44] <kirkland> nijaba: you're right
[20:44] <kirkland> nijaba: i was "attempting" to do the merge
[20:44] <kirkland> nijaba: i just did a push, very fast for me
[20:44] <nijaba> kirkland: I may have to wait til I am on a normal network
[20:45] <kirkland> nijaba: can you pastebin the bzr diff?
[20:45] <kirkland> nijaba: i can try and apply it manually
[20:45] <kirkland> nijaba: i'd like to push a new version to universe
[20:45] <kirkland> nijaba: i was waiting to blog about it until the welcome screen was enabled again
[20:46] <kirkland> nijaba: like jdstrand, i think many users would be lost with hints as to the wicked-cool shortcuts we've created
[20:46] <kirkland> nijaba: and we need welcome/help.txt for that ;-)
[20:48] <nijaba> kirkland: ahhh...  my battery is dying, you'll have to wait a couple hours :(
[20:48] <kirkland> nijaba: i can't wait!
[20:48] <kirkland> :-)
[20:48] <kirkland> nijaba: j/k
[20:48] <kirkland> nijaba: bzr diff | pastebinit
[20:54] <kirkland> nijaba: okay, i'm going to upload 1.5 now
[20:55] <kirkland> nijaba: ping me here when you can upload your merge (somewhere)
[20:55] <kirkland> nijaba: i'm quite interested in it
[20:55] <kirkland> nijaba: s/merge/branch/g
[20:59] <nijaba> kirkland: eheh, found a power plug
[20:59] <kirkland> nijaba: where are you?
[20:59] <kirkland> nick58b: somewhere interesting?
[21:00] <nijaba> kirkland: traveling to netherland this we
[21:01] <zul> nijaba: lay off the the wacky cafes there
[21:01] <kirkland> or bring us some!
[21:02] <nijaba> kirkland: what's the syntax for the bzr diff
[21:02] <kirkland> nijaba: bzr diff
[21:02] <kirkland> nijaba: or give it two revisions
[21:02] <kirkland> bzr -r21 -r 25
[21:02] <nijaba> zul: not going to amsterdam, but to the islands in the north
[21:02] <kirkland> nijaba: or something
[21:02] <zul> or bring us some seeds so we can make umm...rope
[21:02] <kirkland> nijaba: pick the last revision before you started making your changes
[21:02] <kirkland> nijaba: and then the current one
[21:02] <kirkland> nijaba: bzr diff -r21 -r23
[21:03] <kirkland> nijaba: something like that
[21:04] <kirkland> nijaba: see my comment to https://bugs.edge.launchpad.net/ubuntu/+source/screen-profiles/+bug/311443
[21:04] <uvirtbot`> Launchpad bug 311443 in screen-profiles "running applications at startup doesn't work" [Undecided,Confirmed]
[21:05] <kirkland> nijaba: you say "is quite easy to fix" ...  can you enlighten me?
[21:05] <nijaba> kirkland: http://pastebin.ubuntu.com/102917/
[21:05] <kirkland> nijaba: cool, thanks, looking now....
[21:07] <kirkland> nijaba: hmm, i just realized ...
[21:07] <kirkland> nijaba: ctrl-g in vi is "tell me what line i'm on" ...  :-/
[21:08] <nijaba> kirkland: I believed somehow when I read this bug report that we were not passing the $@, but I guess I had been skiing to much at the time
[21:08] <nijaba> kirkland: why would you need this when it is written on the bottom right
[21:08] <kirkland> nijaba: hmm, not always
[21:17] <mathiaz> nijaba: are you doing bug triagging while skiing down the slopes?
[21:21] <nijaba> kirkland: was finally able to push my branch
[21:21] <nijaba> mathiaz: well, evenings are long in december
[21:21] <kirkland> nijaba: cool, i'm merging from your diff, it's good
[21:22] <kirkland> nijaba: one thing, i'm changing though...
[21:22] <nijaba> kirkland: tell me
[21:22] <kirkland> nijaba: i'm making a select-screen-windows
[21:22] <kirkland> nijaba: i don't think the window selection belongs in select-screen-profile
[21:22] <kirkland> nijaba: it's kinda messy there
[21:23] <nijaba> kirkland: well, you'd better be sure the cp has occured at least once
[21:23] <kirkland> nijaba: oh.... that's seeding that file
[21:23] <nijaba> kirkland: else you'll get an ugly error when screen starts
[21:24] <nijaba> kirkland: yep, the ~/.screenrc-windows
[21:24] <kirkland> nijaba: hmm, in that case, this code needs a conditional around it
[21:24] <kirkland>                         if [ ! -e "$HOME/.screenrc-window" ]; then
[21:24] <kirkland>                                 cp "$PROFILE_DIR/$x" "$HOME/.screenrc-window"
[21:24] <kirkland>                         fi
[21:24] <kirkland> nijaba: sorry dude
[21:24] <kirkland> nijaba: i'm on crack
[21:24] <nijaba> kirkland: what condition?  if it does not exist, we should always create it
[21:24] <kirkland> nijaba: i see it now
[21:25] <kirkland> nijaba: :-)
[21:25] <nijaba> kirkland: ahh, np ;)
[21:25] <kirkland> nijaba: hang on though ...
[21:25] <kirkland> nijaba: it copies $x to that every time
[21:25] <kirkland> nijaba: that doesn't seem right
[21:26] <kirkland> nijaba: for x in $profiles; do .... done
[21:26] <nijaba> kirkland: $x?  where?
                         if [ ! -e "$HOME/.screenrc-window" ]; then
                                 cp "$PROFILE_DIR/$x" "$HOME/.screenrc-window"
                         fi
[21:26] <kirkland> nijaba: that can't be right, huh?
[21:26] <nijaba> kirkland: huh, no, let me check
[21:27] <nijaba> kirkland: uh.....  not right at all,  been a been quick here
[21:28] <nijaba> kirkland: it should just copy /usr/share/screen-profiles/windows/common ONCE
[21:29] <kirkland> nijaba: k
[21:29] <kirkland> nijaba: i'll fix
[21:29] <nijaba> kirkland: thanks...  that was bad, sorry
[21:29] <kirkland> nijaba: no worries
[21:30] <kirkland> nijaba: do you mind if change it to .screenrc-windows ?
[21:30] <kirkland> nijaba: i'll update all instances
[21:30] <kirkland> nijaba: note "windows" vs "window"
[21:31] <kirkland> nijaba: just to be clear that you can open more than 1
[21:32] <nijaba> kirkland: sure, it's what I thought I named it :P
[21:32] <kirkland> nijaba: :-P  cool
[21:32] <nijaba> kirkland: that's even how it is named elsewhere
[21:32] <kirkland> nijaba: ah, you did... in some places
[21:33] <kirkland> nijaba: but not in others
[21:33] <kirkland> nijaba: shame!
[21:33] <kirkland> :-)
[21:33] <nijaba> kirkland: that must be the only piece of code I DID NOT test!
[21:33] <kirkland> nijaba: surrrrrrrree
[21:33] <kirkland> nijaba: that was the only case
[21:33] <kirkland> nijaba: the bit that copies the skeleton
[21:44] <kirkland> nijaba: how do i make the initial help window not quite as wide?
[21:44] <kirkland> nijaba: by like 2 characters?
[21:46] <nijaba> kirkland: in screen-profile-helper:91
[21:46] <kirkland> nijaba: thanks
[21:46] <nijaba> kirkland: change 76 to 74
[21:46] <kirkland> nijaba: okay, it doesn't look like the select-screen-profile functionality in the helper is quite working
[21:46] <kirkland> nijaba: i tried changing to debian, and restarting screen
[21:47] <kirkland> nijaba: (also, i need to update the message about pressing F5 since I changed that)
[21:47] <kirkland> nijaba: nice, 74 looks better than 76, perfect
[21:48] <nijaba> kirkland: that was working...  wonder what changed
[21:48] <kirkland> nijaba: hmm, i might have broken something in the merge
[21:49] <nijaba> kirkland: Iook at line 143, I just call select-screen-profile --set %s
[21:49] <nijaba> kirkland: did you check that you --set is still working after the merge?
[21:49] <kirkland> nijaba: it's not, i'm fixing it
[21:50] <nijaba> kirkland: cool
[21:50] <kirkland> nijaba: yup, i broke it :-)
[21:50] <nijaba> kirkland: eheh, 1-1
[21:51] <nijaba> kirkland: so, what do you think of the new functions?
[21:51] <kirkland> nijaba: fixed!
[21:51] <kirkland> nijaba: i'm liking!
[21:51] <kirkland> nijaba: i'm still testing it
[21:51] <nijaba> cool
[21:51] <nijaba> good idea :D
[21:52] <kirkland> nijaba: i think i'm going to drop the ".screenrc" from "ubuntu.screenrc" ...
[21:52] <kirkland> nijaba: it might break the few people that are using this right now, but it's far better to break those few people now than later :-)
[21:52] <kirkland> nijaba: it would make those more descriptive
[21:52] <nijaba> kirkland: would be nice
[21:52] <kirkland> nijaba: they'd simply have to re-run select-screen-profile
[21:54] <kirkland> nijaba: actually, we *could* fix it in a maintainer script, postinst
[21:54] <kirkland> nijaba: i don't think it's really worth it though
[21:55] <nijaba> kirkland: not in a development version.  We just need to have the info in the readme
[21:56] <kirkland> nijaba: i'm also going to drop "common" from the listing
[21:56] <kirkland> nijaba: no need
[22:01] <kirkland> nijaba: hmm, okay, un-checking "display help on startup" works
[22:02] <kirkland> nijaba: and i can get to it by going to "Help"
[22:02] <kirkland> nijaba: but i can't re-check it to "display help on startup"
[22:02] <nijaba> kirkland: yes that's as designed
[22:03] <kirkland> nijaba: how would i turn "display help on startup" back on?
[22:03] <nijaba> kirkland: modify .screen-profiles-helper to put it back on
[22:03] <kirkland> nijaba: ah
[22:04] <kirkland> nijaba: it would be nice if the checkbox were on the helper page either way
[22:04] <nijaba> kirkland: if you want I can always show the check box
[22:04] <kirkland> nijaba: i think i see how to enable that
[22:04] <kirkland> nijaba: let me try
[22:04] <nijaba> kirkland: always pass intro=1 and config to the help function
[22:04] <kirkland> nijaba: cool
[22:05] <kirkland> nijaba: oh, hmm, i see now
[22:05] <kirkland> nijaba: okay, i think that's due to a miscommunication
[22:05] <nijaba> kirkland: hmm, there is some code missing for turning it back on
[22:06] <nijaba> kirkland: see line 111
[22:06] <nijaba> kirkland: can do it if you want
[22:07] <nijaba> kirkland: I just thought it should have behaved as a hint dialog, where you can decide to not see it anymore...
[22:08] <kirkland> nijaba: gotcha
[22:08] <kirkland> nijaba: that can be in a future upload
[22:08] <nijaba> kirkland: so you think the checkbox should always be there?
[22:08] <kirkland> nijaba: i'm more interested in being able to disable the helper altogether, if you want to permanently dismiss it
[22:08] <kirkland> nijaba: yeah, i think so
[22:09] <nijaba> kirkland: ok I'll try to work on that
[22:09] <kirkland> nijaba: minor
[22:11] <kirkland> nijaba: hmm, pruning the welcome window out of the list isn't working right
[22:12] <nijaba> kirkland: what?
[22:12] <ScottK> lamont: Do you known anything about unbound for DNS?  I'm looking at a package that wants to use it for DNSSEC and I'm uncertain if I should build against it.
[22:13] <kirkland> nijaba: i'm looking at the python now
[22:13] <nijaba> kirkland: if you have an issue, it is not with the python code
[22:13] <kirkland> nijaba: it's not updating .screenrc-windows
[22:13] <nijaba> kirkland: but just that your .screenrc-windows is not the file used
[22:13] <nijaba> kirkland: ???
[22:14] <nijaba> kirkland: it does here
[22:14] <nijaba> kirkland: what are your permissions on this file?
[22:14] <nephish> hey all, just installed ubuntu-server 8.10, it's doing great, but i don't know how to get cron mail. i have dovecot and postfix, and the system users get mail from a maildirmake solution, but can't seem to get it right on root user
[22:14] <kirkland> nijaba: -rw-r--r-- 1 kirkland kirkland 79 2009-01-09 15:39 .screenrc-windows
[22:14] <nephish> oh, and i never enabled a root account, really
[22:15] <nijaba> kirkland: that should be fine
[22:15] <kirkland> nijaba: so i "uncheck" the -helper window
[22:15] <kirkland> nijaba: then i click "save"
[22:15] <kirkland> nijaba: and it kills that window in my current session
[22:15] <kirkland> nijaba: i exit screen
[22:15] <kirkland> nijaba: cat ~/.screenrc-windows
[22:15] <kirkland> nijaba: and it's still there
[22:16] <nijaba> kirkland: what do you mean "it kills that window"?
[22:16] <kirkland> nijaba: yeah, when i "save", it kills the helper altogether ... that must be the problem
[22:19] <kirkland> nijaba: http://pastebin.com/f7bcd2a7f
[22:19] <kirkland> nijaba: diff against that and see if i've changed something obvious causing this breakage
[22:20] <nijaba> kirkland: I can't reproduce
[22:22] <nijaba> kirkland: yes, that IS the problem
[22:23] <kirkland> nijaba: you found my problem?
[22:23] <nijaba> kirkland: my train is arriving. I need to split, sorry
[22:23] <kirkland> nijaba: okay, thanks
[22:29] <Zombie_Gaz> I need help with ircd-ircu... Can somone give me a sample O line for the .conf file?
[22:30] <Zombie_Gaz> Or do I specify this in a different file?
[22:35] <nephish> is it possible to run a virtual host off of a different port than the rest of the webserver?  I mean, can I have one virt host on port 80 and a different one on port 8000?
[22:39] <_Cid> nephish:  yes ...that should be quite doable
[22:40] <nephish> cool, thanks
[22:40] <_Cid> nephish: check out the listen parameter in the examples: http://httpd.apache.org/docs/2.0/vhosts/examples.html
[22:41] <nephish> ok
[23:16] <RainCT> Hi
[23:18] <kirkland> nijaba: got it!!!!!
[23:18] <kirkland> nijaba: friggin python identation bs
[23:18]  * kirkland hates on python for a while
[23:18] <RainCT> I'm trying to setup SFTP with chroot (as described here: http://tinyurl.com/ubuntu-sftp) but I get "Directive `ChrootDirectory' is not allowed within a Match block" and sshd fails to start.
[23:19] <RainCT> What's the problem there? (I'm using Hardy for the server)
[23:19] <kirkland> RainCT: looks like a prob in your config file
[23:19] <kirkland> RainCT: i don't know what a "Match block" is though
[23:20] <RainCT> kirkland: see the URL
[23:21] <RainCT> (there are several other pages which suggest doing the same, so I don't think it's wrong..)
[23:23] <ScottK> RainCT: The how-to I think you are using said for Intrepid and later.  Perhaps Hardy's openssh doesn't support it.
[23:24] <kirkland> RainCT: I think scottk is correct ... http://www.debian-administration.org/articles/590
[23:24] <nephish> hey all, i think i set something up wrong, my main user is not getting mail from cron, and when i check the mail queue there are lots of messages in there for root, but i cannot seem to get them.
[23:24] <RainCT> ScottK: That's what I'm starting to think (I think I saw something about OpenSSH 5.0), but i hoped I'm wrong P
[23:24] <kirkland> RainCT: also, see the difference in the man pages of sshd_config between hardy and intrepid: http://manpages.ubuntu.com/cgi-bin/search.py?cx=003883529982892832976%3A5zl6o8w6f0s&cof=FORID%3A9&ie=UTF-8&q=sshd_config&titles=Title&lr=lang_en
[23:25] <RainCT> any chance to get a backport?
[23:25] <kirkland> RainCT: ie, no 'chroot' at http://manpages.ubuntu.com/manpages/hardy/en/man5/sshd_config.5.html
[23:25]  * kirkland runs
[23:25] <kirkland> :-)
[23:25] <RainCT> heh
[23:25] <ScottK> kirkland: Here's an idea for you for manpages.ubuntu.com ....  Wouldn't it be nice to diff the man page text between two Ubuntu releases ...
[23:25] <kirkland> ScottK: word ;-)
[23:26] <ScottK> Yeah.  I started typing that before you put that up there.
[23:26] <kirkland> ScottK: file a wishlist bug at https://bugs.edge.launchpad.net/ubuntu-manpage-repository
[23:26] <ScottK> Sure thing.
[23:26] <kirkland> ScottK: i'm also going to put a dynamic bug link on each manpage
[23:26] <ScottK> I suspect you'll have to set the importance.
[23:27] <kirkland> ScottK: i get lots of bugs against ubuntu-manpage-repository for bad info in a manpage :-)
[23:27] <kirkland> messenger-shooting
[23:28] <ScottK> kirkland:  Bug #315662 - I can't set importance.
[23:28] <uvirtbot`> Launchpad bug 315662 in ubuntu-manpage-repository "Diff between releases" [Undecided,New] https://launchpad.net/bugs/315662
[23:29] <kirkland> ScottK: got it, thanks!
[23:29]  * RainCT waits for his PPA to build a backport of OpenSSH
[23:31] <RainCT> bah, won't build until in 1 hour.. I'm off then, good night
[23:31] <RainCT> and thanks