[00:26] <T0aD> hi guys :)
[00:26] <T0aD> hi guys, im trying to upgrade a real old ubuntu server dist (6.10) and I encounter this error while trying to install libdevmapper: mkdir: cannot create directory `/dev/.static/dev/mapper': Read-only file system. Any suggestion welcome :)
[00:43] <owh> T0aD: How are you doing this upgrade?
[00:43] <T0aD> like explained on https://help.ubuntu.com/community/EOLUpgrades/Edgy
[00:45] <owh> Where in that process are you?
[00:45] <T0aD> at : sudo ./feisty --frontend DistUpgradeViewText --mode=server
[00:45] <T0aD> it downloaded all packages, it was to suppose to remove 1 package, upgrade some, install a lot
[00:46] <T0aD> it blocked at removing this single package libdevmapper
[00:46] <T0aD> yeah not installing my bad
[00:46] <T0aD> Setting up libdevmapper1.02 (1.02.08-1ubuntu10) ...
[00:46] <T0aD> mkdir: cannot create directory `/dev/.static/dev/mapper': Read-only file system
[00:47] <T0aD> damn that sucks
[00:49] <owh> Are you running this off the machine itself, or did you boot from something like a live-cd?
[00:50] <T0aD> of the machine itself
[00:50] <T0aD> its in production
[00:50] <owh> That sucks.
[00:51] <T0aD> definitely
[00:52] <owh> Is this an LVM volume, or a crypt one?
[00:52] <T0aD> nope and nope
[00:52] <T0aD> a dummy software raid 1 on 1 single and unique partition
[00:53] <T0aD> i know nothing about this devmapper stuff
[00:53] <owh> Is the software raid Linux software raid, or a funky motherboard software fake raid?
[00:54] <T0aD> its mdadm
[00:54] <owh> Is the raid module loaded?
[00:54] <T0aD> its a monolithic kernel and the raid support is running fine it seems
[00:55] <owh> Your own kernel or a ubuntu one?
[00:55] <T0aD> my own
[00:55] <owh> Hmm.
[00:55] <owh> I *think* you might be missing a module that ubuntu expects.
[00:55] <owh> FYI, this is a *WAG*
[00:56] <T0aD> hmpf
[00:56] <T0aD> wag ?
[00:56] <owh> Wild Ass Guess
[00:56] <T0aD> yeah I understand this is no easy issue
[00:56] <T0aD> I thank you for your trial though
[00:56] <T0aD> Im wondering if I shouldnt just buy a new box and migrate services but thats gonna be a pain in the ass
[00:57] <owh> How much data is on this?
[00:57] <T0aD> 200 gB
[00:57] <T0aD> but it has a lot of stuff
[00:57] <owh> Ouch
[00:57] <owh> Got a spare drive?
[00:58] <T0aD> a mysql server, a mysql proxy, a qmail install, a vpopmail dir, 10,000 websites of users, a hacked apache install, several CGIs binaries
[00:58] <owh> This was never going to be easy was it :)
[00:58] <T0aD> an imap server, a ftp server, tons of crons, a dns server, Im probably forgetting stuff :)
[00:59] <T0aD> well it would be easier if I had more specialized servers separated in farms :)
[00:59] <T0aD> but im at the starting point so...
[00:59] <T0aD> what about the spare drive ?
[00:59] <T0aD> to copy the data ?
[01:00] <owh> You could do a fresh install on a spare drive.
[01:00] <T0aD> on the same box you mean ?
[01:00] <owh> Yup
[01:01] <T0aD> while the server is running ?
[01:01] <owh> No.
[01:01] <owh> Hold up.
[01:01] <T0aD> like how ? using virtualization or something ? i dont get you
[01:01] <owh> When you built your kernel, did you start with the ubuntu .config file in /boot?
[01:01] <T0aD> yep
[01:02] <T0aD> ah you want me to spot the differences
[01:02] <T0aD> ?
[01:02] <T0aD> # diff -u /boot/config-2.6.24.2lescigales /boot/config-2.6.35.2-rsbac-lescigales  | wc -l
[01:02] <T0aD> 3590
[01:02] <T0aD> hmpf :)
[01:02] <owh> That would be helpful. But I'm wondering if you didn't fsk around too much, it may have also compiled the appropriate modules, just not loaded them.
[01:03] <T0aD> there are no more modules
[01:03] <T0aD> modules are for the weak !
[01:05] <owh> Is lvm installed?
[01:06] <T0aD> not sure, but it isnt used
[01:06] <owh> dpkg -l | grep lvm
[01:06] <T0aD> nothing
[01:07] <owh> Does this help: http://ubuntuforums.org/showthread.php?t=620842
[01:09] <owh> Better still: http://ubuntuforums.org/showthread.php?t=704273
[01:10] <T0aD> well the first topic is very cryptic
[01:10] <owh> I suppose the thing to take from it is, do you have any pinning set?
[01:10] <owh> FYI: I'm going to have to run in 5 minutes.
[01:10] <T0aD> "I've got lot work, and I've put lots of effort in this server. Reinstall and re-setup everything could take me longer than a month. For me it's not really a problem, however my boss don't share this opinion."
[01:10] <T0aD> lol, sounds like me :)
[01:11] <T0aD> pinning set ?
[01:11] <T0aD> sorry english ain't my native language
[01:12] <owh> Have a look in /etc/apt/preferences
[01:13] <T0aD> nice it seems the release process is always overwriting logs in /var/log/dist-upgrade
[01:13] <T0aD> ls: /etc/apt/preferences: No such file or directory
[01:13] <owh> What about the second link I showed you?
[01:14] <T0aD> unfortunately not useful
[01:14] <T0aD> I still dont understand why its written post-installation in this log while it was telling me (I think now.. not so sure) it was about to remove it
[01:15] <T0aD> anyway, maybe I should unpack deb file and read this post-installation script
[01:15] <owh> I still think there is an issue with your kernel, with modules missing. Can you boot into a standard ubuntu kernel and do the upgrade from there?
[01:15] <T0aD> any reboot / downtime is risky
[01:15] <owh> Yeah
[01:15] <owh> Reading the post-install script is a good idea.
[01:15] <T0aD> yeah I might just hack it and blow this stuff
[01:16] <T0aD> now i just need to find how to do that
[01:16] <T0aD> dpkg -x it seems
[01:16] <owh> I should be back in a couple of hours, there are others here who might be better able to help.
[01:17] <T0aD> owh, I doubt it, but thanks for your time anyway :)
[01:17] <owh> kirkland: nijaba, have you got anything to add for T0aD's problem? Gotta run.
[01:19] <T0aD> well dpkg -x doesnt help but it seems scripts are in /var/lib/dpkg
[01:20] <T0aD> lol all the postinst script does is that mkdir
[01:30] <T0aD> alright hack successful
[03:24] <erichammond1> What was that fix released recently that helps protect Apache2 servers from clients that connect but don't send a request (perhaps with a timeout)?  I have a custom Apache config that I think needs to have this applied quickly.
[03:24] <T0aD> well apart from a firewall rule
[03:24] <T0aD> I dont see what 'fix' would be realsed
[03:24] <T0aD> released
[03:25] <T0aD> iptables -I INPUT -p tcp --syn --dport 80 -m connlimit --connlimit-above 12  -j REJECT
[03:25] <T0aD> try that one
[03:26] <erichammond1> Ah, looks like mod_reqtimeout
[03:26] <T0aD> oh there is a module for that
[03:27] <erichammond1> though I can't find it in Karmic
[03:27] <T0aD> thats nice, and whats about other services ?
[03:27] <T0aD> this module wont help you I think
[03:27] <T0aD> well suit yourself
[03:28] <erichammond1> T0aD: Thanks, but I'm not sure that the connections are coming from the same IP address and the number of available server connections can easily be overwhelmed by not that many parallel connections that take a long time to send the request.
[03:28] <T0aD> well there is nothing you can do then
[03:28] <T0aD> except configuring Timeout
[03:28] <erichammond1> If they don't send a request, I just want to time out on them and move on to the next request.
[03:29] <T0aD> its in the basic apache configuration
[03:29] <T0aD> http://httpd.apache.org/docs/2.2/mod/core.html#timeout
[03:30] <T0aD> im personaly using Timeout 3 and KeepAliveTimeout 3
[03:33] <erichammond1> I'll give that a try.  I thought that perhaps Timeout did not kick in until the request started getting sent which was why the mod_reqtimeout patch was released.
[03:34] <T0aD> you should read this module page and experiment
[03:34] <T0aD> Timeout 3 rocks anyway
[03:35] <T0aD> except for 14.400 bauds modems of course
[03:35] <erichammond1> :)
[03:38] <erichammond1> T0aD: Yep, "Timeout 3" does not start the countdown until the first "GET" line is sent by the client.
[03:38] <erichammond1> T0aD: A client that connects and sends nothing, uses up an Apache child.
[03:39] <erichammond1> mod_reqtimeout looks like it solves that.
[03:39] <erichammond1> "Available in Apache 2.2.15 and later" so not in Karmic.
[03:40] <erichammond1> I wanted to upgrade that server anyway.
 T0aD: Yep, "Timeout 3" does not start the countdown until the first "GET" line is sent by the client.
[03:40] <T0aD> hm yes it does
[03:41] <erichammond1> T0aD: I just tested it on my Apache 2.2.12 server and I can take much longer than 3 seconds to type in "GET /" and it's still listening.  If I type "GET / HTTP/1.0" it hangs up 3 seconds later.
[03:41] <erichammond1> What Apache are you using?
[03:42] <T0aD> hm maybe KeepAliveTimeout then ?
[03:42] <erichammond1> I have that low, too.
[03:42] <T0aD> 2.2.10
[03:42] <T0aD> well I tried and its working fine here funny
[03:42] <T0aD> but I have this setting for years
[03:43] <T0aD> did you correctly restart your server ?
[03:43] <erichammond1> Since the 3 second timeout is now working after the "GET" (it had been set to the default of 300) I believe I did, yes.
[03:43] <erichammond1> This also appears to be how it is documented.
[03:44] <T0aD> hm maybe Im confused with another directive..
[03:44] <T0aD> no that should be it
[03:45] <T0aD> proceed to a full restart (not graceful) to experiment anyway
[03:45] <T0aD> root@ns1:/tmp/tmpRktNYU# time nc 217.73.17.12 80
[03:45] <T0aD> real	0m6.020s
[03:46] <T0aD> interesting, maybe its adding timeout+keepalivetimeout
[03:49] <erichammond1> T0aD: I'm off.  Thanks for your help.
[03:49] <T0aD> np
[05:58] <n8whnp> hey, I have a really dumb question about openldap in ubuntu server 10.10
[05:59] <n8whnp> I know that the transition has been made to the cn=config style configuration
[05:59] <n8whnp> is there any way to set the default password to connect and configure things. dpkg-reconfigure is not doing that
[06:28] <osmosis> patdk-lap, why 100 for swappiness? other guides are telling me lower is better, like 10 or 0.
[06:47] <z3cka> Hello, I'm having a strange issue with my server, when logon through the terminal at tty1 the "Welcome to Ubuntu!" message is there twice, once for 10.10 and once for 10.4 … any ideas what would cause this?
[06:48] <T0aD> cat /etc/motd
[06:48] <T0aD> or issue or issue.net
[06:49] <z3cka> yep, that give me the welcome message
[06:49] <T0aD> holy crap
[06:49] <T0aD> upgrade to 8.04 breaks my klogd
[06:51] <z3cka> well, the real issue is it says one use is logged into 10.4 and 0 users are logged into 10.10
[06:51] <z3cka> yet, eth0 has 10.10's ipaddress
[06:51] <z3cka> so my network is confused
[06:53] <T0aD> i really start to think do-release-upgrade is a bad idea
[06:53] <z3cka> agree
[06:53] <T0aD> im currently upgrading a big production server from 6.10 to at least 8.04
[06:53] <T0aD> and this is hell
[06:54] <z3cka> ifconfig says eth0 is 192.168.1.118 but my /etc/motd says eth0 is 192.168.15.4
[06:55] <T0aD> well who cares about motd anyway
[06:55] <T0aD> > /etc/motd
[06:55] <T0aD> and maybe motd is speaking of your old address
[06:55] <z3cka> i don't i'm just trouble shooting my network issue
[06:56] <T0aD> well dont you worry
[06:56] <T0aD> motd aint involved with networking
[06:56] <z3cka> ping 127.0.01 doesn't even resolve
[06:56] <z3cka> true, i think it gives me a clue as to what's going on
[06:56] <T0aD> try w or who in that case
[06:58] <z3cka> right, that tells me i'm logged in, but logged into what?
[06:58] <z3cka> 10.10 or 10.4?
[06:58] <z3cka> is it possible that they are both running?
[06:59] <z3cka> motd says i'm logged into 10.4
 is it possible that they are both running?
[07:01] <T0aD> lol
[07:01] <z3cka> so now that
[07:01] <z3cka> so now that's funny to you?
[07:01] <T0aD> I havent laugh like that for a long time, thank you
[07:02] <T0aD> check out your logs
[07:02] <T0aD> Im not sure what your problem is exactly
[07:04] <z3cka> problem is, i'm getting an IP address network seems to not be functioning properly
[07:04] <z3cka> *but
[07:05] <T0aD> seems seems pretty clear
[07:06] <z3cka> which logs should i look at?
[07:07] <z3cka> basically i get 100% packet loss no matter what ip i ping
[07:08] <z3cka> even 127.0.01
[07:08] <z3cka> *127.0.0.1
[07:09] <T0aD> hmm
[07:09] <T0aD> ifconfig should tell you which interfaces are up
[07:09] <T0aD> check that
[07:09] <z3cka> yep, all seems well there
[07:10] <T0aD> check sysctl icmp_echo to see if you re not ignoring pings
[07:10] <T0aD> it could be so many things, firewall, kernel
[07:11] <z3cka> error: "icmp_echo" is an unknown key
[07:11] <T0aD> sysctl -a | grep icmp_echo
[07:12] <z3cka> thanks
[07:13] <z3cka> …icmp_echo_ignore_all = 0
[07:13] <z3cka> …icmp_echo_ignore_broadcasts =
[07:13] <z3cka> 1
[07:20] <z3cka> what is eth0:metedata from ifconfig?
[07:22] <eagles0513875|2> hey guys any dovecot squirrelmail post fix experts in here
[07:22] <eagles0513875|2> i followed the guidelines on the wiki for each of those and im having issues connecting to the imap server
[07:22] <eagles0513875|2> i have dovecot configured for imaps
[07:22] <eagles0513875|2> only
[07:22] <eagles0513875|2> could that be the issue
[07:34] <RoyK> morning
[07:35] <RoyK> eagles0513875|2: with a self-signed certificate?
[07:35] <eagles0513875|2> RoyK: think i have isolated my issue to squirrelmail
[07:35] <RoyK> k
[07:35] <eagles0513875|2> i have dovecot setup tp use imaps only how can i config squirrelmail to do the same thing
[07:36] <eagles0513875|2> RoyK: ^
[07:47] <RoyK> eagles0513875|2: don't remember - I haven't use squirrelmail for years - but then, if you run squirrelmail on the same host as dovecot, the only thing you'll need is a redirect from the sqm running http, right?
[07:47] <RoyK> as in <?php location('https://host.tld'); ?>
[07:48] <eagles0513875|2> ya i have it mostly setup i needed to do some configuration of squirrel mail a bit
[07:48] <RoyK> erm
[07:48] <eagles0513875|2> using sudo squirrelmail-configure
[07:48] <eagles0513875|2> to allow tls connection as well as use the imaps port
[07:48] <RoyK> as in <?php header("Location: https://host.tld'); ?>
[07:50] <dubphil> Hello ! I have switched from Debian to Ubuntu and I would say that I'm quite happy, good work !
[07:52] <dubphil> When I put service squid stop on a script I have this error : exec: 129: stop: not found, how can I stop and start squid in a script ?
[07:53] <dubphil> where are the squid init scripts ?
[07:53] <eagles0513875|2> dubphil: it would have to be somethign like this
[07:53] <eagles0513875|2> sudo /etc/init.d/squid stop
[07:53] <eagles0513875|2> all startup shutdown and restart scripts are in /etc/init.s
[07:53] <eagles0513875|2> init.d
[07:53] <dubphil> eagles0513875|2: thats was the debian way, but there no more squid scripts in /etc/init.d
[07:54] <eagles0513875|2> dubphil: try sudo squid stop
[07:54] <eagles0513875|2> hey dubphil im gonna need your expertise with getting squid setup
[07:54] <dubphil> eagles0513875|2: it is a script launched by root in a crontab
[07:55] <dubphil> yes tell me
[07:55] <eagles0513875|2> dubphil: where to begin lol
[07:56] <eagles0513875|2> dubphil: mind if i pm you
[07:56] <RoyK> dubphil: you won't notice much difference :)
[07:57] <eagles0513875|2> dubphil: basically is squid easy to setup
[07:57] <eagles0513875|2> im going to need it as im hosting a few sites and my server connectivity wise is quite fast, but sometimes it gets bogged down
[08:02] <z3cka> T0aD: eucaluptus-cloud was causing the trouble
[08:03] <dubphil> eagles0513875|2: yes it is quite easy but more complex scheme you need the more it will be difficult to setup ;)
[08:03] <z3cka> sudo apt-get remove eucaluptus-cloud did the trick
[08:03] <z3cka> strange
[08:04] <z3cka> eth0:metadata went away
[08:04] <z3cka> from my ifconfig
[08:04] <dubphil> RoyK: yes for sure, the lonely difference for now is the localisation of the squid init scripts
[08:04] <dubphil> where damn are they ?
[08:05] <RoyK> squid-langpack - Localized error pages for Squid
[08:07] <dubphil> RoyK: squid is working well, my problem is just to stop or start it in a root cronjob
[08:08] <dubphil> eh I understand Iwould have not use "localisation" I ment "the place they stand"
 sudo apt-get remove eucaluptus-cloud did the trick
[08:12] <T0aD> lol
[08:14] <RoyK> apt-get remove --purge \* # :D
[08:14]  * RoyK does not recommend that
[08:15]  * T0aD wonders if RoyK thinks rm -fr / is funny too ?
[08:15] <RoyK> T0aD: that's far worse
[08:16] <RoyK> that apt-get gives you a pretty good warning
[08:16] <T0aD> its still as funny as eddie murphy
[08:16] <RoyK> that rm of yours doesn't
[08:16]  * z3cka wonders if T0aD is really a troll
[08:16]  * T0aD hides his hair
[08:17] <T0aD> z3cka, I just dont see why that is 'funny' :)
[08:17] <z3cka> T0aD: i just don't see why you have to quote me and lol
[08:18] <T0aD> well that was funny
[08:18] <T0aD> installing a cloud and having networking issues
[08:18] <T0aD> and removing it being called 'a fix'
[08:18] <z3cka> you got me
[08:18] <z3cka> that's true
[08:18] <z3cka> well… i wasn't using it
[08:18] <T0aD> yeah, that was truly funny :)
[08:19] <z3cka> i'm sure is i installed it again it would probably work
[08:19] <z3cka> *if
[08:19] <T0aD> no idea, im still a cloud virgin
[08:20]  * T0aD is the innocent little flower
[08:20] <z3cka> played with it a bit on the local lan but didn't get far
[08:21] <z3cka> and then the update seemed to break the rest of the network
[08:21] <z3cka> more specifically added eth0:metatdata entry to ifconfig
[08:22] <z3cka> so i searched eth0:metadat and all i got was entries about problems with eucalyptus
[08:22] <z3cka> so i removed it
[08:23] <z3cka> hense, fixed :-)
[08:23] <T0aD> you cant trust software written by koalas
[08:23] <z3cka> errr *hence
[08:23] <z3cka> that's true
[08:24] <z3cka> or just Australians in general...
[08:33] <T0aD> adios
[08:40] <Zeu5> hi there, i am at my devt machine. I ssh into my server. From my server, i am trying to do a git pull from a public repo like projectlocker. I am always prompted for my ssh passphrase. i followed this but i am still prompted. please advise.http://help.github.com/working-with-key-passphrases/
[08:42] <twb> IMO agent forwarding is evil and wrong
[08:42] <twb> I prefer -oProxyCommand
[08:42] <twb> Admittedly it wouldn't help in your case...
[08:43] <twb> Zeu5: that article doesn't seem to mention agent forwarding.  Do you have it on, or off?
[08:44] <twb> Zeu5: btw, if you're in an Ubuntu desktop environment, ssh-agent is started automatically when you log in, so you can skip that step.
[08:49] <Zeu5> twb: this is my config file
[08:49] <Zeu5> this is my config file in ~/.ssh  http://gist.github.com/646426
[08:49] <Zeu5> twb: does that indicate whether i have agent-forwrading on?
[08:50] <twb> And you're running "ssh staging"?
[08:50] <Zeu5> twb: i am actually trying to get capistrano working. but somebody told me to do this. so i did so. if it s wrong i will gladly remove it
[08:50] <twb> capistrano is a hostname?
[08:51] <Zeu5> capistrano is a deployment tool
[08:51] <Zeu5> twb: let me go remove the config file first
[08:51] <twb> Bleh, more ruby gank
[08:51] <Zeu5> twb: i am a ruby noob. more so than being a ubuntu noob. ha
[08:52] <twb> Unfortunately I have no idea what that tool does
[08:52] <Zeu5> its okie twb
[08:52] <Zeu5> right now i just want this ssh forwarding to work.
[08:52] <twb> Rather than sshing into a server and doing a "git pull" there, I guess what I would do is "git push" to the server directly
[08:53] <twb> You can try "ssh-add -l" to see what keys are enabled in your agent on each host
[08:53] <twb> Note that you need to run ssh-add [~/.ssh/id_rsa] to add a key to your agent.
[08:54] <Zeu5> is it safe for me to paste my output when i run ssh-add -ls
[08:54] <Zeu5> is it safe for me to paste my output when i run ssh-add -l ?
[08:55] <twb> A line like this is safe to publish: 2048 4d:cd:2c:5b:9f:a5:d1:cd:f6:f1:2f:30:f8:74:8b:47 /home/twb/.ssh/id_cyber (RSA)
[08:55] <twb> It's basically the same as your public key
[08:55] <twb> (In terms of information disclosure.)
[08:56] <Zeu5> username@server:/var/www/abc.biz$ ssh-add -l
[08:56] <Zeu5> 2048 bf:8a:cf:e1:97:24:86:6d:8f:8a:f0:7b:86:17:5c:7f /home/ubuntu/.ssh/id_rsa (RSA)
[08:56] <Zeu5> so am i doing everything correctly so far?
[08:57] <twb> That means "server" has your key usable in it
[08:57] <twb> So it should work without prompting for a passphrase
[08:58] <Zeu5> twb: i am still prompted when i do a git pull from server
[08:58] <twb> What is the command you're running?
[09:00] <Zeu5> twb: http://gist.github.com/646508
[09:03] <twb> OK, for some reason it is ignoring /home/ubuntu/.ssh/id_rsa and trying to use /home/username/.ssh/id_rsa instead (or first).
[09:03] <twb> You could try moving that key out of the way, but other than that you're going to have to ask #openssh, since this is where my experience with agent forwarding runs out.
[09:03] <twb> (You can also try just hitting ^D which will make it try the next key.)
[09:04] <Zeu5> twb: i apologise beforehand. i wanted to keep my username secret. its all ubuntu
[09:04] <Zeu5> twb: sorry for the misunderstanding
[09:07] <Zeu5> twb: i have to go off. will be back in an hour's time to try my luck again. thank you for your assistance. appreciate it. sorry for misleading you about my username. will definitely try #openssh as well
[09:08] <twb> Which, kids, is why we you don't try to elide useful, non-compromising information from your tech support staff.
[09:13] <MACscr> any recommendation for resolving the following apt-get upgrade errors? http://pastebin.com/WByrVRjp
[09:19] <twb> MACscr: turn -security back on?
[09:19] <MACscr> huh?
[09:20] <twb> libssl-dev: Depends: libssl0.9.8 (= 0.9.8k-7ubuntu8.1) but 0.9.8k-7ubuntu8.3 is installed
[09:21] <twb> 0.9.8k-7ubuntu8.3 comes from lucid-security and lucid-updates.
[09:21] <twb> The fact that it's trying to install an older version suggests that either those components are disabled, or you haven't run "apt-get update" lately.
[09:22] <twb> I suppose it could also happen if you're using a binary package that needs a binNMU (i.e. it links against the obsolete version).  lucid-security should fix that, too.
[09:27] <MACscr> its enabled
[09:27] <MACscr> all the defaults are
[09:27] <MACscr> and i ran apt-get update right before i attempted the upgrade
[09:29] <MACscr> nvm, its working now. Weird
[09:29] <MACscr> simple reboot seemed to fix it
[09:49] <Zeu5> hi there, i am at my devt machine. I ssh into my server. From my server, i am trying to do a git pull from a public repo like projectlocker. I am always prompted for my ssh passphrase. i followed this but i am still prompted. please advise.http://help.github.com/working-with-key-passphrases/
[10:18] <mgolisch> Zeu5: do you start ssh-agent ?
[10:18] <Zeu5> mgolisch: how do i do that?
[10:18] <Zeu5> i did notice that when i run "ps", there is no ssh-agent
[10:19] <twb> It may be called "gpg-agent" (it can do both jobs).
[10:21] <Zeu5> twb: when i run ps all i see is ps and bash
[10:21] <mgolisch> is ssh-agent installed at all?
[10:22] <mgolisch> this page you linked seems to add stuff to your shellconfig to start ssh-agent automaticaly
[10:22] <twb> that's keychain's job, yeah
[10:23] <twb> Except that if you do a GUI login to an ubuntu desktop, ssh-agent is already started automatically, and (I assume) agent forwarding means THAT agent is the one used on the remote server.
[10:23] <Zeu5> twb: i apologise. i am really not very good with this whole agent forwarding business. so are you saying tat i made a mistake in the first place?
[10:24] <twb> Damned if I know.
[10:24] <twb> I'm just saying that (AFAIK) if you login with gdm, you don't need keychain
[10:30] <Zeu5> twb: since i am sshing into server, i guess tat means i am not login using gdm yes?
[10:32] <twb> You're using agent forwarding, so your local agent (started by gdm) will talk over the ssh link to *something*
[10:32] <twb> Whether that something is ssh (directly) or a remote ssh-agent (indirectly), I don't know.
[10:32] <twb> As I said, I'm not a fan of agent/x11 forwarding.
[10:34] <Zeu5> twb: i see. thank you.
[11:04] <SAngeli> I have ubuntu server 10.10 64 bit installed and have to install Conexant HSF softmodem driver for making hylafax work with my softmodem PCI card. It is a Conexant System modem. I am following this article http://www.linuxant.com/drivers/hsf/downloads-installer.php  but when I run the script I get this error: Package not compatible with your system. Kernet module can't be compiled
[11:04] <SAngeli> what do I have to do, please?
[11:05] <RoyK> check what distros are supported
[11:05] <RoyK> 10.10 obviosly isn't
[11:05] <RoyK> or at least 10.10/64
[11:05] <RoyK> http://www.linuxant.com/drivers/hsf/full/downloads.php
[11:06] <RoyK> not a very promising list
[11:06] <RoyK> no x64 at all
[11:07] <RoyK> I guess perhaps an x86 install of 10.04 or even 10.10 might work with the bottom one
[11:07] <RoyK> x64 will not work
[11:11] <SAngeli> RoyK, I have to find out if I can make hylafax work with my modem. I am not able to find any distro or a Hylafax IRC Chanel to ask. How can I make this work?
[11:12] <SAngeli> Any advice?
[11:12] <SAngeli> even by reinstalling ubuntu or another distro
[11:14] <SAngeli> RoyK, what if I install the 32 bit version of ubuntu 10.10? If not can I install a earlier verion of ubuntu server that wil be compatile with ?
[11:22] <SAngeli> anyone can reply, pleaze
[11:23] <patdk-lap> reply
[11:24] <adamk-pl> SAngeli: i would go for 32bit
[11:26] <adamk-pl> of 10.4
[11:27] <twb> Apart from legacy / proprietary programs and specialist compilers, I see no reason to install i386 on an amd64 system.
[11:28] <twb> ("specialist" meaning that it has one developer, and he's too overworked to port it to x86-64)
[11:37] <SAngeli> adamk-pl, can you please tell me where to download the 32 ver or ubuntu server 10.4, please
[11:37] <SAngeli> and thank you for your reply
[11:38] <SAngeli> adamk-pl, is it this one? Ubuntu 10.04.1 LTS (Lucid Lynx)
[11:39] <SAngeli> adamk-pl, found it: http://mylayn.blogspot.com/2010/05/download-ubuntu-104.html
[11:39] <twb> SAngeli: uh, maybe you should try ubuntu.com; it probably has a download link on the front page
[11:40] <twb> http://www.ubuntu.com/server/get-ubuntu/download
[11:41] <adamk-pl> twb: exactly !
[11:42] <adamk-pl> mylayn links point to torrent files, so if you prefer torrent go for torrent, i think i still seed LTS
[11:42] <adamk-pl> :D
[11:43] <evident> Hi everybody! On my server I get dependency problems when calling apt-get upgrade: http://hpaste.org/40892/upgrade ... can anybody tell me how I can fix these?
[11:44] <twb> adamk-pl: I would trust any link I found on <random blog post>
[11:45] <twb> evident: please run "export LC_ALL=C" and re-run the command
[11:45] <adamk-pl> twb: sure
[11:45] <twb> evident: that will give it in English :-)
[11:46] <twb> evident: also, paste the *whole* output.  You can do this by running "script", which will make a copy into the file "typescript"
[11:46] <evident> http://hpaste.org/paste/40892/upgrade_2#p40893
[11:46] <evident> i annotated the paste with the full output (in english)
[11:47] <twb> OK, thanks.
[11:47] <evident> (other question: Will my outputs be in english forever now? If so: Great... been trying to do that for a while)
[11:47] <twb> The procps issue shouldn't be happening; have you got bad entries in /etc/sysctl.conf?
[11:47] <twb> evident: only while you stay in the shell that you ran export LC_ALL=C in
[11:48] <evident> aha ok
[11:48] <twb> "LC_ALL=C" means "use the C (none/us english) locale for all locale settings"
[11:48] <twb> See "man 7 locale"
[11:49] <evident> http://hpaste.org/paste/40892/sysctl#p40894
[11:49] <evident> this is my sysctl
[11:49] <twb> OK, that's strange.  You'll have to debug /etc/init/procps.conf
[11:51] <evident> http://hpaste.org/paste/40892/etcinitprocpsconf#p40895
[11:53] <garymc> is there a room for help with setting up an SSL web serveR?
[11:53] <evident> how would I debug this? Do you see anything strange in there?
[11:53] <garymc> or converting my current one to SSL
[11:55] <twb> garymc: did you check the ubuntu server guide?
[11:55] <twb> garymc: also, your existing httpd probably has documentation on the subject.
[11:55] <dubphil> twb I don't think so :)
[11:56] <dubphil> it always afraid people to deal with ssl
[11:56] <twb> evident: sorry, I don't really want to deal with upstart.  It's fucking annoying.
[11:56] <evident> :D
[11:56] <evident> ok thank you anyways
[11:57] <twb> evident: however, it does look like that's the only error there -- everything else is just complaining because it wants procps to finish first.
[11:58] <evident> hmm ok... I'll try and see if I can find a way to fix it... thanks
[11:58] <twb> You can bug #upstart about it, too
[12:22] <megaTarzan> hello. I have iptables error while starting virt-manager local connexion's default network
[12:30] <garymc> Do I have to purchase an SSL certificate?
[12:31] <twb> garymc: no.
[12:31] <garymc> Im told by the bank i need an intermediate SSL certificate
[12:31] <twb> SSL is an hierarchical, asynchronous crypto/auth infrastructure.
[12:31] <twb> It allows anyone who has your public key to know that you're "you".
[12:32] <twb> In the context of web browsing, however, your end users will only have your public key *in advance* if you get your keypair signed by someone they already trust -- i.e. a signatory in the browser's default trust list.
[12:33] <twb> That basically means that you can either pay someone like instantssl or verisign, or inconvenience your end users.
[12:33] <twb> The latter is usually referred to as a "self-signed certificate"
[12:34] <garymc> so if I get a verisign. That cost money? and would they set it up for me?
[12:37] <twb> You pay for them to say "I trust garymc."
[12:38] <twb> Which really means "I trust that garymc has a credit card and can afford to pay me $10/year"
[12:38] <garymc> lol
[12:40] <twb> Don't mind me, I'm just pissed off about the hierarchical nature being hijacked as a license for verisign et al to print money.
[12:42] <garymc> yeah, Verisign seen as trusted now though :(
[12:59] <garymc> Anyone heard of 3D secure?
[13:01] <garymc> Ok I dont want 3D secure
[13:02] <twb> In practice nobody cares *who* signs your key, just as long as there's a hierarchy of trust that ends in something that's in the default list for firefox and ie
[13:03] <twb> I've heard the name instantssl(.com) being bandied about the office; I've never bothered to buy a cert myself, so I can't vouch for them personally.
[13:06] <garymc> How can I tell if I have OpenSSL installed on my server?
[13:08] <patdk-wk> hmm
[13:08] <patdk-wk> openssl
[13:08] <twb> garymc: dpkg -l, or some variation thereof.
[13:10] <twb> garymc: in Ubuntu (and unix in general) there are two competing implementations: OpenSSL and GNUTLS.  Within Ubuntu each program is basically pre-compiled against one of the two; you don't get to pick which, but usually it should Just Work.
[13:16] <yann2> with likewise-open, how can I do an alias to allow user to authenticate using login instead of domain\\login ?
[13:19] <twb> IIRC that's proprietary software which isn't supported here
[13:19] <twb> The native LDAP solution is OpenLDAP (server) and PADL libpam-ldap/libnss-ldap (client).
[13:20] <twb> Oh, it appears to be GPL.
[13:30] <mgolisch> yann2: did you read its documentation?
[13:32] <yann2> mgolisch, went through the 100 pages yes
[13:32] <yann2> scrolled through and didnt find anything in that direction :(
[13:39] <twb> Searching for Ubuntu 10.04 "Likewise Open" yields https://help.ubuntu.com/10.04/serverguide/C/likewise-open.html
[13:39] <twb> So it's covered in the norma Ubuntu server guide.
[13:40] <mgolisch> yann2: so maybe read the link twb posted
[13:40] <mgolisch> it covers that
[13:41] <mgolisch> iam sure their documentation does too
[13:41] <yann2> thanks
[13:41] <mgolisch> atleast i remember seeing that in there
[13:41] <yann2> ouch so that's what it meant
[13:41] <yann2> sorry I actually also read that page :(
[13:43] <mgolisch> you set the default domain
[14:51] <Egonis> I want to use proxyarp in ufw, and can't seem to find a howto -- I have been using shorewall all this time for basic firewall, forwarding and arp proxying.
[14:55] <tax> hi there
[14:55] <tax> anyone overhere?
[14:55] <pmatulis> tax: there are 297 people in this channel
[14:57] <tax> is there anyone that can help me configuring squid and dansguardian?
[14:57] <tax> sorry for my bad english
[14:57] <pmatulis> !ask | tax
[15:00] <tax> i'm having trouble installing squid and dansguardian
[15:14] <garymc> Hi, ive just setup my server to use SSL but when i load up the https://www.mysite.com version. Firefox says this is an untrusted site. How do i get it to be a trusted site?
[15:17] <patdk-wk> get a real ssl certificate
[15:20] <iceflatline> garymc: you have to get a cert signed by a trusted authority. GoDaddy sells them pretty cheap.
[15:20] <garymc> god damn
[15:22] <iceflatline> If this is more or less a private server, then I wouldn't worry about it. Just add the cert to FF list of trusted authorities and be done with it.
[15:47] <SAngeli> sorry but I need help installing a driver for the modem
[15:47] <SAngeli> http://www.linuxant.com/drivers/hsf/install.php  this is what I am following
[15:48] <SAngeli> i had ubuntu server 10.10 64 bit installed and now have 10.04 32 bit
[15:48] <SAngeli> I get the same error saying that I cannot install because the kernel module cannot be compiled
[15:49] <SAngeli> I need to install a No Pre-Compile package.
[15:49] <SAngeli> Could please anyone advice me what to do so that I can solve this issue and resume my work on this server?
[15:50] <SAngeli> I have a Conexant System softmodem (made by US Robbotics) and need the hsfmodem driver to be installed
[15:50] <SAngeli> Please lelp
[15:51] <cfairles> On an 8-cpu machine, vmstat is reporting 30k context switches a second. So thats on avg 3.75k per cpu per second... sound a little high?
[15:51] <SAngeli> This is whay I currently have: Distribution: Ubuntu 10.04.1
[15:51] <SAngeli>   Kernel version: 2.6.32-24-generic-pae
[15:51] <SAngeli> Kernel architecture: x86
[15:52] <SAngeli> and this is the error I get: ERROR: The generic package is not compatible with this system since kernel modules can't be compiled. There is also no pre-compiled package available for your kernel.
[15:52] <SAngeli> ./precompiled-vs-generic: 29: let: not found
[15:55] <MTecknology> How do I forcefully remove a broken package?
[15:55] <SAngeli> it seems this chanel is for the moment paused MTecknology  cfairles
[15:55] <MTecknology> I tried aptitude purge package.. but the package is broken so it won't uninstall
[15:57] <cfairles> MTecknology, have you tried dpkg -P ?
[15:59] <MTecknology> cfairles: nope, thanks :)
[15:59] <SAngeli> how can I solve my issue? Anyone has an advice?
[16:05] <SAngeli> solve the problem, myself.
[16:09] <pmatulis> SAngeli: what did you do?
[16:11] <SAngeli> pmatulis, I start reading carefully as linux "always" writes you what is wrong and what you miss. not having so much experience with linux and being used to Microsoft GUI sometimes when I get errors I frick out rather than read. I had to install gcc
[16:11] <pmatulis> SAngeli: ok
[16:14] <blackxored> hello everybody
[16:14] <blackxored> I woke up this morning
[16:14] <blackxored> and I though It is possible to bond a ethernet interface with a wireless one
[16:14] <SAngeli> I am reading and trying to check if I comunicate with my modem following this first part http://www.hylafax.org/content/Handbook:Basic_Server_Configuration:Checking_your_Modem  but it hangs at Connected. Is this ok to try on ubuntu? I type cu -l ttyS0  (ttyS0 being my PCI Internal modem) Or should I add sudo or ?
[16:15] <blackxored> *if* possible, how do you do it? and I'd get the same benefits as normal eth bonding: increased bandwith, HA, etc?
[16:19] <alcy> Anyone got a clue why I am getting "FATAL: could not load /lib/modules/2.6.35-22-server/modules.dep No such file or directory" ? This is in Virtualbox with 10.10 64-bit. Although I am able to login fine and everything else is working, but still, anyone faced this before ?
[16:23] <\sh> blackxored: where do you have a "increased bandwidth" with
[16:23] <ChmEarl> alcy, only in chroot have I ever got that msg, usually when trying to initramfs
[16:23] <\sh> bonding? (aka bond-mode 2)
[16:24] <alcy> Chm this is on a i7 cpu, so just to check I increased the no. of cpus to 8, and it works. not sure how bad a setting that is though.
[16:24] <ChmEarl> alcy, using $(uname -r) in chroot
[16:24] <alcy> uh ChmEarl
[16:26] <alcy> ChmEarl: might also just be vbox specific issue. will see if I run into problems.
[16:28] <SAngeli> Is setserial a good tool to test the internal modem? Anyone knows? When I use cu it hangs
[16:28] <patdk-wk> cu?
  this is wehre I got it: http://www.hylafax.org/content/Handbook:Basic_Server_Configuration:Checking_your_Modem
[16:30] <patdk-wk> oh, that cu
[16:30] <patdk-wk> ya, cu is like telnet for modems
[16:30] <SAngeli> but it hangs after I run it
[16:31] <SAngeli> it stops at Connected
[16:31] <patdk-wk> it should
[16:31] <patdk-wk> modems only talk back
[16:31] <patdk-wk> did you type at and hit enter?
[16:31] <patdk-wk> and are you sure your talking to the modem's serial port?
[16:31] <SAngeli> and how shuld I get the output of what the link displays?
[16:31] <SAngeli> I only typed: cu -l ttyS0
[16:32] <SAngeli> it is wrong?
[16:32] <SAngeli> after I hit enter I get Connected. then I am unable to see or type anything
 I need to make sure it works and verify its class to make sure it is for fax modem and not data
[16:34] <patdk-wk> hmm
[16:36] <patdk-wk> are you sure ttyS0 is your modem? normally it isn't
[16:36] <patdk-wk> setserial -a /dev/ttyS0 might give you some info
[16:36] <patdk-wk> but if I remember right, you where using a softmodem
[16:38] <SAngeli> it is not a serial modem. It is a PCI modem patdk-wk
[16:38] <SAngeli> yes, it is a softmodem and ttyS0 is for PCI modmes as I read.
[16:39] <SAngeli> I also have another modem, much older still PCI made by 3Com. Who knows if it is a softmodem or not.
[16:40] <SAngeli> yes, it is another winmodem
[16:40] <patdk-wk> you don't have pci modems :) you might have a modem with a pci interface
[16:40] <patdk-wk> but all modems are serial based (well a few are parallel but not many)
 sure. This is what i was intending to say
[16:40] <patdk-wk> now softmodems are just soundcards, and require a program to convert
[16:41] <patdk-wk> but I would find it very very unlikely it's using ttyS0
[16:41] <patdk-wk> what does setserial -a /dev/ttyS0 say?
[16:41] <patdk-wk> for the first line?
[16:41] <SAngeli> I have to install it first
 here is the outpup: /dev/ttyS0, Line 0, UART: 16550A, Port: 0x03f8, IRQ: 4
[16:42] <SAngeli>  Baud_base: 115200, close_delay: 50, divisor: 0
[16:42] <SAngeli>  closing_wait: 3000
[16:42] <SAngeli>  Flags: spd_normal skip_test
[16:44] <patdk-wk> ya, that so can't be your modem
[16:44] <patdk-wk> what /dev/tty* devices do you have, that don't start with numbers?
 here is the answer (if I did right):
[16:46] <SAngeli> /dev/ttySHSF3
[16:46] <SAngeli> /dev/ttySHSF4
[16:46] <SAngeli> /dev/ttySHSF5
[16:46] <SAngeli> /dev/ttySHSF6
[16:46] <SAngeli> /dev/ttySHSF7
[16:46] <SAngeli> /dev/ttySHSF0
[16:46] <SAngeli> /dev/ttySHSF1
[16:46] <SAngeli> /dev/ttySHSF2
[16:46] <patdk-wk> those sound much more promising :)
[16:46] <SAngeli> I can use scanModem as this article https://help.ubuntu.com/community/DialupModemHowto/ScanModem  says
[16:47] <patdk-wk> looks like that connects to all nd looks for modems
[16:47] <patdk-wk> should work
[16:48] <SAngeli> so what do I have to do to check the modem status and if it is working and its specs?
[16:49] <sommer> ivoks: heh, I don't deny :-)
[16:49] <sommer> ivoks: passion motivates is my point
[16:49] <patdk-wk> well, I can't test that scanmodem thing, as I have no computers with modem in them at the moment
[16:49] <ivoks> sommer: i know
[16:50] <patdk-wk> (and I refuse to load that bastard softmodem for intel hda) for my laptop
[16:50] <patdk-wk> but once you know what device your modem is on
[16:50] <SAngeli> patdk-wk I am sure it is ttyS0 because if I test all other ttyS* I get unknown. Same as for ttySHSF*
[16:50] <patdk-wk> it's easy to send it the correct at commands to find it's abilities
[16:50] <SAngeli> the only one that repors properly is ttyS0
[16:51] <SAngeli> patdk-wk OK. What command should I send to inquiry it?
[16:51] <patdk-wk> that is the onboard serial port in your computer
[16:51] <patdk-wk> beside that +fclass thing, there is the ati0 to ati9 commands
[16:51] <patdk-wk> but just typing at <enter> should give you an OK or 0 reply
[16:52] <SAngeli> can you please give me line by line from the start? I type at but what should I start with?
[16:52] <patdk-wk> at
[16:52] <SAngeli> with at I get: Garbled time
[16:55] <SAngeli> patdk-wk, what should I start with? I do not have experience with it
[17:01] <SAngeli> is it so hard to help me? I was almost there and suddently I am alone again
 I tried cu with the correct modem (as you said) being ttySHSF0 and got this message: Connected.
[17:11] <SAngeli> cu: Got hangup signal
[17:11] <SAngeli>  Disconnected.
 any suggestion to complete my work or I have to sto hylafax as being installed and most likely running?
[20:23] <patdk-wk> man I wish there was a version of zerofree for btrfs
[21:08] <yann2> sorry about going back to this : https://help.ubuntu.com/10.04/serverguide/C/likewise-open.html  - after installing likewise-open on 10.4 I dont have a /etc/samba directory - though the documentation suggest I change a file there to use a default domain. Any hints?
[21:18] <yann2> http://ubuntuforums.org/showthread.php?t=1430347 *sigh* :(
[21:39] <k5673> Yo! 'Sup!
[21:41] <k5673> I'm having an issue with samba/ubuntu_9.04_server. I'm getting random files/folder's names truncated. But the contents of the files are allright. Any ideas?
[21:41] <k5673>  I'm having an issue with samba/ubuntu_9.04_server. I'm getting random files/folder's names truncated. Like FTHH9O~L, but the contents of the files are allright. Any ideas?
[21:43] <tax> does anyone know how is the syntax of ACL in squid3?
[21:46] <k5673> tax: what do you want to do?
[21:47] <k5673> tax: http://wiki.squid-cache.org/SquidFaq/SquidAcl
[21:49]  * RoyK hands k5673 a beer
[21:50] <RoyK> k5673: what filesystem are you using?
[21:50] <tax> i try to make a squid and dansguardian
[21:50] <tax> firewall
[21:51] <tax> and i'm stuck to the configuration of squid
[21:52] <tax> when i try to put the ip range of my localnetwork into squid.conf and allow it,
[21:52] <tax> i get this message and squid doesn'nt work
[21:54] <tax> 2010/10/26 23:54:19| WARNING: Netmasks are deprecated. Please use CIDR masks instead.
[21:54] <tax> 2010/10/26 23:54:19| WARNING: IPv4 netmasks are particularly nasty when used to compare IPv6 to IPv4 ranges.
[21:54] <tax> 2010/10/26 23:54:19| WARNING: For now we will assume you meant to write /0
[21:55] <k5673> ext3
[21:56] <k5673> RoyK: ext3
[21:57] <guntbert> tax: use /24 instead of /255.255.255.0
[21:57] <RoyK> k5673: reboot into single, or just init s, and fsck that
[21:58] <k5673> RoyK: I'll try it. It's my 1TB fileserver, in a highschool.
[21:58] <k5673> RoyK: the fail wrecked havoc among the teachers.
[21:59] <RoyK> k5673: if filenames are truncated, first check for data errors in dmesg
[21:59] <RoyK> if you have data errors, well, it's not your fault
[21:59] <RoyK> if it's ext3 fucking up, not your fault either
[21:59] <tax> can you tell me what does 24 mean?
[21:59] <k5673> RoyK:I know, i know.
[21:59]  * RoyK uses zfs for storage these days
[22:00] <k5673> tax: the network mask
[22:00] <k5673> tax: 24 stands for 255.255.255.0
[22:00] <RoyK> tax: 255.255.255.0 => 8.8.8.0 bits
[22:00] <RoyK> simple addition
[22:01] <tax> ok, try it at once
[22:02] <guntbert> tax: If you're speaking to someone in particular, please put their nickname in what you say (use !tab), or else messages get lost and it becomes confusing :)
[22:04] <tax> guntbert: soory, i'm new to irc
[22:04] <guntbert> tax: no problem :) it just makes it easier to see your responses
[22:04] <RoyK> !tab guntbert test
[22:05] <RoyK> hm... didn't work too well
[22:05] <RoyK> /me uses the old commands
[22:05] <tax> k5673: it works
[22:05] <Pici> tab is a key on your keyboard...
[22:06] <tax> thanx to RoyK too
[22:06] <k5673> tax: OK
[22:07] <tax> k5673: so the proxy is working, but my goal is to make it work with dansguardian
[22:07] <tax> and to make it transparent
[22:08] <k5673> k5673: in order to make squid transparent, use http_port 8080 transparent, where 8080 is the port which squid is listening
[22:09] <tax> k5673: I try to find how it works and i will post back here if i have some trouble
[22:09] <k5673> k5673: and you have to add the rules.
[22:09] <k5673> k5673: i have a running squid setup, but with iptables. I've never user dansguardian.
[22:10] <k5673> k5673: i can share my squid.conf with you.
[22:10] <k5673> k5673: want to see?
[22:10] <guntbert> k5673: don't talk to yourself :-)
[22:10] <k5673> Oh
[22:10] <RoyK> the port isn't important, but you'll need to configure squid to allow transparent connections where squid plays the webserver
[22:11] <k5673> Sorry
[22:11] <tax> k5673: ok
[22:12] <k5673> tax: Just redirect all the web traffic from/to your firewall to the squid
[22:12]  * SasaGloc_afk is away: Gone away for now
[22:13] <tax> k5673: the aadvantage of dansguardian is that it can blacklist some sites
[22:15] <tax> k5673: i tried to make it with firestarter, but it doesn't work fine
[22:15] <tax> k5673: but i have to keep it working because it was the only way to share internet connexion that was working for me
[22:16] <k5673> tax: http://pastebin.com/bRxzjmSF
[22:17] <tax> k5673: thank you
[22:18]  * SasaGloc is back.
[22:18]  * RoyK runs
[22:19] <k5673> tax: and my iptables script http://pastebin.com/6XSrLZzH
[22:20] <k5673> This one is important...
[22:20] <k5673> tax: i thing you can do a lot just using iptables.
[22:21] <k5673> tax: i'm managing 200 users and 8 servers with squid and iptables
[22:21] <k5673> In a common PC
[22:24] <tax> k5673: wow!
[22:24] <RoyK> what did I miss_
[22:24] <RoyK> ?
[22:24] <tax> k5673: can you have a traffic monitoring?
[22:25] <k5673> tax: Evil, isn't.
[22:25] <k5673> tax: AND, if you wank to see what your peers are looking, just tail -f /var/log /squid/access.log
[22:26] <k5673> Nope. No more pizza for RoyK. Sorry.
[22:26] <tax> k5673: what do you mean by 'tail'?
[22:26] <k5673> tax: Sorry.
[22:26] <k5673> tax: tail -f /var/log /squid/access.log
[22:26] <k5673> tax: tail is a command
[22:27] <tax> ok
[22:27] <tax> k5673: ok
[22:27] <k5673> tax: to see the end of a file, and the -f switch makes tail follow the file in progress.
[22:28] <tax> k5673: i get an error
[22:28] <k5673> tax: let's see.
[22:28] <tax> ==> /var/log <==
[22:28] <tax> tail: Erreur lors de la lecture `/var/log': est un dossier
[22:28] <tax> tail: /var/log: ne peut déterminer la fin de ce type de fichier; abandon sur ce nom
[22:28] <tax> tail: Ne peut ouvrir `/squid/access.log' en lecture: Aucun fichier ou dossier de ce type
[22:28] <tax> k5673
[22:28] <tax> k5673: sorry
[22:29] <k5673> tax: the file doesn't exist
[22:29] <Pici> get rid of the space between /var/log and /squid/access.log
[22:29] <tax> k5673: do i have to create it?
[22:29] <k5673> tax: do not worry
[22:30] <k5673> tax: no, the file is created by squid
[22:30] <tax> k5673:it was the space
[22:30] <tax> Pici:Thank you
[22:30] <Pici> tax: no problem
[22:31] <guntbert> !pastebin | tax (lesson 2 :-))
[22:32] <tax> guntbert: sorry, didn't know
[22:33] <guntbert> tax: don't worry - this channel is rather quiet :-)
[23:28] <tax> back here after a few hours squid is not transparent
[23:29] <tax> Pici: do you know how to configure dansguardian?
[23:30] <Pici> tax: Sorry, no. :/
[23:30] <tax> Pici: and what about to make squid transparent?