[01:32] <benlake> anyone know of a channel for mdadm before I rattle off here?
[01:33] <patdk-lap> my mdadm seems to love the /dev/sd* chanels
[01:33] <patdk-lap> channels
[02:36] <idleman> !dlem@n
[02:37] <ball> That was odd.
[02:38] <Pici> Indeed.
[07:00] <fluvvell> ping
[08:44] <twb> Is there *any* reason to use external sftp over internal-sftp?
[09:47] <zephlit> first time installation novice user... setting up a LAMP stack. need basic security tips. anyone?
[09:48] <bicranial> zephlit: public web server?
[09:49] <zephlit> yes but trying to learn, not just get it running :D so i wanted to do everything "correctly"
[09:49] <zephlit> it will be hosting sites that i previously relied on a web-hosting service to do...
[09:50] <bicranial> physical server or VPS?
[09:50] <zephlit> VPS... what would the difference be? (jw)
[09:53] <bicranial> well if it were a local server in your home/office then you'd want it in a DMZ..
[09:54] <zephlit> ahh i see. i misinterpreted the question... so "in a data center or in home/office" haha
[09:54] <zephlit> or physical server or VPS/dedicated
[09:54] <zephlit> :P
[09:55] <bicranial> sorry, I should've been clearer there...
[09:56] <twb> Why break the habit of a lifetime
[09:56] <bicranial> have you looked for tutorials/howtos?
[09:57] <twb> A basic security tip would be: don't run PHP
[09:57] <zephlit> yeah i have... i've done a few steps already. creating a new user, disabling root for ssh (should i disable root for the OS?), iptables, seprate group for ssh login
[09:57] <zephlit> twb: what if I needed php for future applications? are you suggesting an alternative
[09:57] <twb> "The National Vulnerability Database maintains a list of vulnerabilities found in computer software. The overall proportion of PHP-related vulnerabilities on the database amounted to: 20% in 2004, 28% in 2005, 43% in 2006, 36% in 2007, 35% in 2008, and 30% in 2009."
[09:58] <twb> http://en.wikipedia.org/wiki/PHP#Security
[09:58] <zephlit> wow haha thats crazy-- but controversial to just say "don't run php"?...
[09:59] <twb> No, controversial is advocating removing .com and all the assholes that are ruining my PERFECTLY GOOD military network
[09:59] <zephlit> LOL. kk i'm still in the basics of learning how to SET UP a web server hahaha
[09:59] <zephlit> thats a story for another day
[09:59] <zephlit> at least for me :P
[10:00] <twb> busybox httpd -p 8080
[10:00] <twb> Done.  You now have a webserver exporting the current working directory, with your current user's privileges, on port 8080.
[10:00] <zephlit> rofl i just googled what busybox was on my webserver... absorbing
[10:01] <twb> Unfortunately Ubuntu's always-installed busybox is a bit crippled compare to Debian's :-/
[10:01] <zephlit> see would i be able to set up virtual hosts with that
[10:02] <zephlit> lmao i have multiple domains
[10:04] <zephlit> you're probably like 'ogm' ... intentionally misspelled.  ahhhhhhhhhh (cry)
[10:05] <zephlit> i'm just looking to learn... =/ basics, security. ive done a bit of reading before coming here. someone spare me!
[10:08] <bicranial> have a read through a few tutorials/guides like: http://www.andrewault.net/2010/05/17/securing-an-ubuntu-server/
[10:09] <zephlit> thanks :D
[10:10] <bicranial> I'd suggets setting up a test env in a VM on your PC/notebook
[10:10] <twb> There was a good article somewhere by an OpenBSD-type weenie, whose main gist was "applying security updates is dumb... it is better to NOT RUN services you don't need, and pick security-oriented implementations of the services you DO need."
[10:11] <twb> zephlit: also #ubuntu-hardened
[10:11] <zephlit> ic... is hardened about security?
[10:12] <twb> Yes
[10:12] <twb> "hardening" means making a system more secure
[10:12] <zephlit> lol
[10:12] <zephlit> thx
[10:16] <zephlit> i'm liking UFW because the readings i've had on iptables meant going back and reading them a few more times... lol
[10:17] <twb> Talk to #netfilter about it
[10:17] <twb> Most iptables documentation is utter crap
[10:17] <twb> ufw is reasonably sensible, as long as you just need to whitelist/blacklist a few addresses/ports
[10:18] <zephlit> :D you're so rebellious against ... everything. its fun to hear
[10:18] <twb> I'm a grumpy old man
[10:18] <zephlit> ha. i wanna be like you one day
[10:20] <zephlit> oops... locked myself out of my VPS. time to access the out-of-band console -.-
[10:20] <zephlit> out of the SSH*
[10:23] <zephlit> question : is read-only determined by chmod parameters or something else?
[10:23] <twb> bicranial: that URL advocates "nmap localhost", which is obviously flaky.  It'd be better to test from an endpoint outside the local network.  I'd also do SSH rate limiting and port scan detection directly in netfilter, but that's just me.  Other than that, a reasonable article.
[10:23] <twb> zephlit: that depends.
[10:23] <zephlit> on?
[10:24] <twb> zephlit: on a default Ubuntu 10.04 server, it'll be governed by POSIX DACs (what you call "chmod"), and by apparmor for specific services (e.g. squid).
[10:24] <twb> Apparmor being an LSM MAC.
[10:24] <twb> http://en.wikipedia.org/wiki/Discretionary_access_control, http://en.wikipedia.org/wiki/Mandatory_access_control
[10:24] <zephlit> nmap localhost... ill ignore that part then
[10:27] <bicranial> twb: agreed
[10:28] <zephlit> okay so it was MAC is be dealin withs' :/
[10:28] <zephlit> i's*
[10:28] <twb> Unlikely
[10:29] <twb> But if so, there'll be a report in /var/log/klog with the string "audit"
[10:31] <zephlit> nope nvm :/ gonna go sleep. thx for the help twb -- i like the in depth-ness a lot :D
[11:01] <markitoxs> hello
[11:02] <markitoxs> i was wondering for a recommendation in doing HOT backups, without LVM, is it possible?
[11:26] <RoyK> markitoxs: what do you mean hot backup?
[11:27] <patdk-lap> royk, a backup where you don't shutdown the fs
[11:28] <patdk-lap> where everything is still running live on the system, while you back it up
[11:28] <RoyK> Anyone here using NIS? We're seeing wierd problem across a set of servers/workstations: Accessing files works well, but setting file rights, as with chgrp somegroup somefile, does _not_ work, even if the user is member of that group
[11:28] <RoyK> patdk-lap, markitoxs: that should work well for most systems, except perhaps databases
[11:29] <RoyK> database files shouldn't be backed up directly on most DBs
[11:29] <RoyK> make a dump, then backup that
[11:29] <andreasf> markitoxs: R1Soft CDP is a nice (commercial) solution.
[11:30] <patdk-lap> royk, running nscd?
[11:30] <markitoxs> sorry guys, was away from the screen
[11:30] <markitoxs> yeah, i have only found R1Soft, that seems quite good
[11:30] <markitoxs> i wish there was a simple way to migrate to LVM
[11:30] <andreasf> markitoxs: It has an addon for hot MySQL backups.
[11:30] <RoyK> patdk-lap: nope - at least not on those I have installed
[11:31] <RoyK> markitoxs: just create a dump and back that up
[11:31] <RoyK> for ordinary files, hot backup shouldn't be a problem
[11:31] <RoyK> it's not like M$ where files are locked
[11:32] <markitoxs> well, its an asterisk server
[11:32] <RoyK> that shouldn't be a problem either
[11:32] <RoyK> asterisk is only text files
[11:32] <patdk-lap> that would be even simpler
[11:32] <RoyK> plus perhaps a database
[11:32] <patdk-lap> and voice recordings :)
[11:32] <markitoxs> so, we have backups at the moment, dumping the whole FS
[11:32] <RoyK> yeah
[11:32] <markitoxs> into a tar.gz file
[11:32] <markitoxs> but seems there could be room for improvement
[11:32] <RoyK> markitoxs: why don't you use something like bacula?
[11:33] <RoyK> markitoxs: if you have a database in the asterisk setup, make a cron job to dump that with mysqldump/pg_dump and then back that up
[11:34] <RoyK> andreasf: should nscd help?
[11:35] <markitoxs> Im more interested in mirroring the system
[11:35] <markitoxs> I have a DB replication setup
[11:35] <patdk-lap> markitoxs, well, use rsync
[11:36] <markitoxs> i just wanna know what your opinion is on that
[11:36] <patdk-lap> don't use rsync on the database
[11:36] <markitoxs> oh yeah, learned that the hard way
[11:37] <markitoxs> Bacula looks really good, btw
[11:38] <markitoxs> andreasf, did you say there is a plugin for MySQL for R1Soft CDP?
[11:39] <andreasf> markitoxs: Yes, it's nice. I used it for backup of a several hundred GB large DB for a large community.
[11:42] <RoyK> http://pastebin.com/kYPS0N0D <-- file rights look good, but chmod doesn't work
[11:42] <RoyK> any ideas?
[11:43] <RoyK> http://karlsbakk.net/nfs-probs.pcap
[12:02] <patdk-lap> heh? ls -ld .
[12:04] <soren> RoyK: You are chgrp'ing, not chmod'ing.
[12:06] <patdk-lap> chmod?
[12:07] <soren> chmod!
[12:07] <RoyK> soren: yes, sorry, that's the problem
[12:07] <soren> Sorry, what's the question?
[12:07] <RoyK> chgrp should work
[12:07] <soren> Why?
[12:07] <patdk-lap> I don't get the why chmod :)
[12:07] <soren> patdk-lap: BEcause that's what he asked about.
[12:07] <soren> patdk-lap: 11:42 < RoyK> http://pastebin.com/kYPS0N0D <-- file rights look good, but chmod doesn't work
[12:07] <RoyK> patdk-lap: chmod works, chgrp doesn't
[12:07] <soren> RoyK: It's not expected to.
[12:08] <RoyK> soren: it certainly is
[12:08] <patdk-lap> oh heh :)
[12:08] <patdk-lap> I didn't even notice anything after the url
[12:08] <RoyK> soren: it works locally, but not if the filesystem is mounted over nfs
[12:08] <soren> RoyK: orly?
[12:08] <RoyK> so long that the user is member of the target group, chown should work
[12:08] <RoyK> soren: yes, really
[12:08] <RoyK> chown/chgrp
[12:09] <RoyK> chown :newgroup / chgrp newgroup
[12:09]  * soren stares at the code again..
[12:09] <RoyK> sec - I'll pastebin another example
[12:10] <soren> RoyK: Oh, right. I see it now.
[12:10] <soren> I misread a && for a !!.
[12:10] <soren> Err..
[12:10] <soren> heh.
[12:10] <soren> For a ||, of course.
[12:11] <RoyK> http://pastebin.com/MAz02dmd
[12:11] <RoyK> that shows local test and test over nfs
[12:16] <soren> I'm not sure how that's meant to work over nfs, really.
[12:16] <soren> Group membership is a process attribute.
[12:16] <soren> ..and since the process trying to do the chgrp is on another host, it obviously can't check whether the group membership is valid.
[12:17] <soren> RoyK: ^
[12:19] <soren> RoyK: Which nfs version is this?
[12:53] <RoyK> soren: 3
[12:56] <soren> RoyK: :(
[12:58] <RoyK> soren: seems local groups (defined in /etc/group) works, but that's about it
[12:58] <lieuwe> i'm trying to set a mailserver up on my server, but for some reason when mailing something to it, i get a "delivery delayed" message the next day, and a "delivery failed" message the day after that, what gives?
[13:16] <patdk-wk> lieuwe, what gives? your lack of stating the problem :) logs?
[13:17] <lieuwe> patdk-wk: lol, http://codepad.org/R42mWHep
[13:17] <patdk-wk> looks pretty self explanitory to me: No route to host
[13:18] <lieuwe> patdk-wk: that doesnt mean anything to me tho, first time i'm setting a mailserver up.
[13:18] <patdk-wk> that has nothing to do with mailservers
[13:18] <patdk-wk> it's an ip thing
[13:19] <patdk-wk> it looks like your attempting to run a mailserver at home
[13:19] <patdk-wk> and most isp's don't allow that
[13:19] <patdk-wk> therefor it doesn't work
[13:19] <lieuwe> patdk-wk: where could i check if my isp allows it?
[13:20] <lieuwe> (it's pretty lax with other stuff)
[13:20] <greppy> is 82.161.50.114 your current IP?
[13:20] <lieuwe> greppy: yeahs
[13:21] <lieuwe> greppy: static ip :-3
[13:21] <soren> RoyK: You're using the nfs3 server in the kernel, right?
[13:22] <RoyK> soren: yes
[13:22] <greppy> lieuwe: I think they are blocking inbound port 25, I can hit port 110, get dovecot response, but 25 gets no route to host.
[13:22] <soren> RoyK: And you say it works for groups in /etc/group?
[13:22] <RoyK> soren: yes
[13:22] <soren> RoyK: On the server, you mean?
[13:22] <soren> Ah..
[13:23] <patdk-wk> ya, but I'm getting a tcp reject
[13:23] <soren> Hmm..
[13:23] <lieuwe> greppy: lemme check mah firewall
[13:23] <patdk-wk> shouldn't that mean he isn't running a mailserver on his system
[13:23] <RoyK> soren: writing a test program now...
[13:23] <patdk-wk> cause a firewall and stuff should do icmp rejects, not tcp
[13:23] <greppy> patdk-wk: could be stopped at the router.
[13:24] <lieuwe> greppy: lol, my port 25 is indeed closed, lemme try and open it up
[13:24] <soren> RoyK: As far as I can see, only nfs4 makes any attempt at transfering group info.
[13:24] <lieuwe> greppy: could you try port 25 again?
[13:24] <soren> RoyK: So for nfs versions lower than 4, it looks like only the current fsgid applies.
[13:24] <greppy> lieuwe: that works :)
[13:25] <soren> RoyK: I have a bit of a hard time following the code in some places, though.
[13:25] <RoyK> soren: that sucks, but it makes somewhat sense to what I see
[13:25] <lieuwe> greppy: okay, then that probably was the problem
[13:25] <soren> RoyK: nfs4 fixes a *lot* of these problems.
[13:25] <patdk-wk> connection refused, now it's a firewall issue :)
[13:26]  * patdk-wk loves getting refused
[13:26] <patdk-wk> reminds me of all the women
[13:29] <lieuwe> now it gives "Relay access denied", wtf did i do wrong this time?
[13:30] <greppy> lieuwe: that's a postfix configuration issue.
[13:31] <lieuwe> greppy: well, fck
[13:31] <lieuwe> greppy: what config should i be looking at?
[13:31] <greppy> you just want it answering for dikzak.dyndns.org?
[13:32] <greppy> can you paste the contents of your /etc/postfix/main.cf?
[13:34] <lieuwe> greppy: http://pastebin.com/qxd4bhbC
[13:35] <greppy> lieuwe: mydestination = server.fritz.box, localhost.fritz.box, localhost
[13:35] <greppy> that's why, you need to put the hostname you want to recieve mail for there.
[13:40] <lieuwe> greppy: got it working now, thanks.
[13:49] <RoyK> soren: that doesn't make sense - I can chgrp from root with no_root_squash - or will that bypass checking the GID?
[13:50] <RoyK> soren: forget it...
[13:53] <RoyK> soren: still, if the groups weren't sent, why can I change a file, but not it's group?
[13:58] <soren> RoyK: "change a file" means what?
[13:58] <RoyK> echo wtf >> somefile
[13:58] <soren> So the contents?
[13:58] <RoyK> yes
[13:58] <soren> Different types of checks.
[13:58] <RoyK> right - I can't chmod the file even if the group I'm in has rw
[13:59] <RoyK> that is, not the primary group, one of the others
[13:59] <soren> The check for whether you can change ownership is quite a bit more complex than the one that checks if you can change the contents of the file.
[14:00] <soren> The logic is completely different.
[14:00] <soren> You can't chown at all if you're not root, for instance.
[14:01] <soren> Well, you need to have CAP_CHOWN, relly.
[14:01] <soren> really.
[14:01] <RoyK> soren: seems to be a linux problem on the client, really
[14:01] <RoyK> it works from a solaris client
[14:02] <soren> Same uid/gid?
[14:02] <RoyK> yes
[14:02] <RoyK> soren: same NIS domain
[14:02] <soren> Wow. NIS?
[14:02] <RoyK> I said that initially
[14:03]  * soren checks his calender
[14:03] <RoyK> it takes some time to convert a truckload of servers/clients to something else
[14:03] <RoyK> and there's a lot of things more pressing than that...
[14:03] <soren> It's been a few years since NIS went out of style, to be honest :)
[14:04] <RoyK> well, it's still a package
[14:04] <soren> RoyK: We also have a gopher server in the archive... :)
[14:05] <RoyK> soren: now, _that_ is ancient :)
[14:05] <soren> RoyK: Just saying that being packaged doesn't say much about the technology's currency. :)
[14:06] <lieuwe> i'm setting up my mailserver, but on receiving mail i get "mail_location not set and autodetection failed" from dovecot.
[14:28]  * soren has never heard of /etc/mailhelo
[14:29] <patdk-wk> maybe he means /etc/mailhost
[14:31] <patdk-wk> oh, /etc/mailname is what I'm thinking of
[14:36] <soren> ScottK: Have you hear of /etc/mailhelo? (re bug 638810)
[14:36] <soren> *heard
[14:47] <zul> dannf: ping when you are around
[14:57] <acidflash> is is possible to mount 1 "folder" on several hdd's ?
[15:00] <compdoc> I suppose you could have a folder on each drive and sync them
[15:01] <acidflash> compdoc: how do i do that?
[15:02] <compdoc> well, rsync could do that, and be run from cron, or whatever service
[15:03] <patdk-wk> hmm, what is the definition of *mount one folder*
[15:04] <patdk-wk> rsync just makes a copy of one folder on several drives
[15:04] <patdk-wk> the mount bind command actually mounts one drive in many places
[15:04] <patdk-wk> simpler than rsync would just be symlink
[15:04] <acidflash> patdk-wk: what i want to do is the following, i have a HD which I would like to serve files from, and I will be caching thing on this folder, I have about 4 x 1TB HD and 1 x 1.5TB HD
[15:04] <acidflash> I want all those disks to cache in "one folder"
[15:04] <acidflash> that I will tell my web server that your root dir is this folder
[15:04] <acidflash> i know that i can use raid
[15:05] <acidflash> but I want to know if there is an easier way
[15:05] <patdk-wk> oh, so you want all the *files* in the one directory to be split over all the drives
[15:05] <patdk-wk> raid is the easy, and is the only way that will give you any real performance increase
[15:05] <resno> acidflash: greyhole
[15:05] <patdk-wk> other ways would be lvm
[15:05] <acidflash> pat: yes
[15:06] <resno> check out greyhole
[15:06] <acidflash> resno: ok I will read about it!
[15:06] <resno> i dont use it, but ive read about it. and it seems to match your needs
[15:06] <resno> a friend uses it and hasnt had any problems
[15:07] <acidflash> yeah almost exactly
[15:34] <smoser> Daviey, had you seen bug 615442
[15:35] <Daviey> smoser, yeah...
[15:36] <Daviey> smoser, it was left with upstream making a change to their setup.py of their python module...
[15:36] <smoser> upstream who?
[15:36] <Daviey> smoser, there really needs to be a new binary package...
[15:37] <Daviey> smoser, euca.
[15:37] <smoser> there is no setup.py for eucalyptus
[15:37] <Daviey> smoser, exactly.
[15:37] <smoser> well, thats more than "a change" :)
[15:38] <smoser> so anyway, that really should be fixed.
[15:38] <Daviey> introducing new files = change :)
[15:38] <Daviey> smoser, i really don't think it'll get fixed for maverick
[15:38] <Daviey> natty.. yes
[15:38] <smoser> well, it should be fixed for natty, and then, i can't imagine the fix is intrusive
[15:38] <smoser> so it wouldn't be bad to get it back, but natty first.
[15:39] <Daviey> smoser, if the issue was in lucid.. i'd agree... but SRUing Maverick for that seems non-essential
[15:40] <Daviey> smoser, it would be nicer to find out why euca is FTBFS'ing in natty first :)
[15:40] <smoser> i didn't know that.
[15:40] <smoser> agreed.
[15:41] <Daviey> annnnndd...... dhcpd is broken aswell
[15:41] <Daviey> all in... it's a mess :)
[15:42] <smoser> so you've got some work to do then, my friend.
[15:42] <smoser> :)~
[16:05] <zul> ^^^ yes please :)
[16:36]  * SpamapS stretches
[16:52] <RoAkSoAx> SpamapS: /win 6
[16:52] <RoAkSoAx> arrgh
[16:52] <RoAkSoAx> SpamapS: morning btw :P
[16:54] <SpamapS> RoAkSoAx: hah good morning :)
[16:57] <RoAkSoAx> SpamapS: btw.. do you know of any USB to VGA adapter to be able to connect another external Monitor?
[17:01] <genii-around> RoAkSoAx: I have one from StarTech that works under 8.04
[17:02] <SpamapS> RoAkSoAx: no I'm an apple fanboi when it comes to hadware. ;)
[17:02] <SpamapS> hardware too :)
[17:02] <RoAkSoAx> genii-around: yeah I was looking at that one and seems to work well with Ubuntu
[17:03] <RoAkSoAx> SpamapS: yeah but I IIRC you mentioned something about one in Dallas...
[17:04] <cocoa117> is ubuntu-virt channel died?
[17:04] <cocoa117> should we all move over to ubuntu-server?
[17:04] <SpamapS> RoAkSoAx: no, the one I mentioned in Dallas is mini-DVI to DVI
[17:05] <RoAkSoAx> SpamapS:besides that, I think you mentioned that you saw someone... but anyawys, I can be mistaken :P
[17:08] <SpamapS> RoAkSoAx: quite possible.. I talk way too much
[17:08] <RoAkSoAx> lol
[17:51] <ZacLnxNewb> hi
[17:55] <SpamapS> ZacLnxNewb: hi!
[17:55] <ZacLnxNewb> SpamapS: I'm looking for advice >.>
[17:57] <ZacLnxNewb> SpamapS:  I'm attempting to make an online store using mysql and php
[17:57] <ZacLnxNewb> SpamapS: However I have no experience doing this, and would like to know what to watch out for
[17:58] <ZacLnxNewb> SpamapS: I have little experience with mysql, I can handle php.
[18:00] <RoyK> ZacLnxNewb: look for systems already made - it'll probably save you a lot of headache
[18:01] <zul> dannf: ping
[18:01] <ZacLnxNewb> RoyK: aye, that's no challenge. :p
[18:01] <dannf> zul: hey
[18:02] <RoyK> ZacLnxNewb: no, but it'll save you a lot of work, and building online stores means you need to know a few things about PHP security
[18:02] <zul> dannf: i had a look at your multipath branch if you can clean that up a bit i will be happy to upload it for you
[18:02] <ZacLnxNewb> RoyK:  I'm sure I could do it, using php to interface with mysql for inventory and user logins.
[18:03] <RoyK> ZacLnxNewb: sure, but an online store will be open to the internet - what do you do to prevent SQL injection? cross-site scripting?
[18:03] <SpamapS> ZacLnxNewb: there's your advice. :)
[18:03] <RoyK> if you know these things, sure, but if you don't, it may be rather expensive to try yourself
[18:03] <SpamapS> ZacLnxNewb: if you use a framework.. (in the right way) then you'll be better off too. I like Symfony and Zend.
[18:04] <ZacLnxNewb> RoyK:  how does sql injection work?
[18:04] <RoyK> lol
[18:05] <RoyK> http://xkcd.com/327/
[18:06] <RoyK> ZacLnxNewb: ^ That's a good example
[18:06] <RoyK> there are other less trivial examples, though
[18:06] <ZacLnxNewb> RoyK: I learned to watch out for that when I made comment scripts in the past.  Caught people inserting css code to add effects.
[18:07] <ZacLnxNewb> RoyK:  It's easy enough to strip all input of all un-needed characters, or store the characters in a nonthreatening form.
[18:08] <RoyK> ZacLnxNewb: just use something that's proven to work - otherwise you'll spend three times the time, or more, and probably end up with something far less usable
[18:08] <RoyK> ZacLnxNewb: there's a good reason there's only one linux kernel tree :P
[18:09] <ZacLnxNewb> RoyK:  how lazy. :p  using such short cuts
[18:09] <RoyK> ZacLnxNewb: not really - just use a platform that works and add to that
[18:09] <ZacLnxNewb> RoyK:  apart from mysql injection and restricted access to php files, what else should I watch for?
[18:10] <ZacLnxNewb> RoyK:  I will take your suggestion, but I do want to know how it works
[18:10] <RoyK> cross site scripting can be quite bad
[18:10] <RoyK> look it up
[18:12] <SpamapS> ZacLnxNewb: if thats lazy, then so is using Ubuntu. You should be using LinuxFromScratch.
[18:12] <RoyK> ZacLnxNewb: also, I really do understand that you want to write it from scratch, most newbies want that, just to do it, but with the current frameworks available, it's not really a good idea. It might have been a good idea ten years ago, but not really now
[18:13] <ZacLnxNewb> RoyK: SpamapS  Cross site scripting would involve cookies and client side storage, I was planning on doing everything server-side
[18:13] <ZacLnxNewb> RoyK: With very limited user input
[18:14] <RoyK> ZacLnxNewb: I've just been in this game for 15 years - I'm only trying to give you some simple advice - but do as you please...
[18:14] <ZacLnxNewb> RoyK:  Oh, I'm listening, honestly, and I will take your advice, but I keep on because I want to know how it all works. :p
[18:15] <RoyK> I built a netshop in perl some 13 years ago, and beleive me, it was a very good thing we didn't accept credit cards on that one
[18:15] <ZacLnxNewb> RoyK: This store would only use paypal
[18:15] <RoyK> ZacLnxNewb: you still need a secure API to interface with paypal
[18:16] <RoyK> otherwise that can be abused as well
[18:19] <RoyK> ZacLnxNewb: http://www.dvwa.co.uk/ <-- this is worth a few hours
[18:19] <RoyK> ZacLnxNewb: http://www.dvwa.co.uk/ <-- this is worth a few hours study, even
[18:19] <ZacLnxNewb> RoyK:  what programming languages do you know?
[18:20] <RoyK> currently, I mostly use php, C, some python, some fortran if I need to help others, C++ at gunpoint, javascript ...
[18:20] <RoyK> and perl, of course
[18:20] <RoyK> always perl
[18:20] <genii-around> Heh, C++ at gunpoint...
[18:20] <ZacLnxNewb> RoyK: mwaha, C++ at gunpoint, is it really that bad?
[18:20] <RoyK> ZacLnxNewb: no, but I like C better :P
[18:21] <RoyK> for web stuff, I use php/javascript with some DB backend
[18:21] <RoyK> but trying to learn more Python
[18:22] <RoyK> looks like a good language for most use, and a little cleaner than perl
[18:22] <RoyK> not that _that_ says a lot, most languages are :P
[18:23] <genii-around> Is there like a CPAN kind of idea for python?
[18:23]  * RoyK currently doesn't do much coding, more operations, storage etc
[18:24] <RoyK> genii-around: there is, but I can't remember the name of it...
[18:24] <genii-around> OK, cool
[18:24] <RoyK> try asking on #python
[18:26]  * RoyK hands pennyless a penny
[18:26] <RoyK> avis: wb
[18:27] <avis> thank you
[18:27] <RoyK> did you get my email?
[18:27] <avis> i sure did
[18:27] <avis> i have not read it thoroughly though
[18:27] <avis> i will be getting comcast on friday so no more port 80 blocked
[18:28] <RoyK> ah
[18:28] <avis> i really do not like at&t at all
[18:28] <avis> thank you for extending your help
[18:28] <avis> i really do appreciate it
[18:28] <RoyK> np
[18:28] <avis> hope your doing ok today
[18:28] <avis> my anxiety levels are up.  struggled with sleep last night.
[18:29] <RoyK> that's not good...
[18:29] <avis> i'm ok now tho
[18:29] <RoyK> avis: go for a 1-2 hour walk
[18:29] <RoyK> that helps
[18:29] <avis> i think i know how to manage one of my old medications to fix that
[18:29] <avis> ]i'd really needs meds then if i were to do so :)
[18:29] <avis> thank you tho
[18:30]  * RoyK has been taking some meds in his time, but there is little that helps better than going for a walk in the woods
[18:30] <avis> its very difficult to make a bowl of ramen appear before you without any effort, as simple as it is :)  anyway, i'll be pm topic from now on :)
[18:31] <avis> that sounds pleasant
[18:31] <RoyK> hehe
[18:31] <patdk-wk> !fetch ramen
[18:31] <avis> i was in a car accident, major, caused neurological and physiological damage
[18:31] <avis> thanks :)
[18:31] <patdk-wk> I want to fetch lunch :9
[18:31] <patdk-wk> :(
[18:31] <RoyK> avis: heh - I've been through a little myself - still, walking is my cure
[18:32] <patdk-wk> the fridge is in the hr office, and they are having a meeting in there right now :(
[18:32] <avis> that sounds very good.  i would not want to be upright for too too long due to my back
[18:32] <RoyK> avis: anyway - do you want a redirect before friday?
[18:39] <ZacLnxNewb> I somehow managed to burn all of my eggs
[18:39] <greppy> that's not that hard, just leave them on the stove too long.
[18:40] <SpamapS> ZacLnxNewb: btw if you manage to build a web store without cookies and without a horrible user experience.. you should share that with the world.. otherwise.. XSS is always a danger.
[18:40] <RoyK> ZacLnxNewb: apt-get install dragonegg
[18:44] <ZacLnxNewb> SpamapS:  here's my very first webpage effort.  http://beyondsight.sswgn.com/
[18:45] <RoyK> genii-around: pypi should be similar to cpan
[18:48] <ZacLnxNewb> SpamapS:  I'm fairly certain I can accomplish intuitive user experiences :p
[18:50] <lifeless> SpamapS: zul: what was the conclusion on the right way forward with ssl cache distribution?
[18:52] <ZacLnxNewb> Lols
[18:52] <ZacLnxNewb> http://i.imgur.com/em14R.jpg
[18:52] <ZacLnxNewb> that's hilarious
[18:53] <zul> lifeless: i packaged distcache this weekend it should be sitting in new
[18:53] <zul> lifeless: waiting for an archive admin to review
[18:53] <SpamapS> lifeless: Given that there's no set release date for apache 2.3, I think distcache is the simpler approach.
[18:53] <lifeless> zul: SpamapS: wooo! \o/
[18:54] <lifeless> that should be trivially backported to lucid, right ?
[18:54] <zul> lifeless: yep
[18:55]  * SpamapS wonders why we don't do more official backports for stuff like this
[18:55] <zul> lifeless: i had nothing better to do this weekend ;)
[18:55] <lifeless> is there a ppa you could drop that into as a lucid build? would save some [precious] sysadmin time backporting it to CAT
[18:55] <lifeless> zul: I'm extremely happy
[18:55] <zul> SpamapS: because we dont have the man power
[18:55] <SpamapS> zul: maybe we should make backports take less man power.
[18:55] <lifeless> you guys might like this - http://people.ubuntu.com/~lifeless/showtime.png
[18:55] <lifeless> its going to show for devs only
[18:55] <lifeless> at least to start with
[18:56] <zul> SpamapS: right but it takes man power to make things more automated
[18:56] <zul> lifeless: cool!
[18:56] <SpamapS> lifeless: mmmmm metrics
[18:57] <lifeless> indeed
[18:57] <SpamapS> I also think PPA's have alleviated any real need for comprehensive backporting
[18:57] <sidnei> lifeless, neat. we have something like that for landscape, except the javascript broken because it's not enabled by default.
[18:58] <lifeless> sidnei: nice. Thats what we already have in a comment in every page, just shoved up top via js after the page is received
[18:58] <lifeless> we'll probably add browser overlay time etc to it
[18:58] <lifeless> but server side is our -huge- weakness atm
[18:59] <RoyK> server side is whose weakness_
[18:59] <RoyK> s/.$/\?/
[18:59] <lifeless> launchpads
[18:59] <RoyK> k
[19:00] <lifeless> zul: so I think this got lost in a burst of chatter - any chance you could upload it to a lucid series in a ppa ?
[19:00] <zul> lifeless: consider it done
[19:00] <lifeless> fantastic! thank you,
[19:00] <lifeless> s/,/./
[19:03] <SpamapS> lifeless: note that another method of doing this (if, for some reason this doesn't work out) is to use ipvs and have it source-hash schedule connections... http://kb.linuxvirtualserver.org/wiki/Source_Hashing_Scheduling
[19:04] <zul> lifeless: https://launchpad.net/~zulcss/+archive/distcache-lucid should be there in a couple of hours
[19:05] <lifeless> zul: \o/
[19:07] <shadow42085> I am getting this error Error opening Private Key smtpd
[19:07] <shadow42085> 1822:error:02001002:system library:fopen:No such file or directory:bss_file.c:356:fopen('smtpd','r')
[19:07] <shadow42085> 1822:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:358:
[19:07] <shadow42085> unable to load Private Key
[19:07] <shadow42085> any ideads?
[19:08] <shadow42085> I am following the help.ubuntu.com/community/Postfix
[19:10] <pmatulis> shadow42085: looks like the application (postfix) and the openssl tool disagree on where things are located
[19:11] <shadow42085> I maybe missing the saslauthd program
[19:15] <shadow42085> so how do I fix this issue
[19:21] <shadow42085> my smtpd.key is located at /home/shadow42085
[19:22] <shadow42085> is this the right foldler or does it belong somewhere else?
[19:24] <shadow42085> nevermind I found the issue
[19:25] <shadow42085> I missed the .key after smptd
[19:26] <ahe> is it possible to make a lvm of a kvm host available to the guest such that the guest can create new logical volumes?
[19:27] <DaBeast> hi guys
[19:27] <shadow42085> hi
[19:28] <DaBeast> i just installed ubuntu server on my laptop, with the mind of creating a torrent seedbox
[19:28] <DaBeast> but, during the installation i accedently selected irda0 as a network device
[19:28] <DaBeast> apperently it doesnt recognize eth0, and wlan0 is broken
[19:29] <DaBeast> so, how can i fix this?
[19:33] <DaBeast> this is my first linux expierence heh
[19:33] <DaBeast> also, when using a usb wifi dongle, it doesnt show up at ifconfig
[19:34] <RoyK> DaBeast: pastebin 'ifconfig -a'
[19:34] <RoyK> !pastebin
[19:35] <shadow42085> I am being asked for a pem pass what is that?
[19:35] <shadow42085> pem pass phrase**
[19:36] <DaBeast> RoyK: how am i supposed to pastebin it? :p
[19:36] <DaBeast> type it over? its kind of a long list xD
[19:36] <RoyK> use a serial console :)
[19:37] <RoyK> DaBeast: what interfaces does ifconfig -a list?
[19:37] <DaBeast> eth0, irda0, lo, wifi0,wlan0,wlan1
[19:37] <DaBeast> maybe more, its off screen
[19:38] <DaBeast> serial console = ssh?
[19:38] <shadow42085> DaBeast run Terminal
[19:38] <DaBeast> well, its on my laptop :p
[19:39] <DaBeast> i'm entering commands on my laptop, hehe
[19:39] <RoyK> DaBeast: if you have eth0, does it have an IP address?
[19:39] <shadow42085> just open a Terminal from Accesories
[19:39] <shadow42085> the type in ipconfig -a list
[19:39] <RoyK> shadow42085: if he was able to run ifconfig -a, he certainly has a terminal open
[19:39] <DaBeast> shadow42085: i'm running the server edition of ubuntu :p
[19:40] <DaBeast> RoyK: nope, no ip
[19:40] <RoyK> DaBeast: have you set a static ip, or are you waiting for a dhcp reply?
[19:40] <RoyK> DaBeast: btw, serial console != ssh
[19:41] <RoyK> serial console means good-old serial port (perhaps over usb)
[19:41] <DaBeast> no idea, at installation it was trying to auto detect dhcp, then i manually tryd to set up a connection (but i selected irda0 lol, there was no eth0)
[19:42] <RoyK> DaBeast: edit /etc/network/interfaces
[19:42] <DaBeast> i went there, theres only lo and irda0 there
[19:42] <DaBeast> with nano*
[19:43] <RoyK> DaBeast: http://pastebin.com/pBdi7CBU
[19:43] <RoyK> that's an example
[19:43] <RoyK> taken from this box
[19:45] <DaBeast> when i do edit /etc/network/interfaces it says unknown mine-type or something
[19:45] <RoyK> dollarbang: never mind that
[19:46] <DaBeast> at /etc/network/interfaces i only see the loopback interface and irda0
[19:46] <RoyK> dollarbang: just add eth0 there
[19:47] <RoyK> as from what I pasted
[19:49] <DaBeast> ah, i see, let me test that
[19:50] <DaBeast> whats this broadcast?
[19:50] <RoyK> never mind that
[19:50] <RoyK> it's the network xor netmask IIRC
[19:50] <RoyK> as in, if you have 192.168.0.0/24, the broadcast is 192.168.0.255
[19:51] <RoyK> or, if you have 192.168.0.0/23, the broadcast is 192.168.1.255
[19:51] <RoyK> et cetera
[19:51] <RoyK> but it's not critical
[19:52] <DaBeast> k, thanks
[19:52] <DaBeast> hmm, when i try to save the file it says unable to write file
[19:52] <DaBeast> i guess i should have used sudo nano? :p
[19:52] <RoyK> heh - yes
[19:53] <RoyK> a normal user can't write to /etc
[19:53] <DaBeast> darn :p
[19:53] <RoyK> just write the file to /tmp
[19:53] <RoyK> allowing all users to write to /etc would be - interesting......
[19:54] <maedox> RoyK: You should try it :P
[19:56] <RoyK> maedox: may you live in interesting times :)
[19:57] <maedox> Yepp, I'm sure it would bring some interesting startup issues at best. :D
[20:00] <RoAkSoAx> zul: symlinks s/win 11
[20:00] <RoAkSoAx> arrrggh
[20:00] <RoAkSoAx> sorry
[20:01] <RoyK> maedox: http://en.wikipedia.org/wiki/May_you_live_in_interesting_times
[20:01] <DaBeast> hmm, seems irda0 stays active even after i restarted it, restarting server
[20:02] <RoyK> DaBeast: if it's activated in /etc/network/interfaces, it will
[20:02] <RoyK> DaBeast: but do you get online on eth0?
[20:02] <maedox> RoyK: I see. I think we already do.
[20:04] <RoyK> :)
[20:05] <DaBeast> RoyK: restarted my laptop, yup
[20:05] <DaBeast> thanks man!
[20:06] <smoser> SpamapS, i would appreciate your input on bug 714807
[20:07] <RoyK> DaBeast: np :)
[20:08] <DaBeast> why was irda0 in there anyways xD who would want to use that as a primary device, rofl
[20:09] <SpamapS> smng
[20:10] <DaBeast> RoyK: about this serial console, do i "need" it?
[20:10] <RoyK> DaBeast: not really
[20:11] <RoyK> DaBeast: you need it if something goes really bad
[20:11] <DaBeast> i see
[20:11] <DaBeast> thx
[20:12] <DaBeast> now, how do i shut this down safely? xD
[20:12] <SpamapS> smoser: does cloud-init *have* to run before anything other than / is mounted?
[20:13] <DaBeast> sudo shutdown 1 gives me some kind of maintenance menu
[20:18] <DaBeast> i got it, it was halt :p
[20:23] <shadow42085> I am trying change postfix to use port 578 instead of port 25 since my blocks port 25
[20:23] <shadow42085> ISP**
[20:24] <pmatulis> shadow42085: nice
[20:29] <shadow42085> I meant to say 587
[20:30] <giovani> shadow42085: that's trivial to do -- I presume you mean for postfix to listen on port 587, and not to use that port for outbound SMTP connections for delivery?
[20:30] <RoyK> shadow42085: just google for it
[20:30] <shadow42085> yea
[20:31] <shadow42085> use port 587 for secure submissions
[21:01] <shadow42085> I can't seam to get telnet to produce the results I need after telnel localhost 587 any ideas o fix it
[21:03] <shadow42085> root@ubuntu:/home/shadow42085# telnet localhost 587
[21:03] <shadow42085> Trying ::1...
[21:03] <shadow42085> Connected to localhost.
[21:03] <shadow42085> Escape character is '^]' is all I am getting
[21:03] <guntbert> shadow42085: what should listen on 587?
[21:03] <shadow42085> postfix
[21:04] <guntbert> shadow42085: did you try to talk to it?
[21:04] <shadow42085> I added the line 587 inet n - n - - smtpd
[21:05] <shadow42085> to /etc/postfix/master.cf
[21:05] <guntbert> shadow42085: no, you have to talk smpt with it
[21:05] <shadow42085> how do I do that
[21:05] <SpamapS> smoser: commented on that upstart bug
[21:06] <guntbert> shadow42085: I'm too tired to teach you smtp, please look it up yourself (googling for smtp telnet  might be helpful)
[21:06] <shadow42085> I followed the help.ubuntu.com/community/postfix tutorial
[21:07] <smoser> danke.
[21:10] <b0ot> I have been trying to get a simple tftp sever running to back up my cisco configs for 4 hours. I have tried tftpd, atftpd, and tftp-hpa with no luck. Any ideas
[21:12] <pmatulis> b0ot: tftp-hpa is used a lot in ubuntu
[21:12] <b0ot> pmatulis, do you have any recent documentation... all of the stuff I found was so outdated the files were different when I went to edit the config
[21:13] <pmatulis> b0ot: no, it should be straight forward. maybe look at /etc/default/tftpd-hpa ?
[21:34] <RoAkSoAx> argghhh
[21:34]  * RoAkSoAx just erased all the work he has done today!! :(
[21:44] <ZacLnxNewb> RoyK: hey, I wanted to thank you for all of your help.
[21:46] <ZacLnxNewb> Does anyone know anything about server programming in python?
[21:47] <lenios> yes
[21:47] <lenios> do you want to know something?
[21:50] <ZacLnxNewb> lenios:  say I have a large application with up to 2000 simultaneous users, and I need commands/data to be distributed as possible, what would be the best way to handle that?
[21:51] <ZacLnxNewb> lenios: so far I've come up with using the select comamdn in python, to create read, write, and error lists used to process data
[21:51] <ZacLnxNewb> lenios: however, having literally thousands of users, would it also be fast enough to use mysql as well, RAM ?
[21:52] <ZacLnxNewb> lenios:  Because the user data/matrix would get quite large very quickly
[21:53] <lenios> you're handling distribution by hand?
[21:54] <lenios> you can use mysql, and put as much as you can in ram
[21:56] <genii-around> Hm. If you make a ramdisk, them mv stuff into it and then rm the ramdisk, is it faster than recursively rm on say 2Gb of files?
[21:56] <lenios> ZacLnxNewb, and 2000 simultaneous users is sure big, but it depends what they're doing
[21:56] <RoyK> ZacLnxNewb: google it
[21:56] <lenios> i don't see why mv would be faster than rm
[21:57] <RoyK> ZacLnxNewb: there's plenty of resources for python out there
[21:58] <ZacLnxNewb> RoyK:  :p you sound annoyed.
[21:58] <ZacLnxNewb> RoyK:  Also, symfony is giving me trouble because php symfony configure:database is not defined
[21:58] <genii-around> lenios: Try to mv a dir containing 2Gb of files, then try to rm -rf it :)
[21:59] <RoyK> ZacLnxNewb: not annoyed - just asking you to google before asking here
[21:59] <patdk-lap> genii-around, that all depends :)
[21:59] <patdk-lap> 1 2gb file, rm is faster
[21:59] <patdk-lap> 500 4k files, probably the same
[22:00] <ZacLnxNewb> RoyK:  I have thoroughly, and I've created multiple working examples, but speed is questionable.  I don't have the proper hardware to test the speeds.
[22:01] <genii-around> patdk-lap: Just that I have video surveillance files which need purging now and then in chunks of up to around 200Gb but to rm-rf is way long. I'm thinking if i ramdisk-rm them in manageable chunks no larger than my actual free ram could be better
[22:01] <patdk-lap> all it's doing is caching the inodes
[22:01] <RoyK> ZacLnxNewb: do as you please
[22:01] <patdk-lap> so the rm goes faster
[22:01] <patdk-lap> but it shouldn't make a difference at all
[22:01] <patdk-lap> what would be better is writing those files with extents
[22:02] <genii-around> Hmm
[22:02] <patdk-lap> instead of lots of random block locations that take rm so long to clean
[22:02] <ZacLnxNewb_> RoyK: I'm just worried about being able to handle even 100 users effeciently
[22:02] <ZacLnxNewb_> RoyK:  flockdraw.com
[22:03] <RoyK> ZacLnxNewb_: whn
[22:03] <RoyK> erm
[22:03] <RoyK> ZacLnxNewb_: what sort of application?
[22:03] <ZacLnxNewb_> something similar to flockdraw.com
[22:04] <RoyK> well, go on
[22:05] <ZacLnxNewb_> RoyK:  I managed to get myself involved with several programmers working on a moderation system and several modified clients.
[22:05] <patdk-lap> genii-around, or you could use xfs, it's fast at deletes
[22:06] <ZacLnxNewb_> RoyK: The official project flockdraw.com is pretty much a dead end, and won't be going anywhere
[22:06] <lenios> ZacLnxNewb_, 100 users shouldn't be a problem
[22:06] <lenios> depends on hardware and how you code it though
[22:08] <ZacLnxNewb_> lenios: RoyK  Let's put it this way,  flockdraw.com seems to have open about 1500 rooms at a time, with up to 10 users per room.  On top of that the application uses a lot of bandwidth.
[22:10] <ZacLnxNewb_> RoyK: and I'm stuck in the instructions where you configure what database to use with the application, "configure:database is not defined"
[22:10] <genii-around> patdk-lap: The xfs is a good lead, thanks
[22:13] <patdk-lap> genii-around, if you want to read more, just google mythtv delete :)
[22:13] <genii-around> patdk-lap: I'm using Zoneminder, but same idea, yeah  :)