[00:02] <yakster> heres the line //192.168.1.129/GoFlex\ Home\ Public/ /media/GoFlex cifs username=matthew,password=4546413,iocharset=utf8,file_mode=0777,dir_mode=0777 0 0  whats wrong with it
[00:04] <Smaug> hey all
[00:04] <Smaug> i am on ubuntu 8.04
[00:04] <Smaug> it has OpenSSH 4.7
[00:04] <Smaug> i want to use a newer version of OpenSSH.         how bad/okay an idea would it be to use a package intended for a later version?
[00:04] <ikonia> very bad
[00:05] <Smaug> ikonia: ok
[00:05] <Smaug> how difficult is it to upgrade a server?
[00:06] <Smaug> the wiki makes it seem easy, a single command.  surely there are things that can go wrong that i must be aware of?
[00:06] <ikonia> things can go wrong, like if you have external software sources enabled, or software outside the package manager, however the guides covers it well
[00:06] <ikonia> !upgrade
[00:06] <ikonia> time to go
[00:10] <Smaug> i have to go, thanks for your help ikonia.  one more thing.   if i choose to upgrade, what process can I use to compile a list for myself of items to check to make sure that everything is running properly after an upgrade?
[00:42] <Guest77618> can some one remote desktop me and help me do this? https://help.ubuntu.com/community/PXEInstallMultiDistro
[02:17] <Smaug> if i choose to upgrade ubuntu, what thought process can I use to compile a list for myself of items to check to make sure that everything is running properly after an upgrade?
[02:19] <qman__> not sure what you're asking, either your software works or it doesn't
[02:19] <qman__> you would know best what needs to work
[02:24] <dork> Smaug: make a tarball of your /etc dir and maybe an output of dpkg -l &> installedpackages.txt
[02:24] <dork> or something
[02:24] <dork> though like qman said
[02:24] <dork> you typically know when stuff is broken
[02:25] <dork> the tarball of /etc and the package output is just to help mitigate downtime
[02:25] <qman__> yeah, backups are always a good idea
[02:25] <qman__> but my point is, it's your server, you should know what services you need running on it, check those
[02:26] <qman__> not much else to it
[02:30] <Smaug> qman__: yeah okay
[02:30] <Smaug> dork: qman__: thanks for the input
[02:30] <dork> np
[02:31] <twb> dork: if it's etckeeper just git clone the /etc repo to somewhere else :P
[02:31] <twb> dpkg --get-selections for the package list
[02:32] <dork> ah cool
[02:32] <Smaug> qman__: i know what's running, but how do I know if I really know what's running? /paranoia, my server is 3 yrs old, btw
[02:33] <qman__> well, if you don't know it's running, and you don't notice if it stops running, you must not need it that much
[02:34] <dork> Smaug: check your processes, check services that are set to auto start at default level
[02:34] <qman__> and in some cases it'd be better if it did stop running, one less attack vector
[02:34] <Smaug> dork: thanks, will do.   qman__: a good point
[02:35] <patdk-lap> heh, easy solution
[02:35] <patdk-lap> turn it off
[02:35] <patdk-lap> of no one bitchs after a week, scrap :)
[02:36] <patdk-lap> really too soon though
[02:36] <patdk-lap> if it's an accounting system, it could go a few months without them knowing it's gone
[02:36] <patdk-lap> my accounting people are the worst
[02:36] <dork> it'll be that one user who still uses their 5gb samba share for storing their 128k limewire mp3s
[02:36] <patdk-lap> I still have to keep the 3 times legacy systems functioning, for when they need to access that old old old data
[02:37] <dork> had to do that with ISPBilling for a few years but put a stop to it by just not dealing with it
[02:38] <dork> that was a nightmare migration heh
[02:38] <patdk-lap> dunno about you
[02:38] <patdk-lap> but we have to keep records going back x years, for contracts, and goverment crap :(
[02:38] <dork> what industry
[02:39] <dork> ISP/Telco?
[02:39] <patdk-lap> goverment contractor
[02:39] <dork> ah
[02:39] <patdk-lap> neither
[02:39] <dork> yeah that didn't exist until recently in ISP land
[02:39] <dork> now you have to retain dhcp records for certain retention lengths
[02:39] <dork> that's new as of this year
[02:39] <patdk-lap> what country?
[02:39] <dork> US
[02:40] <dork> which is a huge pain in the ass, and absolutely useless to anyone except the government
[02:40] <patdk-lap> oh, that law only covers isp's
[02:40] <dork> yep
[02:41] <patdk-lap> probably why I do't know much about it :)
[02:41] <dork> you're better off
[02:41] <dork> best experience one could ask for in IT but at management level it can take years off your life
[02:41] <patdk-lap> oh, that is the childporn crap law
[02:41] <qman__> to top it off, it doesn't even do them any good, because an IP is not a person
[02:42] <patdk-lap> qman, so far :(
[02:42] <qman__> any lawyer worth his salt will shoot that down as evidence
[02:42] <patdk-lap> and any of our elected crap will make it a law somehow
[02:44] <dork> qman__: if your dhcp gets served up to the CPE equipment and not the customers router, it's easy to ID once they subpeana (sp) you
[02:44] <dork> even if it is bount to a customers router/whatever they terminate with it's not that hard
[02:44] <dork> macs don't change that often
[02:44] <dork> it's just a bitch harvesting that much dhcp data for that long
[02:44] <dork> so much nonsense for no reward for the carrier
[02:45] <patdk-lap> heh, that law only and specifically says to hold dhcp only info?
[02:45] <patdk-lap> how odd
[02:45] <dork> no there's more to it, and specific criteria
[02:45] <dork> i've been out of the ISP industry for 5 whole months now :P went into software dev
[02:45] <dork> that shit was getting enacted as soon as i was leaving
[02:48] <dork> yeah
[02:48] <dork> the protect our children act
[02:52] <patdk-lap> hmm
[02:52] <patdk-lap> it's strictly to isp bandwidth providers
[02:53] <patdk-lap> so guess webhosting and email is in the clear
[02:53] <patdk-lap> I remember them attempting to require ftp logs for years
[02:53] <patdk-lap> for the same purpose
[02:53] <dork> we've never had to do that
[02:53] <dork> s/we've/they
[02:53] <patdk-lap> no, it didn't become law
[02:54] <dork> oh attempting
[02:54] <dork> sorry
[02:54] <patdk-lap> I was worried, cause I was already doing 500gigs of ftp logs a day, compressed
[02:54] <patdk-lap> new logging method is nice, but also inaccurate, can compress them much much better
[02:55] <dork> yeah we just outputted syslog to remote traps for analyses and log-rolling
[02:56] <dork> for all services
[02:56] <dork> s/rolling/rotating/
[02:59] <patdk-lap> hmm, logs are 350gigs now a day, without any compression
[02:59] <patdk-lap> I should try turning the dup detection back on, but it's hightly cpu intensive
[02:59] <patdk-lap> maybe I should adjust the dup detection to after the fact, so it can just run once a day to dedup
[03:12] <pythonirc1011> we are looking to build a reliable email system with backup (at least as reliable as gmail). We want to run ubuntu-server. Any recommendations for hardware?
[03:13] <dork> i like dell personally
[03:14] <dork> or are you asking for hardware insight for your specific use
[03:14] <pythonirc1011> dork: I'm more interested in building the whole system? I want at least 3-way reliability, with 3 systems as fall back...one after the other...and mirroring
[03:15] <dork> what do you mean 3 way reliability
[03:15] <dork> like 5 9's of availability?
[03:16] <pythonirc1011> something like that
[03:16] <pythonirc1011> at least as good as what google's gmail system has
[03:16] <pythonirc1011> preferably better
[03:16] <dork> i like dell poweredge, specifically the R410's with xeon 5600 gulftowns
[03:16] <pythonirc1011> probably they run some form of linux on their email system
[03:16] <dork> haha
[03:17] <pythonirc1011> lets say i buy 3 of those...put them in 3 different locations...then how do i configure them so that one is a fallback compared to the other...and all 3 have up2date emails for all the users
[03:17] <dork> go google drbd/heartbeat/ldirectord/pacemaker
[03:18] <dork> might want to learn how to run LAMP stacks before you approach that though
[03:18] <dork> not assuming you don't already but it sounded like you might need to start a few steps earlier
[03:19] <pythonirc1011> dork: have you built an ha ever?
[03:22] <pythonirc1011> thanks for the pointers
[03:22] <qman__> FYI, google uses commodity hardware
[03:22] <qman__> their redundancy is done in software
[03:23] <twb> patdk-lap: are you still using FTP?  If so, *why*?
[03:23]  * twb is an anti-FTP bigot
[03:23] <qman__> the only reason I ever used FTP is that I was unaware that better things existed
[03:24] <twb> pythonirc1011: HA is a huge PITA
[03:24] <twb> pythonirc1011: unless you're a national- or multinational-size company I advise you not to bother
[03:25] <pythonirc1011> twb: can i get a 2TB HA hard drive online to backup my emails for cheap?
[03:25] <twb> pythonirc1011: I don' know; I don't approve of offshoring data storage
[03:25] <twb> pythonirc1011: I suppose that's what amazon S2 is
[03:26] <pythonirc1011> twb: then what choice do i have ? I have moving anything online...but i cant build a HA email system...
[03:26] <twb> If you want DR for existing emails I advise you to buy half a dozen 2TB disks in external USB drives, and use them as rotatin backups, such that at least one is always offsite
[03:26]  * ball uses FTP at work every day.
[03:26] <qman__> many of the outfits I do work for use Windows SBS and the pop3 connector, they only get mail every 15 minutes
[03:26] <pythonirc1011> twb: We need something automated...manual wont do
[03:27] <twb> pythonirc1011: if you're on a stock business ADSL plan, your internet connection will go down more often than a normal, non-HA linux mailserver
[03:27] <qman__> yeah, you don't need high availability to satisfy the needs of the 99%
[03:27] <qman__> you just need an automated backup system
[03:28] <pythonirc1011> twb: I'm on 100GBit network. this is for a college.
[03:28] <qman__> which is not that hard to set up, get a couple boxes in different places on the net, and rsync
[03:28] <twb> If you absolutely must have automated backups, then I recommend using rsnapshot to push incremental backups to a remoet host
[03:28] <pythonirc1011> I want something where i have 3 machines...if one fails, i get an email--replace the machine...the other 2 are still working...
[03:28] <twb> pythonirc1011: college as in where the students sleep, college as in the one university campus, or college as in one entire university (multiple campuses)?
[03:29] <dork> HA is pretty simple
[03:29] <dork> btw
[03:29] <twb> How many users are we talking?
[03:29] <pythonirc1011> just one building -- where internet is fast
[03:29] <dork> not sure what twb's experience is but my HA stuff is flawless
[03:29] <pythonirc1011> connectivity is not an issue..and our speeds are awesome.
[03:29] <twb> dork: I've been having exciting fun with corosync and drbd lately, it's nontrivial
[03:29] <pythonirc1011> 600 users
[03:29] <pythonirc1011> dork: what did you use to build ha?
[03:30] <qman__> that's way beyond the scope of anything there was at my college, we had 10MB mailboxes on a single sun server
[03:30] <qman__> not even worth using, I just had it forwarded
[03:30] <dork> pythonirc1011: heartbeat and ldirector for load balancing routing and balancing DBS and JBOSS app servers
[03:31] <dork> ldirectord
[03:31] <pythonirc1011> qman__: Exactly what we have now. Want to change
[03:31] <twb> dork: I'm probably smaller time than you
[03:31] <twb> dork: usually I am ~20 seats, a couple ~100
[03:31] <dork> twb: we're a 15 man shop and i'm the only sys engineer, software company though so very small footprint for me to manage
[03:32] <twb> Maybe you just are more tolerant of fugly bloated flaky code then ;-)
[03:32] <pythonirc1011> I'm not sure we should actually try ha -- if it misfires...we have too many people complaining... :)
[03:32] <twb> Yeah IME if you try to do HA you are more likely to make it worse than better unless you have some practice and are lucky
[03:32] <dork> twb: i inherited it, i will say that i would rather throw up a few monster xen dom0's and rely on their availability options than have to deal with software clustering
[03:33] <dork> but for routing it's sort of neutral
[03:33] <pythonirc1011> so, is there an easy way to build a reliable email system
[03:33] <twb> You can probably scale up to 600 users on a single grunty mailserver box with simple RAID1 (or 5, if you insist) array of 2TB disks
[03:33] <qman__> yeah
[03:33] <qman__> a standard mail server is very robust
[03:33] <pythonirc1011> twb: its not one machine thats the problem -- its just that we want robust
[03:34] <pythonirc1011> realible
[03:34] <twb> As soon as you have >1 box you need to deal with giving them a consistent backend and so you have a SAN plus two/three mailservers plus two load balancing servers in front of them
[03:34] <pythonirc1011> and at least 3 systems parallely running for fallback
[03:34] <qman__> just get good hardware and good backups, you can be back up from catastrophic failure in a few minutes
[03:34] <twb> The other thing we do which kinda sorta works is to have a second machine sitting there ready to go, with its disks synced from the active server nightly
[03:35] <twb> So in theory if the main host goes tits up even an idiot NOC monkey can just go power it down, move the cables to the backup and reboot the backup off its HDD instead of the "i'm a backup" usb key
[03:35] <pythonirc1011> all of this sounds like manual labor... I want something completely automated...which lets me sleep at night, when 2 machines die...and the power is down...
[03:35] <twb> pythonirc1011: I can't give you that
[03:36] <qman__> IME, not worth the effort setting it up in the first place
[03:36] <dork> pythonirc1011: if you want automated hire a sys admin
[03:36] <pythonirc1011> will exchange be better for this requirement? What do medium size companies use?
[03:36] <twb> That's like asking for to have sex with a unicorn, or for secure single sign-on
[03:36] <qman__> ten minutes of doing work when the stuff blows up is cheaper than weeks of developing and testing an automated system
[03:36] <twb> pythonirc1011: large companies use exchange or domino IME and they are both a fucking pain
[03:36] <twb> qman__: hear, hear
[03:37] <dork> pythonirc1011: you either need a sys admin or you need an exchange box and a cheap consultant for emergencies imo
[03:37] <qman__> exchange is enough of a nightmare on its own
[03:37] <qman__> I'm with twb on the backup server regularly rsynced ready to go
[03:37] <twb> I get the impression that apart from being plain stupid in some of its behaviour, exchange is one of Microsoft's more reliable products
[03:37] <qman__> swap cables and reboot
[03:38] <qman__> I've spent way too much time fixing broken exchange servers to agree with that
[03:38] <twb> pythonirc1011: if you like i can even sell you the failover machine as a solution :-)
[03:38] <twb> qman__: I'm only comparing it to other MS crap, not e.g. postfix
[03:39] <dork> i've never ran an exchange box, but i've known a lot of stupid people who have
[03:39] <qman__> though to be fair, I haven't done it on an enterprise level, where there's actually a dedicated box
[03:39] <dork> s/people/consultants/
[03:39] <pythonirc1011> so after 30 years - email is still an unsolved problem :)
[03:39] <dork> pythonirc1011: not for IT people
[03:39] <twb> I haven't had to deal with exchang, tho, only postfix/dovecot (good) and byari, scalix, sogo, zimbra (all fugly evil crap)
[03:39] <qman__> but the absurd licensing costs, plus the tens of thousands in hardware is just too much for any customer I've worked with
[03:39] <twb> pythonirc1011: the PROBLEM is users' sense of entitlement
[03:39] <dork> courier-imap and exim are decent too
[03:40] <twb> pythonirc1011: they should be GRATEFUL that their mail usually arrives the same day it was sent
[03:40] <dork> but yeah dovecot/postfix
[03:40] <pythonirc1011> twb: entitlement?
[03:40] <twb> dork: I'm not a fan of either but I concede exim has a non-negligible user base ;-)
[03:40] <qman__> exchange 2010 is supposed to run on a dedicated server with three raids, 11GB of RAM just for exchange, plus 100MB RAM per mailbox
[03:41] <twb> What I hate is seeing boxes set up as postfix/dovecot using cyrus' sasl because it was calld "sasl-bin" :-//
[03:41] <dork> wow
[03:41] <pythonirc1011> twb: With a 100GBit internet switch in the building, they better be grateful if the email arrives in a second...not a day? :)
[03:41] <twb> qman__: wow
[03:41] <pythonirc1011> qman__: wow! 100MB RAM / mailbox! wth?
[03:41] <qman__> those numbers straight from microsoft
[03:41] <pythonirc1011> I guess they are hoping -- all exchange users -- please pay $5/year to MS :)
[03:42] <qman__> it actually costs more than that
[03:42] <twb> pythonirc1011: no they are thinking "we have a captive market of MAPI users"
[03:42] <dork> i'm surprised they're not taking the google apps approach yet
[03:42] <twb> Because all the FOSS-flavoured mail systems have proprietary MAPI plugins
[03:42] <dork> or maybe they are? dunno
[03:42] <twb> dork: OWA
[03:43] <qman__> the only cost effective way to run exchange is with small business server where it's all included, and runs on one box
[03:43] <dork> ahh
[03:43] <twb> dork: it was actually pretty impressive when I saw it in 2003, looked exactly like outlook
[03:43] <qman__> but even then it's a mess
[03:43] <twb> qman__: does SBS have per-seat CALs?
[03:43] <qman__> yes
[03:44] <twb> They don't say something like "first five seats are free with the SBS" ?
[03:44] <dork> oh it's old eh
[03:44] <qman__> yeah, I think they include 10 these days
[03:44] <twb> OK
[03:45] <pythonirc1011> thanks for illuminating me with the pain of email systems :)
[03:45] <qman__> but yeah, the whole reason anyone uses it at all is outlook
[03:45] <qman__> and calendars
[03:45] <ball> qman__: Ten seats would probably cover us. Not going to invest in Windows Server though.
[03:46] <qman__> otherwise postfix / dovecot / roundcube would do the job
[03:46] <dork> alpine!
[03:46] <qman__> we still have some customers running nitix
[03:47] <qman__> and by how well it works I'm surprised they're not still around
[03:47] <qman__> must have priced themselves way out of proportion
[03:48] <twb> ball: the cost of licensing isn't the licenses, it's enforcement
[03:48] <twb> ball: like if you have 100 seats and 3 visio licenses and you shuffle the license to a different desk every few months, that hassle is where the cost is
[03:48] <twb> Not that, say, Skilled Engineering did that...
[03:49] <twb> qman__: I rolld out prayer instead of roundcube/squirrel (because I boycott PHP), and so far the users have been OK with it, for all it's simple
[03:49] <twb> qman__: the main thing is to set it to "cambridge" theme instead of "default", so it looks like it's from 2001 instead of 1996
[03:50] <qman__> heh
[03:50] <dork> never heard of prayer but it's the most annoying thing i've searched for in a while
[03:50] <twb> Oh and there's some weird problem with attachments when using ldap-backed apache reverse-proxy
[03:50] <twb> dork: apt-cache show prayer | grep Homepad
[03:51] <twb> dork: apt-cache show prayer | grep Homepage
[03:52] <phosphene> haha, ditto dork
[03:52] <dork> lol
[03:52] <phosphene> I think I just signed myself up for 10 prayer-a-day emails
[03:52] <dork> haha
[03:53] <twb> Kids these days...
[03:54] <ball> I find myself wondering whether Ubuntu Server would do the job. Admin costs might be steep though.
[03:54] <twb> ball: if you're going to babysit a box you need to understand it
[03:55] <twb> ball: that applies to all OSs
[03:55] <twb> ball: either learn, deploy something else, or hire a babysitter
[03:55] <qman__> windows always requires more work, it's just cheaper to hire people who know it
[03:55] <twb> Right
[03:55] <qman__> you can trust me on that one, I'm an MCSA
[03:56] <qman__> and I manage more exchange/AD environments than I know what to do with
[03:56] <dork> slacker
[03:56] <twb> A clueful sysadmin is expense, for either, but a clueful unix sysadmin can babysit 10 times the boxes a clueful windows sysadmin can
[03:57] <twb> It's just that a clueless MCSA is dirt cheap, highly available and can get it right just enough you won't sack him
[03:57] <qman__> yeah
[03:57] <qman__> a windows server is nearly a full time job
[03:57] <twb> I babysit some prisons
[03:57] <dork> Braindump
[03:57] <qman__> a well set unixy server barely requires yearly maintenance
[03:57] <dork> or whatever the site is called
[03:57] <twb> They used to run Windows on prisoner desktops
[03:57] <qman__> example above, the customers running nitix
[03:58] <dork> where people go in to memorize microsoft test questions
[03:58] <twb> They had a *full time* guy whose whole job was to take apart a prisoner desktop, search for contraband, then reflash it with windows
[03:58] <qman__> never have to do anything for them
[03:58] <twb> He only managed about 1.75 machines per day
[03:58] <qman__> windows servers though, I'm constantly on them fixing things
[03:58] <twb> qman__: yeah that's why I get called in to unfuck unix systems that are running FC3 or etch or whatever
[03:59] <twb> qman__: because they were deployed 10 years ago and worked ever since
[03:59] <ball> qman__: I have two jobs. For one I help babysit hundreds of Windows servers. For the other we have one little BSD box.
[03:59] <ball> The smaller site is a non-profit.
[04:00] <twb> ball: you use puppet or something for them?
[04:00] <qman__> the last time I had to do anything for a nitix using customer, they had saved like 30GB of junk on their desktop, so their computer was taking forever to log on
[04:00] <qman__> trying to sync 30GB over 10/100
[04:02] <twb> and pst files are pathological to rsync, and you can't tell outlook not to make any
[04:02] <ball> twb: What is "puppet"?
[04:03] <twb> configuration management
[04:03] <ball> Never heard of it.
[04:03] <twb> Have you heard of cfengine
[04:04] <ball> twb: No.
[04:04] <twb> Wow
[04:05] <twb> You babysit 100s of windows boxen and you haven't heard of configuration management.  You poor bastard.
[04:07] <qman__> I only handle a few dozen, and they're all for different customers, in different environments
[04:07] <qman__> so such a system is impractical
[04:07] <qman__> but yeah, most of my job is fixing SBS when it breaks itself
[04:08] <qman__> pop3 connectors backing up, SQL databases growing enormous and choking
[04:08] <ball> twb: The admins use something to push out updates to the servers but I don't remember what it's called.  Not something I mess with.
[04:08] <qman__> WSUS, what a mess that is when it breaks
[04:08] <ball> I think it's a third-party thing.
[04:08] <ball> Might begin with S.
[04:09] <twb> qman__: that rings a bell
[04:09] <qman__> I spent the better part of a week trying to fix (read: remove and reinstall) WSUS on a customer's server
[04:09] <qman__> it's just cryptic error after cryptic error
[04:10] <twb> Just stealth-deploy lucid
[04:10] <qman__> I got it working, but the reporting still doesn't work
[04:10] <qman__> and, straight from microsoft, only way to fix that is format and reinstall
[04:11] <ball> So I'd like to find a Linux that can serve up some file space (to a few Windows desktops) and perhaps support LTSP for a thin-client trial.
[04:11] <twb> quotmstr over on #emacs works for MS in their nomadic "find broken crap and fix it" team
[04:12] <twb> He has some awesome rants as he's wading through the code
[04:12] <ball> ...if it can host email too, that's a win but if not then I may just pay Google US$ 50/user/year
[04:12] <qman__> LTSP is not so easy
[04:12] <qman__> but the rest of that is
[04:12] <qman__> samba, postfix
[04:12] <twb> Like instead of syslog everything emits binary log data that can only be turned into text by the app that generated the data
[04:12] <qman__> LTSP is one of those things best left on a box by itself solely for that purpose
[04:12] <qman__> because it's big and complicated
[04:12] <twb> Last time I looked at LTSP is was turnkey
[04:12] <twb> Provided you let it take control of the network, that is
[04:12] <qman__> it is
[04:13] <qman__> but only in its own context
[04:13] <twb> Like if you have your own DHCP server already then you need to deal with that
[04:13] <qman__> making that box do more things or changing it to suit your needs is not so easy
[04:13] <qman__> doable, just takes some effort
[04:13] <twb> eh; I rolled my own solution before LTSP existed, back when knoppix was the only live CD
[04:13] <twb> And I've been working on that ever since, so LTSP looks straightforwad to me :-)
[04:14] <twb> My stuff has way more rice, tho
[04:15] <qman__> still going to recommend you do it with two servers though
[04:15] <qman__> one for LTSP, one for the mail and file shares
[04:16] <qman__> just keeps things simpler, and helps performance wise
[04:16] <ball> twb: I'd let it control the network that the terminals live on.
[04:16] <ball> ...but not the one that's connected to the Internet
[04:16] <twb> Fair enough
[04:17] <twb> LTSP5+ you can just tell it to boot off network and run locally, as opposed to netbooting an XDMCP client
[04:17] <twb> In that case you don't need a beefy ltsp server, it's basically just a NAS
[04:17] <qman__> nice
[04:17] <qman__> I haven't used it that new
[04:17] <twb> That's how we do it in prisons (only not LTSP)
[04:18] <twb> The nearest windows equivalent requires you to have disk for each desktop stored on the SMB server
[04:18] <twb> So for example if you have a 2GB rootfs image you would need 2GB × no desktops on the server
[04:18] <qman__> we've got one customer that uses microsoft terminal services
[04:18] <qman__> five users
[04:18] <twb> TS is thin client, that's different
[04:19] <qman__> and it works pretty well except for the licensing mess
[04:19] <twb> I meant the boot-and-forget approach
[04:19] <qman__> they can't install their version of office because that's not licensed for it
[04:19] <qman__> yeah
[04:19] <twb> We have a TS server here just to run bloody quickbooks
[04:19] <twb> stupid ato
[04:20] <twb> The amount of hassle I had getting vmware server 1.x VMs for TS2k3, XP and 98 ports over to a modern system...
[04:21] <qman__> quickbooks is another racket, they want you to upgrade every year for software that really doesn't improve at all
[04:21] <qman__> my dad still uses quickbooks 99, because it does everything that's needed
[04:21] <twb> That's because the lawyer mill changes the laws every year
[04:22] <qman__> runs in windows 7 64-bit, too
[04:22] <twb> I would LIKE to use thingo instead, the gtk on, but apparently that "won't work with the ATO"
[04:22] <ball> What software could I use to manage Samba and Postfix?
[04:22] <twb> ball: vi
[04:22]  * ball chuckles
[04:22] <qman__> yeah, I don't know what you mean by manage
[04:22] <qman__> configure and forget
[04:23] <ball> qman__: Well I configured our existing Samba instance with some help and because it's been "hands off" for years I wasn't able to replicate the configuration on another server when I tried.
[04:23] <ball> ...I have a book on Samba but it's about three inches thick and probably quite out of date.
[04:23] <qman__>  copy and paste smb.conf
[04:24] <twb> yeah exactly
[04:24] <twb> smb.conf isn't exactly rocket science
[04:24] <qman__> only time it gets even a little bit complicated is with authentication
[04:24] <twb> fucking machine accounts
[04:24] <qman__> but that's more on your LDAP/NT server
[04:25] <ball> It may have just been down to the underlying OS then.
[04:25] <twb> As if I'm giving smbldaptools rootbindpw to ldap
[04:25] <ball> I could try again with a Linux box.
[04:25] <twb> haha, you were running samba on QNX?
[04:25] <ball> NetBSD
[04:25] <qman__> well, there's your problem
[04:25] <twb> heh
[04:25] <qman__> netBSD isn't meant to be used by people
[04:26]  * ball nods
[04:26] <twb> qman__: come on, just because you live in your mom's basement and strain soup through your beard doesn't mean you aren't a person
[04:26] <ball> It used to be pretty solid.
[04:26] <qman__> not that there's anything wrong with it in terms of performing a service
[04:26] <twb> BSD can FOAD, I'm not prefixing everything with /usr/gnu/bin to get useful userland tools
[04:27] <qman__> it's just so far down the minimalism line, it's nearly impossible to use
[04:27] <qman__> you have to be the type who knows the system like the back of your hand to do anything with it
[04:27] <ball> I've lived in NetBSD for so many years that I'm fairly comfortable with it.
[04:28] <ball> ...but I don't have the time or energy to learn Samba and Postfix to the same extent.
[04:28] <twb> postfix is way easier than samba
[04:28] <twb> postfix you would have to bite of your own hands to have trouble with
[04:28] <ball> ...and I honestly think NetBSD is why Samba didn't work last time I tried it.
[04:28] <ball> brb
[04:29] <twb> I'm bored, just not quite bored enough to work on this stupid fw
[04:34] <twb> too hot to cycle home
[04:35] <qman__> yeah, postfix is pretty simple even without a nice preconfigured package
[04:35] <qman__> I've set it up on freeBSD and sun from source before
[04:51] <ball> I set up a mail server experimentally once... just the once.
[04:51] <ball> It worked.
[04:53] <twb> Except it was an open relay
[04:53] <ball> twb: No, it wasn't.
[05:00] <ball> Well, I should probably sleep on it and phone the boss in the morning if he's around.
[05:49] <Tm_T> morning
[13:06] <zastaph> if I want to install ubuntu for kvm, should I install 10.04 LTS as Normal or minimal system (for virtual machine) ?
[13:17] <_ruben> zastaph: depends on your goal(s)
[13:17] <zastaph> to virtualize 3 ubuntu servers on a hp microserver
[13:17] <_ruben> the vm part doesn't really matter here
[13:28] <zastaph> what matters
[15:27] <overrider> So strange - i want to setup pptpd, and have remotetip 192.168.30.1-100 as a line in my pptpd.conf. Trouble is, when i connect to that pptpd server, it gives me an ip of 192.168.1.1 instead of 30.1 . Any clues?
[18:42] <gondoi> anyone here have experience with creating a repo for their own custom packages?
[18:43] <gondoi> aka not wanting to mirror, create a new unique repo
[18:44] <adam_g> gondoi: yeah, use reprepro
[18:45] <gondoi> not apt-ftparchive?
[18:47] <adam_g> gondoi: i think reprepro uses apt-ftparchive to update the repository.
[18:48] <adam_g> theres a number of good howtos on reprepro out there. i was working on a juju charm that deploys reprepo + buildd to the cloud for a personal, private PPA + builder. maybe ill get it working over the holiday
[18:48] <gondoi> adam_g: i'll dig into that then
[18:48] <gondoi> thanks
[18:53] <sweb> is there any solution for bind file creator ?
[19:07] <StevenR> sweb: what do you want to do? Write named.conf file?
[19:07] <sweb> StevenR: yeah i'm newbie on bind and dns. any standrad script can help me. is there any one /
[19:07] <sweb> ?
[19:08] <StevenR> sweb: I would just start with the basics and there's some good examples online. It's pretty well documented
[19:08] <sweb> StevenR: where ? on ubuntu wiki ?
[19:09] <StevenR> possibly. google knows more. I'm afraid I don't have any examples
[19:20] <dork> sweb: you should really be creating them by hand so you understand the structure of a zone and config file, bind comes with tools that allows you to check the sanity of you config and zone files so you can start out with a skeleton, make your records, run named-checkzone domain.tld zone.file and it'll tell you if it's syntaxually 'good' or not
[19:20] <dork> 'newbies' shouldn't be running name servers
[19:21] <sweb> dork:ty, i want to starnt learning
[19:21] <sweb> start*
[19:21] <dork> cool
[19:21] <dork> it's pretty easy
[19:21] <sweb>  dork, syntax of db file is so different
[19:22] <dork> just focus on basic named.conf and a basic zone file, start with one domain, learn how serials and ttl's work, start with basic records like A and C-NAMEs
[19:22] <dork> sweb: the records are pretty simple, the metadata, the other stuff is a little more complicated but there's plenty of well written documentation
[19:22] <sweb> dork: i see somthing about security. it's interest bind have a security sides
[19:23] <dork> yes of course
[19:23] <dork> DNS is easily exploitable because of newbies running dns servers with bad configurations
[19:24] <sweb> dork: it better to use public domain name service like opendns ? for security ?
[19:26] <dork> if you are unwilling to learn bind and dns then yes, you and everyone else will benefit from it
[19:27] <sweb> i'm expert on PHP and Zend Framework. I'm nerd but time is a major problem :(
[19:28] <dork> if you can read the horse dung that is called PHP you can read and interpret a zone file
[19:29] <dork> :P
[21:42] <xubuntu> hey
[21:43] <zastaph> where is authorized_keys stored when installing openSSH during the software selection screen during ubuntu install? if I manually install openSSH after then its in ~/.ssh
[21:44] <xubuntu> no idea i wish i could help
[21:44] <xubuntu> are you good with ssh?
[21:44] <xubuntu> i need some help
[21:44] <RoyK> zastaph: there isn't an authorized_keys file by default
[21:44] <xubuntu> has to be created?
[21:44] <RoyK> zastaph: create it under $HOME/.ssh
[21:44] <zastaph> ok, but where should I put it? I put it in my ownmade ~/.ssh like i usually do but putty wont connect
[21:45] <RoyK> zastaph: you may want to chmod -R go-rwx $HOME/.ssh
[21:45] <xubuntu> you could just re install ssh now
[21:45] <RoyK> xubuntu: ??
[21:45]  * RoyK installs win95 on xubuntu's machine
[21:45] <xubuntu> lol
[21:45] <xubuntu> thanks?
[21:45] <zastaph> RoyK, that rings a bell.. i think I saved the solution for that ;)
[21:45] <xubuntu> but i want windows ME
[21:46]  * RoyK slaps xubuntu around
[21:46] <xubuntu> sudo apt-get purge ssh and then re install it sudo apt-get install ssh idk if that helps you at all
[21:46] <RoyK> xubuntu: stop it
[21:46] <xubuntu> what am i doing?
[21:46] <RoyK> xubuntu: reinstalling stuff isn't a good idea unless you're a true windoze idiot and beleives restarting your car may fix the engine
[21:47] <xubuntu> ooh haha i guess i'm a noob lol i'm sorry thanks for the heads up
[21:47] <zastaph> ah yes here is the solution http://www.openssh.org/faq.html#3.14
[21:47] <RoyK> you don't just reinstall a package - you fix the problem. in quite a few cases, reinstalling the package won't help at all
[21:48] <xubuntu> makes sense
[21:48] <RoyK> zastaph: in the faq ;)
[21:48] <xubuntu> RoyK i have a question about tunneling and SSH
[21:48] <RoyK> !ask
[21:49] <xubuntu> !ask how do i tunnel port 563 with putty it doesn't seem to work when i set source port to 563 still seems to use port 563 from my local machine not my ssh server thanks for any help
[21:50] <EvilResistance> xubuntu:  dont use !ask to ask the question
[21:51] <RoyK> xubuntu: that seems to be a putty question to me, and last I checked, putty doesn't run on linux :P
[21:51] <EvilResistance> RoyK:  actually...
[21:51] <EvilResistance> it does... :P
[21:51] <EvilResistance> but its designed to run from Windows
[21:51]  * RoyK was waiting for that
[21:51] <RoyK> EvilResistance: STILL! most people DON'T use putty on linux
[21:51] <xubuntu> true!
[21:51] <EvilResistance> RoyK:  not disputing that ;P
[21:52] <RoyK> for good reason....
[21:52] <xubuntu> lol
[21:52] <xubuntu> i can see why now
[21:52] <xubuntu> anyone know i could tunnel that port 563 to my ssh server?
[21:53] <RoyK> what do you meant tunnel to your ssh server?
[21:53] <EvilResistance> define "tunnel that port" to your ssh  server
[21:53] <EvilResistance> you mean have 563 direct itself to your SSH server as an SSH listening port?
[21:53] <EvilResistance> if so, are you on a NAT?
[21:53] <EvilResistance> ;P
[21:54]  * RoyK wonders if xubuntu knows at all
[21:54] <xubuntu> yes i think that's what i mean i'm a newb and no NAT
[21:54] <xubuntu> well I guess I do have a NAT
[21:54] <xubuntu> sorry
[21:57] <EvilResistance> xubuntu:  are you behind a router on a home network or something?
[21:57] <EvilResistance> RoyK:  that's how you find out ^
[21:57] <xubuntu> yes I am on a home router but I am only trying to do it from comp to comp on my home network just to test it out
[22:02] <RoyK> EvilResistance: sometimes I'm not really in the mood of digging that deep to try to find out what people are asking for, before even trying to answer their questions
[22:04] <EvilResistance> :P
[22:04] <EvilResistance> xubuntu:  you'd need to modify the sshd_config file
[22:04] <EvilResistance> and add a listener on port 563
[22:05] <EvilResistance> RoyK:  'tis a habit i picked up as a server technician ;P
[22:06] <xubuntu> i wouldn't add the listener via putty?
[22:06] <EvilResistance> xubuntu:  you'll need to open /etc/ssh/sshd_config via sudo on the ssh server machine, and either change 'listen 22' to 'listen 563', or add a listen line after 'listen 22' saying 'listen 563'
[22:06] <EvilResistance> no, PuTTY is just the client, not the server
[22:06] <EvilResistance> you have to tell the SSH server to listen on the given port
[22:07] <EvilResistance> if you want to forward 563 to port 22 within that box, it can be done, but its not something i recommend
[22:07] <EvilResistance> esp. if its only within your internal network
[22:07] <xubuntu> ahh i see i'm not trying to change 22 to 563 i'm trying to have my usenet on the comp i'm on now use the proxy of my ssh via port 563 if that makes any sense?
[22:14] <RoyK> EvilResistance: I know the habit, but I have found the off switch
[22:16] <EvilResistance> xubuntu:  now i dont follow you
[22:16] <EvilResistance> perhaps RoyK will
[22:18] <RoyK> xubuntu: I don't think it makes much sense, no :P
[22:19] <RoyK> xubuntu: please explain exactly what you're trying to do
[22:23] <xubuntu> ok this is hard to explain since i'm a newb i have sabnzbd+ installed on my computer i want to be able to have it used my ssh server as a proxy via ssl port 563
[22:24] <SpamapS> xubuntu: what is sabnzbd+ ?
[22:24] <xubuntu> usenet program
[22:26] <SpamapS> xubuntu: so you want to tunnel NNTP via SSH so that it looks like you are connecting via the remote server's address?
[22:27] <xubuntu> exactly!
[22:27] <xubuntu> i knew there was a better way to explain it then what i was saying, thanks
[22:28] <xubuntu> is it even possible?
[22:32] <RoyK> so something like ssh -L 10563:nntphost:536 localhost
[22:32] <xubuntu> 10563?
[22:32] <kschap> Is there a distro that'll run on a 32-bit computer?
[22:33] <RoyK> that'll make ssh listen to 10563/tcp and connect to nntphost port 536
[22:33] <RoyK> kschap: yeah, things like ubuntu runs on 32bit machines too ;)
[22:33] <kschap> Server RoyK?
[22:33] <RoyK> xubuntu: just avoiding port 536 since it's <1024 and ports <1024 are reserved for root
[22:33] <RoyK> kschap: yes
[22:33] <EvilResistance> kschap:  you can download 32bit server if you want
[22:33] <EvilResistance> i think it exists....
[22:34] <EvilResistance> *checks*
[22:34] <kschap> Really?
[22:34] <RoyK> it certainly does
[22:34] <kschap> Did not know that.
[22:34]  * RoyK has several 32bit servers around
[22:34] <EvilResistance> yep its available
[22:34] <kschap> It's on the main Ubuntu website?
[22:34] <EvilResistance> kschap:  yes
[22:34] <EvilResistance> kschap:
[22:34] <EvilResistance> http://www.ubuntu.com/download/server/download
[22:34] <EvilResistance> whoops forgot that link ;P
[22:34] <kschap> Cool thanks!
[22:34] <xubuntu> oooh maybe that is why it is not working i can't use 563 since it's reserved for root thanks! i'll try that
[22:34] <EvilResistance> kschap:  just choose "32-bit" when you choose the architecture
[22:34] <kschap> OK
[22:34] <kschap> Thanks!
[22:35]  * RoyK just setup a pandaboard with ubuntu :D
[22:35] <xubuntu> and what does nntphost do?
[22:35] <RoyK> xubuntu: that's your nntp server
[22:35]  * pmatulis got a pandaboard but neglected to get a power supply for it
[22:35] <RoyK> pmatulis: any 5V thing will do
[22:35] <RoyK> or most
[22:35] <xubuntu> RoyK thank you
[22:36] <pmatulis> RoyK: yeah, i don't like taking chances with voltage, ordered a proper p/s
[22:36] <RoyK> xubuntu: man ssh and read about the flags -n -f and -N...
[22:36] <RoyK> pmatulis: 5V is 5V :þ
[22:37] <RoyK> xubuntu: I've added -o ExitOnForwardFailure yes -o ServerAliveInterval 5 -o ServerAliveCountMax 3 to my tunnels
[22:38] <RoyK> pmatulis: normal pandaboad or ES?
[22:38] <xubuntu> thanks again! will definitely try it out
[22:38] <RoyK> pmatulis: btw, most of those SD cards are SLOOOOOW
[22:39] <Kumar> Hi every one
[22:39] <Kumar> i need some help
[22:39] <RoyK> running off a sandisk 32GB card here that's supposed to give me 20MB/s, but can't get >10MB/s, which is rather on the low side....
[22:40] <RoyK> !ask
[22:40] <Kumar> I am had installed Ubuntu Server 11.10. I wanted to know if there is a way to install the GUI
[22:40] <RoyK> kschap: apt-get install ubuntu-desktop
[22:41] <kschap> What's that?
[22:41] <RoyK> erj
[22:41] <RoyK> erm...
[22:41] <RoyK> Kumar: apt-get install ubuntu-desktop
[22:41] <RoyK> kschap: never mind :P
[22:41] <Kumar> Thank q so much
[22:41] <kschap> Oh OK.
[22:41] <Kumar> :-)
[23:04] <xubuntu> RoyK is nntphost:563 a command for ssh?
[23:09] <_Neytiri_> I am having a issue with my system, my old install of 10.4 crashed on me and when i reinstalled i  my raid array didnt come back online, i copied the fstab file and rebooted and still no luck, all my drives came back but my raided drives, it was a software raid consisting of 2 phisical 2 tb disks, 3 drives created off of them 1 4gb driv (raid 0) and 2 998 gig drives (raid 1).  Under the
[23:09] <_Neytiri_> Disk utility (yes i installed a gui) i try to start the raid and get the error: not enough componunts to start the raid array
[23:19] <wmp> hello, how to disable this logs: TCP: Peer 62.20.205.29:55814/51753 unexpectedly shrunk window 429997799:429999424 (repaired)
[23:22] <yann2> hello! I know there has been quite an issue with sun's java lately - but I'm getting it as proposed for removal on my ubuntu 10.10 servers? Is that normal?
[23:24] <arrrghhh> hello.  has anyone setup a PXE provisioning server before?  it seems this is possible, i'd like to be able to send linux and windows images over the network.
[23:24] <arrrghhh> i've done linux images over PXE before, but i'm struggling sending windows images.  i found a few guides, but i quickly get lost.  anyone done this before?
[23:26] <EvilResistance> arrrghhh:  ##windows might be more useful for your windows needs
[23:26] <EvilResistance> or ##windows-server
[23:27] <arrrghhh> EvilResistance, well the problem is i want the provisioning server to be linux...
[23:27] <EvilResistance> ah
[23:27] <EvilResistance> nevermind then :P
[23:27] <arrrghhh> i already have a linux server, so this *should* be simple.
[23:28] <arrrghhh> https://help.ubuntu.com/community/PXEInstallMultiDistro
[23:29] <arrrghhh> that seems freakin awesome
[23:29] <arrrghhh> i just don't know how to fit win7 or even xp into that...
[23:36] <Lcawte> Hi, I've finally got into my server install, but I have to go through another disks grub... I have to go into commadn line and set the configfile to the server disk, any reason why its not working from the server disk?
[23:36] <Lcawte> And how I can fix it?
[23:36] <arrrghhh> so GRUB is on the wrong hdd...?
[23:37] <arrrghhh> is that the problem?
[23:38] <Lcawte> no... I have a copy on both hard drives (with different config files), but only one of them will load after post, disk a (a desktop) requires me to go into command line and reset configfile to get into disk b's grub. Disk b doesn't let me into its own grub when I boot up...
[23:39] <arrrghhh> why not just set your BIOS to boot from disk b instead of disk a?
[23:40] <Lcawte> I do, but it won't let me boot into disk b's grub even when I do that
[23:41] <arrrghhh> i'm confused...
[23:41] <arrrghhh> disk b is where server is installed
[23:41] <Lcawte> yes
[23:41] <arrrghhh> but disk b's grub is completely not functional?
[23:42] <Lcawte> I can not boot into the grub on disk b, unless I have disk a set in bios at the bootable device and I boot through its command line
[23:42] <arrrghhh> so grub works on disk b, assuming you don't boot from disk b
[23:42] <arrrghhh> that makes no sense
[23:42] <arrrghhh> have you tried re-installing grub on disk b?
[23:42] <arrrghhh> you'll have to do it from a live environment, or when booted into disk a.
[23:43] <Lcawte> hmm, ok, I'll try that
[23:44] <Lcawte> "/usr/sbin/grub-setup: warn: Sector 32 is already in use by FlexNet; avoiding it. This software may cause boot or other problems in future. Please ask its author not to store data in the boot track."
[23:44] <Lcawte> Hmm, what the?
[23:44] <arrrghhh> never heard of that before
[23:44] <arrrghhh> FlexNet...?
[23:45] <Lcawte> Yeah, me neither
[23:47] <arrrghhh> http://askubuntu.com/questions/31289/dual-booting-on-separate-hard-drives
[23:51] <Lcawte> Yeah, I just found that... so, I read something about if grub wasn't there, it'd boot to the partition makrked as "boot" partition
[23:53] <zastaph> is the CAP_NET_ADMIN capability still required to do KVM in Ubuntu lucid? https://help.ubuntu.com/community/KVM/Networking