/srv/irclogs.ubuntu.com/2011/02/07/#ubuntu-server.txt

benlake	anyone know of a channel for mdadm before I rattle off here?	01:32
patdk-lap	my mdadm seems to love the /dev/sd* chanels	01:33
patdk-lap	channels	01:33
=== jfluhmann__ is now known as jfluhmann
uvirtbot	New bug: #714358 in openvpn (main) "update-resolv-conf doesn't support multiple dns search domains" [Undecided,New] https://launchpad.net/bugs/714358	02:01
idleman	!dlem@n	02:36
ball	That was odd.	02:37
Pici	Indeed.	02:38
=== _TechAway_ is now known as _Techie_
fluvvell	ping	07:00
twb	Is there any reason to use external sftp over internal-sftp?	08:44
=== Guest14562 is now known as ogra
zephlit	first time installation novice user... setting up a LAMP stack. need basic security tips. anyone?	09:47
bicranial	zephlit: public web server?	09:48
zephlit	yes but trying to learn, not just get it running :D so i wanted to do everything "correctly"	09:49
zephlit	it will be hosting sites that i previously relied on a web-hosting service to do...	09:49
bicranial	physical server or VPS?	09:50
zephlit	VPS... what would the difference be? (jw)	09:50
bicranial	well if it were a local server in your home/office then you'd want it in a DMZ..	09:53
zephlit	ahh i see. i misinterpreted the question... so "in a data center or in home/office" haha	09:54
zephlit	or physical server or VPS/dedicated	09:54
zephlit	:P	09:54
bicranial	sorry, I should've been clearer there...	09:55
twb	Why break the habit of a lifetime	09:56
bicranial	have you looked for tutorials/howtos?	09:56
twb	A basic security tip would be: don't run PHP	09:57
zephlit	yeah i have... i've done a few steps already. creating a new user, disabling root for ssh (should i disable root for the OS?), iptables, seprate group for ssh login	09:57
zephlit	twb: what if I needed php for future applications? are you suggesting an alternative	09:57
twb	"The National Vulnerability Database maintains a list of vulnerabilities found in computer software. The overall proportion of PHP-related vulnerabilities on the database amounted to: 20% in 2004, 28% in 2005, 43% in 2006, 36% in 2007, 35% in 2008, and 30% in 2009."	09:57
twb	http://en.wikipedia.org/wiki/PHP#Security	09:58
zephlit	wow haha thats crazy-- but controversial to just say "don't run php"?...	09:58
twb	No, controversial is advocating removing .com and all the assholes that are ruining my PERFECTLY GOOD military network	09:59
zephlit	LOL. kk i'm still in the basics of learning how to SET UP a web server hahaha	09:59
zephlit	thats a story for another day	09:59
zephlit	at least for me :P	09:59
twb	busybox httpd -p 8080	10:00
twb	Done. You now have a webserver exporting the current working directory, with your current user's privileges, on port 8080.	10:00
zephlit	rofl i just googled what busybox was on my webserver... absorbing	10:00
twb	Unfortunately Ubuntu's always-installed busybox is a bit crippled compare to Debian's :-/	10:01
zephlit	see would i be able to set up virtual hosts with that	10:01
zephlit	lmao i have multiple domains	10:02
zephlit	you're probably like 'ogm' ... intentionally misspelled. ahhhhhhhhhh (cry)	10:04
zephlit	i'm just looking to learn... =/ basics, security. ive done a bit of reading before coming here. someone spare me!	10:05
bicranial	have a read through a few tutorials/guides like: http://www.andrewault.net/2010/05/17/securing-an-ubuntu-server/	10:08
zephlit	thanks :D	10:09
bicranial	I'd suggets setting up a test env in a VM on your PC/notebook	10:10
twb	There was a good article somewhere by an OpenBSD-type weenie, whose main gist was "applying security updates is dumb... it is better to NOT RUN services you don't need, and pick security-oriented implementations of the services you DO need."	10:10
twb	zephlit: also #ubuntu-hardened	10:11
zephlit	ic... is hardened about security?	10:11
twb	Yes	10:12
twb	"hardening" means making a system more secure	10:12
zephlit	lol	10:12
zephlit	thx	10:12
zephlit	i'm liking UFW because the readings i've had on iptables meant going back and reading them a few more times... lol	10:16
twb	Talk to #netfilter about it	10:17
twb	Most iptables documentation is utter crap	10:17
twb	ufw is reasonably sensible, as long as you just need to whitelist/blacklist a few addresses/ports	10:17
zephlit	:D you're so rebellious against ... everything. its fun to hear	10:18
twb	I'm a grumpy old man	10:18
zephlit	ha. i wanna be like you one day	10:18
zephlit	oops... locked myself out of my VPS. time to access the out-of-band console -.-	10:20
zephlit	out of the SSH*	10:20
zephlit	question : is read-only determined by chmod parameters or something else?	10:23
twb	bicranial: that URL advocates "nmap localhost", which is obviously flaky. It'd be better to test from an endpoint outside the local network. I'd also do SSH rate limiting and port scan detection directly in netfilter, but that's just me. Other than that, a reasonable article.	10:23
twb	zephlit: that depends.	10:23
zephlit	on?	10:23
twb	zephlit: on a default Ubuntu 10.04 server, it'll be governed by POSIX DACs (what you call "chmod"), and by apparmor for specific services (e.g. squid).	10:24
twb	Apparmor being an LSM MAC.	10:24
twb	http://en.wikipedia.org/wiki/Discretionary_access_control, http://en.wikipedia.org/wiki/Mandatory_access_control	10:24
zephlit	nmap localhost... ill ignore that part then	10:24
bicranial	twb: agreed	10:27
zephlit	okay so it was MAC is be dealin withs' :/	10:28
zephlit	i's*	10:28
twb	Unlikely	10:28
twb	But if so, there'll be a report in /var/log/klog with the string "audit"	10:29
zephlit	nope nvm :/ gonna go sleep. thx for the help twb -- i like the in depth-ness a lot :D	10:31
=== FkCek is now known as FkCek\|a
markitoxs	hello	11:01
markitoxs	i was wondering for a recommendation in doing HOT backups, without LVM, is it possible?	11:02
RoyK	markitoxs: what do you mean hot backup?	11:26
patdk-lap	royk, a backup where you don't shutdown the fs	11:27
patdk-lap	where everything is still running live on the system, while you back it up	11:28
RoyK	Anyone here using NIS? We're seeing wierd problem across a set of servers/workstations: Accessing files works well, but setting file rights, as with chgrp somegroup somefile, does _not_ work, even if the user is member of that group	11:28
RoyK	patdk-lap, markitoxs: that should work well for most systems, except perhaps databases	11:28
RoyK	database files shouldn't be backed up directly on most DBs	11:29
RoyK	make a dump, then backup that	11:29
andreasf	markitoxs: R1Soft CDP is a nice (commercial) solution.	11:29
patdk-lap	royk, running nscd?	11:30
markitoxs	sorry guys, was away from the screen	11:30
markitoxs	yeah, i have only found R1Soft, that seems quite good	11:30
markitoxs	i wish there was a simple way to migrate to LVM	11:30
andreasf	markitoxs: It has an addon for hot MySQL backups.	11:30
RoyK	patdk-lap: nope - at least not on those I have installed	11:30
RoyK	markitoxs: just create a dump and back that up	11:31
RoyK	for ordinary files, hot backup shouldn't be a problem	11:31
RoyK	it's not like M$ where files are locked	11:31
markitoxs	well, its an asterisk server	11:32
RoyK	that shouldn't be a problem either	11:32
RoyK	asterisk is only text files	11:32
patdk-lap	that would be even simpler	11:32
RoyK	plus perhaps a database	11:32
patdk-lap	and voice recordings :)	11:32
markitoxs	so, we have backups at the moment, dumping the whole FS	11:32
RoyK	yeah	11:32
markitoxs	into a tar.gz file	11:32
markitoxs	but seems there could be room for improvement	11:32
RoyK	markitoxs: why don't you use something like bacula?	11:32
RoyK	markitoxs: if you have a database in the asterisk setup, make a cron job to dump that with mysqldump/pg_dump and then back that up	11:33
RoyK	andreasf: should nscd help?	11:34
markitoxs	Im more interested in mirroring the system	11:35
=== _Techie_ is now known as _TechAway_
markitoxs	I have a DB replication setup	11:35
patdk-lap	markitoxs, well, use rsync	11:35
markitoxs	i just wanna know what your opinion is on that	11:36
patdk-lap	don't use rsync on the database	11:36
markitoxs	oh yeah, learned that the hard way	11:36
markitoxs	Bacula looks really good, btw	11:37
markitoxs	andreasf, did you say there is a plugin for MySQL for R1Soft CDP?	11:38
andreasf	markitoxs: Yes, it's nice. I used it for backup of a several hundred GB large DB for a large community.	11:39
RoyK	http://pastebin.com/kYPS0N0D <-- file rights look good, but chmod doesn't work	11:42
RoyK	any ideas?	11:42
RoyK	http://karlsbakk.net/nfs-probs.pcap	11:43
patdk-lap	heh? ls -ld .	12:02
soren	RoyK: You are chgrp'ing, not chmod'ing.	12:04
patdk-lap	chmod?	12:06
soren	chmod!	12:07
RoyK	soren: yes, sorry, that's the problem	12:07
soren	Sorry, what's the question?	12:07
RoyK	chgrp should work	12:07
soren	Why?	12:07
patdk-lap	I don't get the why chmod :)	12:07
soren	patdk-lap: BEcause that's what he asked about.	12:07
soren	patdk-lap: 11:42 < RoyK> http://pastebin.com/kYPS0N0D <-- file rights look good, but chmod doesn't work	12:07
RoyK	patdk-lap: chmod works, chgrp doesn't	12:07
soren	RoyK: It's not expected to.	12:07
RoyK	soren: it certainly is	12:08
patdk-lap	oh heh :)	12:08
patdk-lap	I didn't even notice anything after the url	12:08
RoyK	soren: it works locally, but not if the filesystem is mounted over nfs	12:08
soren	RoyK: orly?	12:08
RoyK	so long that the user is member of the target group, chown should work	12:08
RoyK	soren: yes, really	12:08
RoyK	chown/chgrp	12:08
RoyK	chown :newgroup / chgrp newgroup	12:09
* soren stares at the code again..		12:09
RoyK	sec - I'll pastebin another example	12:09
soren	RoyK: Oh, right. I see it now.	12:10
soren	I misread a && for a !!.	12:10
soren	Err..	12:10
soren	heh.	12:10
soren	For a \|\|, of course.	12:10
RoyK	http://pastebin.com/MAz02dmd	12:11
RoyK	that shows local test and test over nfs	12:11
soren	I'm not sure how that's meant to work over nfs, really.	12:16
soren	Group membership is a process attribute.	12:16
uvirtbot	New bug: #714542 in net-snmp (main) "prTable reports running processes as NOT running on Ubuntu 8.04 LTS" [Undecided,New] https://launchpad.net/bugs/714542	12:16
soren	..and since the process trying to do the chgrp is on another host, it obviously can't check whether the group membership is valid.	12:16
soren	RoyK: ^	12:17
soren	RoyK: Which nfs version is this?	12:19
RoyK	soren: 3	12:53
soren	RoyK: :(	12:56
RoyK	soren: seems local groups (defined in /etc/group) works, but that's about it	12:58
lieuwe	i'm trying to set a mailserver up on my server, but for some reason when mailing something to it, i get a "delivery delayed" message the next day, and a "delivery failed" message the day after that, what gives?	12:58
patdk-wk	lieuwe, what gives? your lack of stating the problem :) logs?	13:16
lieuwe	patdk-wk: lol, http://codepad.org/R42mWHep	13:17
patdk-wk	looks pretty self explanitory to me: No route to host	13:17
lieuwe	patdk-wk: that doesnt mean anything to me tho, first time i'm setting a mailserver up.	13:18
patdk-wk	that has nothing to do with mailservers	13:18
patdk-wk	it's an ip thing	13:18
patdk-wk	it looks like your attempting to run a mailserver at home	13:19
patdk-wk	and most isp's don't allow that	13:19
patdk-wk	therefor it doesn't work	13:19
lieuwe	patdk-wk: where could i check if my isp allows it?	13:19
lieuwe	(it's pretty lax with other stuff)	13:20
greppy	is 82.161.50.114 your current IP?	13:20
lieuwe	greppy: yeahs	13:20
lieuwe	greppy: static ip :-3	13:21
soren	RoyK: You're using the nfs3 server in the kernel, right?	13:21
RoyK	soren: yes	13:22
greppy	lieuwe: I think they are blocking inbound port 25, I can hit port 110, get dovecot response, but 25 gets no route to host.	13:22
soren	RoyK: And you say it works for groups in /etc/group?	13:22
RoyK	soren: yes	13:22
soren	RoyK: On the server, you mean?	13:22
soren	Ah..	13:22
patdk-wk	ya, but I'm getting a tcp reject	13:23
soren	Hmm..	13:23
lieuwe	greppy: lemme check mah firewall	13:23
patdk-wk	shouldn't that mean he isn't running a mailserver on his system	13:23
RoyK	soren: writing a test program now...	13:23
patdk-wk	cause a firewall and stuff should do icmp rejects, not tcp	13:23
greppy	patdk-wk: could be stopped at the router.	13:23
lieuwe	greppy: lol, my port 25 is indeed closed, lemme try and open it up	13:24
soren	RoyK: As far as I can see, only nfs4 makes any attempt at transfering group info.	13:24
lieuwe	greppy: could you try port 25 again?	13:24
soren	RoyK: So for nfs versions lower than 4, it looks like only the current fsgid applies.	13:24
greppy	lieuwe: that works :)	13:24
soren	RoyK: I have a bit of a hard time following the code in some places, though.	13:25
RoyK	soren: that sucks, but it makes somewhat sense to what I see	13:25
lieuwe	greppy: okay, then that probably was the problem	13:25
soren	RoyK: nfs4 fixes a lot of these problems.	13:25
patdk-wk	connection refused, now it's a firewall issue :)	13:25
* patdk-wk loves getting refused		13:26
patdk-wk	reminds me of all the women	13:26
lieuwe	now it gives "Relay access denied", wtf did i do wrong this time?	13:29
greppy	lieuwe: that's a postfix configuration issue.	13:30
lieuwe	greppy: well, fck	13:31
lieuwe	greppy: what config should i be looking at?	13:31
greppy	you just want it answering for dikzak.dyndns.org?	13:31
greppy	can you paste the contents of your /etc/postfix/main.cf?	13:32
lieuwe	greppy: http://pastebin.com/qxd4bhbC	13:34
greppy	lieuwe: mydestination = server.fritz.box, localhost.fritz.box, localhost	13:35
greppy	that's why, you need to put the hostname you want to recieve mail for there.	13:35
lieuwe	greppy: got it working now, thanks.	13:40
RoyK	soren: that doesn't make sense - I can chgrp from root with no_root_squash - or will that bypass checking the GID?	13:49
RoyK	soren: forget it...	13:50
RoyK	soren: still, if the groups weren't sent, why can I change a file, but not it's group?	13:53
soren	RoyK: "change a file" means what?	13:58
RoyK	echo wtf >> somefile	13:58
soren	So the contents?	13:58
RoyK	yes	13:58
soren	Different types of checks.	13:58
RoyK	right - I can't chmod the file even if the group I'm in has rw	13:58
RoyK	that is, not the primary group, one of the others	13:59
soren	The check for whether you can change ownership is quite a bit more complex than the one that checks if you can change the contents of the file.	13:59
soren	The logic is completely different.	14:00
soren	You can't chown at all if you're not root, for instance.	14:00
soren	Well, you need to have CAP_CHOWN, relly.	14:01
soren	really.	14:01
RoyK	soren: seems to be a linux problem on the client, really	14:01
RoyK	it works from a solaris client	14:01
soren	Same uid/gid?	14:02
RoyK	yes	14:02
RoyK	soren: same NIS domain	14:02
soren	Wow. NIS?	14:02
RoyK	I said that initially	14:02
* soren checks his calender		14:03
RoyK	it takes some time to convert a truckload of servers/clients to something else	14:03
RoyK	and there's a lot of things more pressing than that...	14:03
soren	It's been a few years since NIS went out of style, to be honest :)	14:03
RoyK	well, it's still a package	14:04
uvirtbot	New bug: #438072 in exim4 (main) "package exim4-config 4.69-9ubuntu1 failed to install/upgrade: subproces post-installation script gaf een foutwaarde 2 terug" [Undecided,Won't fix] https://launchpad.net/bugs/438072	14:04
soren	RoyK: We also have a gopher server in the archive... :)	14:04
RoyK	soren: now, _that_ is ancient :)	14:05
soren	RoyK: Just saying that being packaged doesn't say much about the technology's currency. :)	14:05
lieuwe	i'm setting up my mailserver, but on receiving mail i get "mail_location not set and autodetection failed" from dovecot.	14:06
=== oubiwann is now known as oubiwann_
uvirtbot	New bug: #333257 in exim4 (main) "Exim hangs on delivering mail, lack of entropy for TLS" [Low,Opinion] https://launchpad.net/bugs/333257	14:11
uvirtbot	New bug: #480927 in exim4 (main) "karmic upgrade resurrected exim4 daemon" [Low,Incomplete] https://launchpad.net/bugs/480927	14:11
uvirtbot	New bug: #638810 in exim4 (main) "exim4 config does not honour /etc/mailhelo" [Low,Incomplete] https://launchpad.net/bugs/638810	14:24
=== jkakar_ is now known as jkakar
* soren has never heard of /etc/mailhelo		14:28
patdk-wk	maybe he means /etc/mailhost	14:29
patdk-wk	oh, /etc/mailname is what I'm thinking of	14:31
soren	ScottK: Have you hear of /etc/mailhelo? (re bug 638810)	14:36
uvirtbot	Launchpad bug 638810 in exim4 "exim4 config does not honour /etc/mailhelo" [Low,Incomplete] https://launchpad.net/bugs/638810	14:36
soren	*heard	14:36
zul	dannf: ping when you are around	14:47
acidflash	is is possible to mount 1 "folder" on several hdd's ?	14:57
compdoc	I suppose you could have a folder on each drive and sync them	15:00
acidflash	compdoc: how do i do that?	15:01
compdoc	well, rsync could do that, and be run from cron, or whatever service	15:02
patdk-wk	hmm, what is the definition of mount one folder	15:03
patdk-wk	rsync just makes a copy of one folder on several drives	15:04
patdk-wk	the mount bind command actually mounts one drive in many places	15:04
patdk-wk	simpler than rsync would just be symlink	15:04
acidflash	patdk-wk: what i want to do is the following, i have a HD which I would like to serve files from, and I will be caching thing on this folder, I have about 4 x 1TB HD and 1 x 1.5TB HD	15:04
acidflash	I want all those disks to cache in "one folder"	15:04
acidflash	that I will tell my web server that your root dir is this folder	15:04
acidflash	i know that i can use raid	15:04
acidflash	but I want to know if there is an easier way	15:05
patdk-wk	oh, so you want all the files in the one directory to be split over all the drives	15:05
patdk-wk	raid is the easy, and is the only way that will give you any real performance increase	15:05
resno	acidflash: greyhole	15:05
patdk-wk	other ways would be lvm	15:05
acidflash	pat: yes	15:05
resno	check out greyhole	15:06
acidflash	resno: ok I will read about it!	15:06
resno	i dont use it, but ive read about it. and it seems to match your needs	15:06
resno	a friend uses it and hasnt had any problems	15:06
acidflash	yeah almost exactly	15:07
smoser	Daviey, had you seen bug 615442	15:34
uvirtbot	Launchpad bug 615442 in eucalyptus "euca-describe-users fails with ImportError: No module named euca_admin.users" [High,Confirmed] https://launchpad.net/bugs/615442	15:34
Daviey	smoser, yeah...	15:35
Daviey	smoser, it was left with upstream making a change to their setup.py of their python module...	15:36
smoser	upstream who?	15:36
Daviey	smoser, there really needs to be a new binary package...	15:36
Daviey	smoser, euca.	15:37
smoser	there is no setup.py for eucalyptus	15:37
Daviey	smoser, exactly.	15:37
smoser	well, thats more than "a change" :)	15:37
smoser	so anyway, that really should be fixed.	15:38
Daviey	introducing new files = change :)	15:38
Daviey	smoser, i really don't think it'll get fixed for maverick	15:38
Daviey	natty.. yes	15:38
smoser	well, it should be fixed for natty, and then, i can't imagine the fix is intrusive	15:38
smoser	so it wouldn't be bad to get it back, but natty first.	15:38
Daviey	smoser, if the issue was in lucid.. i'd agree... but SRUing Maverick for that seems non-essential	15:39
Daviey	smoser, it would be nicer to find out why euca is FTBFS'ing in natty first :)	15:40
smoser	i didn't know that.	15:40
smoser	agreed.	15:40
Daviey	annnnndd...... dhcpd is broken aswell	15:41
Daviey	all in... it's a mess :)	15:41
smoser	so you've got some work to do then, my friend.	15:42
smoser	:)~	15:42
uvirtbot	New bug: #714667 in libvirt (main) "Upstream to 0.8.7 for natty" [Undecided,New] https://launchpad.net/bugs/714667	16:02
zul	^^^ yes please :)	16:05
uvirtbot	zul: Error: "^^" is not a valid command.	16:05
* SpamapS stretches		16:36
RoAkSoAx	SpamapS: /win 6	16:52
RoAkSoAx	arrgh	16:52
RoAkSoAx	SpamapS: morning btw :P	16:52
SpamapS	RoAkSoAx: hah good morning :)	16:54
RoAkSoAx	SpamapS: btw.. do you know of any USB to VGA adapter to be able to connect another external Monitor?	16:57
genii-around	RoAkSoAx: I have one from StarTech that works under 8.04	17:01
uvirtbot	New bug: #714702 in etckeeper (main) "Please merge etckeeper 0.52 (main) from Debian unstable (main)" [Wishlist,Confirmed] https://launchpad.net/bugs/714702	17:02
SpamapS	RoAkSoAx: no I'm an apple fanboi when it comes to hadware. ;)	17:02
SpamapS	hardware too :)	17:02
RoAkSoAx	genii-around: yeah I was looking at that one and seems to work well with Ubuntu	17:02
RoAkSoAx	SpamapS: yeah but I IIRC you mentioned something about one in Dallas...	17:03
cocoa117	is ubuntu-virt channel died?	17:04
cocoa117	should we all move over to ubuntu-server?	17:04
SpamapS	RoAkSoAx: no, the one I mentioned in Dallas is mini-DVI to DVI	17:04
RoAkSoAx	SpamapS:besides that, I think you mentioned that you saw someone... but anyawys, I can be mistaken :P	17:05
SpamapS	RoAkSoAx: quite possible.. I talk way too much	17:08
=== SquishyNotHere is now known as squishy
RoAkSoAx	lol	17:08
=== skaet is now known as skaet_afk
ZacLnxNewb	hi	17:51
SpamapS	ZacLnxNewb: hi!	17:55
ZacLnxNewb	SpamapS: I'm looking for advice >.>	17:55
ZacLnxNewb	SpamapS: I'm attempting to make an online store using mysql and php	17:57
ZacLnxNewb	SpamapS: However I have no experience doing this, and would like to know what to watch out for	17:57
ZacLnxNewb	SpamapS: I have little experience with mysql, I can handle php.	17:58
RoyK	ZacLnxNewb: look for systems already made - it'll probably save you a lot of headache	18:00
zul	dannf: ping	18:01
ZacLnxNewb	RoyK: aye, that's no challenge. :p	18:01
dannf	zul: hey	18:01
RoyK	ZacLnxNewb: no, but it'll save you a lot of work, and building online stores means you need to know a few things about PHP security	18:02
zul	dannf: i had a look at your multipath branch if you can clean that up a bit i will be happy to upload it for you	18:02
ZacLnxNewb	RoyK: I'm sure I could do it, using php to interface with mysql for inventory and user logins.	18:02
RoyK	ZacLnxNewb: sure, but an online store will be open to the internet - what do you do to prevent SQL injection? cross-site scripting?	18:03
SpamapS	ZacLnxNewb: there's your advice. :)	18:03
RoyK	if you know these things, sure, but if you don't, it may be rather expensive to try yourself	18:03
SpamapS	ZacLnxNewb: if you use a framework.. (in the right way) then you'll be better off too. I like Symfony and Zend.	18:03
ZacLnxNewb	RoyK: how does sql injection work?	18:04
RoyK	lol	18:04
RoyK	http://xkcd.com/327/	18:05
RoyK	ZacLnxNewb: ^ That's a good example	18:06
RoyK	there are other less trivial examples, though	18:06
ZacLnxNewb	RoyK: I learned to watch out for that when I made comment scripts in the past. Caught people inserting css code to add effects.	18:06
ZacLnxNewb	RoyK: It's easy enough to strip all input of all un-needed characters, or store the characters in a nonthreatening form.	18:07
RoyK	ZacLnxNewb: just use something that's proven to work - otherwise you'll spend three times the time, or more, and probably end up with something far less usable	18:08
RoyK	ZacLnxNewb: there's a good reason there's only one linux kernel tree :P	18:08
ZacLnxNewb	RoyK: how lazy. :p using such short cuts	18:09
RoyK	ZacLnxNewb: not really - just use a platform that works and add to that	18:09
ZacLnxNewb	RoyK: apart from mysql injection and restricted access to php files, what else should I watch for?	18:09
ZacLnxNewb	RoyK: I will take your suggestion, but I do want to know how it works	18:10
RoyK	cross site scripting can be quite bad	18:10
RoyK	look it up	18:10
SpamapS	ZacLnxNewb: if thats lazy, then so is using Ubuntu. You should be using LinuxFromScratch.	18:12
RoyK	ZacLnxNewb: also, I really do understand that you want to write it from scratch, most newbies want that, just to do it, but with the current frameworks available, it's not really a good idea. It might have been a good idea ten years ago, but not really now	18:12
ZacLnxNewb	RoyK: SpamapS Cross site scripting would involve cookies and client side storage, I was planning on doing everything server-side	18:13
ZacLnxNewb	RoyK: With very limited user input	18:13
RoyK	ZacLnxNewb: I've just been in this game for 15 years - I'm only trying to give you some simple advice - but do as you please...	18:14
ZacLnxNewb	RoyK: Oh, I'm listening, honestly, and I will take your advice, but I keep on because I want to know how it all works. :p	18:14
RoyK	I built a netshop in perl some 13 years ago, and beleive me, it was a very good thing we didn't accept credit cards on that one	18:15
ZacLnxNewb	RoyK: This store would only use paypal	18:15
RoyK	ZacLnxNewb: you still need a secure API to interface with paypal	18:15
RoyK	otherwise that can be abused as well	18:16
RoyK	ZacLnxNewb: http://www.dvwa.co.uk/ <-- this is worth a few hours	18:19
RoyK	ZacLnxNewb: http://www.dvwa.co.uk/ <-- this is worth a few hours study, even	18:19
ZacLnxNewb	RoyK: what programming languages do you know?	18:19
RoyK	currently, I mostly use php, C, some python, some fortran if I need to help others, C++ at gunpoint, javascript ...	18:20
RoyK	and perl, of course	18:20
RoyK	always perl	18:20
genii-around	Heh, C++ at gunpoint...	18:20
ZacLnxNewb	RoyK: mwaha, C++ at gunpoint, is it really that bad?	18:20
RoyK	ZacLnxNewb: no, but I like C better :P	18:20
RoyK	for web stuff, I use php/javascript with some DB backend	18:21
RoyK	but trying to learn more Python	18:21
RoyK	looks like a good language for most use, and a little cleaner than perl	18:22
RoyK	not that _that_ says a lot, most languages are :P	18:22
genii-around	Is there like a CPAN kind of idea for python?	18:23
* RoyK currently doesn't do much coding, more operations, storage etc		18:23
RoyK	genii-around: there is, but I can't remember the name of it...	18:24
genii-around	OK, cool	18:24
RoyK	try asking on #python	18:24
* RoyK hands pennyless a penny		18:26
RoyK	avis: wb	18:26
avis	thank you	18:27
RoyK	did you get my email?	18:27
avis	i sure did	18:27
avis	i have not read it thoroughly though	18:27
avis	i will be getting comcast on friday so no more port 80 blocked	18:27
RoyK	ah	18:28
avis	i really do not like at&t at all	18:28
avis	thank you for extending your help	18:28
avis	i really do appreciate it	18:28
RoyK	np	18:28
avis	hope your doing ok today	18:28
avis	my anxiety levels are up. struggled with sleep last night.	18:28
RoyK	that's not good...	18:29
avis	i'm ok now tho	18:29
RoyK	avis: go for a 1-2 hour walk	18:29
RoyK	that helps	18:29
avis	i think i know how to manage one of my old medications to fix that	18:29
=== NG_ is now known as ng_
avis	]i'd really needs meds then if i were to do so :)	18:29
avis	thank you tho	18:29
* RoyK has been taking some meds in his time, but there is little that helps better than going for a walk in the woods		18:30
avis	its very difficult to make a bowl of ramen appear before you without any effort, as simple as it is :) anyway, i'll be pm topic from now on :)	18:30
avis	that sounds pleasant	18:31
RoyK	hehe	18:31
patdk-wk	!fetch ramen	18:31
avis	i was in a car accident, major, caused neurological and physiological damage	18:31
avis	thanks :)	18:31
patdk-wk	I want to fetch lunch :9	18:31
patdk-wk	:(	18:31
RoyK	avis: heh - I've been through a little myself - still, walking is my cure	18:31
patdk-wk	the fridge is in the hr office, and they are having a meeting in there right now :(	18:32
avis	that sounds very good. i would not want to be upright for too too long due to my back	18:32
RoyK	avis: anyway - do you want a redirect before friday?	18:32
ZacLnxNewb	I somehow managed to burn all of my eggs	18:39
greppy	that's not that hard, just leave them on the stove too long.	18:39
SpamapS	ZacLnxNewb: btw if you manage to build a web store without cookies and without a horrible user experience.. you should share that with the world.. otherwise.. XSS is always a danger.	18:40
RoyK	ZacLnxNewb: apt-get install dragonegg	18:40
ZacLnxNewb	SpamapS: here's my very first webpage effort. http://beyondsight.sswgn.com/	18:44
RoyK	genii-around: pypi should be similar to cpan	18:45
ZacLnxNewb	SpamapS: I'm fairly certain I can accomplish intuitive user experiences :p	18:48
lifeless	SpamapS: zul: what was the conclusion on the right way forward with ssl cache distribution?	18:50
ZacLnxNewb	Lols	18:52
ZacLnxNewb	http://i.imgur.com/em14R.jpg	18:52
ZacLnxNewb	that's hilarious	18:52
zul	lifeless: i packaged distcache this weekend it should be sitting in new	18:53
zul	lifeless: waiting for an archive admin to review	18:53
SpamapS	lifeless: Given that there's no set release date for apache 2.3, I think distcache is the simpler approach.	18:53
lifeless	zul: SpamapS: wooo! \o/	18:53
lifeless	that should be trivially backported to lucid, right ?	18:54
zul	lifeless: yep	18:54
* SpamapS wonders why we don't do more official backports for stuff like this		18:55
zul	lifeless: i had nothing better to do this weekend ;)	18:55
lifeless	is there a ppa you could drop that into as a lucid build? would save some [precious] sysadmin time backporting it to CAT	18:55
lifeless	zul: I'm extremely happy	18:55
zul	SpamapS: because we dont have the man power	18:55
SpamapS	zul: maybe we should make backports take less man power.	18:55
lifeless	you guys might like this - http://people.ubuntu.com/~lifeless/showtime.png	18:55
lifeless	its going to show for devs only	18:55
lifeless	at least to start with	18:55
zul	SpamapS: right but it takes man power to make things more automated	18:56
zul	lifeless: cool!	18:56
SpamapS	lifeless: mmmmm metrics	18:56
lifeless	indeed	18:57
SpamapS	I also think PPA's have alleviated any real need for comprehensive backporting	18:57
=== skaet_afk is now known as skaet
sidnei	lifeless, neat. we have something like that for landscape, except the javascript broken because it's not enabled by default.	18:57
lifeless	sidnei: nice. Thats what we already have in a comment in every page, just shoved up top via js after the page is received	18:58
lifeless	we'll probably add browser overlay time etc to it	18:58
lifeless	but server side is our -huge- weakness atm	18:58
RoyK	server side is whose weakness_	18:59
RoyK	s/.$/\?/	18:59
lifeless	launchpads	18:59
RoyK	k	18:59
lifeless	zul: so I think this got lost in a burst of chatter - any chance you could upload it to a lucid series in a ppa ?	19:00
zul	lifeless: consider it done	19:00
lifeless	fantastic! thank you,	19:00
lifeless	s/,/./	19:00
SpamapS	lifeless: note that another method of doing this (if, for some reason this doesn't work out) is to use ipvs and have it source-hash schedule connections... http://kb.linuxvirtualserver.org/wiki/Source_Hashing_Scheduling	19:03
zul	lifeless: https://launchpad.net/~zulcss/+archive/distcache-lucid should be there in a couple of hours	19:04
lifeless	zul: \o/	19:05
shadow42085	I am getting this error Error opening Private Key smtpd	19:07
shadow42085	1822:error:02001002:system library:fopen:No such file or directory:bss_file.c:356:fopen('smtpd','r')	19:07
shadow42085	1822:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:358:	19:07
shadow42085	unable to load Private Key	19:07
shadow42085	any ideads?	19:07
shadow42085	I am following the help.ubuntu.com/community/Postfix	19:08
pmatulis	shadow42085: looks like the application (postfix) and the openssl tool disagree on where things are located	19:10
shadow42085	I maybe missing the saslauthd program	19:11
shadow42085	so how do I fix this issue	19:15
shadow42085	my smtpd.key is located at /home/shadow42085	19:21
shadow42085	is this the right foldler or does it belong somewhere else?	19:22
shadow42085	nevermind I found the issue	19:24
shadow42085	I missed the .key after smptd	19:25
ahe	is it possible to make a lvm of a kvm host available to the guest such that the guest can create new logical volumes?	19:26
DaBeast	hi guys	19:27
shadow42085	hi	19:27
DaBeast	i just installed ubuntu server on my laptop, with the mind of creating a torrent seedbox	19:28
DaBeast	but, during the installation i accedently selected irda0 as a network device	19:28
DaBeast	apperently it doesnt recognize eth0, and wlan0 is broken	19:28
DaBeast	so, how can i fix this?	19:29
DaBeast	this is my first linux expierence heh	19:33
DaBeast	also, when using a usb wifi dongle, it doesnt show up at ifconfig	19:33
RoyK	DaBeast: pastebin 'ifconfig -a'	19:34
RoyK	!pastebin	19:34
ubottu	For posting multi-line texts into the channel, please use http://paste.ubuntu.com \| To post !screenshots use http://imagebin.org/?page=add \| !pastebinit to paste directly from command line \| Make sure you give us the URL for your paste - see also the channel topic.	19:34
shadow42085	I am being asked for a pem pass what is that?	19:35
shadow42085	pem pass phrase**	19:35
DaBeast	RoyK: how am i supposed to pastebin it? :p	19:36
DaBeast	type it over? its kind of a long list xD	19:36
RoyK	use a serial console :)	19:36
RoyK	DaBeast: what interfaces does ifconfig -a list?	19:37
DaBeast	eth0, irda0, lo, wifi0,wlan0,wlan1	19:37
DaBeast	maybe more, its off screen	19:37
DaBeast	serial console = ssh?	19:38
shadow42085	DaBeast run Terminal	19:38
DaBeast	well, its on my laptop :p	19:38
DaBeast	i'm entering commands on my laptop, hehe	19:39
RoyK	DaBeast: if you have eth0, does it have an IP address?	19:39
shadow42085	just open a Terminal from Accesories	19:39
shadow42085	the type in ipconfig -a list	19:39
RoyK	shadow42085: if he was able to run ifconfig -a, he certainly has a terminal open	19:39
DaBeast	shadow42085: i'm running the server edition of ubuntu :p	19:39
DaBeast	RoyK: nope, no ip	19:40
RoyK	DaBeast: have you set a static ip, or are you waiting for a dhcp reply?	19:40
RoyK	DaBeast: btw, serial console != ssh	19:40
RoyK	serial console means good-old serial port (perhaps over usb)	19:41
DaBeast	no idea, at installation it was trying to auto detect dhcp, then i manually tryd to set up a connection (but i selected irda0 lol, there was no eth0)	19:41
RoyK	DaBeast: edit /etc/network/interfaces	19:42
DaBeast	i went there, theres only lo and irda0 there	19:42
DaBeast	with nano*	19:42
RoyK	DaBeast: http://pastebin.com/pBdi7CBU	19:43
RoyK	that's an example	19:43
RoyK	taken from this box	19:43
DaBeast	when i do edit /etc/network/interfaces it says unknown mine-type or something	19:45
RoyK	dollarbang: never mind that	19:45
DaBeast	at /etc/network/interfaces i only see the loopback interface and irda0	19:46
RoyK	dollarbang: just add eth0 there	19:46
RoyK	as from what I pasted	19:47
DaBeast	ah, i see, let me test that	19:49
DaBeast	whats this broadcast?	19:50
RoyK	never mind that	19:50
RoyK	it's the network xor netmask IIRC	19:50
RoyK	as in, if you have 192.168.0.0/24, the broadcast is 192.168.0.255	19:50
RoyK	or, if you have 192.168.0.0/23, the broadcast is 192.168.1.255	19:51
RoyK	et cetera	19:51
RoyK	but it's not critical	19:51
DaBeast	k, thanks	19:52
uvirtbot	New bug: #704264 in bacula (main) "package bacula-director-mysql 2.4.4-1ubuntu5 failed to install/upgrade: le sous-processus post-installation script a retourné une erreur de sortie d'état 1" [Undecided,Fix released] https://launchpad.net/bugs/704264	19:52
DaBeast	hmm, when i try to save the file it says unable to write file	19:52
DaBeast	i guess i should have used sudo nano? :p	19:52
RoyK	heh - yes	19:52
RoyK	a normal user can't write to /etc	19:53
DaBeast	darn :p	19:53
RoyK	just write the file to /tmp	19:53
RoyK	allowing all users to write to /etc would be - interesting......	19:53
maedox	RoyK: You should try it :P	19:54
RoyK	maedox: may you live in interesting times :)	19:56
maedox	Yepp, I'm sure it would bring some interesting startup issues at best. :D	19:57
RoAkSoAx	zul: symlinks s/win 11	20:00
RoAkSoAx	arrrggh	20:00
RoAkSoAx	sorry	20:00
RoyK	maedox: http://en.wikipedia.org/wiki/May_you_live_in_interesting_times	20:01
DaBeast	hmm, seems irda0 stays active even after i restarted it, restarting server	20:01
RoyK	DaBeast: if it's activated in /etc/network/interfaces, it will	20:02
RoyK	DaBeast: but do you get online on eth0?	20:02
maedox	RoyK: I see. I think we already do.	20:02
RoyK	:)	20:04
DaBeast	RoyK: restarted my laptop, yup	20:05
DaBeast	thanks man!	20:05
smoser	SpamapS, i would appreciate your input on bug 714807	20:06
uvirtbot	Launchpad bug 714807 in cloud-init "install of cloud-init without eth0 will cause boot hang" [Medium,Confirmed] https://launchpad.net/bugs/714807	20:06
RoyK	DaBeast: np :)	20:07
DaBeast	why was irda0 in there anyways xD who would want to use that as a primary device, rofl	20:08
SpamapS	smng	20:09
DaBeast	RoyK: about this serial console, do i "need" it?	20:10
RoyK	DaBeast: not really	20:10
RoyK	DaBeast: you need it if something goes really bad	20:11
DaBeast	i see	20:11
DaBeast	thx	20:11
DaBeast	now, how do i shut this down safely? xD	20:12
SpamapS	smoser: does cloud-init have to run before anything other than / is mounted?	20:12
DaBeast	sudo shutdown 1 gives me some kind of maintenance menu	20:13
uvirtbot	New bug: #434076 in cloud-init (main) "if key exists in /root/.ssh/authorized_keys, disable_root setting has no effect" [Low,Won't fix] https://launchpad.net/bugs/434076	20:13
=== oubiwann_ is now known as oubiwann
uvirtbot	New bug: #714807 in cloud-init "install of cloud-init without eth0 will cause boot hang" [Medium,Confirmed] https://launchpad.net/bugs/714807	20:16
DaBeast	i got it, it was halt :p	20:18
shadow42085	I am trying change postfix to use port 578 instead of port 25 since my blocks port 25	20:23
shadow42085	ISP**	20:23
pmatulis	shadow42085: nice	20:24
shadow42085	I meant to say 587	20:29
giovani	shadow42085: that's trivial to do -- I presume you mean for postfix to listen on port 587, and not to use that port for outbound SMTP connections for delivery?	20:30
RoyK	shadow42085: just google for it	20:30
shadow42085	yea	20:30
shadow42085	use port 587 for secure submissions	20:31
uvirtbot	New bug: #714814 in bind9 (main) "Serious validation errors in Bind 9.7.0" [Undecided,New] https://launchpad.net/bugs/714814	20:32
=== Kiall is now known as Kiall\|AFK
=== Kiall\|AFK is now known as Kiall
shadow42085	I can't seam to get telnet to produce the results I need after telnel localhost 587 any ideas o fix it	21:01
shadow42085	root@ubuntu:/home/shadow42085# telnet localhost 587	21:03
shadow42085	Trying ::1...	21:03
shadow42085	Connected to localhost.	21:03
shadow42085	Escape character is '^]' is all I am getting	21:03
guntbert	shadow42085: what should listen on 587?	21:03
shadow42085	postfix	21:03
guntbert	shadow42085: did you try to talk to it?	21:04
shadow42085	I added the line 587 inet n - n - - smtpd	21:04
shadow42085	to /etc/postfix/master.cf	21:05
guntbert	shadow42085: no, you have to talk smpt with it	21:05
shadow42085	how do I do that	21:05
SpamapS	smoser: commented on that upstart bug	21:05
guntbert	shadow42085: I'm too tired to teach you smtp, please look it up yourself (googling for smtp telnet might be helpful)	21:06
shadow42085	I followed the help.ubuntu.com/community/postfix tutorial	21:06
smoser	danke.	21:07
b0ot	I have been trying to get a simple tftp sever running to back up my cisco configs for 4 hours. I have tried tftpd, atftpd, and tftp-hpa with no luck. Any ideas	21:10
pmatulis	b0ot: tftp-hpa is used a lot in ubuntu	21:12
b0ot	pmatulis, do you have any recent documentation... all of the stuff I found was so outdated the files were different when I went to edit the config	21:12
pmatulis	b0ot: no, it should be straight forward. maybe look at /etc/default/tftpd-hpa ?	21:13
=== ng_ is now known as NG_
RoAkSoAx	argghhh	21:34
* RoAkSoAx just erased all the work he has done today!! :(		21:34
=== airtonix is now known as Guest45340
=== Guest45340 is now known as airtonix
=== FkCek\|a is now known as FkCek
ZacLnxNewb	RoyK: hey, I wanted to thank you for all of your help.	21:44
ZacLnxNewb	Does anyone know anything about server programming in python?	21:46
lenios	yes	21:47
lenios	do you want to know something?	21:47
ZacLnxNewb	lenios: say I have a large application with up to 2000 simultaneous users, and I need commands/data to be distributed as possible, what would be the best way to handle that?	21:50
ZacLnxNewb	lenios: so far I've come up with using the select comamdn in python, to create read, write, and error lists used to process data	21:51
ZacLnxNewb	lenios: however, having literally thousands of users, would it also be fast enough to use mysql as well, RAM ?	21:51
ZacLnxNewb	lenios: Because the user data/matrix would get quite large very quickly	21:52
lenios	you're handling distribution by hand?	21:53
lenios	you can use mysql, and put as much as you can in ram	21:54
genii-around	Hm. If you make a ramdisk, them mv stuff into it and then rm the ramdisk, is it faster than recursively rm on say 2Gb of files?	21:56
lenios	ZacLnxNewb, and 2000 simultaneous users is sure big, but it depends what they're doing	21:56
RoyK	ZacLnxNewb: google it	21:56
lenios	i don't see why mv would be faster than rm	21:56
RoyK	ZacLnxNewb: there's plenty of resources for python out there	21:57
ZacLnxNewb	RoyK: :p you sound annoyed.	21:58
ZacLnxNewb	RoyK: Also, symfony is giving me trouble because php symfony configure:database is not defined	21:58
genii-around	lenios: Try to mv a dir containing 2Gb of files, then try to rm -rf it :)	21:58
RoyK	ZacLnxNewb: not annoyed - just asking you to google before asking here	21:59
patdk-lap	genii-around, that all depends :)	21:59
patdk-lap	1 2gb file, rm is faster	21:59
patdk-lap	500 4k files, probably the same	21:59
ZacLnxNewb	RoyK: I have thoroughly, and I've created multiple working examples, but speed is questionable. I don't have the proper hardware to test the speeds.	22:00
genii-around	patdk-lap: Just that I have video surveillance files which need purging now and then in chunks of up to around 200Gb but to rm-rf is way long. I'm thinking if i ramdisk-rm them in manageable chunks no larger than my actual free ram could be better	22:01
patdk-lap	all it's doing is caching the inodes	22:01
RoyK	ZacLnxNewb: do as you please	22:01
patdk-lap	so the rm goes faster	22:01
patdk-lap	but it shouldn't make a difference at all	22:01
patdk-lap	what would be better is writing those files with extents	22:01
genii-around	Hmm	22:02
patdk-lap	instead of lots of random block locations that take rm so long to clean	22:02
ZacLnxNewb_	RoyK: I'm just worried about being able to handle even 100 users effeciently	22:02
ZacLnxNewb_	RoyK: flockdraw.com	22:02
RoyK	ZacLnxNewb_: whn	22:03
RoyK	erm	22:03
RoyK	ZacLnxNewb_: what sort of application?	22:03
ZacLnxNewb_	something similar to flockdraw.com	22:03
RoyK	well, go on	22:04
ZacLnxNewb_	RoyK: I managed to get myself involved with several programmers working on a moderation system and several modified clients.	22:05
patdk-lap	genii-around, or you could use xfs, it's fast at deletes	22:05
ZacLnxNewb_	RoyK: The official project flockdraw.com is pretty much a dead end, and won't be going anywhere	22:06
lenios	ZacLnxNewb_, 100 users shouldn't be a problem	22:06
lenios	depends on hardware and how you code it though	22:06
ZacLnxNewb_	lenios: RoyK Let's put it this way, flockdraw.com seems to have open about 1500 rooms at a time, with up to 10 users per room. On top of that the application uses a lot of bandwidth.	22:08
ZacLnxNewb_	RoyK: and I'm stuck in the instructions where you configure what database to use with the application, "configure:database is not defined"	22:10
genii-around	patdk-lap: The xfs is a good lead, thanks	22:10
patdk-lap	genii-around, if you want to read more, just google mythtv delete :)	22:13
genii-around	patdk-lap: I'm using Zoneminder, but same idea, yeah :)	22:13
=== WinstonSmith_ is now known as WinstonSmith

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!