[00:00] SpamapS: the mariadb community guy mneptok should be at uds [00:01] SpamapS: so just giving you a heads up, but he is really a cool guy though [00:01] More of a general ubuntu 10.10 than server issue...but is anyone noticing that the system is starved for entropy? According to /proc/sys/kernel/random/entropy_avail === jibouman` is now known as jiboumans [00:03] zul: right on [00:06] kirkland: are you around? I'm curious about the mdadm mess that was brought up shortly before lucid. bug 557429 [00:06] Launchpad bug 557429 in ubuntu-release-notes "array with conflicting changes is assembled with data corruption/silent loss" [Undecided,Fix released] https://launchpad.net/bugs/557429 [00:30] I don't know if its related SpamapS, but I tried to build a basic raid1 array during a lucid server setup and the whole process is borked. Is there discussion anywhere about this? [00:55] kirkland, thanks === _TechAway_ is now known as _Techie_ === _Techie_ is now known as _TechAway_ === _TechAway_ is now known as _Techie_ === jjohansen is now known as jj-afk === _Techie_ is now known as _TechAway_ [03:02] hey guys [03:02] hey rneese [03:03] how would I add a script to the server iso thats run on first reboot after install . to install and configure pkgs ? [03:03] I have made a basic sh script [03:05] this makes a fast install for our project [03:06] is there a good how-to page ? [03:07] In lucid, which upstart jobs run-parts over /etc/rcS.d? [03:07] Because rcS.conf appears to do something different [03:08] Basically I want to know if it's possible for the network to be up before the apparmor and iptables-persistent rcS.d jobs are executed. [03:10] Hmm, if I read this right, rc-sysinit.conf does it when "filesystem" (presumably $local-fs) and the loopback interface are up. [03:18] whats the cmd-line to configure the eth0 interface [03:20] rneese: configure it to do what? [03:20] twb: iirc, you don't use ufw, but ufw dtrt wrt to that and will be up before network rules. you could create an upstart script by looking at what ufw does [03:20] jdstrand: yeah, that's plan B [03:20] disable dhclient and set a static ip [03:21] Note that I want the firewall to load *before* the network interfaces are up. [03:22] iptables-restore doesn't even need the interfaces to exist (udev/drivers) when the firewall is loaded. [03:22] QoS (tc qdiscs) do, so that upstart job would/will be different. [03:25] rneese: that is normally done in /etc/network/interfaces [03:26] rneese: if you need to do it temporarily, I would run something like... [03:26] ifdown --force eth0; ip set eth0 up; ip address add 10.1.2.3/24 dev eth0 [03:26] ok [03:26] Also "ip route add 0/0 via 10.1.2.1" if you also need a default route [03:27] hey guys, is there a simple way to resolve a conflict between packages provided by 2 different PPA sources [03:27] intel352: yeah: turn off one of the PPAs [03:28] one is PHP/FPM that also has php5-memcached (which I need), the other is gearman, which I need, but uses an older libmemcached [03:30] Otherwise you do all the things you do when dealing with retarded package conflicts, like forcibly overriding them, downgrading one half, rolling equivs stubs to trick apt, rebuilding one half from source. [03:30] None of them are very nice, and they all add a maintenance burden. [03:30] k, thx twb, I appreciate the advice [03:30] Oh, and of course you can complain to the PPA owners -- that should be step #1 [03:30] yeah, that's what i'll be doing next, while disabling the ppa [03:31] thx again :-) [03:31] Unless you are already familiar with packaging, most of those tricks I mentioned are too dangerous for you to contemplate. === AStorm is now known as AstralStorm [03:39] I've got a flash presentation on my LAN server that I'm accessing from within the lan.. when it get's to the point of actually playing a video nothing comes across. Is there a plugin or package I need to install to spool the flash video? All I've installed currently is apache2. === _TechAway_ is now known as _Techie_ [05:28] !codeofconduct > fluvvell [05:28] fluvvell, please see my private message [06:21] SpamapS: yo, yeah, what do you want to know about it? [06:39] kirkland: IMO its a non-issue. Nobody boots on two separate parts of a RAID and expects a consistent system. I do think we could go further and stop the corruption, but I think thats a new feature, not a high priority bug. [06:42] kirkland: I just wondered what you thought about it, as I understand you have some strong thoughts on booting a system degraded or not. ;) [07:54] RoyK: good morning. [07:57] how do I set nginx to start automatically at bootup? or any service for that matter? [08:04] create a script and use update-rc [08:04] *update-rc.d [08:05] you should put the script in /etc/init.d [08:05] you can of course write an upstart job instead [08:06] if so, you'd instead use service [08:07] upstart jobs go into /etc/init [08:07] osmosis: ^ [08:40] Hello all. Iam trying to install Maverick server iso .. no matter how i install it I end up getting the generic-pae kernel as shown in uname -a. Shouldnt this kernel be named server-something because it is the optimized kernel? [08:40] sorry [08:41] anybody? [08:44] epaphus: think it has something to do with wether you're using 64bit [08:45] xampart: pae doesn't apply to x86-64 [08:45] k [08:45] epaphus: current releases do not has a server-specific kernel for x86. It isn't necessary. [08:46] twb, your saying that iam getting the same kernel a desktop user would get? in 32 bit [08:46] A desktop user probably wouldn't get the -pae kernel. [08:46] PAE is a hack that allows x86 systems to address more than 4GiB of RAM. [08:47] thats it? i was expecting more for a 32bit kernel in the server iso.. more optimization... [08:47] yup i know that :) [08:47] But lets be realistic: if you're commissioning new hardware, there's no way you should be running i386. [08:48] Any new x86 server worth a damn will be x86-64 unless it's embedded [08:48] Even the atoms and celerons are x86-64 [08:48] twb, well yes you have a point. However does the 64bit version of a server also has its kernel named generic? or server ? just curious [08:49] Last time I looked, the amd64 builds still had a separate -server kernel. [08:49] tnx [08:49] rmadison or packages.ubuntu.com will tell you [08:53] goood morning all, I need to update a server from an eol release, what is the best way to go about this and what precautions should I take. I only have remote access to this server... === _Dona|d is now known as Dona|d [09:11] hey jussi [09:13] jussi: which release? [09:14] twb: gutsy [09:14] jussi: firstly, you need to upgrade one step at a time, not all at once [09:14] !gutsy->hardy [09:14] yes [09:14] Stupid bot! [09:14] lol [09:14] be nice to her... [09:14] In #debian, the dpkg bot is smarter [09:15] twb: what does it do? [09:15] It points to a document like https://help.ubuntu.com/community/UpgradeNotes [09:15] Saving me from looking it up in google === aliverius_ is now known as aliverius [09:16] ahh [09:17] e.g. Read the release notes, ask me about . Ensure your Etch installation is up to date, ask me about (aptitude update; aptitude dist-upgrade). Then ask me about . aptitude update; aptitude install aptitude; aptitude safe-upgrade; aptitude full-upgrade. Also ask me about , lenny key>. [09:17] Where is another entry in the infobot [09:30] curius, do I really have to change my sources list to hardy? I thought the upgrade tool did that? [09:33] jussi: read the article I linked to, and the gutsy upgrade article it links to, and the general EOLupgrades article *it* links to. [09:33] jussi: if you're still not sure, ask again. [09:34] (But: I don't know, since I don't use d-r-u because I'm a Debian cowboy.) [09:35] i've read on some place on web that there's no sense in setting up iptables at all? any truth in that? [09:40] That's a bit like saying that there's no point in having a roof on your house. [09:40] Maybe it's true if you like somewhere that never has rain. [09:41] gotcha :) [10:16] alright!! upgrade to hardy went fine... now to get to something modern... like lucid... [10:17] !hardy->lucid [10:17] Darn bot. [10:22] How can I stream webcam video from a webserver? [10:33] tdn: that depends on the webserver. [10:33] netcat is perhaps the simplest approach. [10:35] right, Ive an issue with the hardy -> lucid upgrade: http://paste.ubuntu.com/517316/ [10:37] jussi: so did you upgrade your kernel as it tells you to do on the first line? [10:38] twb: not yet, I wanted to ask here to be sure, as adding lenny sources seems strange to me [10:38] That is indeed extremely strange [10:38] Where does it say to do that? [10:38] The installation of a 2.6 kernel _could_ ask you to install a new libc [10:38] first, this is NOT a bug, and should *NOT* be reported. In that case, [10:38] please add lenny sources to your /etc/apt/sources.list and run: [10:38] apt-get install -t lenny linux-image-2.6 [10:39] Oh, I see. [10:39] That is either because your sources.list or sources.list.d somehow contains debian sources in it, or the ubuntu people stole debian packaging and forgot to change the error message to refer to ubuntu [10:39] <_ruben> either would be quite bad :) [10:40] hrm... Ill guess the second... [10:41] twb, how? [10:41] jussi@vps110:~$ uname -a [10:41] Linux vps110 2.6.11-xenU #2 Fri Jan 19 23:16:04 EET 2007 i686 GNU/Linux [10:41] so, whcih kernel do I want to pick to install?= [10:41] tdn: the netcat manpage contains an example [10:42] jussi: unless you control the dom0, you might not be able to fix that [10:42] <_ruben> 2.6.11?? jikes [10:42] oh dear :( [10:43] * _ruben admits having a few 2.6.5 based systems running around .. *shiver* [10:43] _ruben: he's upgrading from gutsy [10:43] I can't tell if gutsy shipped 2.6.11 because rmadison doesn't know about gutsy :-/ [10:43] yeah, the gutsy->hardy upgrade went fine [10:44] twb, no. [10:44] twb, netcat is not related to webcam. [10:44] twb, I really do not care much which web server I use. [10:44] twb, I just need to stream webcam from a web site. [10:44] <_ruben> 2.6.11 is waaaay older than gutsy [10:44] tdn: netcat is a general-purpose utility for streaming data between hosts. [10:44] <_ruben> dapper was 2.6.16 afaik [10:44] twb, apache or any other web server will do fine. [10:45] twb, exactly. How does that help me to stream webcam from a web site? [10:45] twb: is there any way to reverse this procees a little and stay on hardy for now?? [10:45] Er, you do something like nc -l 12345 foo on the client [10:46] jussi: you need to talk to your xen vendor about why they're giving you a 2.6.11 kernel [10:46] jussi: in case you don't realize it: the host you're sshing into is a Xen domU (i.e. a VM) [10:46] yes... :( [10:47] twb: I think Im going the backup and call the vendor to give me a shiny new virtual machine... === _Techie_ is now known as _TechAway_ === AStorm is now known as AstralStorm [12:16] New bug: #664424 in tftp-hpa (main) "PUT unable to upload to server - Error Code 1" [Undecided,New] https://launchpad.net/bugs/664424 [12:56] JamesPage: you have 6 sessions lead for UDS, which is a lot for a first UDS. You might want to transfer control of the application packaging one to SpamapS [12:57] (who only has 4 so far) === eagles0513875|3 is now known as eagles0513875 [13:08] SpamapS: I agree with your assessment, sounds right to me [13:10] hey guys, im trying to reset my root password on a newly fresh installed ubuntu server box but when i go into recovery it gives me a root shell but i made a long password but it just doesn't work [13:19] I need an FTPd that uses normal user accounts. I want to have it be low in RAM usage, not hard to set up and reasonably secure. Been looking at twoftpd, proftpd, pureftpd, and maybe vsftpd. Recommandations? [13:20] The ftp-usage is very low traffic. [13:20] Velmont: Just use SSH? http://www.debian-administration.org/articles/590 [13:20] jpds: Yes, I know, I know, but I've got tons of 50-60-70 year old users. They hate change. [13:21] s/SSH/SFTP from the sshd/ . [13:22] I have been using and providing only SFTP so far, but I'm getting too many complaints. [13:24] Velmont: i recommend vsftpd run out of inet [13:25] I'm running ubuntu server 9.04 and i can't seem to be able to reset my root password on a freshly installed box, i don't know what user my friend created when he installed it but i did boot up the first time into recovery and enter a root password but now when i try logging in as root it doesn't let me [13:25] ttx: OK - did wonder whether I had bitten too much off for my first UDS! [13:26] ttx: with regards to the application packaging session; do you think trying to cover off the generic packaging and distribution and java specific application packaging in one session is going to work timewise? [13:26] lycan-work: do you have a user you can log in with who is a member of the admin group? [13:27] JamesPage: I think so. We can schedule an extra session at the end of the week if needed [13:27] ttx: sounds like a good approach [13:27] pmatulis unfortunately no, i don't remember what my friend created or left it written down the user name .. i've tried entering single in the grub line etc to try to reset the root passwd or even try adding a user maybe ubuntu restricts root login? but it can't be since i even looked at the sshd_config line enabled with root login via ssh [13:28] Hey guys, can somebody please help me? I try to set up samba on a fresh clean installed ubuntu server [13:29] path = /home/samba [13:29] because /home/ is mounted to a really big partition on a raid1 [13:29] I have a unix user "media" and there should be s shared- smb where all Users who know "media" and the correct pswd can see and edit all files within that share [13:29] so normaly it`s just one shared folder with username and password [13:29] but i don`t get it working [13:30] pmatulis i think i just found it .. it says enter this in boot grub line rw init=/bin/bash [13:33] lycan-work: "it says"? what says? [13:33] lycan-work: but, yes, that should work [13:40] pmatulis didnt work, when i try keyboard just dies [13:41] lycan-work: weird [13:41] lycan-work: normal keyboard? [13:42] pmatulis yes usb when it works normally , when i use the init=/bin/sh or /bin/bash keyb just doesnt work afterwards weird [13:43] looks like im gonna have to reinstall [13:43] lycan-work: try booting into a live session (alternate or desktop CD), mount the root filesystem, then use chroot to reset the root p/w [13:44] pmatulis guess i will try that [13:44] lycan-work: if sda1 is root f/s then: 'sudo mount /dev/sda1 /mnt; sudo chroot /mnt passwd root' [13:45] pmatulis thanks so much will try now [13:45] lycan-work: for usb k/b not working, make sure BIOS allows USB k/b [13:50] Is there some easy to install web anonymizer that I could run on my own server? Basically something to which to stablish ssl connection to encrypt non-ssl connections. [13:53] tor can partially do that [13:53] but the last step is of course unencrypted if it's http [13:53] read torproject.org [13:57] hi! [13:57] it seems my lighttpd won't set setenv.add-response-header. I use simple vhosts, and checked the headers with cUrl [13:57] where to start troubleshooting? [13:57] AstralStorm: yes, but tor is too slow and I don't care for that much protection. [13:57] then maybe JAP [13:57] AstralStorm: and I want to do it only for some pages. [13:57] well, you can use tor only for a subset of pages [13:57] it's a normal socks5 proxy [13:58] so e.g. foxyproxy works === kim0_ is now known as kim0 [13:58] and it's not *that* slow [13:58] AstralStorm: I use Chrome. I've used tor. [13:59] well, then maybe JAP will be faster [13:59] other than those two, no freely available apps out there [14:00] you might want to get a VPN server somewhere instead [14:00] although that's not really anonymous [14:00] or use some anonymizer service (most are paid) [14:02] now, for a proxy that will route only some requests through either of those, I recommend... hmm. probably privoxy ;p [14:02] middleman is fine too, but you'd need my patches [14:02] to build it [14:02] openldap is compiled against gnutls on ubuntu lucid [14:03] lau: and? [14:03] I generated certificates via gnutls-tools [14:03] and then? [14:03] but had to remove slapd.conf directive TLSCertificateFile /usr/share/ssl/certs/slapd.pem [14:03] then your certificate is incorrect [14:04] that directive should work [14:04] erf, remove directive TLSCipherSuite in order ro make openldap working [14:04] yes TLSCertificateFile works [14:04] then you must've had wrong arguments in there [14:04] but if I use TLSCipherSuite HIGH:MEDIUM:-SSLv2 [14:04] GnuTLS ciphersuites are different from OpenSSL [14:04] no [14:04] it is not working [14:04] that won't work [14:05] oh ? can you explain please ? [14:05] although the GnuTLS defaults are very similar to that [14:05] in fact, they don't allow a few more almost-weak ciphers [14:06] well, I forgot the specifics, google for it [14:06] kirkland: to push new kvm to natty, do i propose a merge from bzr, or send you a debdiff? (proposed merge to bzr seems to default to lp:ubuntu/kvm, not sure if that's correct yet) [14:07] hallyn: bzr branch lp:ubuntu/kvm [14:07] hallyn: then bzr info [14:07] hallyn: bzr info should you show you if that's natty yet or not [14:08] shoulda done a shared tree for this then [14:08] silly me [14:08] just says bzr+ssh://bazaar.launchpad.net/%2Bbranch/ubuntu/kvm/ [14:09] well, i'll try and insert 'natty' into the lp-open web interface and see what it says :) [14:11] pmatulis the server is usb only, i ended up now installing 10.10 i had 9.04 though [14:13] lycan-work: you re-installed? [14:13] pmatulis yes :( [14:13] reinstalling right now [14:14] lycan-work: ok. should have at least tried so you could learn something [14:14] pmatulis i did [14:14] for an hour or more [14:14] tried plenty of options [14:14] lycan-work: my chroot suggestion? [14:15] i tried the chroot thing with a gentoo 64bit cd, didnt have a ubu desktop cd around [14:15] what's the meaning of LTS in Ubuntu 10-10 LTS? [14:15] !lts | batok [14:15] batok: LTS means Long Term Support. LTS versions of Ubuntu will be supported for 3 years on the desktop, and 5 years on the server. The current LTS version of Ubuntu is !Lucid (Lucid Lynx 10.04) [14:15] batok, nothing :) it doesn't exist [14:15] patdk-wk: jaded much? ;-) [14:16] Oh, I see. You mean there's no 10.10 LTS -- I thought you meant the "support" in LTS was nonexistent. [14:16] I just don't get why people think everything is an lts :) [14:16] People are dumb. [14:17] and LTS means packages are maintained or commercial support , I don't get the meaning [14:17] twb, and you called patdk-wk jaded... [14:17] batok, no [14:17] 10.04 is LTS, 10.10 is not. [14:17] * patdk-wk is defently jaded [14:17] batok, lts means "long term support" [14:17] cwillu_at_work: I was projecting [14:17] batok, i.e., security updates for 3-5 years instead of 1.5 years like a normal release [14:18] batok: and SRUs when needed [14:18] twb, now, did you want my btrfs crack patches or not? :p [14:19] nope [14:19] if you want to setup a system, and not mess with it, lts is what you want [14:19] I only run it on my netbook, man [14:19] if you need the latest and greatest, it's not what you want :) [14:19] twb, and you don't value knowing how much data you have, and how much more you can fit? [14:19] cwillu_at_work: correct [14:19] I have a server with 9.10 . Is there a way to upgrade it to 10.10? [14:19] cwillu_at_work: I went from 4GB to 64GB; I'm nowhere near filling it [14:20] twb, you forget which filesystem you're running :p [14:20] batok, upgrade to 10.04, then 10.10 [14:20] batok, if you're insane you can upgrade directly, but it'll break, and you'll be on your own to fix it by hand [14:20] cwillu_at_work: when I can get a 256GiB SSD, I'll migrate my legacy external HDD to btrfs on it, and then I'll stop caring. [14:20] Er, s/stop/start/ [14:21] how is the upgrade process? [14:21] btrfs: filling your disk with valuable metadata since 2009 <3 === mathiaz_ is now known as mathiaz [14:22] !tmi | twb [14:22] twb: Um thanks... We *really* did not need to know that... [14:23] cwillu_at_work: it's OK, I don't actually *look* at the porn [14:23] I wonder about btrfs, I love the idea, but been thinking it has to be hell on vm's [14:23] It's like an electric monk [14:23] is there a guide somewhere on how to upgrade from 9.10 to 9.04 and after that from 10.04 to 10.10? [14:25] s/9.04/10.04 [14:26] patdk-wk, in what sense? [14:27] it writes to the whole disk [14:27] ? [14:27] so using sparse files, thin disk, ..., would be useless [14:27] ? [14:27] I don't think you know what you're talking about :p [14:28] oh, you mean using btrfs inside disk image [14:28] using btrfs in the vm, on a sparse file for the vm disk [14:28] it would fill the sparse file out quickly [14:29] patdk-wk, you'd probably want to disable copy-on-write for such a use [14:29] Hey [14:29] Does anyone know how to enter proxy settings into ubuntu server [14:29] hmm, didn't realize it was disablable :) [14:30] proxy settings for what program? [14:30] patdk-wk, yep, it's just a mount option [14:30] although... I would almost think that a local nfs mount so that you can use a single btrfs pool directly would be a better approach [14:31] patdk-wk: or jsut virtualize at the VFS layer instead of the block device layer [14:31] cwillu_at_work, I was thinking for use with vmware thin disks [14:31] pmatulis got it now, now going to add new user [14:31] lxc ftw [14:45] zul: o/ [14:45] zul: could you delete the puppet vcs recipe? [14:45] zul: https://code.launchpad.net/~zulcss/+recipe/puppet-daily? [14:45] mathiaz: sure why? [14:45] zul: I'd like to fix the upstream import [14:45] mathiaz: k [14:45] zul: and can only do so if all recipes are removed [14:46] done [14:46] zul: keep the content of the recipe as a backup [14:46] zul: so that the daily vcs can be recreated once the upstream import is working again [14:47] Ubuntu server doesn't enable firewall by default, does it? [14:47] zul: http://paste.ubuntu.com/517444/ <- backup of the daily recipe [14:47] mathiaz: thanks lemme know when it is fixed [14:49] hallyn: so upstream dropped all of those binary blobs? [14:50] hallyn: hmm, i'm not able to build a source package [14:51] hallyn: do you have qemu-kvm built in a ppa? [14:58] hi guys.. i came across thi brctl script, which has the following command "brctl addif br0 $1".. what is $1 here?.. please advise.. i really need help here.. thanks! [14:58] the machine has interfaces eth0, eth1 and eth2 [14:58] is there a specific interface ID for each?.. how is that calculated? [15:02] what can i use to run a virtual machine on a server with no gui? [15:04] kvm atlesat [15:05] patdk-wk: i take it there is some docs on this? [15:06] ya, google [15:06] ty [15:06] I really should make that a macro, if someone says my name and doc, autoreplay google [15:35] kirkland: ppa:serge-hallyn/virt [15:50] hi guys, any recommendations for a network management and inventory system? currently i have checked out nagios, zenoss, opennms.. [15:50] hallyn: okay, so looking at your merge ... [15:50] hallyn: the changelog entry is a little weak; "Remove patches which have been applied upstream" [15:51] hallyn: typically we list those in the changelog [15:57] kirkland: ok, i can do that, though it seems redundant with info in the bzr log... [15:57] hallyn: are you aware of the debcommit command? [15:57] kirkland: i also notice i didn't comment on the commit i had to undo of lool's [15:57] uh, no - i use dch -i... [15:58] * hallyn looks it up [15:58] hallyn: okay, so use dch -e (or dch -i) to add changelog entries [15:58] right - except in this case uscan auto-generated it for me, so i just edited it by hand [15:58] hallyn: and then use "debcommit" to commit to bzr, which grabs the entry you added to debian/changelog, and inserts it as the bzr commit message [15:59] whoa - can i do debcommit from a non-bzr tree by chance? :) [15:59] that woudl be cool [15:59] :-) [15:59] as it is, i had to patch -p1 < mydebdiff in the bzr tree and then tweak the file listing [15:59] i'll take the smiley as a no :) [15:59] :-No [16:00] hallyn: yeah, i'm struggling with the bzr part of this one [16:00] well it was really no biggie - i did all the work outside of bzr [16:00] hallyn: i can't get it to build a source package for me from the bzr tree [16:00] then pulled a fresh bzr tree, patched, and checked in [16:00] hm [16:01] you're doing sbuild -d natty (or the equiv)? [16:02] hallyn: yeah [16:02] tbh i was surprised it built 'just like that' for the ppa :) [16:03] but howdoes it fail? [16:03] hallyn: normally i use "bzr bd -S" to build a source package [16:04] hallyn: http://pastebin.ubuntu.com/517503/ [16:05] yes, i did a bzr bd -S before committing, but like i say i did most of the devel outside of bzr [16:05] in fact, most of it i did doing 'rsync -va qemu-kvm-* x; cd x/qemu-kvm*; quilt push -a; quilt ref' :) [16:05] hallyn: ah [16:06] kirkland: impressive, you are precisely one pb # behind massimo [16:06] hallyn: okay, so i think you're going to have to prune the binary roms, and re-roll the orig tarball [16:06] hallyn: see the changelog entry for qemu-kvm (0.12.3+noroms-0ubuntu1) lucid; urgency=low [16:06] oops [16:07] will do, thx [16:07] hallyn: yeah, it's a PITA [16:08] hallyn: we've fought this on the upstream mailing list a few times [16:08] hm, so 'debuild -S' just lets that pass but bzr bd -S catches it? [16:08] hallyn: well, indirectly [16:08] hallyn: bzr realized that it couldn't represent the binary differences [16:08] how do I tell apache httpd to only accept connections from a certain range of IPs? [16:08] ok where do I put a 1 time run script. on the iso and make it copy the file into the right place [16:09] hallyn: and i said "binary"? ... "oh no he didn't..." :-) [16:09] or make the iso do the instal [16:10] kirkland: i'll wait to tackle that when i get home. (those sources are on my other laptop) [16:10] hallyn: cool [16:11] hallyn: we'll get it sorted today [16:11] hallyn: do you understand the reason behind the +noroms business? [16:11] ... we don't allow binary blobs as a rule? [16:11] i'm all for that [16:11] hallyn: right [16:11] hallyn: debian either, per dfsg [16:11] i don't like binary blobs steering my systems [16:11] StAlphonzo: investigate "Allow from" [16:12] hallyn: hence the separate vgabios, seabios, etc. packages [16:12] hallyn: each built from source [16:12] hallyn: and our qemu-kvm using those blobs [16:12] kirkland: yeah, and i'll have to do those next i know :) pretty sure they've advanced in qemu [16:13] hallyn: right, that was what I was getting to [16:13] hallyn: when we're line-for-line in sync with qemu's rom sources, we're usually pretty bug free [16:13] hallyn: bug free on the bios front, i mean [16:13] hallyn: when we're not, bugs creep up from the *weirdest* places [16:14] kirkland: yeah i was just going to look through the git log and make sure i'm identical down to the last commit [16:14] however, i'm pretty sure i'll forget one of them :) kvm-pxe and seabios, i can remember. [16:14] pmatulis, ah... Thanks. I should've remembered that. :) [16:16] hallyn: yeah, there's pretty much 3 that I check and test, in this order: [seabios, vgabios, etherboot] [16:16] hallyn: etherboot source package provides the kvm-pxe binary package [16:16] hallyn: one of those (etherboot, i think) only builds on i386, which gets me every time :-) [16:16]