[00:00] <zacharynweb> cool
[00:00] <zacharynweb> I'm making these two files
[00:00] <IrishWristwatch> ok
[00:00] <IrishWristwatch> do you know how to use nano?
[00:00] <IrishWristwatch> Nano is good beginner command line text editor
[00:01] <IrishWristwatch> I assume you do, since you've edited some files already.
[00:01] <zacharynweb> I used wget to download the .txt file from that link
[00:03] <zacharynweb> cp to rename it from the .txt file
[00:04] <IrishWristwatch> there is an easier way you can do it over putty
[00:04] <IrishWristwatch> just do
[00:04] <IrishWristwatch> sudo nano /etc/default/deluge-daemon
[00:04] <IrishWristwatch> with putty, you just right-click to paste
[00:04] <IrishWristwatch> then ctrl+o to save, ctrl+x to exit
[00:06] <zacharynweb> IrishWristwatch: I haven't been able to right click to paste.. I've tried.
[00:06] <zacharynweb> rather not bother you with my stupidity there if it does work
[00:06] <zacharynweb> either way, files are there
[00:06] <zacharynweb> deluge-daemon started
[00:07] <zacharynweb> IrishWristwatch:   Awesome, I now have a web UI.
[00:07] <IrishWristwatch> with putty, there should be an option then, honestly I don't know why you can't
[00:07] <IrishWristwatch> awesome
[00:07] <IrishWristwatch> :D
[00:08] <zacharynweb> oh..
[00:08] <zacharynweb> IrishWristwatch: ...wtf
[00:08] <IrishWristwatch> password is deluge
[00:08] <zacharynweb> IrishWristwatch:  Right clicking at all in putty just pasted everything.
[00:08] <IrishWristwatch> lol yeah
[00:08] <IrishWristwatch> you are supposed to copy the text from the website, then rightclick into nano
[00:08] <IrishWristwatch> but whatever
[00:09] <zacharynweb> could of sworn I'd tried to copy paste already, and it didn't work, and ctrl + v didn't work either
[00:09] <zacharynweb> I even tried going to the upper left and clicking "file, edit... no paste...?"
[00:09] <zacharynweb>  lol
[00:09] <zacharynweb> anyway
[00:09] <zacharynweb> logged into webui
[00:12] <zacharynweb> IrishWristwatch:  do you have any tips about usint the deluge client?
[00:14] <IrishWristwatch> the webui is technically the client
[00:14] <IrishWristwatch> but, if you mean the gui client you download, it's pretty much a great replacement for utorrent
[00:15] <IrishWristwatch> As for the webui, just go to the options and specify the directory you want the files to download to
[00:15] <IrishWristwatch> and make sure those directories are owned by the user deluge is running under
[00:16] <IrishWristwatch> Also, make an autoadd directory, then make sure that directory is shared over a samba/nfs share
[00:16] <IrishWristwatch> that way you can easily add torrents just by saving them into that directory
[00:17] <IrishWristwatch> if you have windows, you can even set up a drive map (which is basically giving a network share/ samba share a drive letter)
[00:17] <IrishWristwatch> So that way you can just access that drive letter, and you'll be at your Samba share.
[00:17] <zacharynweb> I don't have that working yet
[00:18] <zacharynweb> IrishWristwatch: Are you feeling patient enough to tell me about that?
[00:18] <IrishWristwatch> Have you set up Samba yet?
[00:20] <zacharynweb> no
[00:20] <zacharynweb> definitely not
[00:20] <IrishWristwatch> ok well
[00:20] <zacharynweb> I discovered linux a couple weeks ago.
[00:20] <IrishWristwatch> I can tell you how to setup a simple share, but I won't go into too much detail about the entire range of stuff you can do with samba
[00:21] <IrishWristwatch> since there are like a bajillion things
[00:21] <draven_sol> is there a reason that apt-get upgrade is holding back my kernel on 10.04 server?
[00:21] <zacharynweb> have accessible network drive storage from windows?
[00:22] <zacharynweb> that sounds awesome.
[00:22] <IrishWristwatch> yeah
[00:22] <IrishWristwatch> Samba is tailored towards windows
[00:22] <IrishWristwatch> NFS is tailored towards unix
[00:22] <IrishWristwatch> and ubuntu can do both so take your pick
[00:23] <IrishWristwatch> If you're one windows, do Samba shares
[00:23] <IrishWristwatch> on*
[00:23] <zacharynweb> sounds good
[00:23] <zacharynweb> what would you suggest?
[00:24] <zacharynweb> you can tell me to use google
[00:24] <zacharynweb> if you'd like.
[00:24] <IrishWristwatch> Are you using windows or ubuntu as your main desktop?
[00:24] <draven_sol> zacharynweb, for a *nix to *nix share i use NFS
[00:24] <zacharynweb> windows as my main computer
[00:24] <draven_sol> zacharynweb, to share to windows pc's i use samba
[00:24] <IrishWristwatch> Then use Samba shares
[00:24] <zacharynweb> will
[00:25] <IrishWristwatch> yeah what draven_sol said
[00:25] <zacharynweb> I'll look it up
[00:25] <draven_sol> https://help.ubuntu.com/community/Samba
[00:25] <IrishWristwatch> zacharynweb, are you using server 10.04 or 10.10>?
[00:26] <IrishWristwatch> Just curious.
[00:26] <smoser> jiboumans, sorry, i'm out now. i'll maybe be back in sometime tonight, failing that, tomorrow
[00:26] <zacharynweb> the latest one I think
[00:26] <zacharynweb> this is weeks old
[00:26] <jiboumans> smoser: sure thing. also, note that one of the mirrors is having checksum errors (see paste above)
[00:26] <jiboumans> catch you later/tomorrow
[00:27] <IrishWristwatch> Ah, you should use 10.04 LTS in the future.
[00:27] <IrishWristwatch> Simply because Canonical will support it until 2015
[00:27] <IrishWristwatch> Whereas 10.10 will only has an 18-month support lifetime.
[00:27] <smoser> jiboumans, we're hoping thats in the progress of being fixed...
[00:27] <zacharynweb> Yeah, 10.10
[00:28] <smoser> per canonical IS ticket
[00:28] <zacharynweb> huh what?
[00:28] <jiboumans> smoser: ta... cloud-config chokes on that btw and aborts =/
[00:28] <smoser> jiboumans, which region ?
[00:28] <jiboumans> us-east-1
[00:28] <jiboumans> smoser: ^
[00:28] <IrishWristwatch> yeah zacharynweb, just something to remember in the future
[00:28] <zacharynweb> IrishWristwatch: what do you mean support?
[00:28] <smoser> yeah, thanks.
[00:28] <zacharynweb> IrishWristwatch: remember what?  What's the problem?
[00:28] <IrishWristwatch> Support, meaning, security updates and package updates
[00:29] <IrishWristwatch> Patches, fixes, etc
[00:30] <IrishWristwatch> Read this, zacharynweb https://wiki.ubuntu.com/LTS
[00:31] <zacharynweb> ah, so I should keep to the LTS
[00:31] <IrishWristwatch> for servers, I would.
[00:31] <zacharynweb> more support
[00:31] <zacharynweb> understandable
[00:31] <IrishWristwatch> Just for the convenience of not having to upgrade
[00:31] <zacharynweb> I will in the future
[00:32] <IrishWristwatch> however, there are sometimes benefits of having a later version of Ubuntu, like 10.10 or other future release, simply because they might have features that aren't on the LTS
[00:32] <IrishWristwatch> so you should research it before you install
[00:32] <twb> IMO the rule of thumb is "if this host is mission critical, it should run LTS"
[00:36] <zacharynweb> IrishWristwatch: I undestand, I'll kep that in mind for the future.
[00:36] <IrishWristwatch> :]
[00:37] <SpamapS> IrishWristwatch: backports are a way to have the best of both worlds in that case.
[00:37] <wqapol> How aboutmanually updating to the latest version while keeping up ith LTS?
[00:37] <IrishWristwatch> I'm wary of backports.
[00:37] <SpamapS> wqapol: that can get ugly because libraries might have to be upgraded.
[00:37] <wqapol> I mean manually updating only the packages deemed necessary.
[00:38] <wqapol> SpamapS: Libraries in the sense?
[00:38] <SpamapS> IrishWristwatch: you should be. But its a way to introduce only a little bit of the newer, less-tested releases into an LTS.
[00:38] <IrishWristwatch> linux programs use system libraries
[00:38] <IrishWristwatch> if you have a newer program, but an old library, it can cause unexpected results
[00:39] <IrishWristwatch> is basically the gist of it
[00:39] <wqapol> Hmm I see.
[00:40] <IrishWristwatch> This is kind of less common if you use apt-get, since it will tell you if you have a missing or outdated dependency, but yeah
[00:40] <IrishWristwatch> Skaag: interesting.
[00:40] <Skaag> what is?
[00:40] <IrishWristwatch> The backports.
[00:40] <Skaag> I just arrived here...
[00:41] <Skaag> you sure you mean me?
[00:41] <Skaag> :)
[00:41] <IrishWristwatch> Oh, I meant SpamapS
[00:41] <Skaag> haha :)
[00:41] <IrishWristwatch> Whoops.  :P
[00:41] <Skaag> I'm trying to find out if the LSI2008 SAS Controller is supported in Ubuntu Server. I read somewhere in Google an old post from 2009 about it being supported in Ubuntu Desktop but not in Ubuntu Server.
[00:42] <Skaag> But that's probably just outdated, and from before the Lucid times... how do I find out for sure?
[00:42] <Skaag> Personally, I see no logic in it being supported in Desktop, but not in Server...
[00:43] <IrishWristwatch> If it works on Desktop, chances are it works on Server
[00:44] <Skaag> that's what I thought, too
[00:44] <Skaag> I guess worse case, I'll use them JBOD
[00:44] <IrishWristwatch> Are you doing RAID 0, 1, or other?
[00:45] <Skaag> and then either try to compile a kernel with a port of the driver from Redhat or SuSE (those are officially supported), or wait for someone else to do it ;-)
[00:45] <Skaag> Raid 5 I guess
[00:46] <IrishWristwatch> Plus, I think Ubuntu Server might be able to do a software raid 5
[00:46] <IrishWristwatch> but don't quote me on that.
[00:46] <Skaag> of course it can
[00:46] <Skaag> I did that many times
[00:47] <IrishWristwatch> Well alright then :P
[00:47] <nickmoeck> Considering that it has a RHEL 5 driver, I see no reason that it wouldn't work in Ubuntu. Might have to prod the manufacturer for the driver source or a .deb package for Ubuntu
[00:48] <Skaag> right
[00:48] <zacharynweb> IrishWristwatch:  If you'd like to see some of what I'm doing with my server...
[00:48] <Skaag> I will write them back with that response
[00:48] <IrishWristwatch> zacharynweb, do you need help with something?
[00:48] <zacharynweb> IrishWristwatch:   http://beyond-sight.com/photography/    http://beyond-sight.com     etc
[00:49] <zacharynweb> IrishWristwatch: Nothing else more so far.   Thank you so much for helping me so far.
[00:49] <IrishWristwatch> this is being hosted from your server?
[00:49] <zacharynweb> IrishWristwatch: Yes.
[00:49] <IrishWristwatch> Cool
[00:50] <IrishWristwatch> Skaag, what is the full model name of that card?
[00:51] <IrishWristwatch> zacharynweb, looks good.  :]
[00:51] <zacharynweb> IrishWristwatch: currently  http://beyond-sight.com is down
[00:52] <zacharynweb> IrishWristwatch:  That was my very first webpage, however, I poorly programmeed the php, so the paths need to be rewritten to work with linux paths and directories
[00:52] <zacharynweb> IrishWristwatch:  it looks much nicer
[00:53] <Skaag> IrishWristwatch: I don't know yet... didn't buy the machine
[00:53] <Skaag> all I know is that the chip is: LSI2008 chip
[00:54] <IrishWristwatch> Question Skaag , what's a pretty reputable brand of RAID controllers for Linux/Ubuntu
[00:55] <Skaag> 3Ware and MPT, I guess?
[00:55] <Skaag> MPT comes with IBM Hardware
[00:55] <Skaag> and 3Ware is a pretty decent raid controller
[00:56] <eriksson25> Hi, anyone using rtorrent and know how you make it to create folders with diffrent permissons.
[00:57] <zacharynweb> IrishWristwatch: Samba looks like a doozy to configure.  No questions yet though, our linux god-tier hero, you. lol
[00:57] <IrishWristwatch> oh please.
[00:57] <SpamapS> I had an 8 port 3ware SATA card that I used to run a giant (for the time) RAID 5+0
[00:57] <Skaag> 9503?
[00:57] <IrishWristwatch> Skaag, I've always wanted to make a RAID config
[00:57] <IrishWristwatch> but I'm always too damn cheap to buy 4 hard drives
[00:58] <Skaag> well, a good raid config can give you a serious performance boost or reading data very quickly.
[00:58] <IrishWristwatch> Yeah I bet
[00:58] <IrishWristwatch> since it's all parallel access
[00:59] <Skaag> and the controller does much of the work, if the driver is well written.
[00:59] <Skaag> and 3Ware adapters have a memory module that can be upgraded
[01:00] <IrishWristwatch> zacharynweb, it can be pretty crazy at first
[01:00] <IrishWristwatch> but if you want to setup a simple share and skip all of the other stuff for later
[01:00] <IrishWristwatch> then it's pretty easy
[01:00] <zacharynweb> IrishWristwatch: How would I do that?
[01:00] <IrishWristwatch> eh, I guess I'll just PM you the commands
[01:01] <zacharynweb> IrishWristwatch: and truthfully I consider myself a technician with windows
[01:02] <zacharynweb> but anything server wise or outside windows, I'm a newb
[01:02] <IrishWristwatch> don't worry
[01:02] <IrishWristwatch> Linux is easier to learn than windows.
[01:22] <datz> Yea, it's all just point click :P
[01:23] <datz> having joins,parts,quits ignored really messes up my sense of passed time
[01:33] <UndiFineD> datz, http://ubuntuforums.org/showthread.php?t=315262
[01:34] <datz> humm, well.. I'm not using gnome, or xchat, and my joins,parts,quits are already hidden. :P
[01:34] <datz> but not I know. ;)
[01:36] <datz> It's easier to leave leave your irc client up all the time and follow what's going on if there isn't semi useless join/part spam. :)
[01:36] <datz> irssi ftw btw
[01:36] <UndiFineD> indeed
[01:36] <Patrickdk> heh, you need useless join/part spam, to break up the conversations
[01:36] <datz> hahah
[01:37] <datz> it does serve to do that. But I if you can distinguish one conversation from another, you'll be fine too.
[01:37] <datz> -I
[02:18] <twb> In dhclient.conf, is this an ubuntuism?  send host-name "<hostname>";
[02:18] <twb> Because it works on my lucid hosts but not my squeeze hosts
[02:18] <twb> If I replace <hostname> with a literal hostname, it works on both
[02:34] <twb> Apparently it IS a tiny ubuntu-specific patch
[02:35] <twb> Dunno why it wasn't pushed upstream...
[02:37] <IrishWristwatch> zacharynweb, how'd it go?
[04:13] <laxa8831> hi
[04:14] <laxa8831> can i set a folder within a samba share to read only when the entire share it r/w?
[04:14] <laxa8831> i have a folder withing a drive id like to protect, but maintain r/w access to the rest of the drive
[04:21] <UndiFineD> laxa8831, you could: chmod 755 the directory
[04:21] <UndiFineD> only owner would have rwx capabilities
[04:22] <laxa8831> can the owner be multiple people, or would i have to set up a group
[04:23] <UndiFineD> you set a group for that
[04:23] <laxa8831> ok
 An explanation of what file permissions are and how they can be manipulated can be found at https://help.ubuntu.com/community/FilePermissions
[04:25] <laxa8831> and system permissions take precendence over samba, correct?
[04:33] <laxa8831> im having a bit of trouble with this
[04:34] <laxa8831> ive set the owner of the test folder to ABCD
[04:34] <laxa8831> and chmod to 755, but still everyone on network can create and delete files in that folder
[04:43] <UndiFineD> maybe samba is running as ABCD
[04:43] <UndiFineD> and therefore has all the right on that directory
[04:44] <laxa8831> im using ls -l
[04:44] <laxa8831> and can see the rights on the folders
[04:45] <laxa8831> but i cant change them from drwxrwxrwx
[04:45] <laxa8831> ive made a folder called test to play with
[04:47] <laxa8831> ie, sudo chmod 755 test
[04:47] <laxa8831> and the permissions dont change
[04:49] <laxa8831> the owner is root
[04:49] <laxa8831> cant seem to change that either
[04:49] <laxa8831> ok, this is interesting
[04:49] <laxa8831> when i created a folder from a network share, it appears to be owned by root
[04:50] <laxa8831> is that supposed to happen?
[04:55] <laxa8831> is there something im missing for chmod directory functions?
[04:57] <laxa8831> this is a real head scratcher lol
[04:57] <laxa8831> feel a bit like homer simpson...
[05:00] <laxa8831> and when i try ls -l /test
[05:00] <laxa8831> it cant find the directory
[05:06] <draven_sol> laxa8831, are you locally on the machine?
[05:06] <draven_sol> laxa8831, the command to change owner is: chown <user> <group> <filename>
[05:07] <draven_sol> laxa8831, to change the owner of a file which is owned by root you'll need to use: sudo chown ...
[05:18] <laxa8831> ok, i dont think ive set up groups yet, just individual users
[05:21] <UndiFineD> !addgroup
[05:21] <UndiFineD> ubottu does not know
[05:51] <KB1JWQ> I promise I'm not trolling-- but why would I use ubuntu server over debian?
[05:52] <twb> KB1JWQ: predictable release dates, better security
[05:53] <twb> KB1JWQ: also, my customers know of Ubuntu, so they sometimes ask for it.
[05:53] <KB1JWQ> twb: Security is something of a nebulous concept; how're you measuring it?
[05:53] <twb> KB1JWQ: default options in GCC is the most obvious one
[05:53] <twb> KB1JWQ: ubuntu also ships with some apparmor profiles enforced by default
[05:54] <twb> KB1JWQ: there was an LWN article recently about the former, and Debian was pretty much the worst of the five-or-so distros profiled.
[05:54] <twb> KB1JWQ: https://wiki.ubuntu.com/Security/Features
[05:54] <KB1JWQ> Reading
[05:54] <KB1JWQ> I do find Upstart to be annoying.
[05:55] <twb> Me too
[05:55] <twb> KB1JWQ: try #ubuntu-hardened if you want to discuss security more
[05:56] <KB1JWQ> Past the obnoxious startup magic, it seems almost like they'd handle roughly the same way?
[05:57] <twb> Well, they're closer to one another than they are to, say, RHEL or Solaris
[06:01] <KB1JWQ> I can do RHEL, CentOS, or Debian in my sleep.
[06:01] <KB1JWQ> Ubuntu's still something of a strange animal.
[06:01] <twb> For most purposes you can treat Ubuntu as Debian
[06:05] <cappicard> hey folks. i'm trying to get bridged networking working, but i'm seeing DHCP packet received on vnet0 which has no address
[06:06] <cappicard> this is kvm
[06:06] <cappicard> xp running inside kvm.
[06:08] <twb> cappicard: on the host, pastebin "ip l; ip a; ip r; brctl show"
[06:08] <twb> Also pastebin the kvm command you're running, or the libvirt config file if you're using libvirt.
[06:09] <cappicard> http://pastebin.com/JFdhMMvB
[06:10] <twb> Well the first problem is that you don't have any VM ifaces attached to your bridges
[06:10] <cappicard> http://pastebin.com/1CsVGNwd
[06:14] <veovis_muaddib> I'm running Ubuntu server 10.04 as a multi-purpose home server, how would I go about getting it to go into a low power mode when unused, and wake again when I need it.  I enabled WoL in my BIOS, but neither my computer nor my phone seem to be able to wake it with magic packets
[06:14] <veovis_muaddib> Whoops, period instead of question mark
[06:15] <KB1JWQ> veovis_muaddib: Onboard NIC?
[06:15] <veovis_muaddib> KB1JWQ: Yeah, I'm using the onboard NIC, I don't have a PCI NIC in there
[06:16] <twb> veovis_muaddib: install sleepd or similar
[06:16] <twb> veovis_muaddib: note that the magic packets usually need to originate on the same ethernet segment
[06:16] <twb> veovis_muaddib: i.e. no wireless
[06:16] <veovis_muaddib> twb: trying now.
[06:16] <twb> sleepd just makes it go to sleep, not wake up
[06:16] <veovis_muaddib> twb: I can't send a magic packet FROM wireless?  That could kill it for me
[06:17] <twb> veovis_muaddib: I don't think so
[06:17] <veovis_muaddib> twb: crap.
[06:17] <twb> veovis_muaddib: you could ssh into your WRT and have IT send the actual frame, I guess
[06:17] <twb> I started looking into that but lost interest when dinner arrived or something
[06:18] <veovis_muaddib> twb: lol.
[06:18] <KB1JWQ> Frames actually will traverse wireless.
[06:18] <KB1JWQ> So it shouldn't be an issue provided that the originating point can SEND a wake packet.
[06:19] <twb> If you say so
[06:29] <veovis_muaddib> KB1JWQ: If they will go over wireless, then I wonder what my problem is....  I've sent magic packets from Wake for iOS and WakeUp for OS X.  Come morning I can test from a Windows 7 or Arch Linux machine, but they're not always available
[06:32] <veovis_muaddib> twb: The sleepd man page says nothing about waking from anything other than keyboard and mouse, and Google's failing me.  Do you know if it can, or even better, how to do it?
[06:32] <veovis_muaddib> *I'm probably failing to supply Google with the right keywords, but still.....
[06:33] <UndiFineD> http://gsd.di.uminho.pt/jpo/software/wakeonlan/mini-howto/wol-mini-howto-3.html
[06:37] <twb> veovis_muaddib: sleepd has ONE JOB -- when it decides the system is idle, it runs a command -- usually pm-suspend, which places the system in suspend-to-ram state.
[06:37] <twb> WAKING from that state is not something sleepd is involved in
[06:37] <veovis_muaddib> twb: Ah, yeah, now I remember you saying that earlier...  Sorry
[06:38] <twb> For a desktop, you have something like gnome-power-manager instead of sleepd
[06:39] <veovis_muaddib> So I have sleepd installed, and am working on configuring it.  Do you know if it will wake on ssh or smb activity?
[06:39] <twb> It doesn't "wake"
[06:40] <twb> But you can tell it not to sleep when there is network activity, IIRC
[06:40] <KB1JWQ> I'm weird; I like my servers to be "up."
[06:40] <twb> Re ssh, -w If set, sleepd will also check idletime based on utmp. This will prevent the system from sleeping while remote connections are active. It uses the time limit from -u.
[06:40] <KB1JWQ> You can quiesce the disks, you can turn off peripherals, but I want to be able to hit it.
[06:41] <twb> KB1JWQ: you would freak out when you saw the crazy stuff in Apple's current NICs
[06:41] <veovis_muaddib> KB1JWQ: I'm at a friend's house with it, and they're demanding that it be in low power mode when not in use
[06:41] <KB1JWQ> twb: I'm experiencing those issues now.  I assure you I know. :-)
[06:41] <twb> KB1JWQ: it'll power down the whole device, except for the NIC, which will respond to a different MAC and handle the start of, I don't know, the TCP handshake -- and then it'll start up the "real" machine to deal with the actual request
[06:42] <twb> I read about that and went ".... GTFO"
[06:42] <veovis_muaddib> twb: What?
[06:42] <veovis_muaddib> twb: That's nuts
[06:42] <KB1JWQ> twb: That's insane.
[06:42] <veovis_muaddib> twb: Mostly the change MAC part
[06:42] <veovis_muaddib> I'd be troubleshooting that for days
[06:43] <twb> Yup
[06:43] <veovis_muaddib> Glad my mac is my client and not my server.  I'd give up on getting that working
[06:44] <twb> I think it was mostly their embedded gank, not workstations
[06:44] <veovis_muaddib> ah
[06:49] <cappicard> is kvm capable of doing remote sound or is RDP to the guest the only way?
[06:49] <cappicard> kvm is living on my headless server
[06:49] <twb> cappicard: kvm is not a remove framebuffer protocol
[06:50] <twb> I imagine you could arrange something using pulseaudio or nas, but I've never tried it.  Neither X11 nor RFB (VNC) support remote audio.
[06:51] <veovis_muaddib> cappicard: I have yet to find anything that will allow remote audio in any way.  If you find something, I'd appreciate a link.
[06:51] <veovis_muaddib> looking at pulse and nas now though
[06:52] <twb> In theory you could even just tunnel /dev/dsp over ssh or something
[06:53] <UndiFineD> veovis_muaddib, how about a phone ? :P
[06:53] <veovis_muaddib> UndiFineD: lol
[06:54] <veovis_muaddib> UndiFineD: Though, on that topic, that is a device I'd like to pipe audio to...
[06:54] <syn-ack> Derek.
[06:55] <syn-ack> veovis_muaddib, Pulse Audio does.
[06:55] <syn-ack> supposedly.
[06:55] <veovis_muaddib> syn-ack: Yeah, twb mentioned it, so I'm looking at it now.  All Google is showing are people having problems with it
[06:56] <syn-ack> I've never used it in such a fashion, myself, so...
[06:56] <twb> I saw it done once with asterisk, I think
[06:56] <syn-ack> interesting.
[06:56] <syn-ack> I never even thought about doing that with Asterisk.
[06:57] <twb> I don't mean using asterisk to tunnel the noises
[06:57] <twb> I mean he used pulseaudio to tunnel noises asterisk made/received/something
[06:57] <syn-ack> No, the hold music, right?
[06:57] <syn-ack> ah
[06:57] <syn-ack> twb, That's still an interesting take on it, though...
[06:58] <cappicard> hmm...
[06:59] <UndiFineD> o/ nigelb
[07:00] <nigelb> haha
[07:00] <alcy> anyone deploying a mysql cluster on 10.04 around here ? can't seem to find the right way to setup 'em up. don't want to use mysql binary packages, but ubuntu's are not reliable either.
[07:00] <twb> Define "not reliable"
[07:01] <alcy> ...not not reliable per se, but its broke...there are open bugs with high priority but the maintainer hasnt replied.
[07:04] <alcy> this is the bug https://bugs.launchpad.net/ubuntu/+source/mysql-cluster-7.0/+bug/576528 ... but it doesn't seem serious functionality wise.
[07:05] <alcy> hence, the important query. :) is anyone deploying them on 10.04 ? if yes, are they using the repo packages ?
[07:06] <SpamapS> alcy: who is the "maintainer" ?
[07:07] <SpamapS> alcy: looks like that package does need some love. ;)
[07:07] <alcy> SpamapS: zul
[07:07] <SpamapS> alcy: how is zul the maintainer of mysql-cluster-7.0 ?
[07:09] <alcy> "Original Maintainer: Chuck Short <zulcss@ubuntu.com>" ...zul on irc :)
[07:09] <SpamapS> alcy: but thats not really "the maintainer" ;) MOTU is as much responsible as anyone else
[07:10] <SpamapS> alcy: that High confirmed bug seems like a duplicate of another one..
[07:13] <SpamapS> alcy: anyway, I would agree with you that it needs some love.
[07:14] <alcy> SpamapS: meanwhile, at my machine installation "hangs" at this "/etc/init.d/mysql: line 116: /etc/mysql/debian-start: No such file or directory invoke-rc.d: initscript mysql, action "start" failed." there's a defunct mysql process. got a clue ?
[07:16] <alcy> actually not a mysql process, its apt only.
[07:17] <SpamapS> alcy: weird
[07:17] <alcy> anyway, i am copy-pasting that file from another machine
[07:17] <SpamapS> alcy: I'm getting close to pass-out level of exhaustion.. so I'm not feeling all that clever right now
[07:18] <alcy> SpamapS: heh, thanks for the help anyway :)
[07:18] <nigelb> 31
[07:18] <nigelb> gah
[07:20] <Psi-Jack> Is there no package in Ubuntu 10.04.1 that has dlm_controld.pcmk for pacemaker's dlm?
[07:21] <twb> apt-file will tell you
[07:21] <Psi-Jack> I used apt-file to search for it, with no results, which seems a little odd to me.
[07:22] <SpamapS> Psi-Jack: Psi-Jack what is the file?
[07:22] <Psi-Jack> dlm_controld.pcmk
[07:22] <SpamapS> Psi-Jack: cman has /usr/sbin/dlm_controld
[07:22] <SpamapS> I have no idea what a pcmk is
[07:22] <Psi-Jack> Pacemaker
[07:23] <Psi-Jack> cman's dlm_controld is compatible with RHCS, where dlm_controld.pcmk is compiled for pacemaker.
[07:30] <TeTeT> wasn't there a PPA for all of the high availability stuff? That might contain working packages
[07:31] <nigelb> https://launchpad.net/~ubuntu-ha/+archive/ppa
[07:35] <Psi-Jack> Hmmm.. A testing PPA, deb http://ppa.launchpad.net/ubuntu-ha/lucid-cluster/ubuntu lucid main
[08:37] <zacharynewb> hello
[10:35] <ttx> zul: late pong
[10:55] <[diablo]> morning
[10:55] <[diablo]> anyone recommend the best clustering FS to use for the following please:
[10:55] <[diablo]> I have 2 x machines running Ubuntu Server 10.10, with KVM/libvirt
[10:56] <[diablo]> for storage I have an iSCSI LUN made available to (currently) one machine
[10:56] <[diablo]> the KVM machine slices the LUN (/dev/sdb) into partitions with LVM
[10:57] <[diablo]> so each guest is on a physical partition
[10:57] <[diablo]> well, lvm partition I should say
[10:58] <[diablo]> I am looking for a method to migrate a guest from one machine to the other... seems clustering is needed
[11:00] <fale> hi
[11:01] <fale> I'm looking for the meta package ubuntu-server, but I can't find it :( any suggestions about where I can find it?
[11:41] <joschi> fale: what does this package provide in your opinion?
[11:43] <fale> joschi: the list of the packages that is needed to be installed to have the ubuntu-server cd ;)
[11:43] <joschi> fale: try ubuntu-standard
[11:43] <fale> joschi: are you sure that is the server list?
[11:44] <joschi> fale: no, but that's the package installed. of course there's also the task list 'server', but that's no single package ;)
[11:44] <joschi> fale: `man tasksel`
[11:46] <fale> joschi: that's interesting :) I'll look into it, thanks :)
[11:47] <alcy> wonder why mysql is ignoring some settings in my.cnf. can't get around debugging this, any clue ?
[11:48] <alcy> afaik, the configuration directives are under the right sections
[11:48] <alcy> to be specific, the master-host dire3ctive for implementing replication is not getting changed.
[11:48] <fale> joschi: I wonder why some things are made with meta-package (like ubuntu-desktop...) and other with tasksel :/
[11:55] <intheloopback> Does somebody has experience with backuping a VM? Do you backup a stopped or running VM? Which method do you use?
[11:59] <Error404NotFound> how can i force a specific PHP version to be used for a vhost? I have compiled php5.2.14, enabled fastcgi and my vhost configuration is at http://pastebin.com/jB0AbK7Z but for some reason if i don't use php5 module, php5.3.3 is used. I want to use php5.3.3 for all other stuff while php5.2.14 only for this vhost.
[11:59] <Error404NotFound> intheloopback, if vm is hosted on a lvm volume, you can take snapshot while vm is running, i believe.
[12:05] <jussi> is this still the correct way to install lamp (10.04)  "sudo tasksel install lamp-server" - the docs on h.u.c are very old (talk about 7.04)
[12:05] <Error404NotFound> jussi, thats correct way as long as tasksel is present on system :)
[12:06] <jussi> thanks!
[12:57] <pmatulis> intheloopback: it depends what you want to back up
[13:20] <intheloopback> pmatulis: ideally the entire vm from the host systems, but I think that this can produce an inconsistent copy. But at least I need to backup home directories, web server and a MySQL database
[13:23] <pmatulis> intheloopback: so shut down the guest and copy it's file image (or lvm volume) somewhere
[13:26] <mdlueck> We have been having difficulties attaching USB HDD's to our servers since upgrading to 10.04 LTS. https://bugs.launchpad.net/bugs/645211  Using the work-arounds to get the drives to show up connects them as if at USB 1.1 speed which is unacceptable. Suggestions?
[13:35] <Slyboots> Hello
[13:36] <Slyboots> im curious; anyone able to suggest a decent web-based system manager for Ubuntu server? Right now I have to ssh in and do everything via the CLI.. but since Im building a NAS server its preferable to have control over a web-interface
[13:37] <Psi-Jack> Slyboots: Webmin
[13:37] <Slyboots> I thought that was incomptable with Ubuntu
[13:37] <Psi-Jack> Personally I've found OpenSUSE makes a better NAS server than Ubuntu.
[13:37] <Psi-Jack> Slyboots: No, #ubuntu doesn't support it. Webmin supports Ubuntu, however.
[13:38] <Slyboots> Mm
[13:44] <l3dx> Psi-Jack: why do you prefer opensuse?
[13:47] <Psi-Jack> l3dx: Simplified, secure, yast2 can configure... practically almost anything from GUI, TUI, and cli.
[14:07] <pmatulis> has anyone used the phoronix test suite with lucid?  i've found that their tests don't build at all
[14:43] <TheNetuno> hola como esta too aka?
[15:53] <kirkland> smoser: hey
[15:54] <kirkland> smoser: I'm trying to launch a desktop image from http://uec-images.ubuntu.com/desktop/natty/current/
[15:54] <kirkland> smoser: first, I note that the "current" symlink is pointing to 11/26
[15:55] <kirkland> smoser: but second...
[15:55] <kirkland> kirkland@x201:~$ ec2-run-instances ami-a7a650ce --instance-type t1.micro --region us-east-1 --key ec2-keypair
[15:55] <kirkland> Client.AuthFailure: Not authorized for images: [ami-a7a650ce
[15:55] <smoser> 1129 is failed build
[15:55] <kirkland> smoser: 'sup with that?
[15:55] <kirkland> smoser: okay ... and my failure?
[15:56] <smoser> kirkland, i'll look at it in a bit. "that should'nt happen" :)
[15:56] <kirkland> smoser: k
[16:03] <hggdh> isn't there a meeting now?
[16:05] <zul> yes
[16:05] <hggdh> where?
[16:05] <Daviey> hggdh: yes, previous overunning
[16:05] <hggdh> oh, OK
[16:22] <smoser> kirkland, i have no idea what went wrong there.
[16:23] <smoser> those ids do exist, they just have no attributes
[16:23] <phretor> the logrotate process was <defunct> on one of my systems, so I just `sudo logrotate /etc/logrotate.conf` to see if it restarted. Now it disappeared from the proc table: how can I check if logrotate is in a sane status?
[16:23] <kirkland> smoser: okay
[16:23] <kirkland> smoser: i was able to start a maverick instance and try x2go
[16:23] <smoser> it seems to me it has to be an issue on the amazon side
[16:24] <smoser> note, that you cant boot an i386 natty instance anyway (bug 669496)
[16:27] <b0gatyr> morning, can someone explain to me how or in what way having multiple DNS 'A' records that point to a  single IP can help a webserver?
[16:27] <patdk-wk> heh?
[16:27] <patdk-wk> if one of your webservers is down
[16:30] <c0nv1ct> b0gatyr, so it works with www.domain.com as well as domain.com?
[16:31] <smoser> kirkland, i swear that is ec2 failure
[16:31] <smoser> the us-west-1 amis for that build are good
[16:31] <smoser> but other regions disappeared.
[16:31] <kirkland> smoser: okay
[16:31] <smoser> its not like my scripts make up numbers.
[16:31] <smoser> they register, and check exit codes of 'ec2-register' and the like. i've never seen this before.
[16:36] <phretor> any idea about my logrotate question?
[16:36] <ikonia> phretor: what was the question, I missed it
[16:37] <phretor> ikonia: the logrotate process was <defunct> on one of my systems, so I just `sudo logrotate /etc/logrotate.conf` to see if it restarted. Now it disappeared from the proc table: how can I check if logrotate is in a sane status?
[16:37] <b0gatyr> c0nv1ct: well not sure, but if you do a 'dig' on wikileaks.org for example the query returns multiple A records pointing at the same IP
[16:37] <ikonia> phretor: if it's defunct it's probably dead/zombied
[16:38] <ikonia> phretor: if it's not showing that state, it's probably running fine (at a basic level)
[16:38] <c0nv1ct> b0gatyr, oh, in that case i have no idea how that is useful
[16:38] <ikonia> phretor: on ubuntu logrotate is launched from cron I think so it shouldn't be running all the time
[16:38] <ikonia> not %100 certain though
[16:38] <phretor> ikonia: I see, so it might be running fine. I will check tomorrow if rotate logs exist.
[16:39] <b0gatyr> c0nv1ct: the IPs do resolve to amazon EC2 .. maybe using elastic IPs?
[16:49] <smoser> JamesPage, i would like to get some of your time at some point... i'd like to have our ec2 tests into hudson, but really have no idea what that would mean.
[16:50] <smoser> s/mean/entail/
[16:50] <JamesPage> smoser: no problem; I'm intending spending some time this week on test automation
[16:55] <zacharynewb> hi guys
[16:55] <zacharynewb> can someone help me set up a samba share?
[16:57] <T3CHKOMMIE> hey guy, need help finding an old bash command i forgot.
[16:57] <T3CHKOMMIE> the command runs a dos-like gui tool on ubuntu server that lets you select server roles and such
[16:58] <T3CHKOMMIE> its much like when you install the server you can hit space bar and select ldap server lamp server printer server... etc
[16:59] <TeTeT> T3CHKOMMIE: tasksel maybe
[16:59] <zacharynewb_> Hhi guys
[16:59] <zacharynewb_> can someone help me setup a samba share?
[16:59] <T3CHKOMMIE> TeTeT, thanks i think thats it lemme give it a shot.
[17:00] <TeTeT> zacharynewb_: probably this will help: https://help.ubuntu.com/10.04/serverguide/C/samba-fileserver.html
[17:02] <zacharynewb_> thanks, I'll look
[17:02] <T3CHKOMMIE> zacharynewb_, samba is pretty simple i can help you if you get stuck.
[17:03] <zacharynewb_> T3CHKOMMIE: I appreciate it.
[17:13] <zacharynewb_> T3CHKOMMIE: I followed those instructions
[17:13] <zacharynewb_> T3CHKOMMIE: and I can see that there's a "share" and now my server is showing up on the windows network, but my login is being rejected
[17:14] <T3CHKOMMIE> have you messed with the config file?
[17:14] <T3CHKOMMIE> /etc/samba/smb.conf
[17:14] <zacharynewb_> T3CHKOMMIE: Yes, I did. I figured it out though
[17:14] <slyboots> Hello again :)
[17:14] <aljosa> i have a big folder (~75GB) filled with 1kb files and i need to delete folder or everything inside. rm -rf big_folder would take a long time and occupy cpu, any suggestions on howto remove big_folder fast?
[17:14] <zacharynewb_> T3CHKOMMIE: When I first installed Samba, it said "enter new samba password"
[17:14] <T3CHKOMMIE> zacharynewb_, great. thats about all you need
[17:15] <zacharynewb_> and I gave it a password
[17:15] <zacharynewb_> It's not using my login password for my user account on the server
[17:15] <T3CHKOMMIE> oh, interesting. never had a set up a smb password
[17:15] <slyboots> This might be rather simple; but it has me puzzled.. "Got Ubuntu setup as a NAS with several services downloading files for me and placeing them into folders and whatnot.. What I want to have happen is when it create files in certain folders for thsoe files to inheret certain permissions
[17:15] <T3CHKOMMIE> are you running ubuntu server?
[17:15] <zacharynewb_> yeah, the guy who told me about it said it was weird too
[17:15] <slyboots> Mainly Group Read/Write
[17:15] <zacharynewb_> T3CHKOMMIE: Yes, GUIless Ubuntu 10.10
[17:15] <slyboots> I think this can eb done by Umask? Im just not sure how
[17:16] <T3CHKOMMIE> how did you install samba?
[17:16] <zacharynewb_> slyboots:   sudo chmod g+s  or something like that, it makes it so anything new created in the folder inherits that parent folders' permissions.
[17:17] <slyboots> And thats a permanent effect?
[17:18] <slyboots> Mm.. (s) Set user/Group ID on execution
[17:20] <zacharynewb_> slyboots: So I've read.
[17:20] <slyboots> Sounds perfect
[17:20] <zacharynewb_> T3CHKOMMIE: I installed with "sudo apt-get install samba"
[17:20] <zacharynewb_> slyboots: Please do go check it first, I'm new to linux, but I had to address that same issue
[17:21] <zacharynewb_> slyboots: I was having issues where the folder, that belonged to the user, wasn't letting them write to it, turns out the child files/folders didn't have the same permissions
[17:22] <zacharynewb_> sudo chmod made it so they inherit automatically, but like I said, new to linux.  I'm a computer technician with windows and hardware, but not linux and mac
[17:23] <slyboots> hmm
[17:23] <zacharynewb_> T3CHKOMMIE:  I can't create files or folders using the samba share
[17:24] <zacharynewb_> I can view the files in the shared folder with a password
[17:24] <zacharynewb_> but I can't write
[17:24] <slyboots> Yea thats not working anyway
[17:24] <T3CHKOMMIE> zacharynewb_,
[17:24] <T3CHKOMMIE> its a permissions issue.
[17:24] <slyboots> New files inside the folder dont inherent the permissions
[17:24] <T3CHKOMMIE> you can chmod your folders
[17:25] <T3CHKOMMIE> or you can change your smb.conf file to allow read/write
[17:25] <zacharynewb_> slyboots: New files that are created inherit permissions automatically, from what I read.
[17:26] <qman__> by default, new files that are created get permissions based on the user that created them
[17:26] <zacharynewb_> slyboots: There was another seperate command, to recursively go through the folders and sub folders and files to change all their permissions to match the parent, but I forget it
[17:26] <slyboots> Yea chmod -R
[17:26] <qman__> if you want to set other permissions, see the "create mask" "force user" and "force group" directives
[17:26] <slyboots> But I want this to happen automatically..
[17:27] <qman__> slyboots, ^
[17:27]  * slyboots blinks
[17:33] <Psi-Jack> And it's directories. Not folders. :p
[17:33] <zacharynewb_> similar
[17:33] <Psi-Jack> How is a graphical icon similar to a directory containing files?
[17:34] <Psi-Jack> man ls, what's "NAME" say about it?
[17:34] <Psi-Jack> ls - list directory contents
[17:35] <zacharynewb_> damn it
[17:35] <Psi-Jack> Show me 1, just 1 manpage that refers to directories as "folders", and I will pay you $20 for it.
[17:35] <zacharynewb_> The folders are owned by "zacharyguest" to limit privleges
[17:37] <zacharynewb_> slyboots: What's the command to manually take ownership everything in a folder?
[17:37] <slyboots> chown user:group -R foldername will do it
[17:37] <Psi-Jack> directory.
[17:37] <zacharynewb_> lol
[17:38] <zacharynewb_> FOLDER
[17:38] <Psi-Jack> d, i, r, e, c, t, o, r, y, simple.
[17:38] <zacharynewb_> not as simple as "folder"
[17:38] <slyboots> Why is it so complicated to have inheretered permissions
[17:38] <Psi-Jack> As I said, show me 1 single manpage that talks about directories as if "folders", $20.
[17:38] <zacharynewb_> directory uses more awkward keys and more of them, thus, more complicated.
[17:38] <Psi-Jack> Shorthand is dir.
[17:39] <zacharynewb_> yeah..
[17:39] <zacharynewb_> well
[17:39] <Psi-Jack> Wanna talk complicated, you.
[17:39] <zacharynewb_> GRR
[17:39] <zacharynewb_> I'm a windows user
[17:39] <zacharynewb_> You should see my battlestation.
[17:40] <slyboots> Or like.. having two groups with two differet permissions.. that seems to be actually impossible
[17:40]  * Psi-Jack holds back his laughter, only for a second.
[17:40] <Psi-Jack> Okay, guys, wanna learn something?
[17:40] <Psi-Jack> ACLs!
[17:40] <slyboots> ACL's are *not* fun
[17:40] <Psi-Jack> yes, Linux has them for every native filesystem.
[17:40] <slyboots> I'ave already tried that
[17:41] <Psi-Jack> Hell, even nautilus and dolphin have support for gui-enabled ACL editing.
[17:41] <zacharynewb_> OMG IT WORKS
[17:41] <zacharynewb_> I LOVE ALL OF YOU
[17:42] <datz> even me?
[17:42] <zacharynewb_> MY SAMBA SHARE IS BEAUTIFUL
[17:42] <zacharynewb_> YES, EVEY YOU, SMALLS
[17:42] <zacharynewb_> even*
[17:42]  * datz got a free ride
[17:42] <zacharynewb_> my beautiful server
[17:42] <zacharynewb_> and the printers are showing too
[17:42] <zacharynewb_> I love you linux
[17:43] <Psi-Jack> zacharynewb_: Now, try setting up two servers with DRBD drive replication, iSCSI exporting multiple lvm logical volumes with pacemaker's cluster stack. clvm, dlm, and iscsi-tgtd or iet.
[17:43] <zacharynewb_> what do you guys think about wikileaks?
[17:43] <zacharynewb_> Psi-Jack: WTF are you saying?
[17:43] <Psi-Jack> Oh, and a VIP for the active one of the replication.
[17:43] <zacharynewb_> Psi-Jack: SPEAKEH ENGLISH, mother tucker
[17:43] <zacharynewb_> Psi-Jack: what is drbd drive replication?
[17:44] <Psi-Jack> It's perfect English. Just wayyyy over your head, folder-speaking varmint.
[17:44] <zacharynewb_> Psi-Jack:  yes, advanced linux work is indeed over my head
[17:44] <slyboots> Good to see the rude linux guru is alive and well :P
[17:44] <zacharynewb_> Psi-Jack: html, php, batch, basic TIBASIC, javascript, java, VB, are not over my head. :D
[17:44] <Psi-Jack> zacharynewb_: DRBD is where you have a two physically different systems replicating the same device, partition, or volume.
[17:45] <Psi-Jack> Over the network.
[17:45] <Psi-Jack> Like Raid1 over the wire.
[17:45] <zacharynewb_> Psi-Jack: sharing the same device between both of them?
[17:45] <zacharynewb_> Psi-Jack:  that doesn't sound too hard
[17:45]  * Psi-Jack chuckles.
[17:45]  * zacharynewb_ can chuckle too
[17:45] <Psi-Jack> And no, not sharing the same device.
[17:45] <Psi-Jack> Two seperate devices sharing the /exact/ same content.
[17:46] <Psi-Jack> Mirrors.
[17:46] <Jon__> dumb question, where can i find a trustworthy ubuntu 10.10 aws ami with < 10gb file size
[17:46] <linuxnewb> seriously doesn't sound hard.
[17:46] <Psi-Jack> Jon__: aws ami?
[17:46] <Jon__> ami for amazons ec2 free tier
[17:46] <Jon__> they only let u use 10gb for free
[17:46] <Jon__> and ubuntu only does 15gb ami's
[17:46] <linuxnewb> Psi-Jack:   Btw, do you by chance know the 72 character long key for the latest wikileaks file?
[17:46] <Psi-Jack> No clue. Don't use Amazon EC2,.
[17:47] <Psi-Jack> I run my own equivalent of EC2, out of my home.
[17:47] <zacharynewb> :D
[17:47] <Jon__> your own equivelent being vmware or what
[17:47] <Psi-Jack> kvm, of course.
[17:47] <Jon__> nice
[17:47] <Psi-Jack> Vmware by itself sucks.
[17:47] <zacharynewb> Psi-Jack: Can I share a samba share over the internet using my domain name/
[17:47] <zacharynewb> ?
[17:47] <Psi-Jack> And it's extremely too hardware dependant.
[17:47] <Jon__> yeah im on comcast so to host games im using vps's and amazon right now
[17:48] <Psi-Jack> I'm on Brighthouse, yet, I have business class service for only $8 more a month than normal.
[17:48] <Psi-Jack> With 5 IPs.
[17:48] <Jon__> geez, nice deal
[17:48] <zacharynewb> Actually, one reason I was setting up my server is so that other people coule use it
[17:48] <Psi-Jack> I'm about to upgrade to their Lightning service, which is 40 MBit down, 5 MBit up.
[17:48] <zacharynewb> I'm on verizon fios, decent 3 MB/s connection with low ping
[17:49] <Jon__> fios = comcast at basic package
[17:49] <Psi-Jack> Which even beats Fios.
[17:49] <zacharynewb> um
[17:49] <Jon__> yeah that lightning service would be nice
[17:49] <zacharynewb> Comcast fucking sucks
[17:49] <Psi-Jack> zacharynewb: LANGUAGE!
[17:49] <zacharynewb> sorry
[17:49] <Jon__> Comcast is actually pretty good in my opinion
[17:49]  * Psi-Jack gets his wooden stick out, ready.
[17:49] <Derek> i'm having trouble setting up a KVM of lucid that i can just SSH into as soon as it's created
[17:49] <Jon__> and its speeds are exactly the same as fios at the basic package
[17:49] <Jon__> if you pay extra then yes fios will be faster
[17:50] <zacharynewb> using comcast, we were throttled, they blocked torrent traffic, iffy connections, customer suppoer was terrible
[17:50] <zacharynewb> high ping
[17:50] <Jon__> verzion doesnt?
[17:50] <zacharynewb> Not that I've noticed
[17:50] <zacharynewb> or not enough that I've cared to notice
[17:50] <Jon__> i try to stay under my 250gb cap with comcast
[17:50] <Jon__> thats the only downside
[17:50] <Psi-Jack> Blocked torrent traffic to known obvious illegal sites, you mean.
[17:51] <Jon__> yeah comcast isnt blocking my private trackers at all
[17:51] <Jon__> and when i was hosting games they wernt blocking all the random connections to my house
[17:51] <zacharynewb> Jon__:  Psi-Jack  When I was room mating last year, we had two fios connections into our house
[17:51] <Jon__> although technically i am break tos when i use it to host my website or games
[17:51] <Psi-Jack> Doesn't block legit trackers, either, like the one OpenOffice used to be on, before Oracle owned them.
[17:52] <zacharynewb> Psi-Jack:  Jon__   We ran servers on one, a room mate was a security clearance web administrator, had his own setup as well
[17:52] <Jon__> nice zach
[17:52] <Psi-Jack> zacharynewb: Uh huh.. Not impressive at all.
[17:52] <zacharynewb> on the other fios connection, we gamed, netflix, movies, PS3, Xboxs, hosting things. Pretty awesome
[17:52] <smoser> kirkland, ping
[17:52] <zacharynewb> Psi-Jack: Hey, our setup was prety awesome
[17:52] <Psi-Jack> I doubt it.
[17:52] <kirkland> smoser: pong
[17:52] <smoser> i just put a "package" of my bug 625364 hack together
[17:53] <smoser> https://launchpad.net/~smoser/+archive/ppa/+packages
[17:53] <smoser> should i put a link to that in the bug ? or does that ultimately not useful
[17:53] <Psi-Jack> Oh dang, I thought this was ##Linux for some reason. ;)
[17:53]  * Psi-Jack chuckles.
[17:53] <kirkland> smoser: i don't see a pm-utils build in that ppa
[17:53] <smoser> no pm-utils
[17:53] <smoser> lp-625364-hack - 0.1
[17:53] <Psi-Jack> But still.
[17:53] <Derek> anyone know how to KVM of lucid that i can just SSH into as soon as it's created, i've tried the --addpkg and --ssh-key builder options and neither lets me ssh in once done
[17:54] <kirkland> smoser: wow, that's the name of the package?
[17:54] <smoser> yes.
[17:54] <kirkland> smoser: well, that's not how I would have done it :-)  but okay...
[17:55] <smoser> why not ?
[17:55] <zacharynewb> Psi-Jack:  Why do you doubt me?
[17:55] <smoser> if i build a pm-utils package, then pm-utils gets reved and my package removed, and your thinkpad overheats
[17:55] <Psi-Jack> zacharynewb: 2 servers, hardware Raid10 6-drive setups running DRBD replication, exporting iSCSI volumes for kvm servers and shared storage for clustered virtual kvm webservers, including replicated LDAP servers for centralized authentication. 4 physical servers, 2 of which running the actual active-passive failover routing of the network, also the host systems running multiple kvm servers,
[17:56] <kirkland> smoser: yeah, agree with that
[17:56] <Psi-Jack> clustered and live-migratable between any 4 physical servers, on demand, manually, or on failover.
[17:56] <Psi-Jack> 2 Physical systems running dedicated mysql, replicating with active-failover.
[17:56] <kirkland> smoser: i'd probably just a) put your script in people.canonical.com/~smoser
[17:56] <Psi-Jack> 2 physical systems running dedicated postgresql, also replicating with active warm standby for failover.
[17:56] <kirkland> smoser: and put the 1-line needed to sudo wget that script to the right location
[17:57] <zacharynewb> Psi-Jack:   See, individual systems is my thing, I have little experience with anything outside a basic network
[17:57] <Psi-Jack> zacharynewb: And that's just the start of what I have, at home, live. ;)
[17:57] <zacharynewb> Psi-Jack: I bet you can't hack my server
[17:57]  * Psi-Jack just shakes his head. "Grow up, moron."
[17:58] <smoser> kirkland, meh... this way i can actually deliver an update with a fix.
[17:58] <smoser> but the point is the same.
[17:58] <Psi-Jack> I can program, as in hack, all day long, perfectly good interfaces for management of such things.. Which ironically, I am. ;)
[17:58] <smoser> is it even helpful to make it easier for people to get a hack, not a real fix.
[17:58] <kirkland> smoser: as could you re-upload to people.canonical.com
[17:58] <smoser> yes, but then someone would have to know they should go get it
[17:58] <smoser> we have this network aware archive management thingy
[17:59] <smoser> called 'apt' and it runs and pulls down packages and installs them.
[17:59] <smoser> its really nice
[17:59] <kirkland> smoser: hmm, yeah, but I'm not going to leave your ppa in my sources.list
[17:59] <smoser> :)
[17:59] <Psi-Jack> smoser: Like, Bacula?
[17:59] <kirkland> smoser: i have no idea what kind of crack you're putting in there
[17:59] <Psi-Jack> Oh, no. LOL
[17:59] <smoser> oh, i have lots of crack there.
[17:59] <kirkland> smoser: and if i add your ppa, i've essentially given you root on my box
[17:59] <smoser> most of it just waiting to root kirkland's machine.
[18:00] <Psi-Jack> kirkland: But hey, at least it's all GPG signed.
[18:00] <kirkland> $ grep smoser /etc/apt/sources.list; echo $?
[18:00] <kirkland> 1
[18:00] <smoser> if grep kirkland /etc/passwd; then sudo -Hu kirkland ssh-import-id smoser && email smoser ip-address; done
[18:00] <Jon__> im very proud of myself
[18:01] <Jon__> i can download via console with wget now
[18:01] <kirkland> smoser: heh
[18:01] <zacharynewb> Psi-Jack: I made my server to serve me, to do things, and to learn
[18:01] <zacharynewb> Psi-Jack: If someone can hack my server, I'd like to learn about it.
[18:01] <kirkland> cat /etc/hosts.deny
[18:01] <kirkland> ALL: PARANOID
[18:01] <kirkland> smoser: :-)
[18:02] <smoser> yeah, i could have dropped the 'sudo'
[18:02] <zacharynewb> if learning about it takes someone screwing with my server, awesome. :D
[18:02] <smoser> as it runs as a post script, so as root anyway
[18:02] <kirkland> smoser: okay, so the fact that you packaged your fix is "nice", but i'm just saying not necessary
[18:02] <Jon__> ive been lucky no1's tryed to mess with mine
[18:02] <smoser> but my question remains.
[18:02] <zacharynewb> Jon__: thats no fun
[18:03] <Jon__> it is when ure learning like me
[18:03] <kirkland> smoser: which is... should you drop a link to it in that bug?
[18:03] <smoser> does it "help" anything, or does it actually hurt it.
[18:03] <smoser> right.
[18:03] <zacharynewb> Jon__: learning through harsh hilarious examples is fun
[18:04] <Jon__> lol true
[18:04] <Jon__> so in the interest of securing my servers and not running as root
[18:04] <Jon__> i created a user and gave him a pass
[18:04] <zacharynewb> you get to see how water drowns your base and all of your workers
[18:04] <Jon__> then logged in as him
[18:04] <zacharynewb> Jon__:  Ever played Dwarf Fortress?  Dying is called "fun"
[18:04] <zacharynewb> or how a golbin squad comes in and kills you
[18:04] <Jon__> however when i try to use sudo he isnt in the sudo list
[18:04] <Jon__> how do i do that
[18:04] <Jon__> i tryed df i couldnt get into it, people i play with on minecraft love talking about df
[18:05] <kirkland> smoser: meh, i don't think it hurts; but i don't think it necessarily helps either
[18:05] <kirkland> smoser: sorry to be non-committal
[18:05] <zacharynewb> Jon__:  Dwarf fortress has a crappy user interface
[18:05] <smoser> well, i tihnk it does help. since i split up the fix into 2 comments...
[18:05] <zacharynewb> Jon__:  but it's a lot of fun
[18:05] <smoser> ie, one that has the fix, and one that says "oh that didn't work, put it in a different location" :)
[18:05] <smoser> anyway
[18:05] <jiboumans> smoser: hi
[18:05] <smoser> i have other things to do. that package is there.
[18:05] <kirkland> smoser: that's fair
[18:06] <smoser> jiboumans, hey
[18:06] <zacharynewb> Jon__:  Also, you HAVE to have a graphics pack, or you'll be stuck with the original crappy ascii art pictures
[18:06] <jiboumans> smoser: got a moment to look into this cloud-init business?
[18:06] <Jon__> ah
[18:06] <smoser> yeah
[18:06] <Jon__> yeah i had no graphics pack
[18:06] <Jon__> and it all looked identical
[18:06] <jiboumans> smoser: awesome. i have an instance running that exhibits the problem and i can reproduce it
[18:06] <kirkland> smoser: the one thing I would do, though, if you do point to a package in that bug is create a new ppa under your name just for this hack
[18:06] <jiboumans> it looks like the 'runcmd' sections make it onto the instance jsut fine and if i run it manually it does what i expect, but i can't see any evidence of it being run by cloud-init
[18:07] <jiboumans> smoser: what info do you want/need to debug it?
[18:07] <zacharynewb> Jon__: Dwarf fortress is like minecraft, except MUCH larger, you have other fortresses working against you, and you're god controlling a bunch of miners under you to build an entire economy
[18:07] <kirkland> smoser: so that people adding your ppa to get the package get only this package, and not all of your other crack
[18:07] <smoser> what is "it" ?. do you have a user-data file ?
[18:07] <smoser> you should have something in /var/lib/cloud/data/scripts called 'runcmd' (i think thats its name)
[18:07] <jiboumans> smoser: it's sent as data as part of a boto call to launch instances
[18:08] <jiboumans> smoser: yup, i have that
[18:08] <smoser> i'm guessing this is 10.04 ?
[18:08] <zacharynewb> I seriously want that key to wikileaks
[18:08] <jiboumans> smoser: you got it :)
[18:08] <smoser> if you have that runcmd script, then i would surely think that it does get run
[18:08] <smoser> whats the ami ?
[18:09] <jiboumans> smoser: it's not being run as far as i can tell. is there an artifact in the logs that shows me that it ran?
[18:09] <jiboumans> smoser: ami-0e1bec67
[18:10] <smoser> jiboumans, testing a script here really quick to make sure it "works for me"
[18:11] <smoser> you do know, though, that that is a daily, and might jsut be deleted tomorrow, right ?
[18:11] <jiboumans> smoser: eh.. no
[18:11] <jiboumans> damn it, did i look at the wrong list?
[18:12] <jiboumans> i wanted latest updated release by you
[18:12] <smoser> http://uec-images.ubuntu.com/server/releases/lucid/
[18:12] <smoser> but, with better machine formated at http://uec-images.ubuntu.com/query/
[18:13] <smoser> specifically http://uec-images.ubuntu.com/query/lucid/server/released.current.txt
[18:13] <smoser> ok, but on to your problem...
[18:14] <jiboumans> smoser: thanks for catching that
[18:14]  * jiboumans updates his scripts
[18:15] <smoser>   /var/lib/cloud/data/scripts/runcmd is written by cloud-init (/etc/init/cloud-config-misc.conf)
[18:15] <smoser>  and is executed by /etc/init/cloud-run-user-script.conf
[18:15] <jiboumans> http://nopaste.snit.ch/26298 # this is mine
[18:15] <smoser> its output will go to the ec2 console
[18:16] <smoser> hm..
[18:16] <jiboumans> i'm not seeing the 'hello world', there's no /etc/hostname.userdata and the hostname is set to the ec2 default
[18:16] <jiboumans> so none of those 3 seem to have actually run
[18:16] <jiboumans> is there something in the losg that tells me that cloud-run-user-script has run?
[18:17] <smoser> so if you run: sudo cloud-init-run-module once-per-instance user-scripts execute run-parts --regex '.*' /var/lib/cloud/data/scripts
[18:17] <zacharynewb> I've set up a samba share, can I access it over the internet via my domain name?
[18:17] <smoser> what do you see (that is taken from cloud-run-user-script)
[18:18] <zacharynewb> if I can, what ports does it need, and what security issues should I worry about?
[18:18] <jiboumans> smoser: privmsg'ing output
[18:19] <smoser> ok, given "already run" indicates it already ran
[18:19] <smoser> :)
[18:19] <smoser> you probably have a marker file in /var/lib/cloud/sem/user-scripts.i-*
[18:19] <smoser> which is what is written when it runs
[18:19] <smoser> remove that and try above again
[18:20] <jiboumans> smoser: after running it (even though it said 'already ran'), the /etc/hostname file is updated *and* the /etc/hostname.userdata file exists with the new hostname
[18:21] <patdk-wk> heh, it's not all about being able to access >2-3gigs of cache ram? :)
[18:21] <patdk-wk> oh opps
[18:22] <smoser> hm.. it doesn't seem likely... you're sure that wasn't the case before ? you can look at the code path in /usr/bin/cloud-init-run-module
[18:22] <smoser> it doesn't seem likely to me that it would run that and also say that it already ran
[18:22] <smoser>     if cloud.sem_has_run(semname,freq):
[18:22] <smoser>         sys.stderr.write("%s already ran %s\n" % (semname,freq))
[18:22] <smoser>         sys.exit(0)
[18:23] <jiboumans> smoser: i can fire up another instance and just give you access if you like
[18:23] <jiboumans> smoser: yes, i'm sure, i checked both files before
[18:23] <jiboumans> i didn't check the marker files
[18:24] <smoser> jiboumans, sure
[18:24] <jiboumans> smoser: http://nopaste.snit.ch/26300
[18:24] <smoser> or, if you dont have anything private in user-data, you can just give me what you had there.
[18:24] <smoser> and i can launch my own
[18:25] <jiboumans> let me double check
[18:26] <smoser> jiboumans, i suspect that something is blocking run-user from running
[18:27] <smoser> and it always would have run, just very late in the game and you were always looking before it did run
[18:27] <jiboumans> smoser: the only private section is our puppet section
[18:27] <jiboumans> i'm removing that, but i'm not sure if it would affect anything, so i'm letting you know
[18:27] <smoser> well, that should be unrelated. you can just remove it. yeah.
[18:27] <smoser> oh
[18:27] <smoser> that is it
[18:27] <jiboumans> hmm?
[18:28] <smoser> that user script will now block on the puppet portion being consumed
[18:28] <smoser> it wont run until puppet stuff is finished
[18:28] <jiboumans> what is 'finished'?
[18:28] <zacharynewb> What ports do I need enabled to access my samba share?
[18:29] <jiboumans> smoser: just until /etc/init.d/puppet start has returned?
[18:29] <smoser>  /etc/init/cloud-run-user-script.conf has 'start on (stopped rc RUNLEVEL=[2345] ... and stopped cloud-config-puppet ... )'
[18:30] <smoser> look in /usr/share/pyshared/cloudinit/CloudConfig.py for what puppet does. but i suspect that htat is what is blocking..
[18:30] <smoser> maybe we're running down a rathole, but try removing the puppet section and running it.
[18:30] <smoser> i think you'll get your runcmd stuff run
[18:31] <jiboumans> i'll give that a go... and puppet does take some time to set up
[18:31] <jiboumans> hmm
[18:31] <smoser> then, add it back in, and i thikn that when you ssh in, you'll see a process 'cloud-init-cfg config-puppet' running
[18:32] <smoser> this would explain why that change magically happened even though it was "already run"
[18:32] <smoser> (ie, the timing was just right)
[18:32] <jiboumans> that would make sense
[18:32] <jiboumans> let me go give that a try
[18:36] <jiboumans> smoser: indeed, upon login the cloud config for puppet is running
[18:37] <jiboumans> let's see what happens when that's done
[18:41] <jiboumans> smoser: there's a few minutes between when the puppet timestamp and the runcmd timestamp are put in place though:
[18:41] <jiboumans> -rw-r--r-- 1 root root   13 2010-11-30 18:40 user-scripts.i-efda9282
[18:41] <jiboumans> -rw-r--r-- 1 root root   13 2010-11-30 18:36 config-puppet.i-efda9282
[18:41] <jiboumans> and from the ps output during that time, nothing cloud-config/init related appears to be running
[18:42] <smoser> well its waiting on *something*
[18:43] <smoser> it could be waiting on "stopped rc RUNLEVEL=[2345]"
[18:44] <jiboumans> *nods* so it introduces a few minutes of lag but it does all run
[18:44] <jiboumans> looks like about 6'ish from the timestamps
[18:46] <jiboumans> smoser: thanks for looking into it with me though
[18:46] <smoser> you can try each of those dependencies in turn
[18:47] <smoser> i wonder if puppet ens up causing 'rc' to hang
[18:47] <smoser> s/ens up/ends up/
[18:47] <smoser> jiboumans, note, that you can 'rm -Rf /var/lib/cloud' and reboot, and it will think its first boot (other than your non-local stuff)
[18:48] <smoser> so do that, edit the dependencies in that upstart job, and try rebooting
[18:52] <jiboumans> smoser: i'm happy to know what's going on and the only fix on my side is to delay monitoring by a few mins
[18:52] <jiboumans> smoser: if it's helpful to trace this down i'm happy to share my userdata of course
[18:54] <smoser> i'm not sure what would be delaying the output of that job.
[18:54] <smoser> one thing you could do
[18:54] <smoser> launch an instance
[18:54] <smoser> ssh in
[18:54] <smoser> then run something like
[18:54] <newb> could someone help me a bit with accessing a samba share over the internet?
[18:59] <smoser> jiboumans,
[18:59] <smoser> ujobs=$(cd /etc/init && ls | sed -n 's,.conf$,,p') ; while sleep 2; do for j in ${ujobs}; do status ${j}; done > status-$(date +%s).log 2>&1; date; done
[18:59] <smoser> that would, very hackily, watch that status of upstart jobs, then diffing them over time you could see what is taking so long
[19:17] <Derek> do you have to have a gui to do a first sign into a kvm linux?
[19:23] <zul> kirkland: where is mathias diagram again?
[19:23] <kirkland> zul: in the spec
[19:24] <zul> thanks
[19:48] <toddnine> Hi guys.  I'm trying to create a runit file for a plain java program and not having a lot of luck.  https://gist.github.com/3d9524579fdb41306351  I need to change directories then execute the java program.  This works in a bash script but not runit
[19:50] <smoser> cjwatson, around ?
[19:52] <newbish> hey, could someone help me?
[19:53] <aetaric> !ask | newbish
[19:53] <newbish> I have installed deluge, and ufw seems to be blocking torrents
[19:54] <newbish> how would I add a rule to ufw allowing deluge to download?
[19:54] <newbish> I've already tried sudo ufw allow deluge
[19:54] <newbish> and deluged
[19:55] <jdstrand> newbish: if this is the client, then do:
[19:56] <jdstrand> sudo ufw allow 6881:6891/tcp
[19:56] <newbish> this is the daemon on the server
[19:56] <newbish> jdstrand:  ^
[19:56] <jdstrand> I don't know offhand what port it listens on
[19:57] <newbish> isn't there a way to set ufw just to allow the program deluge to connect to the internet?
[19:58] <newbish> it's easy to allow ports
[19:58] <newbish> and I'm sure I can set specific ports
[19:58] <newbish> for deluge
[19:58] <jdstrand> newbish: no, it doesn't work like that. you need to either know the port/protocol, the service name as in /etc/services or use an application profile. in the case of deluge (eg sudo ufw allow OpenSSH), there isn't an application profile
[19:59] <jdstrand> at least that I am aware of
[19:59] <jdstrand> 'sudo ufw app list' will give you a list of application profiles
[19:59] <jdstrand> that are on your system
[20:01] <newbish> jdstrand: I might be able to find the service name
[20:01] <jdstrand> http://dev.deluge-torrent.org/wiki/Faq#WhichportsshouldIuse has some info
[20:11] <newbish> How would I access my samba share over the internet?
[20:17] <RoyK> newbish: it's possible, using the ip address given the needed ports are open, but I wouldn't recommend it - the SMB protocol sucks rather badly over a high-latent link
[20:18] <qman__> newbish, it's also a Very Bad Idea (TM) from a security standpoint, and many ISPs block it on this basis
[20:19] <newbish> qman__: RoyK  I was thinking about it, but you're probably right
[20:20] <qman__> for simple file transfer, SFTP is an easy and secure way
[20:20] <RoyK> newbish: if not considering security, the SMB protocol is extremely chattery, so each request will make a bunch of hi, ho, yes, no, sure?, well, really?, dunno, well - check, can I?.........
[20:20] <qman__> if you need the functionality of samba, go for a VPN instead
[20:20]  * slyboots brain melts into goo trying to figure out the firewall
[20:20] <RoyK> qman__: the chatting will still be a problem if not on a low-latency link
[20:21] <qman__> yeah
[20:21] <slyboots> Using ufw.. does this ruleset make sense for the following case: Allow machines on the local network access port 53; and deny everyone else
[20:21] <slyboots> 127.0.0.1 53               ALLOW       192.168.1.0/24 53
[20:21] <slyboots> 53                         DENY        Anywhere
[20:22] <slyboots> Thats To / Action / From
[20:22] <qman__> no
[20:22] <qman__> machines on the local network will not contact 127.0.0.1
[20:22] <qman__> they will contact your interface's IP
[20:22] <slyboots> So I have to give the servers IP address
[20:22] <qman__> e.g. 192.168.1.1
[20:22] <slyboots> Okay; so if I fix that.. that ruleset works?
[20:22] <slyboots> Its all NAT'ed off anyway.. but it doesnt hurt
[20:22] <qman__> get rid of the second rule
[20:22] <RoyK> slyboots: you'll soon find out if you try
[20:22] <qman__> and just change to a default drop
[20:23] <slyboots> RoyK: That seems like a *terrible* way to test
[20:23] <robbiew> smoser: am I right to assume bug 669496 only affects ec2 images, not the ISOs?
[20:23] <jdstrand> slyboots: you can a) not give anything at all and just use 'from', b) give the server's address for 'to' or c) specify the interface
[20:23] <newbish> where can I view the system log?
[20:23] <RoyK> slyboots: only way to test
[20:23] <smoser> robbiew, correct. only i386 and t1.micro. the isos should boot.
[20:23] <RoyK> newbish: dmesg or /var/log/*
[20:23] <slyboots> RoyK: I prefer the "Ask about to see if it make sense before lowering it into the pit of lions"
[20:24] <RoyK> slyboots: you can't really get to the lions with that sort of stuff
[20:24] <robbiew> smoser: thnx... skaet_ was freaking me out there for a minute :P
[20:24] <slyboots> So if I just say allow all from $localnet/53 without stating a to.. that'll work also?
[20:24] <RoyK> slyboots: remove the DENY rule, that's implicit by default
[20:24] <qman__> slyboots, the second rule will probably prevent your server from making DNS requests
[20:24] <jdstrand> slyboots: assuming you have a default deny policy (the default in Ubuntu, and can be seen with 'sudo ufw status verbose'), then only one rule is required
[20:25] <RoyK> qman__: not really, those rules are in the INPUT table
[20:25] <slyboots> Well currently I have it set to allow all at the moment
[20:25] <jdstrand> well, probably not-- all is allowed on loopback and these are incoming rules
[20:25] <qman__> ah
[20:25] <slyboots> But thats so it wont kill my SSH :P
[20:25] <smoser> well, she should freak out, and kick those kernel developer bums in the rear
[20:25] <smoser> :)
[20:25] <slyboots> Its a hour's drive away so that would be.. annoying
[20:25] <RoyK> slyboots: you'll have to add an explicit rule to deny ssh to kill it
[20:25] <jdstrand> slyboots: sudo ufw allow OpenSSH
[20:25] <slyboots> I want to keep SSH going lol
[20:25] <RoyK> jdstrand: allow ssh
[20:25] <slyboots> Okay.. give me a sec
[20:25] <jdstrand> slyboots: do that before enabling the firewall and you should be fine
[20:25] <cjwatson> smoser: on holiday, but SMS me (number in directory) if I'm urgently needed
[20:25] <RoyK> not OpenSSH
[20:26] <smoser> cjwatson, not quite that urgent. :)
[20:26] <smoser> i'll open you a bug for your reading
[20:26] <jdstrand> RoyK: ssh will work, but there is an application rule for sshd (see ufw app list)
[20:26] <newbish> I can't figure out what's keeping deluge from downloading
[20:26] <RoyK> jdstrand: and what does that include that /etc/services doesn't?
[20:26] <jdstrand> RoyK: also, /etc/services has both udp and tcp listed for ssh, which is less precise than required
[20:27] <newbish> it's showing a large number of seeders and peers
[20:27]  * slyboots grrs
[20:27] <slyboots> The Syntax on ufw is.. so weird -.-
[20:27] <RoyK> jdstrand: well, indeed, but who listens to 22/udp anyway :P
[20:27] <jdstrand> RoyK: in the case of OpenSSH, it will do ssh/tcp
[20:27] <RoyK> slyboots: try manual iptables syntax :)
[20:27] <newbish> but it's giving me an error in downloading
[20:27] <slyboots> RoyK: I actaully did a course in linux networking.. but that was years ago and I've pretty much forgot it all
[20:27] <slyboots> lol
[20:28] <RoyK> ufw is a frontend to iptables - it simplifies stuff and adds a truckload of rules you wouldn't have thought of
[20:28] <newbish> RoyK:  I've just looked in the download folder for deluge.  There aren't any files or folders, so I suspect that deluge isn't being allowed to create the file to download to.
[20:28] <jdstrand> slyboots: see the ufw man page. there is a simple syntax (ufw allow foo) and an extended syntax based on BSD's PF (ufw allow in on eth0 from 192.168.0.1 to any port 22 proto tcp)
[20:29] <slyboots> Okay; so teh new rule is now.. Anywhere                   ALLOW       192.168.1.0/24 53
[20:29] <newbish> RoyK: I have it set so that deluge is run as my username
[20:29] <cjwatson> smoser: ok
[20:29] <RoyK> newbish: can that user write to the given directory?
[20:29] <slyboots> That should be OK?
[20:29] <newbish> RoyK: I think so,  I also chowned it.
[20:29] <jdstrand> slyboots: no, you are allowing 192.168.1.0/24 from port 53
[20:29] <jdstrand> slyboots: you want:
[20:29] <RoyK> newbish: test it
[20:30] <newbish> sudo chown zachary -R /folder/
[20:30] <jdstrand> sudo ufw allow from 192.168.1.0/24 to any port 53
[20:30] <newbish> it's still not downloading
[20:30] <jdstrand> slyboots: please see the man page. it should help make everything clear
[20:30] <newbish> oh what do you know
[20:30] <newbish> RoyK: It started just now
[20:31] <slyboots> Okay okay; so.. 53  ALLOW       192.168.1.0/24
[20:31] <slyboots> think I'm getting it now
[20:31] <jdstrand> slyboots: the basic idea is there is a 'to' clause and a 'from' clause
[20:31] <slyboots> I've the man page on another screen; its just not making a hell of a lot of sense.. But I think I have it now
[20:31] <jdstrand> either can be omitted depending on the rule...
[20:31] <slyboots> The new rule allows any trafic from the local LAN on port 53; to port 53 on the server only
[20:32] <jdstrand> slyboots: I wouldn't word it that way
[20:32] <slyboots> As apposed to allowing said trafic to ANY port on the server.. as long as it was over port 53?
[20:32] <slyboots> *source port was 53
[20:32] <jdstrand> slyboots: it allows hosts in the local LAN to connect to this host on port 53
[20:33] <jdstrand> slyboots: well, I am not sure what rule we are talking about any more :)
[20:33] <jdstrand> (I described '53  ALLOW       192.168.1.0/24')
[20:33] <slyboots> Yes; Thats the rule I have now
[20:34] <jdstrand> hosts in the 192.168.1.0/24 network are allowed to connect to port 53 on the machine you added the rule on
[20:35] <slyboots> :)
[20:37] <qman__> that's effectively enough provided everything else is working
[20:37] <qman__> there are some spoofing attacks under certain cirumstances where that would allow more than you want
[20:37] <qman__> but if your DNS server is not your gateway/router, you don't have to worry about it
[20:38] <slyboots> Cool
[20:40] <jdstrand> fyi, the default Ubuntu kernel uses rp_filter for source address verification
[20:40] <MuSh> hi
[20:40] <RoyK> 10Gbps network, check, 10Gbps NICs, check, SAS 6gbps controllers, check, but no mapping between physical location of drive and the device name :(
[20:40] <slyboots> Im tstarting to think just using iptables woudl be simpler
[20:40] <slyboots> :P
[20:41] <jdstrand> actually, that is overstated. the kernel doesn't, but a default Ubuntu install sets that in /etc/sysctl.d/10-network-security.conf
[20:42] <jdstrand> slyboots: if you are going to set it up yourself, you might want to check out all the stuff ufw is doign behind the scenes in /etc/ufw so that you have everything you need
[20:42] <jdstrand> and by 'it', I mean 'just use iptables'
[20:44] <MuSh> jdstrand, why ufw is inactive at system startup?
[20:45] <MuSh> i have used sudo ufw enable and i tryed  sudo sysv-rc-conf ufw on
[20:45] <MuSh> but it's inactive at system startup...why?
[20:46] <jdstrand> MuSh: sudo ufw enable is enough to both start it now and enable it on boot. When it doesn't start on boot it is almost always because there is another firewall program or script that runs after it and flushes ufw
[20:47] <slyboots> haha
[20:47] <slyboots> sound.. fun :)
[20:47] <qman__> I'm fairly impressed with UFW
[20:48] <qman__> it provides 90% of the functionality in an easy to use way
[20:48] <jdstrand> qman__: glad to hear. I would like to add qos and FORWARD support, but haven't been able to get to it yet
[20:49] <qman__> good to know
[20:50] <jdstrand> it would also be fun to have network-manager integration and firewall profiles so that when say you are at home the firewall is more open and when you are on the road very closed
[20:51] <jdstrand> (obviously configurable)
[20:51] <qman__> yeah, definitely a good idea
[20:51] <MuSh> jdstrand, for example? i haven't idea
[20:52] <jdstrand> MuSh: well, you could start with 'dpkg -l|grep -i fire' and see if anything jumps out at you
[20:53] <qman__> yeah, and if you've done any other firewall-related configuration on it, look there
[20:53] <qman__> such as iptables-save
[20:53] <jdstrand> MuSh: beyond that, a 'grep -r iptables /etc' might give details
[20:53] <jdstrand> s/details/hints/
[20:55] <jdstrand> MuSh: is this perchance on a virtualized hosted server?
[20:55] <MuSh> with "dpkg -l|grep -i fire" the output is  "ii  ufw 0.30.0-1ubuntu2 "
[20:56] <MuSh> jdstrand, no
[20:57] <lithpr> hello.  When installing 10.10 server, i am prompted as to whether i want to install a LAMP stack bundle.  In the server guide, i see info on installing each of these seperately.  Where can i learn more about the bundle it is offering to install?
[20:58] <qman__> lithpr, it installs just the basic LAMP, apache httpd, php5 as an apache module, and mysql
[20:58] <MuSh> jdstrand, http://pastebin.ubuntu.com/538423/
[20:59] <lithpr> okay, thanks.  i'll give it a try.
[20:59] <qman__> effectively the same as installing apache2, libapache2-mod-php5, and mysql-server
[21:00] <lithpr> excellent, thanks guys!
[21:00] <jdstrand> MuSh: based on your version of ufw, it looks like you are running ubuntu 10.10
[21:01] <jdstrand> MuSh: ufw in 10.10 uses upstart, and so the sysv-rc-conf command is not needed
[21:02] <jdstrand> MuSh: what are the contents of /etc/init/ufw.conf?
[21:03] <MuSh> jdstrand, http://pastebin.ubuntu.com/538428/
[21:03] <jdstrand> that looks fine
[21:04] <jdstrand> MuSh: can you give the output of:
[21:04] <jdstrand> sudo /lib/ufw/ufw-init stop
[21:04] <jdstrand> sudo /lib/ufw/ufw-init start
[21:05] <MuSh> http://pastebin.ubuntu.com/538431/
[21:05] <jdstrand> MuSh: can you paste your /etc/ufw/before.rules file? if you don't want it public, feel free to privmsg me
[21:06] <jdstrand> but based on that, it looks like something in there has a bad netmask
[21:19] <ScottK> SpamapS: Would you be able to prepare an SRU for Hardy for Bug 551655?  I'd be glad to upload it.
[21:27] <RoyK> LEGO ftw! http://www.youtube.com/watch?v=6LHdGIBSq9s
[21:53] <SpamapS> ScottK: re spamassassin bug, I'd be happy to. Who can accept it for Hardy?
[21:53] <ScottK> SpamapS: It'll be ~ubuntu-sru, but I can upload it to the queue.
[21:53] <SpamapS> ScottK: as of right now I can't assign it to myself.
[21:53] <SpamapS> I mean I can assign the main task, but it has not been accepted for hardy yet.
[21:54] <ScottK> I can do that.
[21:55] <ScottK> SpamapS: All approved and pointed at you now.
[21:56] <SpamapS> ScottK: sweet.. building a hardy chroot now, but probably won't have it done till tomorrow or Thursday.
[21:56] <ScottK> OK.
[21:57] <SpamapS> If my wife would let me work on ubuntu all 18 hours a day that I'd need to to keep up with the SRU load.. things would be different. ;)
[21:57] <ScottK> Right. I'm married too, so I won't question that prioritization.
[22:08] <GCS> Hi all!
[23:32] <Callum__> okay, my print server can print anything, but jobs that have Japanese characters in them
[23:32] <Callum__> seriously, anything thats completely in English is fine, and even Arabic and Chinese work fine
[23:32] <Callum__> but Japanese, makes my printers freeze up and the job doesn't get done
[23:33] <Callum__> I'm thinking its font related, any ideas? I have the ttf-msttcorefonts packages installed on the computers that I am printing from