/srv/irclogs.ubuntu.com/2009/04/03/#ubuntu-server.txt

Iceman_B^Ltop	what is the default sudo timer ?	00:02
Vog-work	Hello all, I'm getting -Alert! /dev/mapper/ddf1_RAID on a 8.10 server install, booting of of a fake Intel SATA raid	00:09
Vog-work	I can run a dmraid -ay and exit out of the shell and ubuntu fill finish loading.	00:10
Vog-work	But I still can't figure out why it can't boot normally. Is there some sort of module you need to have loaded inorder to get your array recognized?	00:12
Vog-work	looks like https://bugs.launchpad.net/ubuntu/+source/linux/+bug/314395 is experiencing the same problem.	00:13
uvirtbot	Launchpad bug 314395 in linux "Unable to boot Ubuntu 8.10 w/ RAID 1" [Undecided,New]	00:13
Vog-work	running apt-get upgrade to see if any updates takes care of this...	00:16
mat1211	Hi, how do I disable the root user? lol	00:16
mat1211	enabled it by mistake.	00:17
jtaji	mat1211: sudo passwd -l	00:22
uvirtbot	New bug: #354188 in mysql-dfsg-5.0 (main) "Add apport hook to gather relevant information" [Wishlist,Triaged] https://launchpad.net/bugs/354188	00:26
Vog-work	updating the system does not solve the booting problem for bug 314395	00:27
uvirtbot	Launchpad bug 314395 in linux "Unable to boot Ubuntu 8.10 w/ RAID 1" [Undecided,New] https://launchpad.net/bugs/314395	00:27
Vog-work	could bug 220493 have anything to do with it? I'm running a raid 1 not 4 or 5	00:44
uvirtbot	Launchpad bug 220493 in linux "[Hardy][Regression] dmraid45 target missing in latest kernel" [Medium,Fix committed] https://launchpad.net/bugs/220493	00:44
Vog-work	Time for dinner bbl.	00:54
=== MenZa_ is now known as MenZa
uvirtbot	New bug: #352841 in openssh (main) "SCP over IPv6 address is very Slow. Takes Hours" [Undecided,New] https://launchpad.net/bugs/352841	01:56
centaur5	Do xserver packages have to be installed on the LTSP server in order for the client to login to X?	02:39
oh_noes	I have a .deb file I wrote and its doing something weird in the post install script. Is it possible to turn on debugging during "apt-get install" to output all the pre/post install scripts with debug (bash -x) ?	02:53
mattt	oh_noes: dpkg has some debugging switches i believe?	03:05
=== Trae is now known as Guest75751
=== Guest75751 is now known as octobrx
=== octobrx is now known as occy
=== Zaraphrax is now known as Zaraphrax[laptop
=== Zaraphrax[laptop is now known as Zaraphrax_Laptop
=== Zaraphrax_Laptop is now known as Zaraphrax
=== anewbie is now known as unewbie
Maelaian	I'm looking at switching over a group of servers on fedora and a handful of VM's in vmware esx. I was wondering how lightweight/minimalistic a basic ubuntu server install was compared to other distros, and how it faired performance wise, specifically when being virtualized, so that I could get the most out of the shared resources. I'd love to do a gentoo stage1 install or something like LFS, which I've done before for personal us	08:12
ivoks	well, no open ports	08:13
ivoks	meaning - no services by default	08:14
_ruben	ubuntu runs like a charm virtualized	08:16
ivoks	oh, virtualized	08:16
_ruben	as for minimalistic, look into JeOS .. disk footprint isnt much smaller than standard server install though	08:16
ivoks	yeah... it even has kernel specialized for running as a guest	08:17
ltsphelp	can anyone help with ltsp and thin-clients not booting?	08:18
Maelaian	ouch no 64 bit?	08:18
ivoks	ltsphelp: well, i don't know exactly how ltsp works, but i'm guessing it relay on common tools; so, what's the problem?	08:18
ivoks	Maelaian: ?	08:19
friartuck	Maelaian there is a 64-bit version.	08:19
Maelaian	Of JeOS?	08:19
friartuck	Maelaian oh, I thought you were talking about ubuntu-server.	08:19
ivoks	jeos isfor appliances	08:21
ivoks	i need new keyboard :/	08:21
Maelaian	Well a base for appliances, but it seems to be ubuntu tuned for what I am looking to do.	08:21
ltsphelp	the thinclient fails at authentication. the auth logs say the user cannot be found	08:22
lukehasnoname	Anyone used Grails?	08:23
ivoks	ltsphelp: you get that from logs? could you paste on pastebin the exact error	08:23
Maelaian	Having a 64bit VM is kind of silly I suppose why JeOS doesnt seem to offer it, but I have 2 very specific apps that only come in 64 bit versions.	08:23
ivoks	Maelaian: use ubuntu-server with linux-virtual kernel and strip it down	08:24
Maelaian	Ok, what would stripping it down involve?	08:24
ivoks	removing wireless-tools :)	08:25
Maelaian	I know ubuntu has the uhh similar to yum tool, would it be done through that utility basically?	08:25
ivoks	yes	08:25
ivoks	ubuntu-server is already quite bare system...	08:26
Maelaian	And specifying the kernel would be done post install using the same utility?	08:26
ivoks	right	08:26
ivoks	apt-get install linux-virtual	08:27
Maelaian	Apt, thats right.	08:27
Maelaian	Alright, I think I can do some installs and performance testing and comparisons done then and go from there, thanks for the info.	08:27
ivoks	np	08:28
ltsphelp	paste-bin? i'm on another computer... goes sumfin like this	08:28
ltsphelp	sshd[5729]: pam_lwidentify(sshd:auth) PAM config: global:krb5_ccache_type 'FILE'	08:28
ltsphelp	sshd[5729]: pam_lwidentify(sshd:auth): failed to get GP info	08:28
ltsphelp	sshd[5729]: pam_lwidentify(sshd:auth): getting password (0x00000000)	08:29
ltsphelp	sshd[5729]: pam_lwidentify(sshd:auth): request failed	08:29
ltsphelp	sshd[5729]: pam_lwidentify(sshd:auth): User 'xxx' is not known	08:29
ivoks	pam_lwidentify is for active directory, iirc	08:30
ivoks	what do you need it for on ltsp?	08:30
ltsphelp	sori. i installed the alternate cd and added edubuntu thinking that the clients will just connect. dunno where the pam things come into it.	08:32
ivoks	have you tried in #edubuntu?	08:35
ltsphelp	thanks. i'll check	08:35
_ruben	the -virtual kernels is pretty much the same as the -server kernel, but with less kmods available (this applies to 8.10 and newer, with 8.04 the kernels differ a bit)	08:38
_ruben	i just use -server kernels for my vms .. has paravirtualization and all	08:38
kwork	how can i fix packages that have failed at configuration because i manualy removed some files, otherwise the application is working	08:54
kwork	can i somehow mark package configured manualy ?	08:54
p_quarles	kwork: sudo dpkg-reconfigure package_name	09:05
kwork	p_quarles, tnx	09:05
kraut	moin	09:07
pi_	hello all. I use ubuntu-vm-builder to generate VM on a Hardy server (64bit). The host disk is running RAID1 and a LVM partion on top of RAID. After generate (log at http://viettug.org/attachments/download/148/kvm.log) i cannot boot into VM (the guest grub doesnot work). Any idea?	10:05
atomic__	does someone know how to route SMTP traffic through a specific interface with ip rule ?	10:20
=== asac_ is now known as asac
cemc	how can I unde a revoke-full in openvpn ?	10:53
cemc	undo*	10:53
dayo2	i'm following this guide: http://ubuntuforums.org/showthread.php?p=7004774#post7004774 2. Add a proxy entry to the apt system. This is for the gui Synaptics. How do I add a proxy entry on the server?	11:55
ewook	dayo2: 2 add a proxy entry to the apt system. 3 is only for synaptic.	12:02
dayo2	ewook: awesome. thanks!	12:05
owh	Hi all. Over the weekend I intend to upgrade a 7.10 server to 8.04. I realise I'll need to use do-release-upgrade. The server is remote and on a medium speed link. I'd like to have it download packages while I sleep. How do I do that?	13:26
yann2	you can run the upgrade in a screen and hope it wont ask too many questions ;)	13:28
owh	Not really the answer I was looking for.	13:28
owh	I'd love it to actually go about downloading all the stuff and actually running it when I'm watching.	13:28
yann2	may be an argument of apt-get	13:29
yann2	I think there was like --download-only	13:29
yann2	let me check	13:29
owh	Does do-release-upgrade have a download only option?	13:29
yann2	-d, --download-only	13:29
yann2	sudo apt-get upgrade -d	13:29
yann2	or do-release-upgrade, didnt know about that one	13:30
yann2	does do-release-upgrade really exists? its not in the man	13:30
owh	The recommended process is using do-release-upgrade, it takes care of all kinds of magic behind the scenes, fixing known transition problems etc.	13:30
jpds	update-manager-core: /usr/bin/do-release-upgrade	13:31
yann2	right	13:31
yann2	well I am just upgrading to jaunty with a dist-upgrade so I hope it'll be fine :)	13:31
yann2	so your problem is that it's actually undocumented	13:32
yann2	jpds > if I were you I'd run a sudo apt-get dist-upgrade -d , and then the day after a do-release-upgrade	13:32
yann2	I bet that it'll work	13:32
jpds	That's what I was thinking.	13:33
jpds	d-r-u doesn't have a download-only option in the source.	13:33
owh	Now that's a canny thought. I wonder if it will work, or just delete all the packages it just downloaded.	13:34
yann2	ubuntu has a slight habit of creating tools and forgetting about the man sometimes	13:34
yann2	owh > it's worth a try :P	13:34
owh	Hmm, just realised that dist-upgrade will only work if I change the sources.list	13:35
owh	That looks like asking for trouble :(	13:35
owh	It's amazing how conservative you become if your server is not in the same room :-)	13:35
embrik	I would really like to use ubuntu on my workstations - but I can't figure out how to setup server with "roamin profile"	13:52
ivoks	what's that?	13:53
embrik	roaming profiles is a windows-expression I think - in practical use - my pupils can log into any workstaion at school and get their own desktop and so on	13:55
ivoks	each workstation should mount /home from NFS server	13:56
ivoks	and you could use LDAP for username/password	13:56
embrik	ivoks: I've been reading about nfs, but I find it a bit difficult. I'm in need of a howto which explains it step by step. Yes, you're right. Each ws must mount home/%user%	13:57
ivoks	have you looked for howtos?	13:59
embrik	ivoks: yes, I find howtos about nfs and ldap - but I can't figure out what to do. They don't expalin how to mount home from nfs-server. I'm not very technical, but have no problems with following a howto :-)	14:00
ivoks	mount -t nfs server_ip:/exported/path /home	14:01
embrik	ivoks: ok - but where comes the username?	14:02
ivoks	why do you need username?	14:02
ivoks	export whole /home	14:02
embrik	ivoks: I don't understand. How does nfs know that it is jamesk's home which are supposed to be mounted?	14:03
_ruben	you dont	14:03
_ruben	you mount all homes	14:03
_ruben	file permissions take care of the rest	14:03
ivoks	embrik: jamesk's home is /home/jamesk	14:04
ivoks	embrik: if you mounted /home, then anything on top of it will be there	14:04
ivoks	embrik: do you understand concept of home directory on unix?	14:05
embrik	_ruben: ok - I see, but when jamesk opens home folder ( a shortcut on his desktop) he ends in his own homefolder?	14:05
ivoks	embrik: imagine My Documents	14:05
embrik	ivoks: I understand the concept .'-)	14:05
ivoks	er... My Documents is wrong example	14:06
ivoks	maybe that's why you are confused	14:06
ivoks	what's the name of the directory were all the data of all users is stored in Windows?	14:06
embrik	all users i think	14:06
ivoks	nope	14:07
ivoks	top of that is...	14:07
ivoks	Documents and Settings?	14:07
embrik	documents and settings?	14:07
ivoks	right	14:07
ivoks	So, Documents and Settings = /home	14:07
ivoks	if you mount /home, then all user's data is there	14:07
ivoks	Documents and Settings/Administrator /home/jamesk	14:07
ivoks	so, if you share Documents and Settings from server and mount it on clients as Documents and Settings	14:08
ivoks	then all users have their data on all computers - right?	14:08
embrik	ivoks: you and ruben may have enlightened me a bit to day :-) What you have told me noe may get me started	14:08
embrik	ivoks: i follow you - ubuntu server edition has got both nfs and ldap?	14:09
ivoks	yes	14:09
dayo2	ivoks: do u have any good links for nfs and such?	14:09
ivoks	dayo2: man exports :D	14:09
embrik	what do you think about this: https://help.ubuntu.com/community/SettingUpNFSHowTo	14:10
incorrect	is it possible to set a different text mode for the installer?	14:10
dayo2	ivoks: embrik: thanks, that's a good start	14:11
ivoks	embrik: good start; it might get you all the way	14:11
ivoks	incorrect: ?	14:11
ivoks	embrik: notice the: /home 192.168.0.0/255.255.255.0(rw,sync,no_subtree_check)	14:12
incorrect	ivoks, I am pxe installing my servers, I want a larger text console during installation so i can read the output	14:12
embrik	ivoks: i've got an exisitng server with ldap and about 200 users. Could i export them and import them into the new server?	14:12
ivoks	embrik: yes	14:12
ivoks	embrik: there are two ways	14:12
_ruben	replication comes to mind	14:13
ivoks	embrik: one is slapcat/slapadd - you do this when slapd is offline	14:13
_ruben	(which is something ive been meaning to look into)	14:13
ivoks	embrik: creating ldif file and importing it - you do this when slapd in online	14:13
ivoks	incorrect: i belive you can change it	14:13
embrik	ivoks: great, I must save this log :-)	14:14
ivoks	incorrect: default is 80x24, iirc	14:14
_ruben	incorrect: you can probably just add an appropriate vga= line to the boot cmdline	14:14
ivoks	incorrect: like vga = 773	14:14
ivoks	that's 1024x768x256 :D	14:15
ivoks	embrik: take you time	14:15
ivoks	embrik: get familliar with nfs and ldap before doing anything	14:15
_ruben	assuming framebuffer is available during install	14:15
embrik	ivoks: I have a test network :-) I will not get into production before I've had an expert to look into it :-)	14:16
ivoks	embrik: but once you do it, you'll feel good about your self, cause you'll know a lot more than you thought it's possible :)	14:16
ivoks	nfs/ldap does some strange things to humans :)	14:17
ivoks	i belive we have some helper apps in ubuntu	14:17
embrik	ivoks: right, well thank you - have to finish dinner - bye	14:18
ivoks	auth-client-config - pam and NSS profile switcher	14:18
embrik	ivoks: are you talking to me? I'm on my way to the kitchen...	14:19
ivoks	yes	14:19
embrik	ivoks: are the gui-apps?	14:20
ivoks	no, ubuntu server has 0 gui apps	14:20
ivoks	it doesn't have gui at all	14:20
embrik	unless you install desktop	14:20
ivoks	that doesn't change a thing	14:21
aurax	sup all, i have networking question maybe someone can help out...	14:23
aurax	hello, i need help with weird problem that i'm experiencing in my network. i have two juniper 4200EX switches (48-poe) i have random disconnect of client from the switch and it's looks like negotiation problems. some times the connection breaks and sometime it re-negotiate at 10mbit, i have disabled stp,rstp protocols just to make sure that if there's a network loop stp won't disconnect clients. any idea?	14:23
ivoks	app of the year: apache directory studio	14:26
=== kwork is now known as kinnaz\|w
mat1211	Hi, I have a question. When I try to give a group of users permission to write to a directory, how do I do this? I can't figure out how to get the chown command to work properly lol	15:02
maxb	chown username:groupname (or chgrp groupname)	15:03
BlueT_	maxb: or, chmod g+rw /the/path/to/dir/	15:04
BlueT_	mat1211: or, chmod g+rw /the/path/to/dir/	15:04
BlueT_	maxb: sorry, wrong person	15:04
maxb	Indeed, both are part of the solution.	15:04
maxb	g+s may also be advisable	15:05
maxb	Sadly Linux provides no way to grant write permissions to a group, and prevent users from writing files writable only by themselves individually in that directory	15:06
ivoks	?	15:06
embrik	maxb: chmod -R 760 /name_on_directory (owner: all permisions, group write permission, anybody else no permissions	15:13
maxb	embrik: You've omitted group traverse permission, which is almost certainly a mistake, and that still doesn't stop users in the group from creating files not writeable by the group.	15:15
embrik	Now I understand. A user creates a new codument wchich will be read only for other users in the same group. Yes, thta's annoying. Mus run a cron job every 15 minutes to fix it	15:17
jpds	embrik: chmod -R 7... <- won't that make all files exectuable?	15:18
embrik	jpds: yes 7= r+w+x	15:19
jpds	Exactly. :) Probably not something one wants to do.	15:19
embrik	jpds: maybe not, but I always give the owner rwx, don't know why.	15:20
maxb	You should almost always have r and x set as a pair on directories	15:21
jpds	Something like: find . -type d \| xargs chmod 0770 - would be better.	15:24
jpds	s/./"/path/to/dir/"/	15:25
mat1211	Okay, sorry I got disconnected for a sec. What I want to do is give a group of users write permissions for only one directory, and that dir is /var/www/uploads. I try and do this but when I use the sudo chown command it says operation not permitted. Is there another way?	15:26
ivoks	what's the name of the group?	15:28
mat1211	the name of the group is hmm, lets say uploaders	15:31
stickystyle	mat1211: If your user account is not the owner, and your not in the group 'uploaders', then you will not be permitted to make that change. Use sudo.	15:35
mat1211	I do use sudo.	15:37
ivoks	sudo chgrp /var/www/uploads	15:37
ivoks	bah	15:37
ivoks	sudo chgrp uploaders /var/www/uploads	15:37
ivoks	sudo chmod g+rwx /var/www/uploads	15:37
ivoks	looks like IBM really owns Sun	15:38
ivoks	$7 billion	15:39
stickystyle	ivoks: what site has coverage?	15:39
ivoks	phone...	15:39
mat1211	thx	15:40
ivoks	http://www.nytimes.com/2009/04/03/technology/business-computing/03blue.html?_r=2&ref=technology	15:41
stickystyle	Ah, so it's not 100% final just yet.	15:41
ivoks	it's not, but this would mean that big blue is back	15:42
ivoks	with a bang :)	15:42
stickystyle	I'm not exactly sure Sun provides much in the way of 'bang' these days.	15:42
stickystyle	If takes place though I would like to see the PR mess that is becoming MySQL get cleaned up.	15:43
ivoks	stickystyle: it's not the Sun that will bang, but the whole profile of IBM	15:43
ivoks	almost full control of UNIX	15:44
mat1211	When I do the chgrp thing it still says opperation not permitted. would it matter if I was using an external hd?	15:44
ivoks	mat1211: what filesystem is that?	15:44
PhotoJim	mat1211: if you're using a Windows filesystem, absolutely yes.	15:44
stickystyle	mat1211: send a pastebin of $mount	15:44
ivoks	probably FAT	15:44
mat1211	I think I may be using a windows fs, its vfat	15:44
PhotoJim	mat1211: you'll have to reformat it with EXT3 (or another Linux-specific filesystem).	15:45
mat1211	arrgghh lol	15:45
ivoks	but all his pr0... data is there!	15:45
ivoks	:)	15:45
mat1211	how do I reformat it with a linux fs? and if I do that will windows recognize it?	15:46
ivoks	windows is ego-centric	15:46
mat1211	?	15:46
PhotoJim	mat1211: Why do you need Windows to recognize it? No, Windows won't recognize it.	15:46
ivoks	it know only about its own filesystems	15:46
mat1211	I have a windows computer, I am getting a apple comp soon but for now I may need windows comp to work with harddrive.	15:47
mat1211	is there a driver I can install onto my ubuntu server that will allow me to do these things?	15:47
ivoks	FAT doesn't support users	15:48
PhotoJim	mat1211: if you're using it for web hosting on your Linux machine, you won't be able to use it on your other machines anyway. I think you'd be better off to get a different hard disk for this other use. They are getting cheap enough.	15:48
ivoks	so, you can't set up users on FAT	15:48
ivoks	this has nothing to do with OS	15:48
mat1211	hmm, what is the command to reformat the disk with the right filesystem?	15:49
mat1211	sudo umount /mnt	15:49
mat1211	woops	15:49
mat1211	wrong window lol	15:50
PhotoJim	mat1211: mkfs.ext3 (assuming you want to use EXT3, it's a good, commonly used filesystem). but you need to know how the drive is partitioned first. and if you do this, you'll erase everything on it. do some googling before you begin.	15:50
mat1211	its only one big disk	15:51
mat1211	so...	15:51
ivoks	mat1211: there's a ext3 driver for windows	15:51
ivoks	and i think OSX supports ext3 anyway	15:51
PhotoJim	what is Linux calling the drive? it should be sdx.	15:51
PhotoJim	ivoks: I'm pretty sure OS X supports it. but I think his solution is NFS, not Windows-compatible file systems.	15:52
ivoks	nfs?	15:52
PhotoJim	Network File System.	15:53
PhotoJim	i.e. networking.	15:53
PhotoJim	If you need to be able to write to this disk from other systems, enable NFS on the Linux machine, and mount the disk as a remote file system on the client machine. That works on Linux or OS X.	15:53
PhotoJim	and if you enable Samba, you can mount it on Windows too.	15:54
ivoks	oh, right	15:54
PhotoJim	I export /var/www as an NFS file mount. and I enable it in Samba. I mount it to my Windows machines as W:.	15:55
PhotoJim	that way I can copy web content right to it from any machine on my LAN.	15:55
=== atomic__ is now known as atomic___
=== atomic___ is now known as atomic__
incorrect	in my preseed file I have a disk recipe, that is cool but i want a second one for the other hard drive, is this possible?	16:06
mat1211	what is nfs? :P like networking?	16:07
incorrect	mat1211, some people say its like magic	16:07
mat1211	......	16:07
incorrect	some people say if you close your eyes for just long enough and wish really really hard miracles happen	16:08
jpds	kirkland: ping.	16:09
jpds	kirkland: ecrytfs is freaking me out on me: http://pastebin.com/f144931b7	16:12
=== Deevzz is now known as Deevz
stickystyle	PhotoJim: Windows servers can mount NFS also.	16:13
mat1211	whats better about nfs than say ext3 or whatever the other is?	16:15
incorrect	mat1211, you don't actually know what nfs ?	16:18
incorrect	mat1211, or are you actually just trolling?	16:19
mat1211	no, I actually don't know nfs, I'm quite new at this stuff.	16:19
incorrect	ok nfs is a protocol that allows you to export your local file system	16:20
incorrect	your local file system could be, ext2,3,4,jfs,xfs etc	16:21
mat1211	I, see...	16:21
mat1211	and could I do this nfs thing without reformatting my harddrive?	16:22
mat1211	lol	16:22
incorrect	yes	16:22
incorrect	are you using ubuntu?	16:23
mat1211	yes im using ubuntu.	16:23
incorrect	why do you think you want nfs?	16:23
mat1211	How do I set my external hd to use nfs?	16:23
mat1211	So I can get my external harddrive to work with users, or would I still need ext3 for that	16:24
incorrect	http://ubuntuforums.org/showthread.php?t=249889	16:24
incorrect	what file system is your external hard drive?	16:25
mat1211	fat	16:25
incorrect	you probably want samba then	16:25
incorrect	can't say i've ever tried to nfs export fat	16:27
stickystyle	mat1211: The NFS solution was proposed as a way for you to be able to share the data on that FAT drive between the three different OS's you mentioned. So you would need the drive formated with a filesystem that supports users and POSIX permissions, then you would be creating a network share by way of NFS or samba that your windows or mac could mount over the network.	16:27
mat1211	ah, I see.	16:28
mat1211	Thanks lol	16:28
incorrect	how can i seed partman to partition 2 drives	16:31
PhotoJim	stickystyle: Windows servers can? didn't know that. how about Windows clients?	16:36
mathiaz	kirkland: hey - I've got some feedback on kvm 84 on hardy	16:37
mathiaz	kirkland: I've been running it for a few weeks now	16:37
mathiaz	kirkland: it's stable for my usage pattern	16:37
PhotoJim	mat1211: yeah, NFS has nothing to do with the file system on your disk. what it lets you do is read and write data to and from that disk, without you having to disconnect it from the Ubuntu server. any machine on your network could write or read data to or from that disk.	16:38
mathiaz	kirkland: however I've noticed some performance changes	16:38
PhotoJim	mat1211: you wouldn't need to disconnect it to put stuff on it. just put data on it over the network.	16:38
mathiaz	kirkland: especially on the host load	16:38
stickystyle	PhotoJim: Win2k, WinXP (didn't relize it could also) can both use 'services for unix' from MS. 2k3 has it built in.	16:38
PhotoJim	stickystyle: I didn't realize that was even an option. good to know.	16:38
mathiaz	kirkland: if I do a dist-upgrade (for example) in a guest the host load goes way up (8 to 10)	16:39
PhotoJim	stickystyle: I tend to just stick external EXT3/whatever drives on my server and access them over the network, but it's good to have options.	16:39
mathiaz	kirkland: and the guest can become unresponsive for a couple of seconds	16:39
stickystyle	PhotoJim: Options are what the whole linux game is all about :)	16:39
PhotoJim	stickystyle: true indeed!	16:39
mathiaz	kirkland: unfortunately I don't have any metrics to backup this claim - it's just my perception of using guests.	16:40
PhotoJim	stickystyle: although there are enough options that some of the options are unnecessary much of the time, so one has to learn about them serendipitously :)	16:40
mathiaz	kirkland: but something has definetly change performance wise	16:40
stickystyle	PhotoJim: also true indeed.	16:40
mathiaz	kirkland: with two or three guests running at the same the load on the host can go up to 20/30 sometimes	16:40
uvirtbot	New bug: #354568 in likewise-open5 (universe) "Likewise Open5 does not unregister pam-auth-update profile when removed" [Medium,Triaged] https://launchpad.net/bugs/354568	16:40
mathiaz	kirkland: If I install packages in all the guests at the same time	16:41
mathiaz	kirkland: what do you think about that?	16:41
mathiaz	ivoks: hi - did you have some time to test the evolution-mapi plugin?	16:45
ivoks	mathiaz: nope, the exchange environment is broken :(	16:47
mathiaz	ivoks: you mean that you cannot test it or that the plugin is broken?	16:47
ivoks	other reported that it works, so i belive it is working	16:47
ivoks	i cannot test	16:47
mathiaz	ivoks: ok - I was thinking about writing a call for testing	16:47
mathiaz	ivoks: to get more coverage on the plugin	16:47
mathiaz	ivoks: on the ubuntuserver blog	16:48
ivoks	sure... i still don't see it as a server topic, but well... :)	16:48
ivoks	it's an enterprise topic :D	16:48
mathiaz	ivoks: right - I'd say that ubuntu server users are more likely to have access to an exchange environment	16:48
uvirtbot	New bug: #354578 in likewise-open5 (universe) "Joining/leaving the domain leaves a modified SSH config" [Low,Confirmed] https://launchpad.net/bugs/354578	16:51
genii	Interesting bug	16:53
uvirtbot	New bug: #354580 in likewise-open5 (universe) "Joining/leaving the domain leaves backup files everywhere, even after purge" [Low,Confirmed] https://launchpad.net/bugs/354580	16:55
ttx	genii: nothing like etckeeper to reveal naughty packages.	16:57
Vog-work	Hey there has anyone figured out a fix for https://bugs.launchpad.net/ubuntu/+source/linux/+bug/314395	16:58
uvirtbot	Launchpad bug 314395 in linux "Unable to boot Ubuntu 8.10 w/ RAID 1" [Undecided,New]	16:58
uvirtbot	New bug: #354585 in mysql-dfsg-5.1 (universe) "package mysql-server-5.1 5.1.31-1ubuntu2 failed to install/upgrade: sub-processo post-installation script retornou estado de sa?da de erro 1" [Undecided,New] https://launchpad.net/bugs/354585	17:06
mathiaz	jdstrand_: regarding qrt and README.multi-purpose vm - is there a reason to use bind+dhcpd rather than dnsmasq?	17:13
jdstrand_	mathiaz: mostly because bind and dhcpd are the ISC reference implementations and in wider use	17:15
=== jdstrand_ is now known as jdstrand
mathiaz	jdstrand: I'm looking at automating the process of creating a multipurpose vm	17:15
mathiaz	jdstrand: in order to make easier to setup a test environment	17:16
* sbeattie votes for dnsmasq		17:16
mathiaz	jdstrand: and it seems that using dnsmasq as the dns/dhcp server in such an environment is easier	17:16
jdstrand	mathiaz: totally agree with ease of use	17:16
mathiaz	jdstrand: OTOH dnsmasq is in universe, while bind+dhcpd are in main	17:17
ScottK	JDStone: Did you get my ping on clamav updates?	17:17
ScottK	Err sorry JDStone.	17:17
ScottK	jdstrand: ^^^	17:17
jdstrand	mathiaz: I wonder if you will have all the functionality required when using dnsmasq though. eg dnssec, tsig, dynamic updates, ...	17:18
mathiaz	jdstrand: right - I'm looking at the dnsmasq man page.	17:18
jdstrand	mathiaz: we (I) started that document so that I could test security updates and functionality against a fully loaded vm. that me be a different use case fro what you have	17:18
mathiaz	jdstrand: dynamic updates are automatic since dnsmasq does both dhcp and dns	17:18
jdstrand	ScottK: no I didn't	17:19
ScottK	[19:40:59] <ScottK> jdstrand: Would you please have a look at Bug #354190 - it's both security fixes and apparmor profile fixes. I think it's ready to go.	17:19
mathiaz	jdstrand: right - IIUC the multipurpose vm is a system that runs in your testing environment and provide standard servicesd	17:19
=== Nicke_ is now known as Nicke
uvirtbot	Launchpad bug 354190 in clamav "Security fixes from clamav 0.95 need backport" [Medium,In progress] https://launchpad.net/bugs/354190	17:19
mathiaz	jdstrand: it's not supposed to be the system to be tested	17:19
jdstrand	mathiaz: is dnsmasq able to do all the dhcpd goodies? like ntp-server, etc? do you care?	17:19
ScottK	That was in #ubuntu-hardened last night.	17:19
mathiaz	jdstrand: ntp-server -> handing out the ntp-server option?	17:20
jdstrand	ScottK: ack. thanks	17:20
jdstrand	mathiaz: yes, and others like tftp, etc	17:20
ScottK	jdstrand: No problem.	17:20
mathiaz	jdstrand: yes.	17:20
mathiaz	jdstrand: everything related to Dynamic updates is not needed for dnsmasq	17:21
mathiaz	jdstrand: it's include OOTB	17:21
jdstrand	mathiaz: and I suppose it'll do all the SRV records that can be used with kerberos (this isn't in that document yet, but planned)	17:22
mathiaz	jdstrand: now IIUC dnssec is not supported by dnsmasq	17:22
jdstrand	mathiaz: honestly, if it greatly speeds development to use dnsmasq, I'm not sure dnssec is enough of a reason not to use it	17:23
mathiaz	jdstrand: SRV and TXT records are supported	17:24
jdstrand	mathiaz: if you do use dnsmasq, can I request that you update README.multipurpose-vm to include it	17:24
jdstrand	?	17:24
jdstrand	I'd like to have more than your script for documentation ;)	17:24
mathiaz	jdstrand: sure - I'll give it a shot	17:24
jdstrand	mathiaz: cool, thanks	17:25
jdstrand	nxvl: hey, have you been coordinating with ScottK on clamav? specifically bug #354190?	17:26
uvirtbot	Launchpad bug 354190 in clamav "Security fixes from clamav 0.95 need backport" [Medium,In progress] https://launchpad.net/bugs/354190	17:27
oruwork	hi, i need help with sshd key	17:27
ScottK	jdstrand: We've been talking about clamav stuff, but I don't recall if we discussed that one.	17:27
jdstrand	nxvl, ScottK: I'll get intrepid going-- just thinking about hardy and earlier	17:27
ScottK	jdstrand: In the bug I make recommendations about how to deal with the earlier releases.	17:27
ScottK	nxvl is working on libclamav rdepends for Jaunty right now.	17:28
* jdstrand nods		17:28
nxvl	yup	17:28
nxvl	once we are finish with jaunty i was going to start with the SR stuff	17:28
jdstrand	I just didn't see nxvl referenced in the bug, so wanted to know what was happening there	17:28
jdstrand	cool. thanks nxvl!	17:28
jdstrand	and ScottK! :)	17:29
ScottK	He's in the ubuntu-clamav team so he gets all the bugmail.	17:29
jdstrand	ok cool	17:29
ScottK	Actually, maybe he doesn't	17:29
nxvl	actually i don't	17:29
ScottK	I think that just goes to me now that I consider it.	17:29
nxvl	the team is not subscribed	17:29
* ScottK needs to look into that.		17:30
oruwork	should i change the ssh listen port from 22 to 2222?	17:31
oruwork	or can i change it to any other port ?	17:31
Deeps	you can change to any port you want	17:32
Deeps	moving away from port 22 reduces the risk from brute force attacks, but increases inconvenience	17:32
oruwork	will the hacker be able to tell which port sshd is listening on ?	17:34
stickystyle	oruwork: Yes, anyone can tell what port ssh is open on by scanning all available ports on you box, looking for the one that sshd answers on. However most bots that are scanning these days go for the low hanging fruit and just focus on seeing if ssh is open on port 22 (and port 2222 more recently)	17:38
oruwork	is there a way to jail users in their home directoires ?	17:38
stickystyle	oruwork: for ftp/sftp usage or shell?	17:39
oruwork	for shell	17:39
oruwork	and for any	17:39
oruwork	but shell primarly	17:39
stickystyle	Sure you probably could do that, it would be a major pain to administer though. lets step back and ask why you want to do this.	17:40
oruwork	my system had been compromised	17:42
oruwork	one of the users had a really weak password	17:42
Deeps	ubuntu forums has a relatively straightfoward guide on how to do it if you want to jail users into a shared jail	17:42
Deeps	if you want each user in their own jail, it's basically the same as described in the forums, but creating a new jail for each user	17:42
oruwork	do you have a url Deeps ?	17:43
Deeps	better served would be enforcing more secure passwords though, i think you can do that with a pam module	17:43
genii	Deeps: In that case /home is their root?	17:43
genii	(group jail)	17:43
Deeps	genii: /home/jail/home/$user	17:43
Deeps	you can have unjailed users too	17:43
Deeps	oruwork: nope, google ubuntu user jail should give you relevant hits though	17:43
Deeps	genii: so the jail root would be /home/jail	17:44
oruwork	Deeps, is this what you are talking about? http://ubuntuforums.org/showthread.php?t=248724	17:44
genii	Deeps: Interesting	17:44
Deeps	oruwork: that looks relevant too, yep	17:44
Deeps	oruwork: although it's a bit old (sept 2006?)	17:44
oruwork	yeah	17:44
genii	I wonder how that would work with hashed usernames	17:45
Deeps	searching the forums directly may be better than googling, and will give results in date order too	17:45
jdstrand	ScottK: hmmm. I see that the intrepid debdiff for -security has apparmor profile fixes. Those shouldn't be part of the security update. I think I should strip that out, upload to -security and then add them back in for a separate upload to -proposed after the security update goes out	17:58
jdstrand	ScottK: while the changes are easy to see as correct, it is policy to not correct non-security bugs in -security	17:58
ScottK	jdstrand: Your call. For clamav I'd call people turning off apparmor due to profile problems a security issue, but up to you.	17:58
jdstrand	ScottK: heh. ok, they could also try the -proposed update or modify their profile...	17:59
jdstrand	;)	17:59
jdstrand	ScottK: I'd be happy to do the upload to -proposed	17:59
ScottK	My major fear is we get no takers to verify and then we have two versions to maintain for a long time.	18:00
ScottK	I do recommend staring at it a bit and seeing if you can convince yourself it's a security issue.	18:00
jdstrand	ScottK: I see your point and am tempted by bug #312695, but ultimately I feel this is a regular bug as it does not cross privilege boundaries or cause data loss. I'm going to split it out	18:07
uvirtbot	Launchpad bug 312695 in clamav "freshclam blocked by apparmor" [Medium,Fix released] https://launchpad.net/bugs/312695	18:07
ScottK	jdstrand: OK. Your call.	18:07
=== goofey is now known as Keyser_Soze
=== Keyser_Soze is now known as goofey
zul	mathiaz: ping	18:23
goofey	!seen Keyser_Soze	18:24
ubottu	I have no seen command	18:24
oruwork	i downloaded jailkit-2.6.tar.bz2 , how can i install it ?	18:32
=== goofey is now known as Keyser_Soze
mathiaz	zul: hi	18:37
zul	mathiaz: debian unstable has php 5.2.9 isnt that something we might want for jaunty even though its a bit late	18:38
mathiaz	zul: hm - jaunty is at 5.2.6 now	18:39
zul	with a lot of backported patches	18:40
mathiaz	zul: right. It would be a two minor release bump ( .7 and .9)	18:41
mathiaz	zul: mostly bug fixes	18:41
mathiaz	zul: is there an ABI bump?	18:42
zul	im not sure i only was aware about it this morning	18:43
zul	i think it might break packages in universe though	18:43
=== Keyser_Soze is now known as Keyser_Soze_
=== Keyser_Soze_ is now known as Keyser_Soze
=== nxvl_ is now known as nxvl
mathiaz	bdmurray: sbeattie: is there a standard reply for marking a bug invalid because the reporter is unable to provide the requested information?	19:10
bdmurray	mathiaz: unable or has taken too long w/o responding?	19:11
mathiaz	bdmurray: unable - bug 322647	19:12
=== MohammadBoozary is now known as Mohammad[B]
uvirtbot	Launchpad bug 322647 in mysql-dfsg-5.0 "mysql-server fails to instal with apparmour errors" [Undecided,Incomplete] https://launchpad.net/bugs/322647	19:12
mathiaz	bdmurray: he wiped his system and doesn't have the log anymore	19:12
bdmurray	mathiaz: no standard reply for that	19:13
mathiaz	bdmurray: ok. I'll make something up	19:13
ivoks	mathiaz: still interested in ldap stuff? :)	19:15
mathiaz	ivoks: it depends - what's your offer?	19:15
ivoks	mathiaz: management tool that beats evertyhing seen before	19:16
mathiaz	ivoks: I'm your man - shoot!	19:16
ivoks	mathiaz: http://directory.apache.org/studio/	19:16
ivoks	it just too beautifull to be truth	19:17
* jmedina loves apache directory studio		19:18
ivoks	and they have screenshots made in ubuntu!	19:18
ivoks	how cool is that?! :D	19:18
* jmedina also has ads screenshots		19:18
jmedina	in ubuntu of course	19:19
jmedina	it is really cool, you can do batch operations	19:19
ivoks	i've been using it for couple of days... i still think i'm dreaming	19:19
jmedina	jojojo	19:19
jmedina	it has everything, it is really functional and it has good GUI	19:20
ivoks	schema editor	19:20
jmedina	and it is nothing slow	19:20
jmedina	yeap	19:20
jmedina	log operations	19:20
ivoks	yeah... it's snapier than some browsers ;)	19:20
jmedina	you can see ldif like operations	19:20
ivoks	jmedina: an ultimate tool	19:20
jmedina	the only thing I didnt like it is the fist time you want to use 3 panels	19:21
jmedina	I really dont know how I did it :S	19:21
mathiaz	ivoks: how schema and DIT independent is it?	19:22
ivoks	mathiaz: how can it be dependet at all?	19:23
ivoks	mathiaz: it pulls DIT and schema from server	19:23
mathiaz	ivoks: does it require LDAP knowledge or can it be used by ordinary users (ie can a secretrary use it to update the phonebook)?	19:23
ivoks	mathiaz: well, it for admins, but after 2 hours of introduction, a secretary could use it too	19:24
ivoks	it makes openldap much easier	19:24
mathiaz	ivoks: ok	19:25
ivoks	for secretary it has export to excel and import from it	19:25
jmedina	of course with good acls	19:25
jmedina	:D	19:25
ivoks	:)	19:25
jmedina	yeap import/export rules	19:25
mathiaz	ivoks: well - I'm not interested in having an excel import	19:26
ivoks	:)	19:26
ivoks	csv	19:26
ivoks	ldif	19:26
mathiaz	ivoks: I'd rather have one tool to be used by the end user	19:26
mathiaz	ivoks: so that the secretary doesn't need to use excel to update the phonebook	19:26
ivoks	this one could be used by the end user, if acls are set up right and operator gets an itroduction	19:27
ivoks	introduction	19:27
ivoks	click on name on the left side, double click on the phone, enter it and press enter	19:27
mathiaz	ivoks: are ACI taken into account with displaying attributes?	19:27
ivoks	how hard can that be? :)	19:27
ivoks	mathiaz: i haven't tried that yet	19:28
mathiaz	ivoks: ie - if the logged in user doesn't have access to a specific attribute, it should be displayed at all	19:28
ivoks	but it bolds musthave attributes	19:28
mathiaz	ivoks: ie - if the logged in user doesn't have access to a specific attribute, it should not be displayed at all	19:28
ivoks	i know what you ask	19:28
ivoks	i haven't tried that yet	19:28
ivoks	i might now :)	19:28
mathiaz	ivoks: if that's supported then it can be used by any end users	19:29
jmedina	I used Mandriva Directory server when was called Linbox directory server	19:29
ivoks	mathiaz: err...	19:29
mathiaz	ivoks: So that the UI would actually be configured by ACI and the LDAP administrator	19:29
ivoks	mathiaz: if openldap server doesn't return attributes which are hiden, how can ads show them?	19:30
jmedina	I like because you can create your own plugins, Im trying to create a plugin to manage amavisd-new attributes via web interface	19:30
ivoks	jmedina: other have done it already :)	19:30
jmedina	ivoks: a plugin for MDS?	19:31
ScottK	jdstrand: Clamav 0.95.1 (bug fix only) will be out on Tuesday. I'm travelling next week, so I'd appreciate it if you could hang out on #debian-clamav and coordinate geting the tarball from them, uploading, etc.	19:31
ivoks	jmedina: no, a web interface	19:31
mathiaz	ivoks: if ads supports building a dynamic UI component based on the returned attributes that would fit the use case	19:31
ScottK	I may have internet access, but not for certain.	19:31
ivoks	mathiaz: dynamic ui?	19:32
mathiaz	ivoks: yes - according to the logged in user, the UI will have different attributes showed	19:32
ivoks	mathiaz: as i said, it shows what ldap passes	19:32
mathiaz	ivoks: great - I think should just take a look at it ;)	19:33
ivoks	mathiaz: so, if ldap doesn't provide userPassword for some user, then that attribute won't be in the ui	19:33
ivoks	mathiaz: go with the full suite, not a plugin for eclipse	19:34
jdstrand	ScottK: you are talking about for Jaunty?	19:34
mathiaz	ivoks: full suite?	19:35
ivoks	mathiaz: http://directory.apache.org/studio/downloads.html	19:35
ivoks	mathiaz: there's plugin and application	19:35
ivoks	mathiaz: go with the application	19:36
ivoks	plugin seems to be broken for jaunty's eclipse	19:36
mathiaz	ivoks: well I'm download 73M - that must by the full suite	19:36
ivoks	yes	19:36
Maelaian	crucial sent me dual rank ram, but never gave me an option to choose between single/dual rank. How does one normally distinguish between the two?	19:37
ivoks	jmedina: have you tried editing ACL's in ADS?	19:39
jmedina	ivoks: nop, I rarely edit acls	19:39
ivoks	ok	19:40
jmedina	Im still getting usde to cn=config	19:41
ivoks	yeah, me too	19:42
jmedina	most because I only use hardy for production servers :S	19:43
jmedina	so most of time I use slapd.conf but cn=config is a big thing, afaik it was requested by hp when they wanted to migrate their directory infraestrucutre to openldap	19:44
jmedina	at that time it was not possible, so hp and symas sat to work together and created all the required overlays, including cn=config, constrains and others	19:44
jmedina	then in 2008 they migrated everything to openldap	19:45
jmedina	ivoks: have you used ebox for directory?	19:46
ivoks	nope	19:46
jmedina	what I like about ebox its samba integration and granular acls to shares	19:47
genii	Hm. If I have DSL routers to a bond0 (which gets a LAN ip) how would I go about port forwarding to some box on the lan?	19:58
Deeps	come again?	20:00
genii	Deeps: Currently I have lan-eth0-nat'd to bond0-dsl routers But if I want forward port 80 for instance inwards to a web server on lan, it becomes sticky	20:02
ivoks	mathiaz: fwiw, i can cofirm that acls do work	20:02
ivoks	mathiaz: attributs hiden for the user don't show up in GUI	20:02
mathiaz	ivoks: awesome	20:02
mathiaz	ivoks: that means that any end user could use it without having to figure out what all the attributes are	20:03
ivoks	mathiaz: correct	20:03
ivoks	mathiaz: secretary could just have first and last name and the phone number	20:03
mathiaz	ivoks: so now the next step is whether there is a mechanism in studio to be able to customize the UI representation for a specific attribute	20:03
ivoks	to show description instead of the name	20:04
Deeps	genii: i still dont really understand, but iptables -t nat -A PREROUTING -i bond0 -p tcp --dport 80 -j DNAT --to ip.of.natted.machine.with.webserver	20:04
ivoks	'Full name' instead of cn	20:04
mathiaz	ivoks: ex: for the phone number use another label instead phone number	20:04
Deeps	genii: may or maybe all you need	20:04
mathiaz	ivoks: something like that (useful for translation)	20:04
Deeps	genii: may or may not*	20:04
mathiaz	ivoks: or if the corporate culture calls it differently	20:05
jmedina	genii: you also need to enable IP forwarding	20:05
jmedina	echo 1 > /proc/sys/net/ipv4/ip_forward	20:05
ivoks	mathiaz: i'm not sure if that's possible :/	20:07
genii	jmedina: I have ipv4 forwarded already, thanks	20:08
ivoks	mathiaz: haha! it is :)	20:09
ivoks	mathiaz: and it has built in support for different languages	20:09
mathiaz	ivoks: my point being that an end user should see things like carLicense, employeeType, jpegPhoto	20:09
mathiaz	ivoks: my point being that an end user should not see things like carLicense, employeeType, jpegPhoto	20:10
mathiaz	ivoks: or any of the attribute name	20:10
ivoks	?	20:10
ivoks	should or shouldn't? :)	20:11
mathiaz	ivoks: should not	20:11
mathiaz	ivoks: it's computer jargon - it should have a descriptive name	20:11
ivoks	right... instead of carLicense he would see License of user's car	20:11
mathiaz	ivoks: for the end user	20:11
mathiaz	ivoks: yes - something like that.	20:11
ivoks	that's possible	20:11
mathiaz	ivoks: by changing the schema?	20:11
mathiaz	ivoks: and editing the DESC ?	20:12
ivoks	let me check	20:12
mathiaz	ivoks: that would be the most natural place	20:12
ivoks	right, choose an attribute	20:14
ivoks	hit f6	20:14
ivoks	and - rename it :)	20:14
genii	Deeps: I'll try that laetr, thanks	20:14
ivoks	that's editing desc in schema	20:15
mathiaz	ivoks: and then the UI reflects it when you edit an object?	20:15
ivoks	yes	20:15
genii	Deeps: I suppose I'll require to forward from each DSL router port 80 to ip of bond0 then	20:15
mathiaz	ivoks: awesome	20:15
ivoks	it just looks silly	20:15
Deeps	genii: you're doublenatting? yuck	20:15
ivoks	maybe i'm doing something wrong:	20:15
ivoks	displayName;lang-hr-imeiprezime	20:16
genii	Deeps: When I had eth0 and bond0 on same lan range didn't work. So I have eth0/lan on 192.168.0.x and bond0/DSL routers on 192.168.1.x with nat from eth0 to bond0, currently	20:17
Deeps	genii: doublenat, ugly	20:17
genii	Deeps: I agree	20:18
Deeps	genii: unless.... you can forward ports to 192.168.0.x on your dsl routers	20:18
Deeps	and add a static route on your routers to route 192.168.0.x via the lan ip of bond0	20:18
genii	Deeps: I tried that but they are crappy routers with no route adding capability	20:18
Deeps	this really sounds like bargain basement bonding lol	20:18
genii	Deeps: This co bought 4 DSL connections then called me to try and aggregate them. So the dsl modems were bridged and bond0 had issues trying to bond ppp0 ppp1 etc etc. So added routers between and got it going	20:20
genii	Deeps: Yeah they are pretty cheap there too	20:20
Deeps	bargain basement bonding	20:21
uvirtbot	New bug: #354498 in likewise-open5 (universe) "Leaving a domain breaks NetworkManager DHCP" [High,Confirmed] https://launchpad.net/bugs/354498	20:21
ivoks	anyway... it's a good start :)	20:26
oruwork	how can I list hidden files ?	20:27
oruwork	with ls command	20:27
genii	oruwork: with -a	20:29
ivoks	bye all	20:30
oruwork	I have smtpd.csr file, and i think its a public certificate file	20:31
oruwork	ivoks, hi, bye brother !	20:31
oruwork	and every time i use thunderbird to send out an email, its telling me to view the certificate	20:32
jmedina	orudie: csr files usuallly are Certificate signing requests, so it is not a public cert	20:43
ScottK	jdstrand: yes.	20:46
oruwork	question. I have a public certificate for my mail server, and every time i use thunderbird to check or send mail, it is asking me to view it	20:47
kirkland	jpds: pong	20:48
kirkland	jpds: what's your underlying filesystem? ext4?	20:49
kirkland	mathiaz: okay, regarding kvm-84 and your performance issues....	20:53
kirkland	mathiaz: are you using virtio on either disk or network?	20:53
kirkland	jpds: there's a #ecryptfs channel on irc.oftc.net	20:54
kirkland	jpds: i recommend going there to discuss this	20:54
kirkland	jpds: ping me and tyhicks there	20:54
embrik	I've use webmin in debian for some years - is e-Box a similar app?	20:56
jpds	kirkland: It was ext4, but now I've reinstalled...	20:58
kirkland	jpds: i've encountered some nastiness on ext4 as wekk	20:59
kirkland	well	20:59
kirkland	jpds: we're interested in recording those, if possible	20:59
kirkland	jpds: but I, too, reinstalled with ext3	20:59
jpds	kirkland: I decided to go with encrypted-private instead -home this time, I'll let you know if anyting happens.	21:00
kirkland	jpds: cool, cheers	21:01
oruwork	question. I have a public certificate for my mail server, and every time i use thunderbird to check or send mail, it is asking me to view it - how can i stop this ?	21:03
jmedina	oruwork: you need a certificate, I guess you are using self-signed cert	21:04
mathiaz	kirkland: I'm using virtio on both	21:04
kirkland	mathiaz: my guess would be that virtio accelerates the guests so much, that they max out the processing on the host more quickly	21:06
kirkland	mathiaz: and it's not throttled	21:06
oruwork	jmedina, yeah i followed the guide to set up the mail server, its working but mozilla is bothering me about a certificate every time	21:06
oruwork	mosilla thunderbird that is	21:07
jmedina	oruwork: again, what type of cert?	21:07
oruwork	and MS outlook 2003 is not asking anything	21:07
mathiaz	kirkland: that is probably the case	21:07
jmedina	mozilla's cert management *ucks	21:07
mathiaz	I'm using lv in the same vg that has only RAID1 pv	21:07
mathiaz	kirkland: ^	21:07
mathiaz	kirkland: or I'm using files located on the same filesystem	21:07
mathiaz	kirkland: is there a way to say virtio to be more laid back?	21:08
oruwork	not sure, i followed this guide to create a certificate https://help.ubuntu.com/8.10/serverguide/C/postfix.html#postfix-smtp-authentication	21:09
=== genii is now known as evilgenii
oruwork	jmedina, digital certificate for TLS	21:10
oruwork	orudie, thats how they called it in server guide	21:10
=== evilgenii is now known as genii
jmedina	oruwork: :S	21:11
jmedina	well probably it is a self-signed	21:11
oruwork	yeah	21:11
jmedina	well I really dont like how thunderbird plays with self signed certificates, I always build my own CA	21:11
jmedina	Im not sure if there is easy solution about that	21:11
jmedina	probably someone else	21:12
jmedina	ask ivoks i think he uses thunderbird	21:12
jmedina	I only use kontact and does the job :D	21:12
oruwork	yeah i tried both outlook and thunderbird, outlook doesnt say anything about the certificate	21:13
oruwork	sends and receives mail scielently without any errors	21:13
oruwork	thunderbird however, i have to click accept 3 times after pressing the send button	21:14
oruwork	its annoing kinda	21:14
jmedina	:d that is annoying	21:14
oruwork	yeah	21:14
oruwork	lol	21:14
oruwork	ivoks left	21:14
oruwork	he helps me out a lot :)	21:14
jmedina	oruwork: well time to google, I would go to create your own CA, or use startssl free certs	21:15
oruwork	CA ?	21:15
jmedina	with is the same, you still have to import root cert to your clientes	21:15
jmedina	Certificate Authority	21:15
oruwork	yeah , i'm in the section of importing a certificate, just dont know where to get it from	21:16
oruwork	and why its bothering me for it	21:16
oruwork	jmedina, https://www.startssl.com/ ?	21:17
jmedina	oruwork: I thinkg you better ask in mozilla or thunderbird channel, this has nothing to do with server	21:17
jmedina	oruwork: yeap they issue free certs for mail clients or servers	21:18
jmedina	you can also suscribe to cacert.org, they only provide 6months free certs with your own domain	21:18
jmedina	you can create your own certs	21:19
kirkland	mathiaz: ionice? nice?	21:21
kirkland	mathiaz: I'm not sure, honestly	21:21
Maelaian	Are there any plans for a 64bit JeOS?	21:34
trondkla	somebody have a mail program to recommend? For sending mail out from a web server :)?	21:36
Maelaian	sendmail?	21:37
mathiaz	trondkla: postfix is the default mail server in Ubuntu.	21:38
Nafallo	Maelaian: there are no plans for further JeOS'es after 8.04 I don't think.	21:38
trondkla	ok, thanks :) will check out both	21:38
Maelaian	You mean 8.10?	21:38
Nafallo	Maelaian: there is a minimal server install now however.	21:38
Maelaian	Oh? Does that allow 64bit?	21:39
Nafallo	yes.	21:39
Nafallo	Maelaian: and no, I meant 8.04	21:39
Maelaian	Well hell, where were you last night.	21:39
Nafallo	I was visiting pubs. why?	21:39
OscarTgrouch	is there a 64bit ubuntu version that will work on intel Core2?	21:39
mathiaz	Maelaian: You can install a minimal server by hitting F6 at the boot prompt when installing Ubuntu Server	21:39
Maelaian	I see it, but on f4	21:39
mathiaz	Maelaian: oh right - F4 then	21:40
mathiaz	Maelaian: this is option will install what used to be called JeOS	21:40
Maelaian	Good, I didn't like the name.	21:40
mathiaz	OscarTgrouch: there is only one version of 64bit Ubuntu Server and it should work on intel Core2.	21:40
OscarTgrouch	is there any benifit to running VMware server on ubuntu server 64 bit over ubuntu 32 bit when running multiple windows xp 32 bit systems?	21:42
Maelaian	So I F4, hit enter, the menu goes away, and then use the install ubuntu like normal?	21:43
Maelaian	It didn't really gibe an indiciation hitting f4 then enter did anything	21:43
infinity	OscarTgrouch: Assuming VMware is happy running on 64-bit, then yes, the benefit would be better memory management and a generally more responsive system... (Unlike all other 32/64-bit variants, x86_64 has more registers than x86_32, and generally performs faster, despite the more bloated memory usage)	21:44
mathiaz	Maelaian: that should do it	21:44
JDStone	someone said my name	21:44
Maelaian	and does using the minimal for virtual negate the apt-get install linux-virtual for the kernel?	21:48
OscarTgrouch	thanks	21:49
mathiaz	Maelaian: how did you diagnose that?	21:49
Maelaian	I wanted to know if it was still necessary to do install it, or if it was the default.	21:50
mathiaz	Maelaian: it's the default	21:50
Maelaian	Ok, this is exactly what I wanted.	21:51
Maelaian	I knew it had to exist.	21:51
uvirtbot	New bug: #335341 in apache2 (main) "package apache2-utils 2.2.9-7ubuntu3 failed to install/upgrade: package apache2-utils is already installed and configured" [Low,Incomplete] https://launchpad.net/bugs/335341	22:06
yeason1	quick question... is there a way to run a command, ex: virtual machine, from ssh and keep it running even after I disconnect...?	22:45
infinity	yeason1: Background it, and then disown it, so losing the parent shell doesn't kill it.	22:46
yeason1	ah, I know how to background it, how do I disown it?	22:46
infinity	yeason1: "help disown" in a shell.	22:47
yeason1	fair enough, thnx =)	22:48
yeason1	infinity: thanks for the info, got what I needed	22:55
=== Deevz_ is now known as Deevz
Keyser_Soze	screen does that too	23:41
Keyser_Soze	even aloows you to grab the shell from another computer via ssh	23:41
Deeps	screen++	23:42
andol	Just noticed bug #205996. Is it to late to have it "fixed" for Jaunty? The matter of changing the default ServerTokens should be fairly trivial I guess? How much discussion is required to find the proper one? (Myself I kind of like "ServerTokens OS").	23:48
uvirtbot	Launchpad bug 205996 in apache2 "ServerTokens Full in apache2.conf (security risk?)" [Wishlist,Triaged] https://launchpad.net/bugs/205996	23:48
andol	Well, guess I should have checked its actual status in Jaunty before I said anything :) Just a minute	23:52
andol	yes, "ServerTokens Full" is still the default in Jaunty.	23:58

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!