uvirtbot`New bug: #798844 in cloud-init "Chef integration" [Medium,Fix committed] https://launchpad.net/bugs/79884401:02
=== medberry is now known as med_out
philipballewQUESTION: when installing ubuntu server, if i select ssh server during the instalation can i then after it installs un-plug it from my monitor hook it up to my cat5 and when still on the network ssh into it?01:43
twbIf you install the network-console udeb such that you complete the installation over SSH, yes.01:44
twbIf you mean you're picking "SSH Server" at the tasksel prompt, I'm not 100% sure, but I think the behaviour will be the same.01:44
philipballewi'd need to send the rsa cirtificts over the lan then after i finish twb01:45
twbUh, you mean ssh-copy-id?01:45
philipballewyes, that01:46
twbBy default sshd will allow password-based auth, so that will work.01:46
philipballewi can do that over ssh though01:46
twbAssuming you either assigned a root password or created a user with a password during the install process.01:46
philipballewi need to set up p.f. to still. need to think if is good enough for the server01:47
twbLinux doesn't use pf01:48
philipballewport forwirding01:48
philipballewnot packet filter01:49
twbWell, you should never use 192.168.1/24, .0/24, or
philipballewi had a bsd server once, not bad01:49
philipballewi figured so, but why?01:49
twbBecause everyone ELSE does that, and if you ever need to join two such LANs (e.g. VPN from one to the other), you will cry.01:49
twbTry echo 10.$((RANDOM%256)).$((RANDOM%256))/2401:50
philipballewi plan to use this server to connect to when i am at a college and their wirewalls are alloning me01:50
twbI don't know what "alloning" means.01:59
Piciactually, that doesn't make sense either.02:00
patdk-laptwb, I would say, 10 < x < 25002:09
patdk-lapwith routers using 192.168.0-3 being common02:09
patdk-lapalso can't use 192.168.100, or 10.0.10 cause of modems02:09
patdk-lapor was it 10.1.1002:10
twbpatdk-lap: that seems reasonable02:10
airtonixpatdk-lap: wut?02:10
patdk-lapwut language is that from?02:10
philipballewtwb, my keyboards messin with me. its allowing02:11
airtonixit's from the "you-talking-nonsense-and-i-need-clarification" language02:11
patdk-lapairtonix, go back to math class02:11
airtonix<patdk-lap> also can't use 192.168.100, or 10.0.10 cause of modems02:12
patdk-lapyou have never used a dsl or cable modem?02:12
airtonixmy modems must be awesome, because i have no problems using those networks02:12
twbpatdk-lap: probably he is sensible and puts them in bridge mode02:12
patdk-lapcan't put cable modem in bridge mode02:13
DanaGMy modem takes only precisely
DanaGANd it doesn't need to be specifically reachable, if you don't care about the status pages.02:13
twbpatdk-lap: I guess02:13
patdk-lapdanag, nope, I didn't say you couldn't use it02:13
DanaG100.1 isn't routable, so the router passes it upstream, and the modem intercepts it.02:13
airtonixDanaG: the power of faith is all you need?02:14
patdk-lapI just said it's perferably if you didn't02:14
patdk-lapif you ever care you check your status02:14
twbDanaG: I *hate* that02:14
DanaGOr what's worse:02:14
DanaGCable modems that have the status page actively DISABLED.02:14
twb"bridge" doesn't mean "bridge except for frames you feel like hijacking", you damn appliance02:14
DanaGBy the ISP.02:14
patdk-lapI hate ones that have status page accessable only via java02:15
patdk-lapand have their snmp disabled02:15
* patdk-lap notes comcast02:15
DanaGSay, I've never checked snmp on my cable modem.02:15
patdk-lapwell, snmp only accessable via comcast tech's02:16
DanaGoh, and my mom's OfficeJet Pro crashes any time I enable my employer's management tool's "probe" feature on a computer at home.02:16
DanaGMine is Charter, but a self-bought SB5100 or so.02:16
DanaGCharter doesn't seem to touch the firmware on it, but since it's a Motorola SIMILAR to what they support, it works.02:16
patdk-lapthis is comcast business, you must use their supplied modem :(02:16
DanaGFor a while, we had a Linksys one... it crashed all the time.  And Charter didn't offer the known-fixed firmware.02:17
patdk-lapatleast I get 120mbit downloads though02:17
DanaGThey told ME to upgrade the firmware.02:17
DanaGSure, just let me log into your servers.02:17
DanaGSo anyway, Motorola modem + TomatoUSB router == rock-solid.  Once they changed out the rusted-out cable run from the street, that is.02:18
patdk-lapat home here, still don't have docsis2 :( my linksys modem has been reliable for the last 6 years though02:18
patdk-lapya same here, had a break in the cabletv, they ran a new cable, been great02:18
DanaGWe used to get 30% packet loss during rain, but they said, "oh, your signal is fine!" -- for years.02:19
DanaGAnd then when we got Charter Telephone, they were legally obliged to fix it.02:19
patdk-lapoh, mine went quickly02:19
DanaGAnd well whaddaya' know?  The cable running from the street was completely rusted out!02:19
patdk-lapin <3months I went from once a week drop for a few min, to >3hour drops per day02:19
DanaGOh yeah, and our electrical boxes were below ground level, until a few months ago.02:32
DanaGEven our phone lines got crosstalk with neighbors.02:32
DanaGor so my parents say.02:32
DanaGI'm living at home, but rarely use the landline, even in non-rainy weather.02:33
DanaGSo anyway, something slightly more on-topic: I gave the Broadcom 5723 another chance, and it seems reasonable after all.02:33
DanaGVersus this Intel, it came to about the same in iperf: http://www.newegg.com/Product/Product.aspx?Item=N82E1683310603302:34
jaithCan anyone tell me how I might discover for each of my installed packages whether it's main/restricted/universe/multiverse ?02:39
smwjaith, why would you need to do that?02:40
jaithsmw: I'm hardening my server, which came with universe enabled02:41
jaithsmw: given that universe packages are assembled by the community, I'm a bit concerned about security02:41
smwjaith, that is not going to protect you much...02:42
smwit seems like a bad idea.02:42
smwanyways, if it is a new install, it should have no universe packages, right?02:42
jaithsmw: please elaborate.  how could checking on my installed packages not protect me much?02:42
jaithsmw: that is precisely what I'm trying to sort out02:42
jaithsmw: the default install has universe enabled in sources.list02:43
smwjaith, you know what is installed because you installed it, right?02:43
smwanything installed by default you kind of need to trust...02:43
jaithsmw: i have not installed anything yet.  i instantiated a clean ubuntu 10.04 from an official ubuntu ami on amazon ec202:43
smwor not trust the OS02:43
jaithsmw: i tend to agree with you, but i need my server to be very secure.  let's say it's an academic argument.02:44
smwjaith, then checking what is installed in kind of pointless.02:44
smwthe same company that puts ubuntu together makes the ubuntu amis02:44
jaithsmw: yes I understand, but I would like to know which are main and which are universe, if only to keep an eye on them02:45
jaithsmw: if all you want to do is discourage me from searching, then you're wasting your time :D02:45
jaithsmw:  i do have another question you might be able to answer02:45
smwjaith, you do realize it is very difficult to add packages to universe, correct?02:45
smwfine, I will answer what I would od02:45
jaithsmw: that may well be true, but searching where your packages are from should be quite easy.02:46
smwdpkg --get-selections for a list of packages02:46
smwawk out the package names02:46
smwloop over them with apt-cache policy02:46
smwjaith, it is not that easy. Ubuntu does not care where a package came from02:46
smwyou need to work out where they are now and assume that is where they came from02:47
jaithsmw: i'm hoping to avoid a package-by-package search when I have some 385 installed packages02:48
smwjaith, that is why you script it02:49
* patdk-lap has all the packages he really needs, compiled himself in his own ppa02:49
jaithwell here's a start02:50
jaithdpkg --get-selections | grep -oE '^[a-z\-]*\s'02:50
* smw just trusts the people who put together the os02:50
jaitham i correct in thinking that will return installed packages?02:50
patdk-lapsmw, I'm using newer versions than what is in the os, normally02:50
smwjaith, I would have just used awk... but whatever works for yo u :-)02:50
smwpatdk-lap, cool02:51
patdk-lapget selections tells you nothing about where it came from, only what is installed02:51
jaithsmw: i don't know the first thing about awk02:51
patdk-lapawk is like regex meet bash02:51
smwjaith, ok, it worked anyways :-)02:51
jaithyes so know i need to pipe that to some other command which tells me main/restricted/universe/multiverse02:51
jaithany hints most welcome :D02:51
smwjaith, you are taking this way too far02:52
jaithsmw: i'm OCD like that02:52
smwjaith, apt-cache policy02:52
smwjaith, I would not recommend a bank be this crazy02:52
jaithsmw: that's the funny thing, the site i'm trying to secure processes credit cards.  our sshd binary is compromised.02:53
smwwhy is your binary compromised?02:53
jaithsmw: ergo, paranoia02:53
jaithsmw: hang on...i go get lovely ascii art for you02:53
smwjaith, were you recently hacked or something?02:54
patdk-lapheh, I doubt it was really sshd, sounds like you where rooted02:54
jaithsmw: YES02:54
twbsmw: he's probably a rent-a-sysadmin02:54
patdk-lapnormally that comes from bad website programming02:54
patdk-lapplus running non-patched software02:54
jaithtwb: i'm php programmer.  not sysadmin :(02:54
twbsmw: $bank was running, say, Fedora Core 3 or Gentoo because $some_guy set it up, and AFTER they're broken into, jaith is called in to fix it02:55
jaithpatdk-lap: curious, how does bad php lead to rooting?02:55
patdk-lapjaith, did I say that?02:55
smwtwb, nope, even better. He is a web programmer...02:55
patdk-lapI said it lets one in, so that it can be rooted02:55
jaithsmw: no, i wrote the code nearly 10 years ago when i knew almost nothing02:55
patdk-lapif you don't update your system often enough02:55
twbpatdk-lap: better than running patched software, is not running any software at all02:55
twbe.g. no inetd beats xinetd02:56
patdk-laptwb, and better than that, is not running a server :)02:56
jaiththis is a blast.  show-offs purporting to help, trying to talk me out of well-justified paranoia. wheeee!02:56
patdk-lapjaith, no02:56
patdk-lapwe are saying the system has been rooted02:56
jaiththat is why new system being set up02:56
patdk-lapthere is no point for paranoia02:57
patdk-lapcause you need a reinstall02:57
smwtwb, I was a kid in highschool who like to do jobs on odesk for fun. I fixed a small (but profitable) site that was having problems with uptime. I have a full time job now...02:57
twbjaith: if you are paranoid you would not have any PHP there in the first place02:57
patdk-lapthen a code review of the website is probably in order02:57
jaithand that is why i'm trying to examine initial setup to make sure all the signatures check out and no funny stuff02:57
jaithnew server is Ubuntu 10.04 instance running on EC202:57
smwjaith, you are being beyond paranoid.02:58
jaithsecurity currently locked down.  only ssh port permitted, public cert auth required, and ssh access limited to my IP block02:58
patdk-lapyour going go that paranoid AND use ec2?02:58
smwpatdk-lap, ec2 is secure...02:58
twbjaith: "only ssh port" -- so http is currently blocked?02:59
patdk-lapsmw, I won't meantion my root issues with ec202:59
jaith<<<suddenly realizes he's been cornered by griefers >>>02:59
jaithtwb: yes until i get it set up :D02:59
smwpatdk-lap, I would like to hear them. :-)02:59
twbAnyway, if the sshd binary is compromised, you might as well do a full reinstall.02:59
patdk-lapcheck channel logs from november :) about the 18th02:59
jaithpersonally, i am wondering why it's so hard to sort my installed packages by main/universe/whatever03:00
twbjaith: because Canonical don't want to make it obvious that their *supported* package list is fuck-all03:00
smwpatdk-lap, my entire company runs in amazon ec203:00
patdk-lapjaith, cause if it was installed, it was assumed you already checked that03:00
twbjaith: but you can check a specific package with "apt-cache policy foo"03:00
jaithtwb: this is an entirely different machine, hosted on an entirely different network.  i am no longer trying to do any sort of forensics on the old machine03:00
smwpatdk-lap, if used right, there are no security issues...03:00
twbjaith: OK03:00
jaithtwb: THANK YOU03:00
patdk-lapsmw, if used right, security patchs wouldn't accidentally be left out of the ec2 kernel :)03:01
twbjaith: I run http://paste.debian.net/123601/ from cron.monthly on Lucid machines to check for unsupported packages03:01
twbjaith: expect there to be half a dozen, even on a relatively small system :-/03:01
smwpatdk-lap, is ubuntu bad at including security updates in their kernel? lol03:01
patdk-lapsmw only if it isn't a clean patch :)03:02
jaiththis is a *brand spanking new compute instance* created from one of the "official" AMIs listed on the ubuntu site03:03
jaithi haven't installed a single thing myself yet03:03
jaithbefore i bother, want to check out existing installed packages (of which there are some 385)03:04
patdk-lapseems like a lot of packages03:04
jaithi agree03:04
patdk-lapbut I always install minimal system though03:04
twbsmw: define "bad'03:05
smwjaith, there are much more important places to use your security efforts.03:05
smwmost of them involve humans and access03:05
patdk-laphumans and cgi's :)03:06
jaithsmw: there is only one website running on this machine.  i am the only developer.03:06
jaithno cgi access, etc.03:06
patdk-lapphp is cgi access03:06
jaithagreed that webstack and php files are probably least safe part03:06
twbjaith: if you do an expert install, you can opt-out of restricted/universe/multiverse/backports being included in source.list to begin with.03:07
patdk-laptwb, he did ec2 install03:07
jaithtwb: i have no such choice with EC2 without creating my own AMI which, sadly, is beyond my skillset03:07
twbWell, you might as well bend over and give amazon a free rein, then.03:07
smwjaith, you are looking in the wrong places to deal with security concerns.03:08
smwand yes... php can cause serious problems if setup wrong :-\03:09
smwthere are new bugs for it way too often03:09
jaithlet's assume, just for a moment, that this was an academic discussion and alllllll i wanted to do was determine the source of my installed packages.03:11
jaithlike, let's make-believe and say i'm a security researcher or investigative blogger out to snitch on canonical, hm?03:11
jaithc'mon it'll be fun!03:11
smwjaith, I would say that was pretty stupid.03:11
jaithsmw: and I would say you are decidedly unhelpful03:12
jaithThe ASCII art as promised:03:15
jaith  _________________________03:15
jaith    ||   ||     ||   ||03:16
jaith    ||   ||, , ,||   ||03:16
jaith    ||  (||/|/(/||/  ||    Don`t03:16
jaith    ||  ||| _'_`|||  ||    Be03:16
jaith    ||   || o o ||   ||    Mad03:16
jaith    ||  (||  - `||)  ||-------AAAAAAAAAAAAAAAAAAAA03:16
jaith    ||   ||  =  ||   ||03:16
jaithMFU ||   ||(___)||   ||03:16
jaith    ||___||) , (||___||    UstupidMF ownz you!03:16
jaith   (||---||-)_(-||---||)  (say something,please talk to me03:16
ubottuHelp! Channel emergency! soren, lamont, mathiaz or tom03:16
jaith  ( ||--_||_____||_--|| )03:16
jaith (_(||)-|  (%d)   |-(||)_)03:16
twbsmw: I think he's saying sshd emits that as motd or something03:17
smwtwb, his "sshd binary was hacked"03:18
smwtwb, now I see how he came to that conclusion...03:18
jaithif you use 'strings' command on the sshd binary , it's in the binary somewhere03:18
smwjaith, ok...03:19
twbjaith: use a pastebin next time, please03:19
jaithadditionally, a check of one's package checksums calls out ssh03:20
jaithtwb: sorry03:20
smwjaith, but you are still being unreasonably paranoid. You are acting like a programmer trying way too hard to optimize one line of addition that he does not realize he could index a column in a database and increase speed 1000 fold.03:20
twbI don't understand what attack profile he's trying to guard against, nor how he's trying to go about it.03:22
twbAll I've heard so far is he's using a stock amazone base image, with a default-deny firewall.03:22
smwtwb, and he is afraid of the people who made the image (canonical) and not the people who will try to hack his server.03:23
jaithand you guys won't answer a simple question, preferring instead to wax philosophical about how I'm "doing it wrong"03:23
jaithbelieve me, i'd be happy to get advice on keeping the web stack safe when i get there03:24
twbWell, I wouldn't trust foo.img to be a clean debootstrap of signed packages from archive.ubuntu.com03:24
twbCertainly I think it's more productive to worry about his shitty PHP app03:24
twbSince merely by being PHP means it's good odds that's how they got into the last system.03:24
smwtwb, that is not very constructive either ;-)03:25
jaithit's most definitely not constructive.  he's stroking his e-peen03:25
jaithhere's the other nifty part:  if I can get a good, clean, baseline image, i can re-use it03:26
jaiththe question is:  how clean is it?03:26
jaitha fair question, wouldn't you agree?03:26
jaithEC2 makes it very easy to store a machine image and re-use it later03:26
smwjaith, I am going to give up and just say you are trying to prevent the wrong type of attack.03:26
jaithsmw: give up?  you haven't even tried to answer my question.03:27
jaithsmw: you've tried to tell me "i'm doing it wrong"03:27
smwjaith, in the beginning I explained (in not much detail) how I would try to solve the problem you gave me (not the one you actually need to solve.)03:28
jaithsmw: that's true.  and i've made progress.03:28
jaithdpkg --get-selections | grep -oE '^[\.a-z0-9\-]+\s' | wc -l03:28
jaithreturns exactly the same line count as dpkg --get-selections | wc -l03:28
smwjaith, you need to trust something to start with. Canonical's image is a good choice.03:30
jaithI would also draw everyone's attention to this snippet from the ubuntu site: "The universe component is a snapshot of the free, open-source, and Linux world. It houses almost every piece of open-source software, all built from a range of public sources. Canonical does not provide a guarantee of regular security updates for software in the universe component, but will provide these where they...03:30
jaith...are made available by the community. Users should understand the risk inherent in using these packages."03:30
smwnot guaranteeing security updates != untrusted packages from the "community"03:31
jaithyes but excluding *unnecessary* packages that may cease to be updated despite security holes is a valid concern03:32
jaithi can only think of two reasons why i'm not getting help here: 1) we are afraid of our faith in ubuntu being shaken or 2) we just don't know how03:33
jaithoh and possibly 3) disaffected griefers don't really have any interest in helping irritating noob03:33
jaithso maybe I'll try another question:  will apt complain when a package or dependency package which is a) unsigned or b) signed by someone other than one of my very own apt keys?03:35
patdk-lapI'm sorry, due to the lack of faith you have in this channel, I can no longer help you03:37
patdk-lapIts bad form to insult people, and continue to ask for help03:37
jaithi apologize.  i didn't mean to insult anyone.  I was just hoping to get the answer to a specific question.  smw has in fact helped some. i do believe it's fair to say my original question has gone unanswered.03:39
jaiththanks for your help anyway03:39
jaithfyi, this appears to be working approximately03:57
jaithdpkg --get-selections | grep -oE '^[+\.a-z0-9\-]+\s' | xargs apt-cache policy03:57
jaithsome minor additional filtering results in 575 lines instead of the 383 i might expect -- this because the apt-cache policy command sometimes returns two lines for a given package03:58
jaithdpkg --get-selections | grep -oE '^[+\.a-z0-9\-]+\s' | xargs apt-cache policy | grep -E ' (lucid.*/[a-z]+)'03:59
jaithinterestingly, not one line appears to reference 'universe'03:59
jaithdpkg --get-selections | grep -oE '^[+\.a-z0-9\-]+\s' | xargs apt-cache policy | grep -E ' (lucid.*/[a-z]+)' | grep universe | wc -l03:59
smwjaith, I fail to see how that is surprising...04:04
justin__234gday blokes04:20
justin__234wikipedia runs on ubuntu server!04:20
twbI can't fix that04:20
Tommy_nmwgood to see all ppl in this channel04:55
DanaGbug 80246405:01
uvirtbot`Launchpad bug 802464 in linux "linux: 2.6.38-10.46 -proposed tracker" [Medium,Fix released] https://launchpad.net/bugs/80246405:01
Tommy_nmwis there anyone who is using opensource inventory software for non-profit?05:17
twbSorry, I only turn a profit05:17
twbOh, sorry, misread05:18
twbinventory software as in asset tracking?05:18
Tommy_nmwtwb: yes. it is for asset tracking but not tracking drivers or software .Just physical assets like toners or printer cartridges or CDs /DVDs in and out05:19
twbNot sure05:19
jmarsdenTommy_nmw: I have not used it, but maybe http://asset-tracker.sourceforge.net/ will do what you need?05:20
twbhttps://secure.wikimedia.org/wikipedia/en/wiki/Fixed_assets_management appears to be what you're thinking of05:21
twbThe ERP solutions I've dealt with were scary as all hell05:21
Tommy_nmwjmarsden: I have checked it out. design is not cool. I am inspired by openERP. but it is linked with accouting and sales module. I just want stand alone inventory stock control module for nonprofit use.05:22
twbTommy_nmw: my gut tells me you aren't gonna get that05:23
jmarsdenTommy_nmw: If you know enough to criticize software design... write your own app to do what you need, then it will be designed perfectly for your needs :)05:23
twbTommy_nmw: that you'll either have to pick a crappy low-budget standalone implementation, or to delpoy a heavyweight do-everything one and just try to ignore the other modules05:24
Tommy_nmwtwb: no Free of charge solution ??05:26
Tommy_nmwtwb:  as we have no budget05:26
twbTommy_nmw: both those cases are assuming FOSS05:27
twbWhich isn't necessarily free-of-charge -- e.g. I'm assuming your time has value05:28
Tommy_nmwtwb: I can use only stock inventory only module. but they are linked with other accounting entries. so without entering those values, my records won't be complete to proceed05:30
twbTommy_nmw: bummer05:31
Tommy_nmwtwb: it depends on one's view05:32
lickalottguys...i'm trying to change my default ssh port.  I've changed it in /etc/ssh/sshd_config but when i try to restart the process is kicks out - could not load host key: for rsa and dsa keys06:02
lickalottanything i can try before a restart?06:02
twbssh won't start if you don't have host keys06:11
twb"sudo dpkg-reconfigure openssh-server" to create them if they are mising06:11
lickalott^5'S TWB06:17
uvirtbot`lickalott: Error: "5'S" is not a valid command.06:17
twbuvirtbot`: die06:18
uvirtbot`twb: Error: "die" is not a valid command.06:18
twblickalott: btw, if this happened because you cloned an image, whoever built the image did that deliberately to prevent MITM attacks, and just forgot to tell you / automate the dpkg-reconfigure call06:22
=== smb` is now known as smb
Tommy_nmwdoes somebody know how to get proxy config screen during installation ?07:22
twbTommy_nmw: uh, it asks you when you configure the mirror to use07:28
twbmaybe you need priority=low; I don't normally do default priority installs07:29
Tommy_nmwtwb: now I am inside ubuntu server so how can I get that screen back to put some proxy settings to use internet07:29
twbIf you're installing hardy, ISTR it "helpfully" skipped the proxy step if it decided it could get out without asking07:29
twbTommy_nmw: oh, right07:30
twbTommy_nmw: /etc/apt/apt.conf, and/or $http_proxy07:30
twbacquire::http::Proxy "http://proxy:8080/"; IIRC07:30
=== jibel__ is now known as jibel
=== greppy is now known as kc9uls
=== kc9uls is now known as greppy
stylewalkaI was just trying to upgrade to maverick, but got a couple of error messages regarding setting up procps; could anyone helpout?09:12
SimpleAnecdoteHi guys. Trying to sort out iptables but the server outputs "-bash: iptables: command not found - any thoughts/09:23
greppySimpleAnecdote: check your path, iptables is usually in /usr/sbin09:26
greppysorry, /sbin, not /usr/sbin09:27
dark-sunhi people09:27
SimpleAnecdotegreppy - cheers. Apparently I didn't have iptables installed!09:27
=== dark-sun is now known as dark-sun|lunch
SimpleAnecdotepath sorts out automatically on Ubuntu. It's CentOS and other REHL that have the path issue I think09:28
SimpleAnecdoteI have not touched a command line in a while09:28
greppyit depends on your environment :)09:29
SimpleAnecdotegreppy: I am over my head with these iptables. I wanted to access them because webmin did not respond via remote browser. But internally, it fetched index.html... Any ideas?09:30
greppyis webmin listening on the external interface?  ( keep in mind webmin is pretty much app non grata on ubuntu )09:35
SimpleAnecdotegreppy: really? I didn't know that09:35
SimpleAnecdoteI just hate CentOS so much...09:35
SimpleAnecdoteWhat GUI control panel do people use on Ubuntu? cPanel only?09:36
greppyI don't know, I'm a cli junky :(09:38
greppyI use froxlor for webhosting, but the rest of the box is managed from the cli.09:39
SimpleAnecdotethat's awesome. I fear I am not a savvy enough person to CLI my way through managing the box09:39
SimpleAnecdoteI had to google VIM commands not 10 minutes ago!09:39
greppyanother option may be to use nano or joe, which can be a little easier to use, joe can use wordstar keybindings if you know them.09:41
SimpleAnecdoteVIM is fine. I've used it in the past (but long long long ago). Once I have the cheatsheet open in the browser, it's pretty easy09:41
SimpleAnecdoteI have no idea how to sort out this webmin crap09:42
greppywhat are you trying to do with webmin?09:42
SimpleAnecdoteget it to work ;P09:43
SimpleAnecdotetrying to access it via browser results in 'Page not found'09:43
Tommy_nmwhello everyone!! I have a question about  installation step in phpMyadmin. can anyone help  me?09:44
SimpleAnecdotehowever, wget https://localhost:10000 --no-check-certificate fetches index.html properly09:45
SimpleAnecdotejust a remote browser problem09:45
SimpleAnecdoteTommy_nmw: what's the question09:45
Tommy_nmwSimpleAnecdote: I am now being asked "configure database for phpmyadmin with dbconfigure-common? As I have no idea to create database now, Can I say NO ? and later , how can I get that screen back?09:46
SimpleAnecdoteTommy_nmw: Accept dbconfigure-common09:47
Tommy_nmwSimpleAnecdote: http://dropbox.unl.edu/uploads/20110804/0b61b8c21d4405e0/IMG_0743.JPG09:47
SimpleAnecdoteit will create it automatically for you09:47
Tommy_nmwSimpleAnecdote: if the database name or configuration is not matched with the application I would use in future, what do I do?09:47
Tommy_nmwSimpleAnecdote: I am not smart at DB related09:47
SimpleAnecdoteTommy_nmw: this is not a database for any application. This is a database for phpmyadmin to use for some operations. Just accept dbconfigure-common, and then (once you've configured apache to redirect to it) go to http://yourhostname.exi/phpmyadmin09:49
SimpleAnecdoteyou will be able to create as many DBs as you want09:49
SimpleAnecdoteunder any name09:49
SimpleAnecdoteand manage them easily via phpmyadmin09:49
greppySimpleAnecdote: check the config, wherever webmin sticks it, and make sure that it is setup to listen on your network interface.09:49
greppySimpleAnecdote: another option would be to use ssh to port forward and get access that way.09:50
SimpleAnecdotegreppy: I am on SSH right now... I have NO GUI at the moment for anything09:50
SimpleAnecdoteI've been installing my machine via SSH09:51
SimpleAnecdoteI've put this command in: iptables -I INPUT 1 -p tcp --dport 10000 -j ACCEPT09:51
Tommy_nmwSimpleAnecdote: thanks bro. done09:52
SimpleAnecdoteTommy_nmw: no problems. If you have any other questions - just ask09:52
SimpleAnecdoteyou might want to try php channels though ;P09:53
greppySimpleAnecdote: if you didn't have iptables installed before, that shouldn't be the problem.09:53
greppywhat happens when you try to telnet to port 10000 from another machine?09:53
SimpleAnecdotegreppy: I haven't tried09:54
Tommy_nmwSimpleAnecdote: I am now chatting from Windows XP , ubuntuserver is by my side.  in the same network.. I would like to know how can I log in to phpmyadmin from Windows XP browser09:54
=== dark-sun|lunch is now known as dark-sun
SimpleAnecdoteTommy_nmw: Put this "Include /etc/phpmyadmin/apache.conf" (without quotation marks) in /etc/apache2/apache2.conf (at the end of the file)09:55
Tommy_nmwnow I got it with IP address. but I dont know what is username for login09:56
SimpleAnecdoteTommy_nmw: Once you do that, from the XP machine - just open browser, type in ubuntu http://ip/phpmyadmin09:56
SimpleAnecdotegoogle default phpmyadmin user/pass for your installation. I believe it should be your MySQL root user09:57
Tommy_nmwSimpleAnecdote: I now can see log in page as you said. but I do not know what username it is. I was asked only for password during installation09:57
SimpleAnecdoteTommy_nmw: oh, try 'admin' or 'root09:57
dark-sunI'm about to buy a server, is it a good idea to assemble it instead of buying from HP?09:57
Tommy_nmwSimpleAnecdote: why are you so brilliant? It works now09:57
SimpleAnecdoteTommy_nmw: I am not. I have just done it loads of times before.09:58
SimpleAnecdotegreppy: I don't really know what to do then. The connection is not getting through09:59
Tommy_nmwSimpleAnecdote: btw, I would like to know how I can connect to that server with domain name instead of http://ipaddress/phpmyadmin.09:59
SimpleAnecdoteTommy_nmw: you need to configure DNS.09:59
Tommy_nmwSimpleAnecdote: I am very new to that setup. some said http://httpd.apache.org/docs/2.0/vhosts/  but I don't understand them09:59
Tommy_nmwSimpleAnecdote: how to ?10:00
SimpleAnecdoteTommy_nmw: DNS is a bit complicated. If you're using your own machine you need to configure your own name servers - google that as I will be no help with that. If you're using a proper host - just ask them for their nameservers and then redirect your bought domain to those name servers10:03
Tommy_nmwSimpleAnecdote: Dear bro, the ubuntu server is configured name server entry under /etc/network/interfaces. so I could install phpmyadmin from internet. do I also need to create/configure  BIND to turn it into  DNS server?10:06
SimpleAnecdoteYou'll need BIND but as I've said - I am no help here. I know the principles, but I've never configured my own nameservers. I can tell you that GUI control panels like DirectAdmin/Kloxo/cPanel/Plesk might make it easier for newbies like us.10:08
SimpleAnecdoteBut Kloxo is annoying10:08
SimpleAnecdoteAnd I believe the others cost money10:08
SimpleAnecdoteGoogling the subject might yield much better results than my arbitrary advice ;P10:08
stylewalkaI was just trying to upgrade to maverick, but got a couple of error messages regarding setting up procps; could anyone helpout?10:35
greppystylewalka: a link to a pastebin of the errors would probably be a good start10:40
stylewalkaI was just trying to upgrade to maverick, but got a couple of error messages regarding setting up procps; could anyone helpout? aptitude safe-upgrade results in http://paste.debian.net/123650; thanks11:49
=== kentb-out is now known as kentb
uvirtbot`New bug: #814058 in minicom (universe) "[#313217] runscript crash when using environment variable in script" [Undecided,New] https://launchpad.net/bugs/81405812:51
lynxmansmoser: ping12:52
lynxmansmoser: question about cloud-init for you12:55
lynxmansmoser: I'm trying to implement the new certificate method for mcollective in the plugin12:55
lynxmansmoser: problem as always, there's a private key flying over :D12:55
lynxmansmoser: have you given more thought about this recurrent issue?12:55
smoserlynxman, recurrent issue12:57
smoseri  might have missed a message. what is that?12:58
lynxmansmoser: trying to pass certs through cloud-init13:01
lynxmansmoser: maybe it's recurrent just for me, since I met this issue twice13:01
smoseryou mean the general issue of wanting to pass potentially sensitive data to the instance?13:02
lynxmansmoser: yes :)13:03
smoseri have 2 thoughts13:03
smoser1 works now13:03
smosera.) use expiring s3 urls (or some other one-time use url) and #include13:04
smoserb.) implement some mechanism to have cloud-init wait on a volume, attach volume, take data, detach volume13:04
lynxmansmoser: hmm I see13:05
smoserlynxman, i would be interested in you testing 'a' and seeing how it works. covering second boots and such.13:06
smosermaybe there would be a need for '#include-once' or some other mechanism that would say "this is only going to be there one time, don't fail on subsequent attempts at it"13:06
lynxmansmoser: sounds like the best plan so far13:07
lynxmansmoser: or silently fail if the cert is already in place13:07
lynxmansmoser: it's an indirect include-once13:07
smoserright. on the server side. but for s3 expiring urls, i think it would 40413:08
smoserand cloud-init might get crabby about that13:08
lynxmansmoser: not if we use httplib2 right, do a try catch and such13:08
smoser#include is just using urllib.urlopen.read()13:09
smoserjust because it is.13:09
smoserbut yes, the right thing would be to be smarter there.13:09
smoserpatches are welcom, lynxman.13:10
smoserbut i would think i would rather use urllib.urlib2 as i'm using that in othe rparts of the code.13:10
lynxmansmoser: Yeah I think it's better to create the #include-once function13:10
lynxmansmoser: to avoid breaking anything, and it's quite explicit as well, it'll silently not fail13:10
lynxmansmoser: thanks for your thoughts :)13:11
=== med_out is now known as medberry
=== Ursinha` is now known as Ursinha
=== Ursinha is now known as Guest44940
=== Guest44940 is now known as Ursinha_
=== Ursinha_ is now known as Ursinha
Ursinhagood morning :)13:45
pmatulisgood morning13:47
LyonJTHey all!13:56
LyonJTIs anyone here experienced with proftpd?13:59
patdk-wkproftpd is simple14:01
patdk-wkit also does some newish ftp stuff that confuses some ftp clients14:01
LyonJTI have installed its and changed the default port thats it at the moment14:02
LyonJTWhat else do i need to do because when a user is trying to login its hanging?14:02
patdk-wksounds like you have active port issues14:03
LyonJTAny idea why its not letting the user in?14:03
patdk-wkyou sure it's not letting the user in14:04
LyonJTit hanging on listing directory14:04
patdk-wkor just failing on dir14:04
patdk-wktotally different issue14:04
patdk-wkwell, fix your firewall14:04
patdk-wkor the users firewall14:04
LyonJTis that what is making it fail on listing directory?14:04
patdk-wkunable to make a connection14:04
LyonJTI see and this could be the firewall causing it?14:04
LyonJTokay let me check that out!14:05
patdk-wknormally firewalls attempt to fix this for you14:05
LyonJTThanks buddy!14:05
patdk-wkbut you changed the default port, so it isn't helping now14:05
LyonJTtcp or udp?14:06
LyonJTor both?14:06
Nonoxhi there!14:40
NonoxI'm using Amazon EC2 and I have a problem, can anyone help me?14:42
hallynlist the problem14:43
Nonoxafter using the command ec2-modify-instance-attribute (micro to large), i lost the posibility to connect to my server14:43
hallynNonox: probably a stupid question, but - did you check for a new ip address?14:44
NonoxI tried to connect using the dns name (http://ec2-50-16-57-148.compute-1.amazonaws.com) with the browser14:46
hallynNonox: and you're sure that's still the dns name for the instance?14:47
=== jamespage1 is now known as jamespage
Nonoxis working! the problem was that the console spent like an hour to refresh the new name for my new dns14:49
NonoxI'it was my first time using the API!14:49
NonoxAnd... I was afraid!14:50
Nonoxthanks hallyn for you help!14:51
hallynNonox: np :)14:51
uvirtbot`New bug: #629925 in open-vm-tools (multiverse) "package open-vm-dkms 2010.04.25-253928-2 ubuntu2 failed to install/upgrade: open-vm-tools kernel module failed to build (maverick)" [Critical,Invalid] https://launchpad.net/bugs/62992514:52
RoyKgood localtime();14:54
lynxmanRoyK: does that take in account daylight saving times?14:55
RoyKlynxman: man localtime ;)14:55
lynxmanRoyK: good :)14:56
=== Ursinha is now known as Ursinha`
=== Ursinha` is now known as ursinha`
=== ursinha` is now known as Ursinha
Martyngood UTS(-4)15:07
Martyn*rolls eyes*15:07
Martynwhen does the server team meeting usually take place?15:13
MartynI thought Thurs mornings?15:14
Davieynegronjl: Your orchestra commit, do you want that sponsored - or hold out for more love?15:18
negronjlDaviey:  It would be great if I can get it sponsored :)15:18
negronjlDaviey:  I'll start the build and put it all on the ppa.15:18
negronjlDaviey:  I assume you can take it from there ??15:19
Davieynegronjl: no nead.. i'll just upload it from the branch.15:22
negronjlDaviey:  Thanks!  Let me know if there is anything I can do to help15:23
Davieynegronjl: my car could do with a wash.15:23
* Martyn chuckles15:23
negronjlDaviey:  I'll get right on that...just hold your breath :)15:23
UrsinhaDaviey: hey man, bonjour15:26
MartynHey, Daviey .. what day/time is the next server meeting?15:29
MartynI think I got wires crossed .. thought it was this morning.15:29
lynxmanDaviey: I thought you didn't have a car15:33
BPowerHey all, apache and mysql are using a significant amount of memory even when they have no requests - apache has 11 processes running and mysql has 15 processes. Any suggestions on where I should start to reduce the memory/process load?15:34
smoserlynxman, just because daviey can't drive [well] doesn't mean he doesnt have a car.15:34
lynxmansmoser: I assumed that was the case...15:34
Davieylynxman: i have 3.15:37
DavieyMartyn: Tuesday15:37
MartynGot it.15:37
MartynSomeone kindly gave me the fridge link15:37
lynxmanDaviey: three cars? You almost sound American15:37
MartynWell, now you have to tell us what kind of cars :)  Like on Top Gear. .. we will judge you by your taste in vehicles.15:38
Davieylynxman: well one hasn't been on the road since 2004.15:38
lynxmansome say... that he goes in flip flops to meetings, and also that he has three cars... all we know... he's called Daviey15:41
=== medberry is now known as med_out
fullstopHi.  I have a 4TB iscsi volume, which will have many millions of small files, from 300 bytes to ~20K each.15:49
fullstopI was thinking of going with ext4, but I'm trying to understand my limits with the # of inodes and the inode_ratio.15:50
fullstopis there an ext4 tuning guide, where I can calculate the maximum number of files, etc?15:50
patdk-wk1 inode per file15:55
patdk-wkand probably 1 inode per 4k of disk space15:56
fullstopI think that I would want a blocksize of 102415:56
patdk-wkthen 1 per 1k max15:56
fullstopso that might chew through a bunch of inodes.15:56
patdk-wkbut I would probably go with 4k anyways :)15:56
fullstophow come?15:56
patdk-wklet those 20k files help balance it out15:56
fullstopThere are a _lot_ of 300 byte files.  :)15:57
patdk-wkI guess this isn't an email store15:57
fullstoplots of desolate land and water in the world.15:57
patdk-wksomething tells me this is the *wrong* way to store your data though :)15:58
fullstopI'm storing map tiles..15:58
fullstopusing the tile-cache data store.15:58
patdk-wkya, but why store each one like that?15:58
patdk-wkor cause that is how some program does it, and you don't want to program it :(15:58
fullstopbecause they can be loaded using openlayers directly in a browser.15:58
patdk-wkbrowsers use http servers, not filesystems15:59
Martynunless you are using webdav15:59
patdk-wkif there are lots of 300bytes files that are the same, hell, 1 300byte file would do so15:59
patdk-wkmartyn, webdav is http15:59
Martynwebdav has no https support?15:59
patdk-wkit doesn't depend on a filesystem, the filesystem could be a database for all webdav could care15:59
fullstopthe openlayers side can generate urls which map directly into the cache.16:00
Martynah, point16:00
fullstopwhen complete, the filesystem is read-only.16:00
fullstopand lookups are fast, far faster than what a database could do.16:00
patdk-wkfullstop, not saying it won't work16:00
fullstopfar faster than a database on top of a filesystem could do, if that makes sense.16:01
patdk-wkcause they are the same, unless your not using an index16:01
fullstopimplicit indexes with the filesystem.. each layer is in a directory, which is further sub-divided.16:02
patdk-wkdatabases also have indexs, it's just as fast16:02
patdk-wkbut that isn't my point at all16:02
fullstopyes, but now I have to have something to query the database.16:02
patdk-wkI didn't even tell you to use a database16:02
patdk-wkso I dunno where that talk came from16:03
fullstopThe point is, once I have the tiles rendered, I can serve them up directly from nginx.16:03
fullstopwithout any processing in between, other than the filesystem16:03
patdk-wkhmm, you waste 1k of disk space for every 4 inodes16:06
Aisonis there a tiny webbrowser that I can install on my server for X11 forwarding?16:06
patdk-wkso 1/4 of your disk will be unusable for inodes16:06
patdk-wkmight be as much as 1/3 after superblocks and other stuff are added in, not sure16:07
bsg_kwolfI'm having a bit of trouble using Kickstart to install a Ubuntu 10.10 VM on an 11.04 host.  No matter what I pass in the virt-install, it's trying to dhcp instead of using the static IP I'm passing.  Anyone seen this?  Here's my -x options:  "ks= ksdevice=eth0 ip= gateway= netmask= dns="16:10
kierge-if i use a dynamic dns resolver on my router is that dyndns.org address good enough to run a fully functional wordpress page from ?16:10
kierge-links and all ?16:11
bsg_kwolfAlso, oddly it fails to do DHCP, even though it should be able to obtain an IP.  Makes me think for some reason the interface isn't up.  I can see it doing DHCP discovers in the logs, but it's never getting an offer, and it should.16:11
patdk-wkfullstop, 1k block size is only good up to 2tb16:11
bsg_kwolfIf I then manually configure the network on the install it's fine.16:11
fullstoppatdk-wk: good to know.  This is why I was asking.  :)16:12
patdk-wkseems ext4 does support large though (not ext3 though)16:12
patdk-wkbut the ext utils still have limitations16:12
chrisPerkinsKierge I presume that you have a dyndns.org account set up and a server at home or the office somewhere behind a router with dynamic ip? is that right?16:13
fullstopI briefly considered reiserfs, but I don't know how much life it has left.16:13
patdk-wkreiserfs keeps on randomly corrupting itself on me, so I stopped using it16:13
fullstopand, from what I've read, xfs is more for large files... but I've read some positive things about small file situations as well.16:14
fullstopreiserfs corrupted stuff for me, but that was years ago on a mandrake system.16:14
fullstopso that should tell you the age.16:14
=== kierge- is now known as kierge
chrisPerkinsI am tearing my hair out trying to set up a mail-server to support multiple domains. Has anyone got any solid experience or can they point me towards reliable information / tutorials etc?16:31
uvirtbot`New bug: #814164 in openvpn (main) "The init script does not handle the script-security parameter correctly when there are multiple configuration files" [Undecided,New] https://launchpad.net/bugs/81416416:36
=== med_out is now known as medberry
chrisPerkinsI am tearing my hair out trying to set up a mail-server to support multiple domains. Has anyone got any solid experience or can they point me towards reliable information / tutorials etc?:-/:P16:41
raubvogelWhich user is kerberos  run as?16:50
chrisPerkinsAnyone know how to build a mail-server?16:51
raubvogelchrisPerkins: requirements?16:51
ksx4systemif i enable and configure ufw for IPv4 connectivity and then enable IPv6 in config - does rules made with v4 only setup apply to freshly enabled Ipv6?16:52
jdstrandksx4system: no16:52
jdstrandksx4system: also, you will want to do 'ufw reload' after turning on ipv616:53
ksx4systemjdstrand: i did /etc/init.d/ufw restart16:54
jdstrandthat's good enough16:54
raubvogelchrisPerkins: the ubuntu wiki has entries on setting up postfix + dovecot + etc. How deep the etc goes depends on what you need. hence the specs question16:54
chrisPerkinsI am building a mail server to server multiple addresses over multiple domains. Have tried setting up ldap but can't find complete or reliable information. So looking to set up and configure postfix,  courier, mysql, apache, webmail, shorewall etc16:54
ksx4systemjdstrand: so... i must create a new ruleset for IPv6, am i right?16:54
raubvogelchrisPerkins: multiple addresses + multiple domains could be done with postfix + dovecot + ldap16:55
raubvogelHow do you talk to ldap depends on your mood16:55
jdstrandksx4system: old rules will not be automiatically applied to ipv6, because that might not be what the person actually wants. new rules may apply to both depending on the rule. eg 'ufw allow OpenSSH' would apply to both, 'ufw allow from' would not16:56
BPowerHey all, apache and mysql are using a significant amount of memory even when they have no requests - apache has 11 processes running and mysql has 15 processes. Any suggestions on where I should start to reduce the memory/process load?16:56
patdk-wkbpower, start by understanding how to read memory usage first :)16:56
raubvogelWhat I have here is that + usual spam/virus stuff + tls/smtp auth16:56
chrisPerkinsthanks for your responses raubvogel I'm really going insane.16:57
jdstrandksx4system: if you already did 'ufw allow OpenSSH' with ipv4 only, you should be able to do it again after enabling ipv6 and have it do what you want16:57
patdk-wknormally all that memory is shared between them16:57
jdstrand(ie, add only the ipv6 rule)16:57
raubvogelchrisPerkins: webmail stuff you can add later. Are you going to let people imap+tls to server?16:57
patdk-wkand normally apache doesn't use a lot of memory, unless you use mod_php, mod_perl, ...16:58
BPowerpatdk-wk, together apache(+php) and mysql are using over 300mb of memory with 0 requests in the past hour.16:58
ksx4systemjdstrand: afaics when i'll be setting firewall from scratch (with dual stack v4/v6 connectivity) it'll be need to add rules only once?16:59
patdk-wkhow did you come up with 300mb?16:59
raubvogelAFAIK, chrisPerkins, you can have ldap only talking to dovecot. And then postfix can use dovecot for tls auth and be done16:59
VSpikeHi - I have a Sitecom 300N X3 adapter (Ralink) and I'm having trouble making it work. Unsurprisingly16:59
VSpikeI'm running Lucid16:59
fullstopnginx + php-fpm works quite well.16:59
VSpikeDo I have any chance of making it work?16:59
BPowerpatdk-wk, top/htop16:59
VSpikert2800usb module claims it but when loaded rejects it saying invalid chipset detected or similar17:00
patdk-wkwell,  Iknow top won't tell you correct memory usage, dunno about htop17:00
raubvogelVSpike: making it work == ?17:00
VSpikeNone of the rt*sta module seem to claim it, afaict17:00
jdstrandksx4system: depends on the rule. if you are specifying an ipv4 address for example, then it won't be added to ipv6. see 'man ufw' for details17:00
VSpikeraubvogel: well - appearing in ifconfig -a would be a good start :)17:00
BPowerpatdk-wk, the total memory usage on the server is the full 256 of allotted ram + 150mb of swap.17:00
raubvogelVSpike: does it at least show up on lsusb?17:01
VSpikeraubvogel: sure does17:01
fullstopBPower: virtual machine?17:01
BPowerfullstop, yes17:01
VSpikeraubvogel: id is 0df6:004217:01
fullstopBPower: depending on how tied your php stuff is to apache (.htaccess, mod_rewrite), you should take a look at nginx and php-fpm.17:02
chrisPerkinsraubvogel Yes I'm going to allow people to access IMAP+tls17:02
fullstopBPower: http://interfacelab.com/nginx-php-fpm-apc-awesome/17:02
patdk-wkfullstop, that will do nothing to solve his issue17:03
patdk-wkit will just move the issue from apache to php17:03
patdk-wkcause then php will be showing ram usage, where now it is counted for in apache17:03
raubvogelVSpike: I do not know how dated this is: http://wiki.debian.org/rt2870sta17:03
chrisPerkinsraubvogel Where should I start is there any reliable documentation? How long do you think it will take me realistically.17:03
fullstoppatdk-wk: not true.17:04
raubvogelchrisPerkins: probably a few hours if you have everything lined up17:04
patdk-wkhow so?17:04
VSpikeraubvogel: yeah - I saw that. Makes me think perhaps I need to compile a new rt2870sta on my box using the latest code from ralink?17:04
fullstoppatdk-wk: it removes php from the web processes, and keeps a pool of them running.17:04
VSpikeI get the impression that the rt2x00 will not work no matter what17:04
patdk-wkfullstop, so does apache17:04
fullstopNot if you are using mod_php17:04
patdk-wksure it does17:04
patdk-wkthe same pool that does static pages does php ones17:05
fullstopa request for an image will be served by an apache worker with php17:05
patdk-wksure, it's still a pool of processes17:05
fullstopYes, but you do not need as many processes with php loaded.17:05
patdk-wkdepends, my websites have more php hits than html/image hits, cause of expires headers and caching17:06
fullstopIf you could have 10 processes with php for handling php code, and 20 processes just for handling static, that will win.. with the right usage.17:06
patdk-wkif you need that much static, you have crapload of first time users, or bad caching17:06
fullstopYou must not have many images17:06
chrisPerkinsraubvogel: So If I install postfix dovecot and ldap where is the best place to find instuctions?17:06
fullstopYou really can't control or rely on how a user's cache works.17:07
patdk-wksure you can, that is the whole point of the expires header, etag, ...17:07
raubvogelchrisPerkins: I would get postfix+dovecot running (https://help.ubuntu.com/community/PostfixDovecotSASL and https://help.ubuntu.com/community/Postfix) and then go to the dovecot website and read their wiki on getting it to work with ldap17:07
fullstopI still stand by saying that, for low memory systems, nginx + apache-fpm gives you better control of your maximum memory usage under load.17:07
raubvogelVSpike: I would give the compilation thingie a try. Do you know if the device runs on another machine?17:08
fullstoppatdk-wk: newer browsers do not always cache, until you have requested the same content a few times.17:08
chrisPerkinsraubvogel: I'm on it thank you so much. Anything I should look out for?17:08
raubvogelchrisPerkins: there is also https://help.ubuntu.com/community/Postfix/DovecotLDAP17:08
fullstopIt really depends on how full the cache is, and what they choose to keep / expire from the cache17:08
fullstopDo some testing with chromium, firefox and internet explorer.  It's actually kind of surprising.17:09
jdstrandhallyn: hey, so all those libvirt packages in -proposed. can you prod them along? I've got another security update and would prefer not to stomp on your pacakges yet again17:09
patdk-wkwell, all my users browsers are pretty dumb then, and cache everything17:09
jdstrandhallyn: I mean, I'll do it; just know I won't enjoy it :P17:09
raubvogelchrisPerkins: I think that should get you going. Then, if you are stuck in dovecot, the people at #dovecot are really helpful. #postfix, well, they do expect you to know it well before asking17:09
raubvogelI am going food hunting17:10
BPowerfullstop, patdk-wk, interesting conversation. I'll take a look into it and see if it suits my needs :) Thanks17:11
patdk-wkbpower, as for mysql17:11
patdk-wkwell, it's designed to do that on purpose17:11
patdk-wknormally you want your database fast, that means in memory17:11
patdk-wkif you want it smaller, you have to tune it smaller17:12
patdk-wkdefault is 128megs cache17:12
hallynjdstrand: yeah, let me take a look, thanks for the heads-up17:12
* patdk-wk plays with smem some17:12
jdstrandhallyn: thanks17:12
BPowerpatdk-wk, you're right. i should have thought of that -- just skipped my mind for some reason. I was considering moving the db server to its own unit.17:13
patdk-wkhmm, my apache is using 1.5megs per process17:13
fullstoppatdk-wk: using mod_php or php as fastcgi?17:14
fullstopI have a hard time believing that php fits into 1.5 megs17:14
fullstopit is shared, understandably...17:14
patdk-wkya, that is 1.5megs uniq memoy per process17:15
patdk-wkI'm sure apache+php has lots of shared code pages across all processes17:15
patdk-wkbut I shouldn't count those 10times their real amount17:15
patdk-wktop says apache is using 9.6megs17:16
patdk-wkbut real memory used is 1.4 to 1.8megs per process17:16
patdk-wkso in reality, my 10 apache processes are using 16megs of ram total17:17
patdk-wknot 96megs17:17
fullstoppatdk-wk: Where are you getting 1.5 from?  What utility / proc entry?17:19
fullstopI want to compare to ubuntu-server here17:19
patdk-wkuss = uniq mem per process, pss = process size, rss=same as top value17:20
patdk-wkpss includes it's usage of shared ram17:20
patdk-wkhmm, now this loaded down apache is using about 20megs per process17:22
patdk-wkbut it also has 300megs usage in php apc17:22
=== vDubG__Gone is now known as vDubG
BPowerpatdk-wk, holy crap. to install smem it requires 80+ more dependencies.17:23
patdk-wkapt-get --no-install-recommends install smem17:23
patdk-wkyou probably don't need it to make pretty graphs17:23
BPoweri've got to run now.  thanks a ton patdk-wk and fullstop :)17:27
fullstoppatdk-wk: and which column?  RSS or PSS?17:32
patdk-wkrss will be the same as top, uniq memory + all shared memory17:32
fullstoppatdk-wk: are you using any swap?17:33
patdk-wkfor apache, nope17:34
patdk-wkudevd is swapped out hard :)17:34
patdk-wkamavisd looks interesting, uss=50megs, pss=80megs, and rss=142megs17:36
patdk-wkit's like the only threaded thing I have that has craploads of uniq mem17:37
fullstopokay, using smem I show apache at about 600K17:40
fullstopnginx at 800K..  but this is not apples-to-apples at all.17:40
fullstopsince php is not embedded in nginx17:41
fullstopand instead works through a separate pool.17:41
* patdk-wk perfers lighttpd17:41
fullstopAnd, additionally, apache has far more workers.17:41
fullstopI used lighttpd for a while.  The config file can be a real pain.17:42
patdk-wkhmm? config file is easy17:42
fullstopThat is, it's not really clear what is wrong when there is a syntax error.17:42
fullstopI find nginx's config file far easier to read.17:42
patdk-wklighttpd 2.x has a fun config17:42
fullstopI am pretty sure that I was using one of the later 1.X's.17:45
fullstopI still think that nginx wins.  :)17:46
fullstopespecially with unanticipated load.17:46
fullstopCases where people do not already have your static content in their cache.  ;-)17:46
MinaShHello, my server has many domains and subdomains. I have a service running on port 8081. now it is accessible by any domain of them. I want it to be accessible only by one of them. how can I disable others or at least make them redirect to my desired one?17:50
bsg_kwolfI'm setting up VM's in a ubuntu 11.04 host running 10.10 on the VM's.  I'm having trouble getting kickstart to accept the static IP I'm passing it with '-x "ks= ksdevice=eth0 ip= gateway= netmask= dns="' being passed to virt-install.  It's always using DHCP.17:56
bsg_kwolfAny one any ideas?17:56
rcaskeyI just setup a new linode and it set the root password for me as part of the setup, but I want it as similar as possible to a stock install. I added my own user, added the user to the sudo group, how do I lock out the old root login?17:57
ScottKrcaskey: See https://help.ubuntu.com/community/RootSudo17:58
ScottKIt's described there how to do it.17:58
netritiousHi, how do I install Ubuntu server and exclude ubuntu-standard meta-package? Like jeOS, but I'm using 10.04. I'm looking for the smallest (resaonable) footprint.17:59
patdk-wknetritious, click f4, and select minimal18:01
patdk-wkbut then that IS jeOS :)18:02
netritiouspatdk-wk, I thought I tried that but will try again. Thanks!18:02
patdk-wkmine comes in at around 400megs about18:03
patdk-wkand approx 24megs of ram usage on boot18:03
netritiousnice..that's what I seek. :)18:03
rcaskeyshould I install dbndns or djbdns?18:09
patdk-wkpersonally, I wouldn't use either18:10
rcaskeypatdk-wk, I'm considering a move to bind but I inherited djbdns and need to setup a secondary external withoiut a lot of fuss18:11
rcaskeyso it's something I'd revisit later18:11
* RoyK found a pin with hammer and sickle at work and is wondering if people will look sideways if he wears it18:19
raubvogelRoyK: If you wear it on your nose, yeah. As a nipple ring, well, I would look sideways myself...18:20
* RoyK doesn't pierce his skin18:21
RoyKI saw this poster once, someone made a jolly big one with hammer and banana18:22
raubvogelRoyK: lol18:24
geekbriGuys, i ran apt-get upgrade and now suddenly my locales is broken.  When i try to do tab completion in bash i get bash: warning: setlocale: LC_CTYPE: cannot change locale (en_US.us-ascii).18:28
geekbriHowever if i sudo su and I am root I dont get the error, any clue how to fix this18:28
uvirtbot`New bug: #814226 in samba (main) "package samba 2:3.5.8~dfsg-1ubuntu2.2 failed to install/upgrade: el subproceso instalado el script post-installation devolvió el código de salida de error 1" [Undecided,New] https://launchpad.net/bugs/81422618:47
adam_gRoAkSoAx: ping18:51
RoAkSoAxadam_g: pong18:52
adam_gRoAkSoAx: how did you want to handle bug #744293?18:54
uvirtbot`Launchpad bug 744293 in drbd8 "Infinite loop in helper LVM script for DRBD 8 in Lucid" [High,In progress] https://launchpad.net/bugs/74429318:54
RoAkSoAxadam_g: yes was just about to review it18:55
b0gatyrhi guys, why are virtual IPs usually set on loopback interfaces?18:55
fullstopdjbdns isn't all that bad.18:55
fullstopI use it here, but if I had to do it again I'd use nsd / unbound.18:56
patdk-wkb0gatyr, what exactly is a *virtual* ip?18:57
fullstopI think he is talking about eth0:118:58
fullstopa virtual interface18:58
patdk-wkthat isn't virtual, or on a loopback18:58
fullstopor maybe he means private addresses18:58
patdk-wketh0:1 is technically nothing more than a label, used to be called an alias18:59
b0gatyrsorry I meant an IP set on a virtual interface18:59
fullstoppatdk-wk: eth0:1 is commonly referred to as a virtual interface18:59
patdk-wkby virtual interface, you mean for some type of vm thing?18:59
patdk-wkfullstop, never seen that in the last 20 years of using linux19:00
b0gatyrbut i've seen people use the loopback interface for this, wouldnt this cause problems since packets are sourced with that loopback address?19:00
patdk-wkwhy would they be sourced wit hthe loopback interface?19:00
patdk-wkthe interface source and ip have nothing to do with each other19:00
fullstoppatdk-wk: Look around.. it's really a common term.  :)19:01
patdk-wkexcept if a packet goes out an interface without a source ip19:01
patdk-wkfullstop, I try to use offical terms, cause anything else causes confusion19:01
RoAkSoAxadam_g: btw.. on SRU's if the version I had prepared was ubuntu2.2 and you made changes *beofre* it actually hit the archives, you keep the version but just add your name and changes to the changelog entry19:01
patdk-wketh0:1 is an aliased interface, according to man ifconfig19:01
patdk-wkand that has been depressiated with iproute2 for years now19:01
RoAkSoAxadam_g: however, in this particular case we don;t need to add that as we "understand" that a patch should have been added to 00list :)19:02
patdk-wkb0gatyr, are you looking at a ipvs setup?19:03
fullstoppatdk-wk: It's still a commonly used term, for at least the last decade.19:03
adam_gRoAkSoAx: right, i was mainly just throwing something together to get him up and testing while you were busy at the sprint. did it ever make it to the SRU queue as it was?19:03
patdk-wkfullstop, and it's so wrong and incorrect on so many levels19:04
geekbrichrist, does anybody here have a clue why on ubuntu 10.04 LTS i suddenly get all sorts of terrible locale errors when i try to use tab completion?19:04
patdk-wkgeekbri, your locale was never set?19:04
RoAkSoAxadam_g: i cant really remember19:04
fullstoppatdk-wk: It's still  used, and you may benefit from understanding what others mean.19:05
geekbripatdk-wk: it was working fine until i ran apt-get upgrade a couple minutes ago.  I've tried locale-gen and it seemse to generate my locales fine19:05
RoAkSoAxadam_g: doesn't look like it: https://launchpad.net/ubuntu/lucid/+queue?queue_state=1 :)19:05
patdk-wkgeekbri, "sudo dpkg-reconfigure localeconf"19:05
adam_gRoAkSoAx: yah.. so you'll just fix the packaging error and get SRU started?19:06
geekbripatdk-wk: results in some perl errors saying setting locale failed.  It also says it cannot set "LC_CTYPE, LC_MESSAGES, and LC_ALL"19:06
RoAkSoAxadam_g: yeah I'll just upload it as the SRU justification is already done19:07
adam_gsounds good19:07
RoAkSoAxadam_g: alright, it's in the queue waiting for approval19:15
geekbripatdk-wk: just a heads up, i think apt-get upgrade broke it, i wish i could remember which package but i added LC_ALL=en_US.UTF-8 to my /etc/default/locale and it fixed it19:19
maxagazwhen I do: man cbq, I get CBQ(8) at the top, what does 8 stands for ?19:37
jhobbsman man has the answer19:38
uvirtbot`New bug: #496601 in vsftpd (main) "package vsftpd 2.2.0-1ubuntu1 failed to install/upgrade: ??? ???? post-installation ?? ?????? 1 (dup-of: 523896)" [Low,Confirmed] https://launchpad.net/bugs/49660119:42
raubvogelwhich user is krb5kdc run as?19:46
geekbriI'm not 100% which package it is, but i've had 2 of my servers locale break after an apt-get upgrade... just figured i'd say something...20:14
=== zz_zz_zz_ng_ is now known as ng_
geekbrimake that 3 servers.20:23
pmatulisgeekbri: well, pastebin the output20:23
hallynand maybe the end of /var/log/dpkg.log20:24
geekbriyeah let me find out that information hold on.20:24
geekbripredictably so it looks to be the locales 2.11+git20100304-3 causing the issue at least for me.20:25
geekbrihrm i could be wrong, it could be libc20:30
philipballewQUESTION: does ssh work when i have not logged into my server with my user account?20:52
raubvogelphilipballew, what do you mean?20:53
philipballewlike can i take my server. plug it into a cat 5 power it on and ssh into it without entering username and password from a keyboard connected to the server20:54
raubvogelphilipballew, that is exactly what you use ssh for20:54
raubvogelyou first make sure you have openssh-server installed20:55
philipballewi selected open ssh during install20:55
raubvogeland then, say, ssh thetick@monkeybutt.com20:55
raubvogelThen it should be installed20:55
raubvogeldid you try to ssh into it?20:55
philipballewi installed it ofline and need to connect it to the network now20:56
philipballewif im on a lan i can just enter ssh nameofcomputer ?20:56
raubvogelIf you are logged in as the same user in another machine, sure20:57
raubvogelotherwise, see the example above20:57
raubvogelThat would be ssh'ing from a Mac or a Linux/unix box to the monkeybutt20:58
philipballewwell im on my ubuntu laptop20:58
raubvogelsame use as in the other machine?20:59
philipballewi am connected to the same router as the server20:59
philipballewi need to ssh into it20:59
philipballewit doesnt have a domain20:59
raubvogelI meant same *user*20:59
philipballew? in what way21:00
=== ng_ is now known as zz_ng_
raubvogelI am going to call your server monkeybutt. So which is the username you are going to log in as when you connect to monkeybutt?21:00
philipballewalright so since my computers name is philipserver  i type ssh philipserver21:02
raubvogelWhat is your username in philipserver?21:02
raubvogelAnd what is the username in your laptop?21:02
raubvogelIf and only if they are the same, then you can do ssh philipserver21:03
philipballewand if they are not. find the locaal ip and go that way?21:03
raubvogelphilipballew, we are still talking about username. You normally do ssh user@machine. In your case you can do philip@philipserver or, since you are using the same username, omit it21:04
raubvogelNow, if philipserver does not work, you then replace "machine" with the ip address21:05
raubvogelso, if philipserver's address is, you could do ssh
philipballewtime to pop up nmap21:05
raubvogelOr go ask your router21:06
philipballewthat to21:06
philipballewdoes it mater if im connected wirelessly and the server is not?21:11
raubvogelphilipballew, that depends on how you set your router21:27
raubvogelcan you ping the server from laptop?21:27
philipballewno i can not21:27
philipballewits a horriable router21:28
philipballewi need to port forword 22 probably21:32
=== kentb is now known as kentb-out
maxbI think I may have found a (non-vulnerability) bug in OpenSSH. What's the best place to ask about it?  (ChallengeResponseAuthentication=no also disables KbdInteractiveAuthentication)23:48
=== medberry is now known as med_out

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!