[00:32] hey does anyone know of a good remote desktop viewing program? the one that comes with jaunty is much too slow [00:46] hey guys [00:47] i've installed subversion on my server [00:47] i want to make it so that any member of the group 'svn' can access the server [00:47] how might i do this? i believe i have the group setup appropriately [03:48] my ubuntu server lts hangs on commands such top htop ps aux ls something [03:48] now is the second time that does that [03:49] how can I trace that :( [03:50] I trought it was some cron job but it isnt [03:52] now it works [03:52] can be an attack :S? [03:54] is the system fully-upgraded? [03:55] though, how is it hanging? [03:55] like, you type the command, and it sits there trying to run it? [03:56] does the screen blank when you run htop? [03:56] yep [03:56] I cant see [03:56] HellMind: are you using LDAP, or NIS? [03:56] yep exactly [03:56] no [03:57] so I do a psaux [03:57] but never ends and when it ends [03:57] the cpu use is ok [03:57] so I dont know where is the bottleneck [03:57] I uninstalled muni because it istarted at that time [03:57] but I wonder if that is the fix [03:57] open two tty's, have one run htop, and the other one doing other things. [03:58] IME it is usually due to hard-binding directory services. [03:58] (AWOL ones, that is.) [03:58] whats IME? [03:58] in my experience [03:58] HellMind: are you logged in as root? [03:58] yes [03:58] HellMind: does your working directory exist? [03:59] yes [03:59] HellMind: does dmesg contain anything about the disk shitting itself? [03:59] no [03:59] "tail -f /var/log/messages" telling you anything? [04:00] ctrl-c to stop tail, btw. :) [04:00] HellMind: pastebin the contents of /etc/nsswitch.conf and /etc/pam.d/common-* [04:00] no, I already looked for that [04:01] http://pastebin.com/m5fae9842 [04:02] Does "echo *" return immediately, and "ls" hang? [04:02] http://pastebin.com/m37ebad [04:02] now it works [04:02] but i know now why it works :( [04:02] HellMind: which is? [04:05] ls worked fine when the folder has very little files [04:07] You're going to tell me the directory had 8192 files in it? [04:07] no [04:07] but in ls /var/log [04:07] it didnt finished [04:07] but in root worked fine [04:08] neat. [04:08] HellMind: so what do you think the error is? [04:08] rm -rf ~/.* :) [04:08] munin [04:08] but i dont understand how ubuntu/linux [04:08] can be bricked like that [04:09] mushroomblue: ITYM ~/.??* [04:09] yah [04:09] I will come back if this happen again [04:09] I daresay [04:11] find: WARNING: Hard link count is wrong for /proc: this may be a bug in your filesystem driver. Automatically turning on find's -noleaf opti [04:11] whats that? [04:11] HellMind: that's you forgetting to pass -xdev to find [04:12] its from munin log [04:12] my box is promiscued :( [04:15] why did you choose ubuntu instead of debian [04:15] is debian better? [04:16] because ubuntu server is stupid fast to get up and running [04:16] sure? [04:16] from USB boot, I have a new install set up as a PDC in under 30 minutes [04:16] debian is fast too :( [04:16] in fact, that's what I'm doing atm. [04:17] I dont like ufw [04:17] ufw is fine when you get used to the syntax [04:17] sucks [04:17] how can I turn of the logs ? [04:17] of ufw [04:17] what's ufw? [04:17] sudo ufw logging off [04:17] typing "sudo ufw" gives you a list of options [04:18] tsrk_ the n00b-friendly firewall. [04:18] I'm quite happy with it, actually. [04:18] mushroomblue, is it included by default? [04:18] yep. [04:18] but turned off right? [04:18] yep. [04:18] i don't understand why i'd want a firewall on a server... [04:19] sudo ufw allow 22/tcp && sudo ufw enable [04:19] could you explain? [04:19] tsrk_: because eventually, someone will get past your firewall. [04:19] mushroomblue, i have no other firewall... [04:19] on your entire network? [04:19] right [04:20] i only have the services i need running [04:20] isn't that enough? [04:20] 67.189.63.62 [04:20] yes [04:20] if you keep it updated, you only risk 0-day exploits [04:20] if you don't have SSH enabled, you're fine. [04:20] i need to ssh in from outside [04:21] then limit connection attempts to something real slow. [04:21] does ssh tend to have vulnerabilities? [04:21] how do you forward ports or nat with ufw -_-? you must edit files right [04:21] I had a win7 box on my network with preinstalled malware (pirated windows). bruteforced a 25-key password in less than 2 days. [04:21] tsrk_: everything has vulnerabilities. [04:22] ssh has had vulnerabilities, but passwords are inherently invulnerable depending on the security practices of the account owner. [04:22] s/invulnerable/vulnerable/ [04:22] tsrk_: OpenSSH, and OpenBSD in general, make an abnormally large effort to avoid security vulnerabilities. [04:22] HellMind: ufw allow portnum [04:22] HellMind: i.e. ufw allow 80 [04:22] or 80/tcp, if you only want tcp traffic open [04:22] -_- forward [04:22] twb, sorry that's what I mean. [04:22] not accept [04:23] PhotoJim, ssh keys only? [04:23] tsrk_: ask PhotoJim points out, if you have a world-facing SSH service there are best practices to minimize risk. [04:23] tsrk_: better, for sure. but not invulnerable. [04:23] hrm. I don't think you can. [04:23] tsrk_: non-standard ports help. [04:23] tsrk_: using only key-based authentication is a bloody good start [04:23] PhotoJim, but i can be scanned anyway? [04:23] tsrk_: all apps that are broadcasting from a port can be scanned. [04:23] PhotoJim: I'm not convinced that helps a lot. I'll concede it helps a little -- but it also breaks QoS. [04:24] er [04:24] tsrk_: any machine can be port scanned, and it will discover any services that are open to the world. firewalls minimize the services that are open. but the remaining services still have to be done securely to avoid or mitigate risk. [04:24] PhotoJim, i prefer to just not run services rather than firewall them [04:24] Which is to say that QoS typically prioritizes port 22, not ssh traffic. Running SSH on another port means it'll get treated as bulk traffic. [04:25] twb: I don't understand TCP/IP well enough to see how key encryption versus password encryption on SSH would affect QoS. [04:25] tsrk_: a firewall prevents you from having to remember to protect a service. you have to remember to open it up. that's all. [04:25] PhotoJim: I was talking about using a nonstandard port. [04:25] PhotoJim: and it's authentication, not encryption. [04:25] twb: ahh. maybe. but that's remediable. it's not hyper-secure, it's security by obscurity, but it is quite effective. [04:26] twb: I stand corrected. [04:26] The encryption mechanism negotiated between client and server (e.g. blowfish) is orthogonal to the auth method. [04:26] twb: Brain cramp. [04:26] np [04:26] there's nothing wrong with adding obscurity to an already hardened security scheme [04:26] so long as you remember to document. :) [04:27] mushroomblue: apart from the QoS suck :-) [04:27] heh. [04:28] My actual changelog reads [04:28] "Move ssh back to port 22. I haven't had to deal with corporate firewalls, but I have had to deal with QoS and I want to clean up my .ssh/config some." [04:29] 443 being your typical strategy for drilling through stupid corporate firewalls. [04:29] twb: my network is a personal network, so I'm less concerned about it. at enterprise level I probably would use port 22 and ramp up the authentication via keys. [04:30] I remember when my personal network was unsecured. [04:30] then I got hacked via wifi [04:31] turns out, there was a massive exploit for DD-WRT firmware [04:31] mushroomblue: perimeter-only hardening is depressing when you see it in a multinational :-( [04:31] hah. [04:31] agreed. [04:31] brb [05:31] Good Day All :-) [05:44] has some one install liferay5.2 on ubuntu server I despirately need your help please [05:45] !anyone [05:45] A large amount of the first questions asked in this channel start with "Does anyone/anybody..." Why not ask your next question (the real one) and find out? [05:49] ubottu, thanks for the reply, I am unable to delete the demo content which is 7cogs.com and configure for our intranet [05:49] Error: I am only a bot, please don't think I'm intelligent :) [06:06] I am very disappointed :( [06:09] ozysimpson: Since I don't think that's an Ubuntu package, you'll probably do better to ask for help where you got the package. [06:09] ScottK: I was trying to confirm that, but p.u.c is down [06:10] twb: https://launchpad.net/ubuntu/+search?text=liferay [06:11] ScottK, thanks scotty [07:08] For a set of hosts at my work i use office.pub and office, and for others i use office2.pub and office2. Can i use just two entries in config file specifying the group of hosts and then key file? or do i need to create a separate Host with HostName for every machine? [07:16] error404notfound: r u trying to make sshd use ur key based on where u login ? [07:17] gnuyoga, nope, its pure keybased, no passwd, no passphrase [07:17] yes :P [07:17] sorry, i am drunk [07:17] Its like there are 50 machines, 45 use one key pair and 5 use other key pair. [07:19] error404notfound: why not just tell ssh to try both keys for all hosts? [07:20] twb, how can i do that? [07:20] http://twb.ath.cx/Preferences/.ssh/config is mine [07:20] error404notfound: u can use ssh -F ... and alias this to ssh2 [07:20] * gnuyoga feels what twb says will work [07:20] It tries id_rsa, but it also tries id_twb and id_example.net if I ssh to twb@example.net [07:21] twb: will that not take more time ... (what's is the average connecting time ?) [07:21] It's that last stanza that does that [07:21] gnuyoga: well, sure. [07:21] gnuyoga: but IMO it's negligible extra time, unless you're on a 33kbps line. [07:21] hi I am just wondering if anybody here has had any success with recompiling php to include the bundled gd support? [07:21] noob: why don't you just install the gd package? [07:21] apt-get install php5-gd [07:22] I have tried the gd package available via apt-get but that is an older version of gd that does not have support for the newer functions in the bundled gd available with php [07:22] I will not help you circumvent apt. Sorry. [07:22] noob: http://www.howtoforge.com/recompiling-php5-with-bundled-support-for-gd-on-ubuntu [07:23] gnuyoga, that was the guide I followed last night, but it seemed to get stuck in some kind of endless loop? [07:24] noob: ah okay, where did u get stuck (can u pastebin the error pls) [07:26] well I have just turned my pc back on, so I have no error log, but... I got to the stage where you being to dpkg the new php5, and it ran for about half an hour, with information scrolling on the screen, but it really did appear to loop as I saw similar stuff coming back after ten minutes or so. I am sorry if this isn't a helpful decsription of my problem [07:27] this was the last command I executed... dpkg-buildpackage -rfakeroot [07:27] then it ran for over half an hour, is that normal? [07:27] Depends on the package. [07:28] And on your hardware, of course. [07:28] libwebkit would take about four hours on a Pentium III, for example. [07:28] dual core processor at 2.6 ghz with 3gb of ram [07:33] anyway thank you for your help I will try again === alex_jon1 is now known as alex_joni [09:42] I have a VPS which doesn't have much free space on its own for backups, plus having the backups on the same system sounds like a pretty bad idea for me... [09:43] I have a laptop with 500G HD, but problem is i am on the move, so internet connectivity can't be guranteed, any ideas? [09:44] error404notfound: you trigger the backups from your laptop when you're connected and not from the host that needs to be backuped. [09:46] ewook, it would consume quite some bandwidth and my boss would get suspicous :P i am using rsnapshot and the biggest image is 390M [09:47] any hosts that provide free FTP/SSH for backups? i just need 500M or so space at most. [09:47] mount your gmail-account on the vps? [09:47] ewook, can i do that? [09:48] error404notfound: you could a while ago. never tried it. [09:49] ewook, i mean like how? [09:49] error404notfound: http://richard.jones.name/google-hacks/gmail-filesystem/gmail-filesystem.html [09:51] ewook, thanks, checking it [09:57] you can do "apt-get install gmailfs" :P [09:58] oh. [09:58] neat. [10:01] ewook, creating a new account for backups on my domain, btw its legal w.r.t to google's policy? right? [10:05] error404notfound: that I do not know. Read the agreement when signing up I guess. [10:06] ewook, i guess its no different from using the account for backups of your documents, like i used to do on windows [10:06] plus, if it was illegal, google wont have sit silently while the package also shipped in ubuntu official repo [10:14] error404notfound: that's not a safe assumption. [10:15] If you are worried that gmailfs is not legal, you should get professional legal advice. [10:15] It may be that it *is* illegal, and that Google simply hasn't noticed or doesn't want to pursue the developer about it. [10:16] twb, lemme ask google official groups about this [10:16] Ubuntu will try to avoid shipping stuff that it shouldn't, but there are certainly works in Ubuntu right now that are not licensed for redistribution. [10:17] For example, Darcs' functional test scripts mostly lack license declarations, but they can be downloaded from Ubuntu using "apt-get source darcs". [10:30] when i mount gmailfs, it says "Ignored Option:rw" later when i go there and try "ls" it says" no space left on disk" [10:31] even though i have "python 7.2G 0 7.2G 0% /media/vps-gmail" [10:36] any idea what could be wrong even though i upgraded libgmail? [10:40] when i get it mount, its shown as "d????????? ? ? ? ? ? gmailfs" in ls -al [10:43] twb: It's very common to have source packages with files in them that do not contain explicit license/copyright information. [10:43] twb: This is not an oversight nor an accident. [10:45] twb: It'd be difficult to argue that those test files are not covered by the GPL or LGPL seeing as they are shipped as part of the darcs source distribution. [10:48] ewook, ever saw: http://pastebin.com/m73900945 ? [10:50] error404notfound: nope. I've never used it nor toyed with it, just knew it existed. [10:50] soren: simply having a file called COPYING in the tarball, containing a copy of GPL-1, does not consitute a license declaration for other works in the tarball. You might ARGUE that this was the intent, but an explicit license declaration means you don't have to argue. [10:51] It would probably be adequate to have a single license declaration in the tarball that said "everything in this tarball is licensed under ", but at least for Darcs, this is not the case. [10:52] twb: It's of course always preferable to not have to argue. [10:52] twb: Are you suggesting that those test files are indeed covered by a different license? [10:53] I'm saying that it's not clear that those works (the tests) are licensed AT ALL. [10:53] They call directly into darcs, and are distributed along with darcs. Thus, they are infected by darcs' license. [10:53] soren: sorry, I don't agree. === BlueT__ is now known as BlueT_ [10:55] If anyone ever intended them to not be licensed as GPL, they gave up that right when they started distributing them and letting them call directly into GPL code. [10:56] GPL infects when linking, not when calling. [10:57] It's also perfectly valid to distribute works that are not licensed for REdistribution. [10:57] When we review code for acceptance into Ubuntu, we're not trying to keep code out by nitpicking for stuff that could conceivably (however unlikely) be argued as being a problem. [10:58] We try to evaluate whether stuff is an /actual/ problemm. [10:58] Well, indeed. [10:59] And while we /prefer/ that everything has perfect copyright/license information, if we /required/ that, we'd have /extremely/ few packages left in Ubuntu. [10:59] Even if Ubuntu does violate copy rights, that means nothing unless the copyright holder chooses to pursue Ubuntu. [11:00] You can always find a file that hasn't had its copyright information updated to the year of the latest change or whatever. [11:00] Right. [11:00] Noone gains anything by keeping code out like that. [11:01] I agree from a pragmatic view that this is extraordinarily low risk. But the risk is non-negligible, and maintainers (and upstreams) should endeavour to be clear about licensing instead of simply taking a view that "it doesn't matter, everyone knows what I mean" [11:01] And of course this isn't limited to Ubuntu. [11:03] For the sufficiently paranoid, there is gnewsense :-) [11:04] darcs is included in gnewsense. [11:05] Clearly they (gnewsense) aren't doing their job, then. [11:05] BTW, I only single out Darcs because I'm the maintainer for it. [11:06] Why haven't you just yanked out those tests, then? [11:07] Because I'm a hipocrite [11:07] Ah :) [11:07] And theoretically I spend a little time every day adding license declarations upstream [11:07] But that got pretty boring [11:11] twb: I'm looking at the GPL now, and I can't actually spot the part that speaks about linking and whatnot. [11:12] soren: sorry, that info was from tertiary sources. [11:12] soren: if you google for LLGPL[sic], you will hopefully find some info about it. [11:13] (Licensing of Common Lisp runtimes under GPL has some funny implications, because binaries compiled with it can include the runtime.) [11:27] is there a command line version for ubuntu one? [11:31] error404notfound: dont think so [11:31] gnuyoga, :'( [11:33] any good hosts that give free backup accounts or such? coz gmailfs is not working any more, developer says that libgmail is out of maintenance, and ubuntu one needs UI. [11:33] error404notfound: package ubuntuone-client-tools provides u1sync command line tool [11:34] alexm, whats that? [11:34] "This package provides the u1sync command line tool for syncing individual files and folders to and from the Ubuntu One file storage and sharing service." [11:35] http://en.wikipedia.org/wiki/Ubuntu_One [11:36] Bleh, more proprietary software from Canonical... [11:39] At least launchpad is AGPL now, though I would have quite liked to RTFS the landscape backend [12:28] can i mount webdav on my ubuntu-server? if no is there any other method to interact with it? [12:32] bump [12:36] apt-cache search webdav|grep mount lists davfs2 and fusedav [12:37] alexm, yup, got that but in etc/fstab how do i specify username and password [12:42] i want to shutdown my ubuntu box by pressing `power off` button on keyboard.. any ideas ? [12:43] error404notfound: i don't know, sorry [12:43] alexm, got it, /etc/davfs/secrets [12:43] but i am still looking for a good free ftp server for my system backups which arent more than 300M [12:45] vsftpd? [12:47] alexm, thats a server software that you need to run your own, i need a service. [12:48] ok, i see [12:49] alexm: I would normally say "aptitude search ~dwebdav~dmount" [12:49] dzzz: you need to install acpid. [12:50] dzzz: personally I think it's bloody stupid to not install that by default, but I'm told that "people might accidentally bump the power button" [12:50] i have acpid installed, but apci-listen gets nothing when i pressing the button [12:50] dzzz: oh wait, sorry, I thought you meant the power button on the case [12:50] twb: thanks for the tip :) [12:51] dzzz: if acpi-listen doesn't see it, I'm out of ideas -- short of installing Xorg, at least... :-( [12:53] twb: thanks [12:54] I suppose you might be able to tell upstart/console-setup to "see" it as ctrl-alt-del or something... [12:54] I noticed that console-setup has some peculiar relationship with xkb-data [13:07] what's the file that starts a service after reboot? [13:10] quizme: upstart, probably via sysvinit-compat [13:11] quizme: if you want to disable a service from starting at boot, I suggest using the rcconf tool [13:11] Simply deleting the symlinks in /etc/rc?.d/ is wrong, in a way that will bite you on the arse months later. [13:12] (I had to vigorously educate a co-worker about that recently.) [13:15] update-rc.d [13:15] i guess that was the name [13:16] how do regain root ? [13:17] quizme: give him a password [13:17] quizme: sudo -i, or pick the "rescue" (single) option in the bootloader [13:18] i can't sudo anymore as ubuntu [13:18] Failing that, fight through various iterations of live CDs, CMOS resets, alternate hardware, butterfly effects, etc. [13:18] cuz i was messing with the sudoers file [13:18] ah [13:18] quizme: well, don't do that [13:18] now that i can't sudo [13:18] what can i do ? [13:18] quizme: reboot and pick "rescue" in the bootloader, then run "visudo" as root. [13:18] recovery mode [13:18] i'm on ec2 [13:18] i don't think i can do that [13:18] quizme: then you're fucked [13:19] .. *sigh* [13:19] quizme: put the image somewhere you can mount it [13:19] quizme, reboot into single user mode and use root account, or if you dont have a root password, use a live cd and reset it [13:19] quizme, and next time be careful, nix literally lets you shoot in your foot. [13:20] error404notfound: he can't get single because it's a VPS, and he's (presumably) connecting via ssh only once it boots [13:20] quizme: you're out of luck i'm afraid [13:20] i'm gonan try to to login as root .. i think i put id_rsa.pub in authorized_keys [13:20] quizme, twb, try if they provide a serial console like my vps does... [13:20] or ask them [13:20] error404notfound: which provider is that? [13:21] fuck yes [13:21] it worked [13:21] twb, prgmr, not very famous, but i am really happy with them [13:21] quizme, happy for you... === TeLLuS_ is now known as TeLLuS [13:21] error404notfound: do you know what technology they're using (e.g. KVM, Xen)? [13:21] quizme: you allowed ssh root logins with a key? [13:21] how do I switch from hardware raid 1 to software raid 1 ? [13:21] twb, Xen [13:21] error404notfound: righto [13:22] step 1 would be how to detach the one of the disk from hardware raid 1 [13:22] twb, i would say have a try, atleast i am really satisified, they have great support, irc channel, great prices, and what not. [13:22] step 2 would be how to install ubuntu server on second disk while running the server ? [13:23] axisys: step #1 would ideally be to buy two new disks [13:24] *phew* that was a close one [13:25] pmatulis: yeah [13:25] pmatulis: is that bad ? [13:25] pmatulis: cuz it just saved my bootie [13:26] quizme: allowing root to login is generally frowned upon [13:26] pmatulis: key-based only isn't so bad [13:36] what i do is create an account named toor (yes, same concept as FreeBSD's toor) and use that for such emergencies [13:47] error404notfound: apt-get install sashroot, follow the prompts [13:47] Sorry, "sash" not "sashroot" [13:48] twb, me? [13:48] Eh, I thought it was a "how do I" [13:48] twb, :P [13:48] twb, whats sashroot? something like port knocking? [13:49] No, it's just a statically-linked shell. But its debconf code sets up a second uid=0 account with sash as its default shell [13:49] twb, so its basically same thing as my manual approach...? [13:53] error404notfound: yep, except it's "turn key" [13:54] twb, turn-key? [13:54] ,turnkey [13:54] ubottu: turnkey [13:54] Sorry, I don't know anything about turnkey [13:54] Bah! [13:54] :D === Guest94361 is now known as Authority === Authority is now known as Guest79958 [14:14] Hi, I recently installed 9.04 server alternate. Im running into prblems now that i didnt have with fedora 10 [14:15] when I install Mysql etc and i run my setup.php for the database feild creations, the fields dont seem to be getting enterd now [14:15] also when I request the time stamp in my php script from the database record I get 1st January 1970 [14:15] ? [14:24] garymc: does the mysql user you're using in the setup.php script have appropriate rights to the database? [14:27] yes [14:28] im doing a reinstall i think i set something up wrong [14:28] will be back shortly for an update [14:33] --help [14:33] Ng: ok [14:34] * Ng awards himself many many "I fail at irssi today" points [14:40] i have a system with 1x 60gb pata (for system) - and 6x 200gb for data .... i mount the 60gb partition as ext4, with mount / [14:41] now it needs to be a smb / ftp / mediastreaming service... [14:41] should i mount the huge partition as /var - as /home or as /srv ???? [14:42] twb: i have only two disks on this system .. i am assuming i can switch to softwareraid 1 from hardware raid 1 w/o buying new disks.. it is very simple with solaris .. i can't imagine it being that difficult w/ linux [14:42] ichat: mount it as /mnt/storage [14:42] afaik there is no rule where to mount it [14:43] stefan__: ??? and than add the home vars accordingly in the ftpd conf samba.conf and other? === Guest79958 is now known as Authority [14:43] yes [14:44] btw is there an easy way to synchronize smb users with the ftpd and the system [14:45] not that I know, but maybe users that used this more than me can add other thoughts [14:45] afaik i cant let samba authenticate against any database other than an LDAP service - but thats verry dificult to manage - i fear [14:46] ichat: you can integrate samba with LDAP [14:47] I think you should be able to integrate samba with pam [14:47] http://wiki.samba.org/index.php/Samba_&_LDAP [14:48] you can integrate it with pam [14:48] but I don't know exactly what ichat wants to do [15:02] i want an easy to manage - setup where i can store files and stream media accoss a network (smb) and wan (FTP) - [15:02] and for users to be easy added [15:05] so either by - getting the services intergrated into local users management - or by - anyother means... as long as its not impossible to setup [15:05] how do I detach second disk from hardware raid 1 ? [15:06] axisys: in the raid bios setup [15:08] sgsax: i am not sure.. it has been while since i build this X4100 .. i think it has some fake raid or something.. but it has been while.. i know i have two disks .. but fdisk -l shows only one.. so that confirms i am using hardware raid 1 right now [15:09] I know the X2100 uses fakeraid, dunno about the X4100 [15:10] if it is fakeraid, then you probably can't just pull a disk out with losing all the data [15:15] ichat: if you are accustomed to ldap then integrate it with that and when you add/remove users in ldap than they also have access to smb shares [15:16] sgsax: i might be confusing x4100 w/ x2100.. i am working on x4100 now [15:16] Hi can anyone help me installing php and mysql server [15:16] in ubuntu 9.04? [15:16]