[00:02] <Iceman_B^Ltop> what is the default sudo timer ?
[00:09] <Vog-work> Hello all, I'm getting -Alert! /dev/mapper/ddf1_RAID on a 8.10 server install, booting of of a fake Intel SATA raid
[00:10] <Vog-work> I can run a dmraid -ay and exit out of the shell and ubuntu fill finish loading.
[00:12] <Vog-work> But I still can't figure out why it can't boot normally. Is there some sort of module you need to have loaded inorder to get your array recognized?
[00:13] <Vog-work> looks like https://bugs.launchpad.net/ubuntu/+source/linux/+bug/314395 is experiencing the same problem.
[00:16] <Vog-work> running  apt-get upgrade to see if any updates takes care of this...
[00:16] <mat1211> Hi, how do I disable the root user? lol
[00:17] <mat1211> enabled it by mistake.
[00:22] <jtaji> mat1211: sudo passwd -l
[00:27] <Vog-work> updating the system does not solve the booting problem for bug 314395
[00:44] <Vog-work> could bug 220493 have anything to do with it? I'm running a raid 1 not 4 or 5
[00:54] <Vog-work> Time for dinner bbl.
[02:39] <centaur5> Do xserver packages have to be installed on the LTSP server in order for the client to login to X?
[02:53] <oh_noes> I have a .deb file I wrote and its doing something weird in the post install script.   Is it possible to turn on debugging during "apt-get install" to output all the pre/post install scripts with debug (bash -x) ?
[03:05] <mattt> oh_noes: dpkg has some debugging switches i believe?
[08:12] <Maelaian> I'm looking at switching over a group of servers on fedora and a handful of VM's in vmware esx. I was wondering how lightweight/minimalistic a basic ubuntu server install was compared to other distros, and how it faired performance wise, specifically when being virtualized, so that I could get the most out of the shared resources. I'd love to do a gentoo stage1 install or something like LFS, which I've done before for personal us
[08:13] <ivoks> well, no open ports
[08:14] <ivoks> meaning - no services by default
[08:16] <_ruben> ubuntu runs like a charm virtualized
[08:16] <ivoks> oh, virtualized
[08:16] <_ruben> as for minimalistic, look into JeOS .. disk footprint isnt much smaller than standard server install though
[08:17] <ivoks> yeah... it even has kernel specialized for running as a guest
[08:18] <ltsphelp> can anyone help with ltsp and thin-clients not booting?
[08:18] <Maelaian> ouch no 64 bit?
[08:18] <ivoks> ltsphelp: well, i don't know exactly how ltsp works, but i'm guessing it relay on common tools; so, what's the problem?
[08:19] <ivoks> Maelaian: ?
[08:19] <friartuck> Maelaian there is a 64-bit version.
[08:19] <Maelaian> Of JeOS?
[08:19] <friartuck> Maelaian oh, I thought you were talking about ubuntu-server.
[08:21] <ivoks> jeos isfor appliances
[08:21] <ivoks> i need new keyboard :/
[08:21] <Maelaian> Well a base for appliances, but it seems to be ubuntu tuned for what I am looking to do.
[08:22] <ltsphelp> the thinclient fails at authentication. the auth logs say the user cannot be found
[08:23] <lukehasnoname> Anyone used Grails?
[08:23] <ivoks> ltsphelp: you get that from logs? could you paste on pastebin the exact error
[08:23] <Maelaian> Having a 64bit VM is kind of silly I suppose why JeOS doesnt seem to offer it, but I have 2 very specific apps that only come in 64 bit versions.
[08:24] <ivoks> Maelaian: use ubuntu-server with linux-virtual kernel and strip it down
[08:24] <Maelaian> Ok, what would stripping it down involve?
[08:25] <ivoks> removing wireless-tools :)
[08:25] <Maelaian> I know ubuntu has the uhh similar to yum tool, would it be done through that utility basically?
[08:25] <ivoks> yes
[08:26] <ivoks> ubuntu-server is already quite bare system...
[08:26] <Maelaian> And specifying the kernel would be done post install using the same utility?
[08:26] <ivoks> right
[08:27] <ivoks> apt-get install linux-virtual
[08:27] <Maelaian> Apt, thats right.
[08:27] <Maelaian> Alright, I think I can do some installs and performance testing and comparisons done then and go from there, thanks for the info.
[08:28] <ivoks> np
[08:28] <ltsphelp> paste-bin? i'm on another computer... goes sumfin like this
[08:28] <ltsphelp> sshd[5729]: pam_lwidentify(sshd:auth) PAM config: global:krb5_ccache_type 'FILE'
[08:28] <ltsphelp> sshd[5729]: pam_lwidentify(sshd:auth): failed to get GP info
[08:29] <ltsphelp> sshd[5729]: pam_lwidentify(sshd:auth): getting password (0x00000000)
[08:29] <ltsphelp> sshd[5729]: pam_lwidentify(sshd:auth): request failed
[08:29] <ltsphelp> sshd[5729]: pam_lwidentify(sshd:auth): User 'xxx' is not known
[08:30] <ivoks> pam_lwidentify is for active directory, iirc
[08:30] <ivoks> what do you need it for on ltsp?
[08:32] <ltsphelp> sori. i installed the alternate cd and added edubuntu thinking that the clients will just connect. dunno where the pam things come into it.
[08:35] <ivoks> have you tried in #edubuntu?
[08:35] <ltsphelp> thanks. i'll check
[08:38] <_ruben> the -virtual kernels is pretty much the same as the -server kernel, but with less kmods available (this applies to 8.10 and newer, with 8.04 the kernels differ a bit)
[08:38] <_ruben> i just use -server kernels for my vms .. has paravirtualization and all
[08:54] <kwork> how can i fix packages that have failed at configuration because i manualy removed some files, otherwise the application is working
[08:54] <kwork> can i somehow mark package configured manualy ?
[09:05] <p_quarles> kwork: sudo dpkg-reconfigure package_name
[09:05] <kwork> p_quarles, tnx
[09:07] <kraut> moin
[10:05] <pi_> hello all. I use ubuntu-vm-builder to generate VM on a Hardy server (64bit). The host disk is running RAID1 and a LVM partion on top of RAID. After generate (log at http://viettug.org/attachments/download/148/kvm.log) i cannot boot into VM (the guest grub doesnot work). Any idea?
[10:20] <atomic__> does someone know how to route SMTP traffic through a specific interface with ip rule ?
[10:53] <cemc> how can I unde a revoke-full in openvpn ?
[10:53] <cemc> undo*
[11:55] <dayo2> i'm following this guide: http://ubuntuforums.org/showthread.php?p=7004774#post7004774  2. Add a proxy entry to the apt system. This is for the gui Synaptics. How do I add a proxy entry on the server?
[12:02] <ewook> dayo2: 2 add a proxy entry to the apt system. 3 is only for synaptic.
[12:05] <dayo2> ewook: awesome. thanks!
[13:26] <owh> Hi all. Over the weekend I intend to upgrade a 7.10 server to 8.04. I realise I'll need to use do-release-upgrade. The server is remote and on a medium speed link. I'd like to have it download packages while I sleep. How do I do that?
[13:28] <yann2> you can run the upgrade in a screen and hope it wont ask too many questions ;)
[13:28] <owh> Not really the answer I was looking for.
[13:28] <owh> I'd love it to actually go about downloading all the stuff and actually running it when I'm watching.
[13:29] <yann2> may be an argument of apt-get
[13:29] <yann2> I think there was like --download-only
[13:29] <yann2> let me check
[13:29] <owh> Does do-release-upgrade have a download only option?
[13:29] <yann2> -d, --download-only
[13:29] <yann2> sudo apt-get upgrade -d
[13:30] <yann2> or do-release-upgrade, didnt know about that one
[13:30] <yann2> does do-release-upgrade really exists? its not in the man
[13:30] <owh> The recommended process is using do-release-upgrade, it takes care of all kinds of magic behind the scenes, fixing known transition problems etc.
[13:31] <jpds> update-manager-core: /usr/bin/do-release-upgrade
[13:31] <yann2> right
[13:31] <yann2> well I am just upgrading to jaunty with a dist-upgrade so I hope it'll be fine :)
[13:32] <yann2> so your problem is that it's actually undocumented
[13:32] <yann2> jpds > if I were you I'd run a sudo apt-get dist-upgrade -d , and then the day after a do-release-upgrade
[13:32] <yann2> I bet that it'll work
[13:33] <jpds> That's what I was thinking.
[13:33] <jpds> d-r-u doesn't have a download-only option in the source.
[13:34] <owh> Now that's a canny thought. I wonder if it will work, or just delete all the packages it just downloaded.
[13:34] <yann2> ubuntu has a slight habit of creating tools and forgetting about the man sometimes
[13:34] <yann2> owh > it's worth a try :P
[13:35] <owh> Hmm, just realised that dist-upgrade will only work if I change the sources.list
[13:35] <owh> That looks like asking for trouble :(
[13:35] <owh> It's amazing how conservative you become if your server is not in the same room :-)
[13:52] <embrik> ﻿I would really like to use ubuntu on my workstations - but I can't figure out how to setup server with "roamin profile"
[13:53] <ivoks> what's that?
[13:55] <embrik> roaming profiles is a windows-expression I think - in practical use - my pupils can log into any workstaion at school and get their own desktop and so on
[13:56] <ivoks> each workstation should mount /home from NFS server
[13:56] <ivoks> and you could use LDAP for username/password
[13:57] <embrik> ivoks: I've been reading about nfs, but I find it a bit difficult. I'm in need of a howto which explains it step by step. Yes, you're right. Each ws must mount home/%user%
[13:59] <ivoks> have you looked for howtos?
[14:00] <embrik> ivoks: yes, I find howtos about nfs and ldap - but I can't figure out what to do. They don't expalin how to mount home from nfs-server. I'm not very technical, but have no problems with following a howto :-)
[14:01] <ivoks> mount -t nfs server_ip:/exported/path /home
[14:02] <embrik> ivoks: ok - but where comes the username?
[14:02] <ivoks> why do you need username?
[14:02] <ivoks> export whole /home
[14:03] <embrik> ivoks: I don't understand. How does nfs know that it is jamesk's home which are supposed to be mounted?
[14:03] <_ruben> you dont
[14:03] <_ruben> you mount *all* homes
[14:03] <_ruben> file permissions take care of the rest
[14:04] <ivoks> embrik: jamesk's home is /home/jamesk
[14:04] <ivoks> embrik: if you mounted /home, then anything on top of it will be there
[14:05] <ivoks> embrik: do you understand concept of home directory on unix?
[14:05] <embrik> _ruben: ok - I see, but when jamesk opens home folder ( a shortcut on his desktop) he ends in his own homefolder?
[14:05] <ivoks> embrik: imagine My Documents
[14:05] <embrik> ivoks: I understand the concept .'-)
[14:06] <ivoks> er... My Documents is wrong example
[14:06] <ivoks> maybe that's why you are confused
[14:06] <ivoks> what's the name of the directory were all the data of all users is stored in Windows?
[14:06] <embrik> all users i think
[14:07] <ivoks> nope
[14:07] <ivoks> top of that is...
[14:07] <ivoks> Documents and Settings?
[14:07] <embrik> documents and settings?
[14:07] <ivoks> right
[14:07] <ivoks> So, Documents and Settings = /home
[14:07] <ivoks> if you mount /home, then all user's data is there
[14:07] <ivoks> Documents and Settings/Administrator /home/jamesk
[14:08] <ivoks> so, if you share Documents and Settings from server and mount it on clients as Documents and Settings
[14:08] <ivoks> then all users have their data on all computers - right?
[14:08] <embrik> ivoks: you and ruben may have enlightened me a bit to day :-) What you have told me noe may get me started
[14:09] <embrik> ivoks: i follow you - ubuntu server edition has got both nfs and ldap?
[14:09] <ivoks> yes
[14:09] <dayo2> ivoks: do u have any good links for nfs and such?
[14:09] <ivoks> dayo2: man exports :D
[14:10] <embrik> what do you think about this: https://help.ubuntu.com/community/SettingUpNFSHowTo
[14:10] <incorrect> is it possible to set a different text mode for the installer?
[14:11] <dayo2> ivoks: embrik: thanks, that's a good start
[14:11] <ivoks> embrik: good start; it might get you all the way
[14:11] <ivoks> incorrect: ?
[14:12] <ivoks> embrik: notice the: /home 192.168.0.0/255.255.255.0(rw,sync,no_subtree_check)
[14:12] <incorrect> ivoks, I am pxe installing my servers,  I want a larger text console during installation so i can read the output
[14:12] <embrik> ivoks: i've got an exisitng server with ldap and about 200 users. Could i export them and import them into the new server?
[14:12] <ivoks> embrik: yes
[14:12] <ivoks> embrik: there are two ways
[14:13] <_ruben> replication comes to mind
[14:13] <ivoks> embrik: one is slapcat/slapadd - you do this when slapd is offline
[14:13] <_ruben> (which is something ive been meaning to look into)
[14:13] <ivoks> embrik: creating ldif file and importing it - you do this when slapd in online
[14:13] <ivoks> incorrect: i belive you can change it
[14:14] <embrik> ivoks: great, I must save this log :-)
[14:14] <ivoks> incorrect: default is 80x24, iirc
[14:14] <_ruben> incorrect: you can probably just add an appropriate vga= line to the boot cmdline
[14:14] <ivoks> incorrect: like vga = 773
[14:15] <ivoks> that's 1024x768x256 :D
[14:15] <ivoks> embrik: take you time
[14:15] <ivoks> embrik: get familliar with nfs and ldap before doing anything
[14:15] <_ruben> assuming framebuffer is available during install
[14:16] <embrik> ivoks: I have a test network :-) I will not get into production before I've had an expert to look into it :-)
[14:16] <ivoks> embrik: but once you do it, you'll feel good about your self, cause you'll know a lot more than you thought it's possible :)
[14:17] <ivoks> nfs/ldap does some strange things to humans :)
[14:17] <ivoks> i belive we have some helper apps in ubuntu
[14:18] <embrik> ivoks: right, well thank you - have to finish dinner - bye
[14:18] <ivoks> auth-client-config - pam and NSS profile switcher
[14:19] <embrik> ivoks: are you talking to me? I'm on my way to the kitchen...
[14:19] <ivoks> yes
[14:20] <embrik> ivoks: are the gui-apps?
[14:20] <ivoks> no, ubuntu server has 0 gui apps
[14:20] <ivoks> it doesn't have gui at all
[14:20] <embrik> unless you install desktop
[14:21] <ivoks> that doesn't change a thing
[14:23] <aurax> sup all, i have networking question maybe someone can help out...
[14:23] <aurax> hello, i need help with weird problem that i'm experiencing in my network. i have two juniper 4200EX switches (48-poe) i have random disconnect of client from the switch and it's looks like negotiation problems. some times the connection breaks and sometime it re-negotiate at 10mbit, i have disabled stp,rstp protocols just to make sure that if there's a network loop stp won't disconnect clients. any idea?
[14:26] <ivoks> app of the year: apache directory studio
[15:02] <mat1211> Hi, I have a question.  When I try to give a group of users permission to write to a directory, how do I do this? I can't figure out how to get the chown command to work properly lol
[15:03] <maxb> chown username:groupname (or chgrp groupname)
[15:04] <BlueT_> maxb: or, chmod g+rw /the/path/to/dir/
[15:04] <BlueT_> mat1211: or, chmod g+rw /the/path/to/dir/
[15:04] <BlueT_> maxb: sorry, wrong person
[15:04] <maxb> Indeed, both are part of the solution.
[15:05] <maxb> g+s may also be advisable
[15:06] <maxb> Sadly Linux provides no way to grant write permissions to a group, and prevent users from writing files writable only by themselves individually in that directory
[15:06] <ivoks> ?
[15:13] <embrik> maxb: chmod -R 760 /name_on_directory (owner: all permisions, group write permission, anybody else no permissions
[15:15] <maxb> embrik: You've omitted group traverse permission, which is almost certainly a mistake, and that still doesn't stop users in the group from creating files not writeable by the group.
[15:17] <embrik> Now I understand. A user creates a new codument wchich will be read only for other users in the same group. Yes, thta's annoying. Mus run a cron job every 15 minutes to fix it
[15:18] <jpds> embrik: chmod -R 7... <- won't that make all files exectuable?
[15:19] <embrik> jpds: yes 7= r+w+x
[15:19] <jpds> Exactly. :) Probably not something one wants to do.
[15:20] <embrik> jpds: maybe not, but I always give the owner rwx, don't know why.
[15:21] <maxb> You should almost always have r and x set as a pair on directories
[15:24] <jpds> Something like: find . -type d | xargs chmod 0770 - would be better.
[15:25] <jpds> s/./"/path/to/dir/"/
[15:26] <mat1211> Okay, sorry I got disconnected for a sec.  What I want to do is give a group of users write permissions for only one directory, and that dir is /var/www/uploads.  I try and do this but when I use the sudo chown command it says operation not permitted.  Is there another way?
[15:28] <ivoks> what's the name of the group?
[15:31] <mat1211> the name of the group is hmm, lets say uploaders
[15:35] <stickystyle> mat1211: If your user account is not the owner, and your not in the group 'uploaders', then you will not be permitted to make that change.  Use sudo.
[15:37] <mat1211> I do use sudo.
[15:37] <ivoks> sudo chgrp /var/www/uploads
[15:37] <ivoks> bah
[15:37] <ivoks> sudo chgrp uploaders /var/www/uploads
[15:37] <ivoks> sudo chmod g+rwx /var/www/uploads
[15:38] <ivoks> looks like IBM really owns Sun
[15:39] <ivoks> $7 billion
[15:39] <stickystyle> ivoks: what site has coverage?
[15:39] <ivoks> phone...
[15:40] <mat1211> thx
[15:41] <ivoks> http://www.nytimes.com/2009/04/03/technology/business-computing/03blue.html?_r=2&ref=technology
[15:41] <stickystyle> Ah, so it's not 100% final just yet.
[15:42] <ivoks> it's not, but this would mean that big blue is back
[15:42] <ivoks> with a bang :)
[15:42] <stickystyle> I'm not exactly sure Sun provides much in the way of 'bang' these days.
[15:43] <stickystyle> If takes place though I would like to see the PR mess that is becoming MySQL get cleaned up.
[15:43] <ivoks> stickystyle: it's not the Sun that will bang, but the whole profile of IBM
[15:44] <ivoks> almost full control of UNIX
[15:44] <mat1211> When I do the chgrp thing it still says opperation not permitted.  would it matter if I was using an external hd?
[15:44] <ivoks> mat1211: what filesystem is that?
[15:44] <PhotoJim> mat1211: if you're using a Windows filesystem, absolutely yes.
[15:44] <stickystyle> mat1211: send a pastebin of $mount
[15:44] <ivoks> probably FAT
[15:44] <mat1211> I think I may be using a windows fs, its vfat
[15:45] <PhotoJim> mat1211: you'll have to reformat it with EXT3 (or another Linux-specific filesystem).
[15:45] <mat1211> arrgghh lol
[15:45] <ivoks> but all his pr0... data is there!
[15:45] <ivoks> :)
[15:46] <mat1211> how do I reformat it with a linux fs? and if I do that will windows recognize it?
[15:46] <ivoks> windows is ego-centric
[15:46] <mat1211> ?
[15:46] <PhotoJim> mat1211: Why do you need Windows to recognize it?  No, Windows won't recognize it.
[15:46] <ivoks> it know only about its own filesystems
[15:47] <mat1211> I have a windows computer, I am getting a apple comp soon but for now I may need windows comp to work with harddrive.
[15:47] <mat1211> is there a driver I can install onto my ubuntu server that will allow me to do these things?
[15:48] <ivoks> FAT doesn't support users
[15:48] <PhotoJim> mat1211: if you're using it for web hosting on your Linux machine, you won't be able to use it on your other machines anyway.  I think you'd be better off to get a different hard disk for this other use.  They are getting cheap enough.
[15:48] <ivoks> so, you can't set up users on FAT
[15:48] <ivoks> this has nothing to do with OS
[15:49] <mat1211> hmm, what is the command to reformat the disk with the right filesystem?
[15:49] <mat1211> sudo umount /mnt
[15:49] <mat1211> woops
[15:50] <mat1211> wrong window lol
[15:50] <PhotoJim> mat1211: mkfs.ext3 (assuming you want to use EXT3, it's a good, commonly used filesystem).  but you need to know how the drive is partitioned first.  and if you do this, you'll erase everything on it.  do some googling before you begin.
[15:51] <mat1211> its only one big disk
[15:51] <mat1211> so...
[15:51] <ivoks> mat1211: there's a ext3 driver for windows
[15:51] <ivoks> and i think OSX supports ext3 anyway
[15:51] <PhotoJim> what is Linux calling the drive?  it should be sdx.
[15:52] <PhotoJim> ivoks: I'm pretty sure OS X supports it.  but I think his solution is NFS, not Windows-compatible file systems.
[15:52] <ivoks> nfs?
[15:53] <PhotoJim> Network File System.
[15:53] <PhotoJim> i.e. networking.
[15:53] <PhotoJim> If you need to be able to write to this disk from other systems, enable NFS on the Linux machine, and mount the disk as a remote file system on the client machine.  That works on Linux or OS X.
[15:54] <PhotoJim> and if you enable Samba, you can mount it on Windows too.
[15:54] <ivoks> oh, right
[15:55] <PhotoJim> I export /var/www as an NFS file mount.  and I enable it in Samba.  I mount it to my Windows machines as W:.
[15:55] <PhotoJim> that way I can copy web content right to it from any machine on my LAN.
[16:06] <incorrect> in my preseed file I have a disk recipe,  that is cool but i want a second one for the other hard drive, is this possible?
[16:07] <mat1211> what is nfs? :P like networking?
[16:07] <incorrect> mat1211, some people say its like magic
[16:07] <mat1211> ......
[16:08] <incorrect> some people say if you close your eyes for just long enough and wish really really hard miracles happen
[16:09] <jpds> kirkland: ping.
[16:12] <jpds> kirkland: ecrytfs is freaking me out on me: http://pastebin.com/f144931b7
[16:13] <stickystyle> PhotoJim: Windows servers can mount NFS also.
[16:15] <mat1211> whats better about nfs than say ext3 or whatever the other is?
[16:18] <incorrect> mat1211, you don't actually know what nfs ?
[16:19] <incorrect> mat1211, or are you actually just trolling?
[16:19] <mat1211> no, I actually don't know nfs, I'm quite new at this stuff.
[16:20] <incorrect> ok nfs is a protocol that allows you to export your local file system
[16:21] <incorrect> your local file system could be, ext2,3,4,jfs,xfs etc
[16:21] <mat1211> I, see...
[16:22] <mat1211> and could I do this nfs thing without reformatting my harddrive?
[16:22] <mat1211> lol
[16:22] <incorrect> yes
[16:23] <incorrect> are you using ubuntu?
[16:23] <mat1211> yes im using ubuntu.
[16:23] <incorrect> why do you think you want nfs?
[16:23] <mat1211> How do I set my external hd to use nfs?
[16:24] <mat1211> So I can get my external harddrive to work with users, or would I still need ext3 for that
[16:24] <incorrect> http://ubuntuforums.org/showthread.php?t=249889
[16:25] <incorrect> what file system is your external hard drive?
[16:25] <mat1211> fat
[16:25] <incorrect> you probably want samba then
[16:27] <incorrect> can't say i've ever tried to nfs export fat
[16:27] <stickystyle> mat1211: The NFS solution was proposed as  a way for you to be able to share the data on that FAT drive between the three different OS's you mentioned.  So you would need the drive formated with a filesystem that supports users and POSIX permissions, then you would be creating a network share by way of NFS or samba that your windows or mac could mount over the network.
[16:28] <mat1211> ah, I see.
[16:28] <mat1211> Thanks lol
[16:31] <incorrect> how can i seed partman to partition 2 drives
[16:36] <PhotoJim> stickystyle: Windows servers can?  didn't know that.  how about Windows clients?
[16:37] <mathiaz> kirkland: hey - I've got some feedback on kvm 84 on hardy
[16:37] <mathiaz> kirkland: I've been running it for a few weeks now
[16:37] <mathiaz> kirkland: it's stable for my usage pattern
[16:38] <PhotoJim> mat1211: yeah, NFS has nothing to do with the file system on your disk.  what it lets you do is read and write data to and from that disk, without you having to disconnect it from the Ubuntu server.  any machine on your network could write or read data to or from that disk.
[16:38] <mathiaz> kirkland: however I've noticed some performance changes
[16:38] <PhotoJim> mat1211: you wouldn't need to disconnect it to put stuff on it.  just put data on it over the network.
[16:38] <mathiaz> kirkland: especially on the host load
[16:38] <stickystyle> PhotoJim: Win2k, WinXP (didn't relize it could also) can both use 'services for unix' from MS. 2k3 has it built in.
[16:38] <PhotoJim> stickystyle: I didn't realize that was even an option.  good to know.
[16:39] <mathiaz> kirkland: if I do a dist-upgrade (for example) in a guest the host load goes way up (8 to 10)
[16:39] <PhotoJim> stickystyle: I tend to just stick external EXT3/whatever drives on my server and access them over the network, but it's good to have options.
[16:39] <mathiaz> kirkland: and the guest can become unresponsive for a couple of seconds
[16:39] <stickystyle> PhotoJim: Options are what the whole linux game is all about :)
[16:39] <PhotoJim> stickystyle: true indeed!
[16:40] <mathiaz> kirkland: unfortunately I don't have any metrics to backup this claim - it's just my perception of using guests.
[16:40] <PhotoJim> stickystyle: although there are enough options that some of the options are unnecessary much of the time, so one has to learn about them serendipitously :)
[16:40] <mathiaz> kirkland: but something has definetly change performance wise
[16:40] <stickystyle> PhotoJim: also true indeed.
[16:40] <mathiaz> kirkland: with two or three guests running at the same the load on the host can go up to 20/30 sometimes
[16:41] <mathiaz> kirkland: If I install packages in all the guests at the same time
[16:41] <mathiaz> kirkland: what do you think about that?
[16:45] <mathiaz> ivoks: hi - did you have some time to test the evolution-mapi plugin?
[16:47] <ivoks> mathiaz: nope, the exchange environment is broken :(
[16:47] <mathiaz> ivoks: you mean that you cannot test it or that the plugin is broken?
[16:47] <ivoks> other reported that it works, so i belive it is working
[16:47] <ivoks> i cannot test
[16:47] <mathiaz> ivoks: ok - I was thinking about writing a call for testing
[16:47] <mathiaz> ivoks: to get more coverage on the plugin
[16:48] <mathiaz> ivoks: on the ubuntuserver blog
[16:48] <ivoks> sure... i still don't see it as a server topic, but well... :)
[16:48] <ivoks> it's an enterprise topic :D
[16:48] <mathiaz> ivoks: right - I'd say that ubuntu server users are more likely to have access to an exchange environment
[16:53] <genii> Interesting bug
[16:57] <ttx> genii: nothing like etckeeper to reveal naughty packages.
[16:58] <Vog-work> Hey there has anyone figured out a fix for https://bugs.launchpad.net/ubuntu/+source/linux/+bug/314395
[17:13] <mathiaz> jdstrand_: regarding qrt and README.multi-purpose vm - is there a reason to use bind+dhcpd rather than dnsmasq?
[17:15] <jdstrand_> mathiaz: mostly because bind and dhcpd are the ISC reference implementations and in wider use
[17:15] <mathiaz> jdstrand: I'm looking at automating the process of creating a multipurpose vm
[17:16] <mathiaz> jdstrand: in order to make easier to setup a test environment
[17:16]  * sbeattie votes for dnsmasq 
[17:16] <mathiaz> jdstrand: and it seems that using dnsmasq as the dns/dhcp server in such an environment is easier
[17:16] <jdstrand> mathiaz: totally agree with ease of use
[17:17] <mathiaz> jdstrand: OTOH dnsmasq is in universe, while bind+dhcpd are in main
[17:17] <ScottK> JDStone: Did you get my ping on clamav updates?
[17:17] <ScottK> Err sorry JDStone.
[17:17] <ScottK> jdstrand: ^^^
[17:18] <jdstrand> mathiaz: I wonder if you will have all the functionality required when using dnsmasq though. eg dnssec, tsig, dynamic updates, ...
[17:18] <mathiaz> jdstrand: right - I'm looking at the dnsmasq man page.
[17:18] <jdstrand> mathiaz: we (I) started that document so that I could test security updates and functionality against a fully loaded vm. that me be a different use case fro what you have
[17:18] <mathiaz> jdstrand: dynamic updates are automatic since dnsmasq does both dhcp and dns
[17:19] <jdstrand> ScottK: no I didn't
[17:19] <ScottK> [19:40:59] <ScottK> jdstrand: Would you please have a look at Bug #354190 - it's both security fixes and apparmor profile fixes.  I think it's ready to go.
[17:19] <mathiaz> jdstrand: right - IIUC the multipurpose vm is a system that runs in your testing environment and provide standard servicesd
[17:19] <mathiaz> jdstrand: it's not supposed to be the system to be tested
[17:19] <jdstrand> mathiaz: is dnsmasq able to do all the dhcpd goodies? like ntp-server, etc? do you care?
[17:19] <ScottK> That was in #ubuntu-hardened last night.
[17:20] <mathiaz> jdstrand: ntp-server -> handing out the ntp-server option?
[17:20] <jdstrand> ScottK: ack. thanks
[17:20] <jdstrand> mathiaz: yes, and others like tftp, etc
[17:20] <ScottK> jdstrand: No problem.
[17:20] <mathiaz> jdstrand: yes.
[17:21] <mathiaz> jdstrand: everything related to Dynamic updates is not needed for dnsmasq
[17:21] <mathiaz> jdstrand: it's include OOTB
[17:22] <jdstrand> mathiaz: and I suppose it'll do all the SRV records that can be used with kerberos (this isn't in that document yet, but planned)
[17:22] <mathiaz> jdstrand: now IIUC dnssec is not supported by dnsmasq
[17:23] <jdstrand> mathiaz: honestly, if it greatly speeds development to use dnsmasq, I'm not sure dnssec is enough of a reason not to use it
[17:24] <mathiaz> jdstrand: SRV and TXT records are supported
[17:24] <jdstrand> mathiaz: if you do use dnsmasq, can I request that you update README.multipurpose-vm to include it
[17:24] <jdstrand> ?
[17:24] <jdstrand> I'd like to have more than your script for documentation ;)
[17:24] <mathiaz> jdstrand: sure - I'll give it a shot
[17:25] <jdstrand> mathiaz: cool, thanks
[17:26] <jdstrand> nxvl: hey, have you been coordinating with ScottK on clamav? specifically bug #354190?
[17:27] <oruwork> hi, i need help with sshd key
[17:27] <ScottK> jdstrand: We've been talking about clamav stuff, but I don't recall if we discussed that one.
[17:27] <jdstrand> nxvl, ScottK: I'll get intrepid going-- just thinking about hardy and earlier
[17:27] <ScottK> jdstrand: In the bug I make recommendations about how to deal with the earlier releases.
[17:28] <ScottK> nxvl is working on libclamav rdepends for Jaunty right now.
[17:28]  * jdstrand nods
[17:28] <nxvl> yup
[17:28] <nxvl> once we are finish with jaunty i was going to start with the SR stuff
[17:28] <jdstrand> I just didn't see nxvl referenced in the bug, so wanted to know what was happening there
[17:28] <jdstrand> cool. thanks nxvl!
[17:29] <jdstrand> and ScottK! :)
[17:29] <ScottK> He's in the ubuntu-clamav team so he gets all the bugmail.
[17:29] <jdstrand> ok cool
[17:29] <ScottK> Actually, maybe he doesn't
[17:29] <nxvl> actually i don't
[17:29] <ScottK> I think that just goes to me now that I consider it.
[17:29] <nxvl> the team is not subscribed
[17:30]  * ScottK needs to look into that.
[17:31] <oruwork> should i change the ssh listen port from 22 to 2222?
[17:31] <oruwork> or can i change it to any other port ?
[17:32] <Deeps> you can change to any port you want
[17:32] <Deeps> moving away from port 22 reduces the risk from brute force attacks, but increases inconvenience
[17:34] <oruwork> will the hacker be able to tell which port sshd is listening on ?
[17:38] <stickystyle> oruwork: Yes, anyone can tell what port ssh is open on by scanning all available ports on you box, looking for the one that sshd answers on.  However most bots that are scanning these days go for the low hanging fruit and just focus on seeing if ssh is open on port 22 (and port 2222 more recently)
[17:38] <oruwork> is there a way to jail users in their home directoires ?
[17:39] <stickystyle> oruwork: for ftp/sftp usage or shell?
[17:39] <oruwork> for shell
[17:39] <oruwork> and for any
[17:39] <oruwork> but shell primarly
[17:40] <stickystyle> Sure you probably *could* do that, it would be a major pain to administer though.  lets step back and ask *why* you want to do this.
[17:42] <oruwork> my system had been compromised
[17:42] <oruwork> one of the users had a really weak password
[17:42] <Deeps> ubuntu forums has a relatively straightfoward guide on how to do it if you want to jail users into a shared jail
[17:42] <Deeps> if you want each user in their own jail, it's basically the same as described in the forums, but creating a new jail for each user
[17:43] <oruwork> do you have a url Deeps ?
[17:43] <Deeps> better served would be enforcing more secure passwords though, i think you can do that with a pam module
[17:43] <genii> Deeps: In that case /home is their root?
[17:43] <genii> (group jail)
[17:43] <Deeps> genii: /home/jail/home/$user
[17:43] <Deeps> you can have unjailed users too
[17:43] <Deeps> oruwork: nope, google ubuntu user jail should give you relevant hits though
[17:44] <Deeps> genii: so the jail root would be /home/jail
[17:44] <oruwork> Deeps, is this what you are talking about? http://ubuntuforums.org/showthread.php?t=248724
[17:44] <genii> Deeps: Interesting
[17:44] <Deeps> oruwork: that looks relevant too, yep
[17:44] <Deeps> oruwork: although it's a bit old  (sept 2006?)
[17:44] <oruwork> yeah
[17:45] <genii> I wonder how that would work with hashed usernames
[17:45] <Deeps> searching the forums directly may be better than googling, and will give results in date order too
[17:58] <jdstrand> ScottK: hmmm. I see that the intrepid debdiff for -security has apparmor profile fixes. Those shouldn't be part of the security update. I think I should strip that out, upload to -security and then add them back in for a separate upload to -proposed after the security update goes out
[17:58] <jdstrand> ScottK: while the changes are easy to see as correct, it is policy to not correct non-security bugs in -security
[17:58] <ScottK> jdstrand: Your call.  For clamav I'd call people turning off apparmor due to profile problems a security issue, but up to you.
[17:59] <jdstrand> ScottK: heh. ok, they could also try the -proposed update or modify their profile...
[17:59] <jdstrand> ;)
[17:59] <jdstrand> ScottK: I'd be happy to do the upload to -proposed
[18:00] <ScottK> My major fear is we get no takers to verify and then we have two versions to maintain for a long time.
[18:00] <ScottK> I do recommend staring at it a bit and seeing if you can convince yourself it's a security issue.
[18:07] <jdstrand> ScottK: I see your point and am tempted by bug #312695, but ultimately I feel this is a regular bug as it does not cross privilege boundaries or cause data loss. I'm going to split it out
[18:07] <ScottK> jdstrand: OK.  Your call.
[18:23] <zul> mathiaz: ping
[18:24] <goofey> !seen Keyser_Soze
[18:32] <oruwork> i downloaded jailkit-2.6.tar.bz2 , how can i install it ?
[18:37] <mathiaz> zul: hi
[18:38] <zul> mathiaz: debian unstable has php 5.2.9 isnt that something we might want for jaunty even though its a bit late
[18:39] <mathiaz> zul: hm - jaunty is at 5.2.6 now
[18:40] <zul> with a lot of backported patches
[18:41] <mathiaz> zul: right. It would be a two minor release bump ( .7 and .9)
[18:41] <mathiaz> zul: mostly bug fixes
[18:42] <mathiaz> zul: is there an ABI bump?
[18:43] <zul> im not sure i only was aware about it this morning
[18:43] <zul> i think it might break packages in universe though
[19:10] <mathiaz> bdmurray: sbeattie: is there a standard reply for marking a bug invalid because the reporter is unable to provide the requested information?
[19:11] <bdmurray> mathiaz: unable or has taken too long w/o responding?
[19:12] <mathiaz> bdmurray: unable - bug 322647
[19:12] <mathiaz> bdmurray: he wiped his system and doesn't have the log anymore
[19:13] <bdmurray> mathiaz: no standard reply for that
[19:13] <mathiaz> bdmurray: ok. I'll make something up
[19:15] <ivoks> mathiaz: still interested in ldap stuff? :)
[19:15] <mathiaz> ivoks: it depends - what's your offer?
[19:16] <ivoks> mathiaz: management tool that beats evertyhing seen before
[19:16] <mathiaz> ivoks: I'm your man - shoot!
[19:16] <ivoks> mathiaz: http://directory.apache.org/studio/
[19:17] <ivoks> it just too beautifull to be truth
[19:18]  * jmedina loves apache directory studio
[19:18] <ivoks> and they have screenshots made in ubuntu!
[19:18] <ivoks> how cool is that?! :D
[19:18]  * jmedina also has ads screenshots
[19:19] <jmedina> in ubuntu of course
[19:19] <jmedina> it is really cool, you can do batch operations
[19:19] <ivoks> i've been using it for couple of days... i still think i'm dreaming
[19:19] <jmedina> jojojo
[19:20] <jmedina> it has everything, it is really functional and it has good GUI
[19:20] <ivoks> schema editor
[19:20] <jmedina> and it is nothing slow
[19:20] <jmedina> yeap
[19:20] <jmedina> log operations
[19:20] <ivoks> yeah... it's snapier than some browsers ;)
[19:20] <jmedina> you can see ldif like operations
[19:20] <ivoks> jmedina: an ultimate tool
[19:21] <jmedina> the only thing I didnt like it is the fist time you want to use 3 panels
[19:21] <jmedina> I really dont know how I did it :S
[19:22] <mathiaz> ivoks: how schema and DIT independent is it?
[19:23] <ivoks> mathiaz: how can it be dependet at all?
[19:23] <ivoks> mathiaz: it pulls DIT and schema from server
[19:23] <mathiaz> ivoks: does it require LDAP knowledge or can it be used by ordinary users (ie can a secretrary use it to update the phonebook)?
[19:24] <ivoks> mathiaz: well, it for admins, but after 2 hours of introduction, a secretary could use it too
[19:24] <ivoks> it makes openldap much easier
[19:25] <mathiaz> ivoks: ok
[19:25] <ivoks> for secretary it has export to excel and import from it
[19:25] <jmedina> of course with good acls
[19:25] <jmedina> :D
[19:25] <ivoks> :)
[19:25] <jmedina> yeap import/export rules
[19:26] <mathiaz> ivoks: well - I'm not interested in having an excel import
[19:26] <ivoks> :)
[19:26] <ivoks> csv
[19:26] <ivoks> ldif
[19:26] <mathiaz> ivoks: I'd rather have one tool to be used by the end user
[19:26] <mathiaz> ivoks: so that the secretary doesn't need to use excel to update the phonebook
[19:27] <ivoks> this one could be used by the end user, if acls are set up right and operator gets an itroduction
[19:27] <ivoks> introduction
[19:27] <ivoks> click on name on the left side, double click on the phone, enter it and press enter
[19:27] <mathiaz> ivoks: are ACI taken into account with displaying attributes?
[19:27] <ivoks> how hard can that be? :)
[19:28] <ivoks> mathiaz: i haven't tried that yet
[19:28] <mathiaz> ivoks: ie - if the logged in user doesn't have access to a specific attribute, it should be displayed at all
[19:28] <ivoks> but it bolds musthave attributes
[19:28] <mathiaz> ivoks: ie - if the logged in user doesn't have access to a specific attribute, it should *not* be displayed at all
[19:28] <ivoks> i know what you ask
[19:28] <ivoks> i haven't tried that yet
[19:28] <ivoks> i might now :)
[19:29] <mathiaz> ivoks: if that's supported then it can be used by any end users
[19:29] <jmedina> I used Mandriva Directory server when was called Linbox directory server
[19:29] <ivoks> mathiaz: err...
[19:29] <mathiaz> ivoks: So that the UI would actually be configured by ACI and the LDAP administrator
[19:30] <ivoks> mathiaz: if openldap server doesn't return attributes which are hiden, how can ads show them?
[19:30] <jmedina> I like because you can create your own plugins, Im trying to create a plugin to manage amavisd-new attributes via web interface
[19:30] <ivoks> jmedina: other have done it already :)
[19:31] <jmedina> ivoks: a plugin for MDS?
[19:31] <ScottK> jdstrand: Clamav 0.95.1 (bug fix only) will be out on Tuesday.  I'm travelling next week, so I'd appreciate it if you could hang out on #debian-clamav and coordinate geting the tarball from them, uploading, etc.
[19:31] <ivoks> jmedina: no, a web interface
[19:31] <mathiaz> ivoks: if ads supports building a dynamic UI component based on the returned attributes that would fit the use case
[19:31] <ScottK> I may have internet access, but not for certain.
[19:32] <ivoks> mathiaz: dynamic ui?
[19:32] <mathiaz> ivoks: yes - according to the logged in user, the UI will have different attributes showed
[19:32] <ivoks> mathiaz: as i said, it shows what ldap passes
[19:33] <mathiaz> ivoks: great - I think should just take a look at it ;)
[19:33] <ivoks> mathiaz: so, if ldap doesn't provide userPassword for some user, then that attribute won't be in the ui
[19:34] <ivoks> mathiaz: go with the full suite, not a plugin for eclipse
[19:34] <jdstrand> ScottK: you are talking about for Jaunty?
[19:35] <mathiaz> ivoks: full suite?
[19:35] <ivoks> mathiaz: http://directory.apache.org/studio/downloads.html
[19:35] <ivoks> mathiaz: there's plugin and application
[19:36] <ivoks> mathiaz: go with the application
[19:36] <ivoks> plugin seems to be broken for jaunty's eclipse
[19:36] <mathiaz> ivoks: well I'm download 73M - that must by the full suite
[19:36] <ivoks> yes
[19:37] <Maelaian> crucial sent me dual rank ram, but never gave me an option to choose between single/dual rank. How does one normally distinguish between the two?
[19:39] <ivoks> jmedina: have you tried editing ACL's in ADS?
[19:39] <jmedina> ivoks: nop, I rarely edit acls
[19:40] <ivoks> ok
[19:41] <jmedina> Im still getting usde to cn=config
[19:42] <ivoks> yeah, me too
[19:43] <jmedina> most because I only use hardy for production servers :S
[19:44] <jmedina> so most of time I use slapd.conf but cn=config is a big thing, afaik it was requested by hp when they wanted to migrate their directory infraestrucutre to openldap
[19:44] <jmedina> at that time it was not possible, so hp and symas sat to work together and created all the required overlays, including cn=config, constrains and others
[19:45] <jmedina> then in 2008 they migrated everything to openldap
[19:46] <jmedina> ivoks: have you used ebox for directory?
[19:46] <ivoks> nope
[19:47] <jmedina> what I like about ebox its samba integration and granular acls to shares
[19:58] <genii> Hm. If I have DSL routers to a bond0 (which gets a LAN ip) how would I go about port forwarding to some box on the lan?
[20:00] <Deeps> come again?
[20:02] <genii> Deeps: Currently I have lan-eth0-nat'd to bond0-dsl routers                  But if I want forward port 80 for instance inwards to a web server on lan, it becomes sticky
[20:02] <ivoks> mathiaz: fwiw, i can cofirm that acls do work
[20:02] <ivoks> mathiaz: attributs hiden for the user don't show up in GUI
[20:02] <mathiaz> ivoks: awesome
[20:03] <mathiaz> ivoks: that means that any end user could use it without having to figure out what all the attributes are
[20:03] <ivoks> mathiaz: correct
[20:03] <ivoks> mathiaz: secretary could just have first and last name and the phone number
[20:03] <mathiaz> ivoks: so now the next step is whether there is a mechanism in studio to be able to customize the UI representation for a specific attribute
[20:04] <ivoks> to show description instead of the name
[20:04] <Deeps> genii: i still dont really understand, but iptables -t nat -A PREROUTING -i bond0 -p tcp --dport 80 -j DNAT --to ip.of.natted.machine.with.webserver
[20:04] <ivoks> 'Full name' instead of cn
[20:04] <mathiaz> ivoks: ex: for the phone number use another label instead phone number
[20:04] <Deeps> genii: may or maybe all you need
[20:04] <mathiaz> ivoks: something like that (useful for translation)
[20:04] <Deeps> genii: may or may not*
[20:05] <mathiaz> ivoks: or if the corporate culture calls it differently
[20:05] <jmedina> genii: you also need to enable IP forwarding
[20:05] <jmedina> echo 1 > /proc/sys/net/ipv4/ip_forward
[20:07] <ivoks> mathiaz: i'm not sure if that's possible :/
[20:08] <genii> jmedina: I have ipv4 forwarded already, thanks
[20:09] <ivoks> mathiaz: haha! it is :)
[20:09] <ivoks> mathiaz: and it has built in support for different languages
[20:09] <mathiaz> ivoks: my point being that an end user should see things like carLicense, employeeType, jpegPhoto
[20:10] <mathiaz> ivoks: my point being that an end user should *not* see things like carLicense, employeeType, jpegPhoto
[20:10] <mathiaz> ivoks: or any of the attribute name
[20:10] <ivoks> ?
[20:11] <ivoks> should or shouldn't? :)
[20:11] <mathiaz> ivoks: should *not*
[20:11] <mathiaz> ivoks: it's computer jargon - it should have a descriptive name
[20:11] <ivoks> right... instead of carLicense he would see License of user's car
[20:11] <mathiaz> ivoks: for the end user
[20:11] <mathiaz> ivoks: yes - something like that.
[20:11] <ivoks> that's possible
[20:11] <mathiaz> ivoks: by changing the schema?
[20:12] <mathiaz> ivoks: and editing the DESC ?
[20:12] <ivoks> let me check
[20:12] <mathiaz> ivoks: that would be the most natural place
[20:14] <ivoks> right, choose an attribute
[20:14] <ivoks> hit f6
[20:14] <ivoks> and - rename it :)
[20:14] <genii> Deeps: I'll try that laetr, thanks
[20:15] <ivoks> that's editing desc in schema
[20:15] <mathiaz> ivoks: and then the UI reflects it when you edit an object?
[20:15] <ivoks> yes
[20:15] <genii> Deeps: I suppose I'll require to forward from each DSL router port 80 to ip of bond0 then
[20:15] <mathiaz> ivoks: awesome
[20:15] <ivoks> it just looks silly
[20:15] <Deeps> genii: you're doublenatting? yuck
[20:15] <ivoks> maybe i'm doing something wrong:
[20:16] <ivoks> displayName;lang-hr-imeiprezime
[20:17] <genii> Deeps: When I had eth0 and bond0 on same lan range didn't work. So I have eth0/lan on 192.168.0.x and bond0/DSL routers on 192.168.1.x with nat from eth0 to bond0, currently
[20:17] <Deeps> genii: doublenat, ugly
[20:18] <genii> Deeps: I agree
[20:18] <Deeps> genii: unless.... you can forward ports to 192.168.0.x on your dsl routers
[20:18] <Deeps> and add a static route on your routers to route 192.168.0.x via the lan ip of bond0
[20:18] <genii> Deeps: I tried that but they are crappy routers with no route adding capability
[20:18] <Deeps> this really sounds like bargain basement bonding lol
[20:20] <genii> Deeps: This co bought 4 DSL connections then called me to try and aggregate them. So the dsl modems were bridged and bond0 had issues trying to bond ppp0 ppp1 etc etc. So added routers between and got it going
[20:20] <genii> Deeps: Yeah they are pretty cheap there too
[20:21] <Deeps> bargain basement bonding
[20:26] <ivoks> anyway... it's a good start :)
[20:27] <oruwork> how can I list hidden files ?
[20:27] <oruwork> with ls command
[20:29] <genii> oruwork:  with -a
[20:30] <ivoks> bye all
[20:31] <oruwork> I have smtpd.csr file, and i think its a public certificate file
[20:31] <oruwork> ivoks, hi, bye brother !
[20:32] <oruwork> and every time i use thunderbird to send out an email, its telling me to view the certificate
[20:43] <jmedina> orudie: csr files usuallly are Certificate signing requests, so it is not a public cert
[20:46] <ScottK> jdstrand: yes.
[20:47] <oruwork> question. I have a public certificate for my mail server, and every time i use thunderbird to check or send mail, it is asking me to view it
[20:48] <kirkland> jpds: pong
[20:49] <kirkland> jpds: what's your underlying filesystem?  ext4?
[20:53] <kirkland> mathiaz: okay, regarding kvm-84 and your performance issues....
[20:53] <kirkland> mathiaz: are you using virtio on either disk or network?
[20:54] <kirkland> jpds: there's a #ecryptfs channel on irc.oftc.net
[20:54] <kirkland> jpds: i recommend going there to discuss this
[20:54] <kirkland> jpds: ping me and tyhicks there
[20:56] <embrik> I've use webmin in debian for some years - is e-Box a similar app?
[20:58] <jpds> kirkland: It was ext4, but now I've reinstalled...
[20:59] <kirkland> jpds: i've encountered some nastiness on ext4 as wekk
[20:59] <kirkland> well
[20:59] <kirkland> jpds: we're interested in recording those, if possible
[20:59] <kirkland> jpds: but I, too, reinstalled with ext3
[21:00] <jpds> kirkland: I decided to go with encrypted-private instead -home this time, I'll let you know if anyting happens.
[21:01] <kirkland> jpds: cool, cheers
[21:03] <oruwork> question. I have a public certificate for my mail server, and every time i use thunderbird to check or send mail, it is asking me to view it - how can i stop this ?
[21:04] <jmedina> oruwork: you need a certificate, I guess you are using self-signed cert
[21:04] <mathiaz> kirkland: I'm using virtio on both
[21:06] <kirkland> mathiaz: my guess would be that virtio accelerates the guests so much, that they max out the processing on the host more quickly
[21:06] <kirkland> mathiaz: and it's not throttled
[21:06] <oruwork> jmedina, yeah i followed the guide to set up the mail server, its working but mozilla is bothering me about a certificate every time
[21:07] <oruwork> mosilla thunderbird that is
[21:07] <jmedina> oruwork: again, what type of cert?
[21:07] <oruwork> and MS outlook 2003 is not asking anything
[21:07] <mathiaz> kirkland: that is probably the case
[21:07] <jmedina> mozilla's cert management *ucks
[21:07] <mathiaz> I'm using lv in the same vg that has only RAID1 pv
[21:07] <mathiaz> kirkland: ^
[21:07] <mathiaz> kirkland: or I'm using files located on the same filesystem
[21:08] <mathiaz> kirkland: is there a way to say virtio to be more laid back?
[21:09] <oruwork> not sure, i followed this guide to create a certificate https://help.ubuntu.com/8.10/serverguide/C/postfix.html#postfix-smtp-authentication
[21:10] <oruwork> jmedina, digital certificate for TLS
[21:10] <oruwork> orudie, thats how they called it in server guide
[21:11] <jmedina> oruwork: :S
[21:11] <jmedina> well probably it is a self-signed
[21:11] <oruwork> yeah
[21:11] <jmedina> well I really dont like how thunderbird plays with self signed certificates, I always build my own CA
[21:11] <jmedina> Im not sure if there is easy solution about that
[21:12] <jmedina> probably someone else
[21:12] <jmedina> ask ivoks i think he uses thunderbird
[21:12] <jmedina> I only use kontact and does the job :D
[21:13] <oruwork> yeah i tried both outlook and thunderbird, outlook doesnt say anything about the certificate
[21:13] <oruwork> sends and receives mail scielently without any errors
[21:14] <oruwork> thunderbird however, i have to click accept 3 times after pressing the send button
[21:14] <oruwork> its annoing kinda
[21:14] <jmedina> :d that is annoying
[21:14] <oruwork> yeah
[21:14] <oruwork> lol
[21:14] <oruwork> ivoks left
[21:14] <oruwork> he helps me out a lot :)
[21:15] <jmedina> oruwork: well time to google, I would go to create your own CA, or use startssl free certs
[21:15] <oruwork> CA ?
[21:15] <jmedina> with is the same, you still have to import root cert to your clientes
[21:15] <jmedina> Certificate Authority
[21:16] <oruwork> yeah , i'm in the section of importing a certificate, just dont know where to get it from
[21:16] <oruwork> and why its bothering me for it
[21:17] <oruwork> jmedina, https://www.startssl.com/ ?
[21:17] <jmedina> oruwork: I thinkg you better ask in mozilla or thunderbird channel, this has nothing to do with server
[21:18] <jmedina> oruwork: yeap they issue free certs for mail clients or servers
[21:18] <jmedina> you can also suscribe to cacert.org, they only provide 6months free certs with your own domain
[21:19] <jmedina> you can create your own certs
[21:21] <kirkland> mathiaz: ionice?  nice?
[21:21] <kirkland> mathiaz: I'm not sure, honestly
[21:34] <Maelaian> Are there any plans for a 64bit JeOS?
[21:36] <trondkla> somebody have a mail program to recommend? For sending mail out from a web server :)?
[21:37] <Maelaian> sendmail?
[21:38] <mathiaz> trondkla: postfix is the default mail server in Ubuntu.
[21:38] <Nafallo> Maelaian: there are no plans for further JeOS'es after 8.04 I don't think.
[21:38] <trondkla> ok, thanks :) will check out both
[21:38] <Maelaian> You mean 8.10?
[21:38] <Nafallo> Maelaian: there is a minimal server install now however.
[21:39] <Maelaian> Oh? Does that allow 64bit?
[21:39] <Nafallo> yes.
[21:39] <Nafallo> Maelaian: and no, I meant 8.04
[21:39] <Maelaian> Well hell, where were you last night.
[21:39] <Nafallo> I was visiting pubs. why?
[21:39] <OscarTgrouch> is there a 64bit ubuntu version that will work on intel Core2?
[21:39] <mathiaz> Maelaian: You can install a minimal server by hitting F6 at the boot prompt when installing Ubuntu Server
[21:39] <Maelaian> I see it, but on f4
[21:40] <mathiaz> Maelaian: oh right - F4 then
[21:40] <mathiaz> Maelaian: this is option will install what used to be called JeOS
[21:40] <Maelaian> Good, I didn't like the name.
[21:40] <mathiaz> OscarTgrouch: there is only one version of 64bit Ubuntu Server and it should work on intel Core2.
[21:42] <OscarTgrouch>  is there any benifit to running VMware server on ubuntu server 64 bit over ubuntu 32 bit when running multiple windows xp 32 bit systems?
[21:43] <Maelaian> So I F4, hit enter, the menu goes away, and then use the install ubuntu like normal?
[21:43] <Maelaian> It didn't really gibe an indiciation hitting f4 then enter did anything
[21:44] <infinity> OscarTgrouch: Assuming VMware is happy running on 64-bit, then yes, the benefit would be better memory management and a generally more responsive system... (Unlike all other 32/64-bit variants, x86_64 has more registers than x86_32, and generally performs faster, despite the more bloated memory usage)
[21:44] <mathiaz> Maelaian: that should do it
[21:44] <JDStone> someone said my name
[21:48] <Maelaian> and does using the minimal for virtual negate the apt-get install linux-virtual for the kernel?
[21:49] <OscarTgrouch> thanks
[21:49] <mathiaz> Maelaian: how did you diagnose that?
[21:50] <Maelaian> I wanted to know if it was still necessary to do install it, or if it was the default.
[21:50] <mathiaz> Maelaian: it's the default
[21:51] <Maelaian> Ok, this is exactly what I wanted.
[21:51] <Maelaian> I knew it had to exist.
[22:45] <yeason1> quick question... is there a way to run a command, ex: virtual machine, from ssh and keep it running even after I disconnect...?
[22:46] <infinity> yeason1: Background it, and then disown it, so losing the parent shell doesn't kill it.
[22:46] <yeason1> ah, I know how to background it, how do I disown it?
[22:47] <infinity> yeason1: "help disown" in a shell.
[22:48] <yeason1> fair enough, thnx =)
[22:55] <yeason1> infinity: thanks for the info, got what I needed
[23:41] <Keyser_Soze> screen does that too
[23:41] <Keyser_Soze> even aloows you to grab the shell from another computer via ssh
[23:42] <Deeps> screen++
[23:48] <andol> Just noticed bug #205996. Is it to late to have it "fixed" for Jaunty? The matter of changing the default ServerTokens should be fairly trivial I guess? How much discussion is required to find the proper one? (Myself I kind of like "ServerTokens OS").
[23:52] <andol> Well, guess I should have checked its actual status in Jaunty before I said anything :) Just a minute
[23:58] <andol> yes, "ServerTokens Full" is still the default in Jaunty.