[01:19] <brendon> hello room, got a dhcp question if anyone is interested....  I used this guide, "http://angrytechnician.wordpress.com/2010/07/23/how-to-stream-every-channel-from-freeview-onto-your-network/", but it overheats my router.  Could I turn my ubuntu-server into a dhcp server to stream RTP streams from tv tuners on that same server to save the router a bit?
[01:23] <sarnold> brendon: dhcp is nearly zero load on a system -- it might save a few megabytes of memory from your router to free your router of the job, but your router would have to be just on the edge of available memory -- and in swap hell ....
[01:24] <esuave> does anyone know how i can boot into single user mode without networking in 8.04?
[01:25] <sarnold> esuave: sometimes just adding 'single' to the kernel command line will do it.
[01:25] <sarnold> esuave: adding init=/bin/sh to the kernel command line gives you nearly nothing :) no networking, no X, no automatically started services. You're playing the role of init, so be sure to sync and remount root read-only if you can before rebooting. :)
[01:25] <esuave> well it tries to start networking when i do that
[01:26] <esuave> so if i add init=/bin/sh to the end of the kernel command it should drop me to a shell?
[01:27] <sarnold> brendon: neat guide. maybe ont directly useful to me now, but neat to know none the less.
[01:27] <sarnold> esuave: yes.
[01:27] <esuave> ty ill give it a shot
[01:28] <brendon> hey thanx sarnold for reply.  i wasn't plugging the guide, just assumed it must be able to be done so i went googling one day.  hmm.... so i'm guessing the router has some type of internal memory that is quite small and it uses that to switch between all the routes to keep a constant stream going?  I don't know much about this stuff, only enough to get the server up and running and doing a few things.  the router coo
[01:28] <brendon> ks itself after 24 hours, even if no-one is connected to the streams.  the sap-server doesn't seem to load it up without dblast going.... anyway, do you know what I might have to learn/a good direction to go to educate myself about doing such a thing on dhcp server?  does it recognise the 239.255.blah.blah numbers automatically like a router does?  thanx heaps for your help hey.
[01:29] <sarnold> brendon: hrm; are you sending the data from all the streams through your router all the time?
[01:29] <sarnold> brendon: is there no way to drop a switch on the network and remove the router from the streaming?
[01:30] <sarnold> (and yes, routers are typically very ram limited, though forwarding streams of data will probably not tax RAM too much -- just keep the kernel, CPU, and NICs awake and drawing too much power)
[01:32] <brendon> yeah, i live in a share house and want anyone to connect to any channel at once.  I have three computers in my room, on a switch,  plugged into the router of the fellas upstairs who own the internet connection.  i believe some of the other people have some switches too.
[01:32] <brendon> i mean "yeah" they were all streaming at once
[01:33] <sarnold> brendon: cool sounding setup. :D I'd try to add a switch between the router and _all_ the other machines -- have two wires going to the router, one to the internet, and one to a new switch.
[01:34] <brendon> yep thats done upstairs already.... im just wondering though if i could utilize this dhcp thingy already installed on my ubuntu-server box?
[01:34] <sarnold> ahhhh
[01:34] <sarnold> you could; but then your machine would have to be on all the time, and the router would have to be configured to _not_ do dhcp. I'm not sure it's worth the trouble, but it's certainly possible.
[01:39] <brendon> we got two servers on all the time mine is one of them - its handy to have access to your media on the phone while on the train thinking "ive got that song somewhere, i know i do".  hmm.... configure router to not do dhcp - does this mean then, say, that two routers cannot connect to the same connection?  And I'm guessing too that one router (or dhcp server) can't be used as a "child" of the other somehow?
[01:44] <sarnold> brendon: dhcp just hands out addresses and dns configuration and similar tasks; I don't really see here there is a "connect to the same connection" or "child" relationships..
[01:46] <brendon> ok, well, what i was hoping was to somehow leave the "other people's" router alone while being able to dish out rtp streams via the dhcp, but i guess not possible.  thanx heaps hey, this was hard to find an answer to on the www
[01:46] <sarnold> brendon: I'm still confused though :) when you say "dish out rtp streams  via the dhcp" .. what do you mean by that?
[01:48] <sarnold> dhcp is pretty simple and feels a bit unrelated; when a machine turns on, it sends a DHCP REQUEST, and a DHCP server replies with an address and maybe DNS servers to use, and a lifetime for how long that address is valid. Then the two machines don't talk for a few hours until the client wants to renew its address (often before the expiration, to give a down server a chance to come back...)
[01:49] <brendon> um, say use the already running server to "take care" of the rtp streams independant of the router.   i don't know much about this stuff hey, i'm walking through thick fog and muddy waters here about ipconfig alltogether.  to put things in perspective, i don't even understand what the netmask is as ive not needed to use it yet
[01:49] <sarnold> ah, okay. :)
[01:55] <brendon> aah ok.  see, i had this idea, after getting this working, of sstreamlining and  selling these "tv streamer" boxes as tv tuners are pretty cheap these days, and it is not much load on the cpu.  but ppl aren't gonna want anything that cooks their router, so i was hoping for a more "encapsulated" sollution.  Dang.
[01:57] <sarnold> brendon: hrm, one possibility... are the rtp streams being sent over ethernet broadcast or via the network-local broadcast address?
[01:57] <sarnold> maybe the little router's ethernet is forced to inspect the packets if they are broadcast packets, it may not have much choice. :/
[01:58] <sarnold> brendon: look into _multicast_ streaming; that ought to use ethernet multicast addresses instead, and that will probably let your poor little router cool down
[01:58] <esuave> it shoots me to a prompt if i use init=/bin/bash but it won't let me type or do anything
[01:59] <esuave> is there a way to disable the nic in the kernel params?
[01:59] <sarnold> esuave: yikes, that's pretty bad.
[02:00] <esuave> i can boot the dang thing just fine into the OS, the only thing I'm trying to do is stop it from pulling the darn static IP i gave it cause there is another duplicate IP on the network
[02:00] <sarnold> I think a lot of drivers do let you use something like e100.disable=1  to disable the driver... check modinfo <foo> output for your card
[02:00] <esuave> i would shut off the interface on the switch but i don't have access to it :/
[02:01] <esuave> yeah and when it boots it pulls that IP and screws up another server cause it has the same IP
[02:02] <esuave> so I'm just trying to get it to boot so i can change the IP in /network/interfaces
[02:06] <sarnold> esuave: hrm, but 'single' wasn't good enough to fix the address and reboot?
[02:06] <esuave> no cause it trys to start the interface and gives it an IP
[02:07] <esuave> its retarded why single user mode starts networking
[02:07] <brendon> low cpu usage meaning i could use junk/cheap low spec machines.  current server is a 4 year old low spec laptop and streams 9 channels at once on one client no worries.  client has a bit of trouble though...  um, well, i dunno.... they are all addressed as 239.255.x.x, which that dude in the guide reckons are special addresses that routers know are rtp streams.  the only way i know to connect remotely is with the ext
[02:07] <brendon> ernal ip or using my crappy 3rd level domain name, which of course just fowards port 80.  so yeah, I'd say its local streaming only.  got all ports open to the server - got a few things running haha.  oh yeah, the rtp thing is multicast hey, well, at least on here as many ppl as they want can connect to the one stream - and aparently it doesn't use extra bandwidth - according to that dude.  but the router was burning
[02:07] <brendon>  out even with no connections to the streams but with them "ready" to connect - or being served by dvblast
[02:32] <sarnold> brendon: ah, good. then you're already doing everything right, I think.
[02:46] <brendon> oh... ok what a letdown.  Thanks for your help but, now I have a further understanding of what I am dealing with.
[02:46]  * brendon abandons his get-rich quick scheme
[02:47] <brendon> haha, it still works.  ah, irc, takes me back...
[02:47] <sarnold> :)
[08:57] <Daviey> Good morning... dank and miserable weather today, but the party in #ubuntu-server is the place to be!
[09:05] <jamespage> morning all; morning Daviey
[09:11] <Daviey> jamespage: what is your take on bug 1066845 ?
[09:13] <jamespage> Daviey, hmm - not sure; I see a Suggests on novnc from nova-novncproxy which in turn has a dep on websockify
[09:15] <Daviey> jamespage: yeah, but Suggests is essentially noise
[09:16] <jamespage> Daviey, it should be a Depends - the service won't start without it
[09:16] <jamespage> I suspect the reporter installed novnc and its fixed the issue
[09:17] <Daviey> oh
[09:18] <jamespage> Daviey, we should fix it in the next set of SRU's - its a minimal change
[09:18] <jamespage> I suspect its suggests because novnc is in universe and nova-novncproxy might have been in main at some point in time
[09:18] <jamespage> but its also in universe...
[09:19] <Daviey> jamespage: We might need to re-work who is doing the next round of SRU's.
[09:19] <jamespage> Daviey, yes
[09:36] <marun> hi i need help in configuring forward lookup zone in  bind9. where can i get dummies documentation? I used ubuntu server guide. But it isn't enough helpful
[09:38] <marun> any ideas?
[09:43] <vezq> search for "bind tutorial"
[11:34] <Cuacrzz> hello
[12:04] <disposable> i have computer1 which is my gateway to ipv6 (using tunnelbroker.net). i also have computer2 which has computer1 as its default ipv6 route. i've enabled "net.ipv6.conf.all.forwarding = 1" on computer1 but computer2 still can't get any further than computer1. computer1 has no problem accessing ipv6 internet. what am i missing? more detailes here http://pastebin.com/EfdAU6e3
[12:43] <xnox> "WARNING: Failed to create krb5 context for user with uid 0 for server" upon mounting nfs4 export
[12:43] <zul> jamespage: yeh so we probably need a MIR for websockify
[12:44] <jamespage> zul, its all in universe so I don't think so
[12:44] <zul> novncproxy?
[14:20] <MoleMan> I have a samba share that is renaming a file to some garbage on the two devices I've checked on (one Android, one windows), the file is named correctly in the local folder, is there anyway to browse the share locally from the CLI, or anyone have any ideas what the issue is?
[14:22] <MoleMan> aah, samba doesn't like colons: fixed, nvm thanks anyway :p
[14:22] <MoleMan> took me that long to think of it after asking XD
[15:02] <roaksoax> jamespage: howdy!!
[15:03] <jamespage> roaksoax, hey!
[15:03] <roaksoax> jamespage: ok so i refactored the hacluster charm, now im integrating it with the quantum charm
[15:03] <jamespage> roaksoax, sweet!
[15:03] <roaksoax> jamespage: so for now I'll do this: 1. make l3/dhcp agent run in the same machine, 2. make quantum-server run in all machines
[15:03] <jamespage> I pushed a few changes to the charm today - mainly for a helper script to create private tenant helpers
[15:03] <jamespage> roaksoax, that sounds good to me
[15:04] <jamespage> the only other bit I can think of the the ip address assignment to the external bridge
[15:04] <jamespage> technically I don't think that is required; so can probably just be disabled.
[15:04] <jamespage> quantum will deal with creating IP addresses in ip namespaces on the active gateway machine.
[15:05] <roaksoax> jamespage: right, so if it is still required, and the IP is known previously, we can handle that within the cluster as well
[15:14] <iliv> hi, I was wondering why I get different numbers for total security updates when using apt-check and apt-get in this fashion: http://pastie.org/5387885 ?
[15:30] <iliv> whoa, this is becoming mental, ran another apt-get update and now sudo apt-get -s upgrade |grep "^Inst" |grep -i securi |wc -l returns 0 while apt-check still shows there are > 0 security updates
[15:30] <iliv> wth?
[15:37] <iliv> I swear apt-get now ignores changes to my /etc/apt/sources.list where I move lines for security updates repositories to either beginning or the end of the file and after that when I run sudo apt-get update it just connects to security updates repos in either case.
[15:37] <iliv> looks like some sort of caching or something
[15:37] <iliv> let me try to remove those lines for security update altogether...
[15:39] <BrixSat> Hello
[15:39] <BrixSat> i need to make my server save all networt trafic for later analysis
[15:40] <BrixSat> whats the best option?
[15:41] <iliv> ALRIGHT, never mind what I said about apt-get ignoring my edits, those were lines starting with Ign for Translation-en_US that I glanced over...
[15:41] <ropetin> BrixSat: lots of variables to that question.  How much data, what kind of bandwidth?  Storing on the local server, storing somewhere else?
[15:42] <iliv> BrixSat, configure port mirroring if your switch is capable of that
[15:43] <BrixSat> ropetin:  humm, data arround 150gb per month, storing localy , no switch access just the server it self
[15:44] <ropetin> As long as you have the storage for it then, dumpcap to a ring buffer on local storage?
[15:44] <ropetin> They you can at least analyze it with tshark or whatever
[15:47] <BrixSat> :/ that is not bad, aint there any other solution more "easy" my boss aint that expert :p
[15:47] <ropetin> OpenFPC
[15:47] <BrixSat> =)
[15:47] <ropetin> Or you could spend money on a NetWitness NextGen infrastructure
[15:48] <ropetin> Although that is a lot of money
[15:50] <hack> i am confused between using debain or ubuntu as my commercial server.
[15:51] <hack> which should i prefer ?
[15:51] <hack> benefits of ubuntu over debian ?
[15:51] <iliv> ubuntu is hip :P
[15:52] <hack> hip ?
[15:53] <iliv> never mind, that is just a tongue-in-cheek statement :)
[15:53] <highvoltage> hack: ubuntu has long-term support releases, which could be useful depending on your needs. you also need ubuntu server as apposed to debian if you want to use Canonical's services (like Landscape)
[15:54] <hack> highvoltage: ok, but ubuntu is also as stable as debian ?
[15:54] <hack> and i have checked the packges they are too almost same version.
[15:55] <highvoltage> hack: that's not really a simple answer, but in terms of general purpose server stuff, the LTS release is synced from debian testing and already put through its paces, so it's very stable
[15:55] <iliv> a question, why would apt-get -s update show those packages that are security updates as lucid-updates (I'm playin with the lucid here so...)?
[15:55] <highvoltage> hack: (sorry for my broken english today, I meant, "there's not really a simple answer")
[15:56] <hack> highvoltage: no need to be sorry :) language is not a prob at all :)
[15:56] <iliv> UNLESS SOMEONE IS A GRAMMAR NAZI that is
[15:57] <Tm_T> iliv: please...
[15:58] <iliv> hack, http://askubuntu.com/questions/15314/debian-stable-vs-ubuntu-lts-for-server
[15:58] <iliv> hack, http://askubuntu.com/questions/52066/what-is-the-difference-between-ubuntu-and-debian-server
[15:58] <iliv> hack, http://serverfault.com/questions/389199/is-it-debian-really-more-stable-for-servers-than-ubuntu-lts
[15:59] <iliv> also Google :)
[15:59] <hack> iliv: thanks mate lot's of imp info :)
[15:59] <iliv> yw!
[16:00] <hack> there are not many landscape videos on the net.
[16:04] <iliv> a question, why would apt-get -s update show those packages that are security updates as lucid-updates (I'm playin with the lucid here so...)?
[16:05] <iliv> here's what I mean: http://pastie.org/pastes/5388180/text
[16:06] <iliv> I'd really love to see what packages are going to be installed as security updates, but how?
[16:10] <roaksoax> jamespage: in utils.relation_get("XYZ"), what happens if XYZ key=value has not been set?
[16:13] <jamespage> roaksoax, 'None'
[16:13] <jamespage> empty string in actual fact
[16:13] <jamespage> but the helper in the quantum charm converts that to None
[16:14] <roaksoax> jamespage: to None or 'None'
[16:14] <jamespage> roaksoax, None
[16:15] <roaksoax> jamespage: so this should work then, right?: orders = {} if utils.relation_get("orders") is None else ast.literal_eval(utils.relation_get("orders"))
[16:15] <jamespage> so you can do if utils.relation_get("xyz"): for example
[16:15] <jamespage> yep
[16:16] <roaksoax> jamespage: yeah I thought so... weird then... it fails :)
[16:16] <jamespage> roaksoax, I checked on the ip address assignment thing in quantum; its not required
[16:16] <jamespage> so I dropped it by default on the charm
[16:16] <jamespage> users can still specify it but it comes with a health warning
[16:17] <jamespage> roaksoax, lemme check again
[16:17] <roaksoax> jamespage: ok I got it, i wasw using an outdated version of utils
[16:17] <roaksoax> jamespage: do you have your utils.py in a location independently from the charm?
[16:17] <jamespage> roaksoax, right - the one from ceph returns ""
[16:17] <roaksoax> jamespage: i think you should make a stanndard one
[16:17] <roaksoax> to make it reusable
[16:18] <roaksoax> for every chamr :)
[16:18] <jamespage> roaksoax, no but we need to - some of its already in python-charmhelper - buts thats not avaliable everywhere
[16:18] <roaksoax> i see
[16:18]  * jamespage berates himself for doing 'manual reuse' C-c C-v
[16:18] <jamespage> lol
[16:18] <roaksoax> :)
[16:25] <BrixSat> the openfpc is great :)
[17:08] <jamespage> zul, smoser, roaksoax, adam_g: ooo - I just saw the solution the metadata service access with quantum get proposed to grizzly
[17:10] <jamespage> roaksoax, I just added a README to the quantum charm which is better than my wiki topic
[17:10] <Daviey> jamespage: nice!
[17:13] <roaksoax> jamespage: cool!
[17:16] <jamespage> lp:~james-page/charms/quantal/quantum/trunk if anyone wants to know
[17:25] <roaksoax> jamespage: some basic, initial support: lp:~andreserl/+junk/quantum lp:~andreserl/+junk/hacluster
[17:38] <roaksoax> jamespage: so using your deployer cinder gets install error
[17:39] <jamespage> roaksoax, does it?
[17:39] <jamespage> do you need to amend the device its using?
[17:39] <roaksoax> jamespage: maybe is it becuase i'm using canonistack?
[17:39] <iliv> seriously, guys, this isn't even funny now that I logged to the production Precise server and I can't distinguish between generic and security updates
[17:39] <jamespage> roaksoax, yes - you need to update the config to use the ephemeral disk instead
[17:39] <jamespage> same with ceph
[17:40] <roaksoax> jamespage: can't I just simply avoid it for now?
[17:40] <jamespage> roaksoax, well I'm assuming you want to be able to test a instance running right?
[17:41] <jamespage> actually yes - just ignore it - just don't try to present volumes to instances and you will be alright.
[17:41] <roaksoax> yeah that should be enough
[17:41] <iliv> see it for yourself: http://pastie.org/pastes/5388623/text apt-check says there are 6 security updates but which are those?
[17:41] <roaksoax> jamespage: btw.. does the cinder charm create /dev/sdb, or does it expect to have a partition already?
[17:41] <jamespage> it should create it all for you
[17:42] <roaksoax> jamespage: so, if the disk only has /dev/sda... does it resize the disk to create sdb or what?
[17:42] <jamespage> roaksoax, no - it uses a second device
[17:43] <jamespage> the ephemeral disk in a instance for example
[17:43] <jamespage> or in the CI lab the second disk in each server
[17:43] <roaksoax> jamespage: ah I see
[17:43] <roaksoax> jamespage: right so we expect the server to have 2 disks for example
[17:43] <jamespage> yep
[17:43] <jamespage> OS + Data
[17:43] <jamespage> same for ceph
[17:43] <jamespage> infact for ceph you want more disks - maybe ~8 ideally
[17:43] <sarnold> iliv: this may help: http://www.ubuntu.com/usn/
[17:43] <jamespage> but this is testing after all
[17:44] <sarnold> iliv: note especially apache in that list, there's at least five apache packages...
[17:45] <roaksoax> jamespage: right, so for cinder how do I specify a ephemeral disk ?
[17:46] <jamespage> block-device: vdb
[17:46] <jamespage> overwrite: true
[17:46] <jamespage> roaksoax, ^^ try that
[17:46] <roaksoax> jamespage: right, but do I have to amnually assign that to the instance, or the deployer does it or is it just"virtual"
[17:47] <jamespage> roaksoax, ah - right - use a constraint to pick an instance type which has ephemeral storage
[17:47] <jamespage> m1.tiny or whatever does not have this
[17:47] <jamespage> instance-type=m1.small should do it
[17:48] <roaksoax> jamespage: ok cool, thanks
[17:48] <jamespage> roaksoax, the charm will unmount the /mnt filesystem it gets presented on automagically
[17:49] <roaksoax> jamespage: ok cool!
[17:52] <iliv> sarnold, it's just that it seems that sometimes these security updates appear with $release-security and sometimes $release-updates... why?
[17:53] <iliv> I mean that happens within 0.5hr time frame
[17:53] <iliv> it's not like I'm talking about a situation when new security updates became available and those appear to be coming not from $release-security repository
[17:54] <sarnold> iliv: security updates are pushed into -updates after being published so that they can be distributed on the mirror network, rather than just live on security.ubuntu.com
[17:55] <iliv> does that mean that apt-get gets confused sometimes or something?
[17:55] <iliv> I mean
[17:55] <iliv> clearly, if it shows $release-updates this repository was used first.. but what determines the order?
[17:55] <iliv> the reason I'm worried about this is because I want to review manually what packages are exactly security updates
[17:56] <iliv> to carefully plan upgrade process
[17:58] <rbasak> "apt-cache policy <package>" can help you distinguish
[17:58] <sarnold> iliv: that's a good question. I know we go through the trouble of pushing to -updates because it saves vastly on download time for users -- yay for the mirror network -- but I'm not sure how apt knows to prefer -updates over -security when the version number is going to be identical between them...
[17:59] <rbasak> Security updates will appear in both -security and -updates
[17:59] <rbasak> Non-security updates will appear in -updates only
[18:02] <iliv> sarnold, I might be wrong, but essentially what I've experienced is that sometimes those security updates appear as -updates when I run apt-get -s upgrade |grep ^Inst
[18:02] <iliv> like I've seen this with my own two eye on my terminal lol
[18:04] <iliv> so far, the only way to see security updates would be to have security updates repositories ONLY in a separate apt source list file and pass it as an option to apt-get
[18:04] <iliv> that works, but is a little heavy on typing :P
[18:05] <rbasak> Or you could use apt pinning I think. Not sure of the details there though
[18:06] <iliv> apt pinning is like a nightmare for me
[18:06] <sarnold> iliv: indeed, it takes a little bit of time for the updates to make it to the mirror network
[18:07] <sarnold> you may wish to just use your own apt mirror and monitor which packages enter the mirror that way
[18:08] <iliv> still creating a bash alias for 'apt-get -s upgrade -o -o Dir::Etc::SourceList=/path/to/a/file.list |grep ^Inst' would be easier and faster :)
[18:09] <iliv> single -o, of course
[18:23] <roaksoax> jamespage: ok so I removed cinder/ceph from openstack.cfg and services deployed fine, machines started, but the script stays in "Waiting for all service units to reach 'started' state"
[18:25] <roaksoax> jamespage: hook.output@INFO: Cannot find device "em2"
[18:32] <roaksoax> jamespage: i guess it is an issue of using canonistack?
[18:51] <jamespage> roaksoax, no - you need a second nic
[18:51] <jamespage> just unset that option
[18:52] <jamespage> gah - you will need to reboot the nova-compute host as well
[18:52] <jamespage> I see a weird bug when not running on hardware that the juju agents lose connectivity to zookeeper
[18:52] <jamespage> a reboot sorts its out
[18:54] <roaksoax> jamespage: ok, so for quantum on canonistack i need to obviate (comment out) the ext-port relation setting in the hook?
[19:03] <lvmer> Hey where do you guys go to learn ubuntu? Like is there a local club listing somewhere? I've 95% setup a home server by myself through online tutorials, but I'm just having a 2nd set of eyes on the configs / etc. would be helpful. It would be cool to interact or shadow someone better than me too.
[19:04] <lvmer> but I think having a 2nd set*
[19:13] <jamespage> roaksoax, spot-on
[19:17] <roaksoax> jamespage: ok so I got it work in, cluster not fully configured dunno why though :)
[19:23] <daniel_->  u
[19:48] <matthewh3> can anyone help me install elgg - following this guide - http://docs.elgg.org/wiki/Install_Ubuntu - I tried "$ nano /etc/apache2/sites_available/default" but it doesn't exsist???
[19:49] <sarnold> what doesn't exist? nano? or /etc/apache2/sites_available/default ?
[19:49] <roaksoax> matthewh3: /etc/apache2/sites-available/default
[19:49] <roaksoax> s/_/-
[19:49] <webmonkey> Any advice using Chrootdir with Apache 2.2.14 on Ubuntu 10.04?
[19:49] <sarnold> roaksoax: :D
[19:49] <roaksoax> :)
[19:50] <matthewh3> ty
[19:50] <webmonkey> I added the ChrootDir Directive to the config file and restarted Apache but it doesn't seem to have any effect.
[19:51] <webmonkey> as www-data I am still able to navigate to root.
[19:51] <sarnold> webmonkey: how did you test that?
[19:51] <webmonkey> 'su www-data' followed by 'cd /'
[19:52] <webmonkey> Is there a better way?
[19:52] <sarnold> webmonkey: was that shell started via a script from apache or something?
[19:52] <patdk-wk> that is going be a LOT of stuff, you need to put into the chroot for apache and everything to work
[19:52] <webmonkey> No, I was root when I ran that command
[19:52] <sarnold> webmonkey: a configuration option in an apache file will only influence apache and its children
[19:53] <webmonkey> patdk-wk I've heard that, just seeing how much of a pain it is lol
[19:54] <patdk-wk> a royal nightmare, it's possible, and once you know EVERYTHING you need, make a script to update them all
[19:54] <webmonkey> sarnold okay that makes sense, thanks
[19:54] <sarnold> webmonkey: a better way to test would be to write a php script or a perl script and try to access resources like /etc/passwd that way....
[19:54] <webmonkey> So bascially I should tell my client it's not worth the trouble? I intend to implement mod_security
[19:55] <webmonkey> sarnold Gotcha, that's what I'm getting ready to try.
[19:55] <matthewh3> do I need to download and unzip Elgg in a Apache folder as I've just done it in the default home folder - http://docs.elgg.org/wiki/Installation
[19:56] <sarnold> webmonkey: you may wish to investigate apparmor instead; it doesn't require setting up a chroot environment just for apache
[19:57] <sarnold> webmonkey: (apparmor is an alternative to ChrootDir, not an alternative to mod_security)
[19:57] <webmonkey> sarnold will do, I've been intending to check it out anyway. Thanks!
[19:57] <matthewh3> going to follow this guide - http://www.upubuntu.com/2012/03/how-to-install-elgg-social-networking.html - will get back if I need any help ty
[19:57] <patdk-wk> webmonkey, mod security and chroot are two totally different kinds of protection
[19:58] <webmonkey> patdk-wk I know. Just trying to have a more secure setup.
[19:58] <patdk-wk> secure against what?
[19:59] <webmonkey> The server hosts a publicly accessible website, and the client is rather paranoid because their server got hacked once.
[19:59] <patdk-wk> this day in age though, I just throw up vm's dedicated to webserving
[19:59] <patdk-wk> instead of attempting multiserver stuff with chroots
[20:00] <patdk-wk> that so doesn't sound like chroot will protect them
[20:00] <patdk-wk> it normally takes 2 hacks to root a server, 1 hack if you don't care about rooting it
[20:00] <webmonkey> yeah I don't really feel that chrooting is necessary, but this is a client that thinks they know more than they actually do lol
[20:00] <patdk-wk> and normally those hacks are easily found in php/perl/whatever cgi your running
[20:01] <webmonkey> Im hoping mod_security will help with those potential issues
[20:01] <patdk-wk> as long as it's updated, it should
[20:01] <patdk-wk> and as far as rooting the server, normally that is the same thing, as long as you update ubuntu, it should be ok
[20:02] <webmonkey> Cool, well I will start working on mod_security then, and will check out apparmor after that
[20:02] <patdk-wk> doesn't mean you can't do some extra things, like remove suid/sgid from everything you don't need
[20:03] <lvmer> ||  I've just got a quick syntax / terminal question  ||  if I want to redo the following: $ ls -l  command but change it to: $ ls -ld  .... what is the fastest way? http://paste.kde.org/608318/
[20:03] <lvmer> ^^ like redo a previous command but add the '-d'   ^^
[20:04] <sarnold> lvmer: ^-l^-ld ought to do it; also, up-arrow, ^A, arrow a bit..
[20:05] <lvmer> ah ^-l ^-ld worked well. Thank you. Yah I was just wondering if there was a faster way than pressing up arrow and scrolling through the characters. :)  much like: sudo !!      :)
[20:07] <sarnold> lvmer: you can also refer to the last argument on the previous command line with !$ -- ! for history, $ for last -- so ls /long/and/anonying/path   followed by cat !$ or rm !$ or whatever...
[20:07] <sarnold> so the next command could be ls -ld !$
[20:07] <lvmer> sarnold: aaaaaahhhhhh I like that too. :)
[20:09] <sarnold> lvmer: I probably didn't learn !$ until I'd been using linux for 15 years. I'm not sure when it was introduced, but I've liked knowing it. :)
[20:09] <lvmer> sarnold: yes... it is making a world of difference already... wow. & if you didn't know it already: $ sudo !1    = sudo apt-get update && sudo apt-get upgrade
[20:10] <lvmer> sarnold: at least for me on 'ubuntu-server'
[20:11] <sarnold> lvmer: hahaha
[20:11] <sarnold> lvmer: I can't trust my !1 to be the same thing every time... a bit dangerous with a 'sudo', too. :D
[20:11] <lvmer> sarnold: yah crazy huh? I found it through a complete mistype
[20:12] <lvmer> sarnold: my new home server has really been kicking butt lately. :)
[20:13] <lvmer> sarnold: & I setup my pidgin account to auto login here.... so I'll probably be around a lot. xD
[20:13] <sarnold> lvmer: woo :)
[20:41] <zastern> When I'm doing something like this inside an environment, do I need to specify the environment in this "url"? puppet:///modules/unattended_upgrades/50unattended-upgrades-12
[20:41] <zastern> like puppert:///staging/modules/foo/bar/etc
[20:52] <[conrad]> Hello everyone. Is it possible to configure automount, so that it mounts /home/$user via NFS if we authenticated via LDAP, but uses the local drive if it matches a local user? We have a localhost guest account on all of our Ubuntu machines, and we have no problem doing NFS entirely, or local disk entirely, but having some issues doing one primarily with a fallback of the other.
[20:54] <thafreak> Is there a recomended/prefered iscsi target implementation in precise?
[20:57] <thafreak> it looks like iscsitarget is in universe but tgt is in main...is that correct?
[20:58] <thafreak> and if so, does that mean tgt is prefered, since it's in main?
[21:02] <thafreak> or lio also seems to be in the repos...
[21:14] <matthewh3> can anyone help me install a elgg plugin - http://paste.ubuntu.com/1363554/
[21:15] <roaksoax> clear
[21:35] <episteme> hello everybody! Quick question...nothing big just bugging the hell out of me. When i log in i get a message that there are updates to be installed. I run apt-get and of course there is nothing....how can i reset these messages?
[21:41] <[conrad]> episteme: Which apt-get command are you executing exactly?
[21:42] <[conrad]> Also, can you pastebin the exact message that indicates "there are updates to be installed"?
[21:47] <episteme> [conrad]: well when i get the message i run the basic apt-get update then apt-get upgrade like ive alwasy done :)
[21:47] <episteme> the message is not from apt-get its when i log on in the motd
[21:47] <episteme> i guess i should have phrased the question to ask how to reset them in the motd
[21:49] <[conrad]> episteme: I've not personally experienced the issue ( presuming we're talking about packages, and not the actual release ). Though I do remember a bug in 10.x ( https://bugs.launchpad.net/ubuntu/+source/sysvinit/+bug/659738 ).
[21:51] <[conrad]> episteme: http://askubuntu.com/a/44163 better explains a solution if in fact this is the issue: http://askubuntu.com/a/44163
[21:52] <episteme> [conrad]: yeah i found that thread and that is exactly what im experiencing. i attempted the solved solution but to no avail :(
[21:54] <episteme> [conrad]: its such a small thing too...but its one of those things i want to know what cause it and fix it...just for the knowledge, but im lost lol
[22:09] <matthewh3> can anyone tell me why I can't unzip on ubuntu server but I can on Xubuntu?  The folders contain multiple files and I am just using the unzip command.
[22:12] <sarnold> matthewh3: pastebin what you've done and what results?
[22:14] <matthewh3> thanks - http://paste.ubuntu.com/1363687/
[22:16] <sarnold> matthewh3: what does 'file' show for that file?
[22:16] <matthewh3> what do you mean :/
[22:16] <sarnold> matthewh3: can you unzip that file just fine on your other machine? have you compared sha1sums to make sure they are identical?
[22:16] <sarnold> matthewh3: type 'file social-connect' -- it'll tell you what type of file it is
[22:17] <matthewh3> I can download it on Xubuntu and use archive manager to unzip it but on my Ubuntu VPS when I use the unzip command I get that error?
[22:17] <sarnold> file(1) uses magic numbers and magic offsets to identify thousands of different file types -- and it is usually good
[22:17] <matthewh3> root@coinconnect:/var/www/elgg/mod# file social-connect
[22:17] <matthewh3> social-connect: HTML document text
[22:17] <matthewh3> root@coinconnect:/var/www/elgg/mod#
[22:18] <sarnold> matthewh3: there you go :) you downloaded some html.
[22:18] <sarnold> nothing to unzip.
[22:19] <matthewh3> kk
[22:19] <matthewh3> ty
[22:20] <sarnold> quite frequently a web site will use a cookie or something to determine whether they should give you a form to fill out or a file to download :( sometimes it's just easier to download things using browsers rather than wget or curl...
[22:55] <imanc> does ubuntu come packages with postfix?  Postfix appears to be installed, on an ubuntu server I'm administering, but I can't seem to uninstall it via apt-get
[22:55] <imanc> yet it's listed in dpkg --list
[22:57] <sarnold> imanc: how did you try to remove it via apt-get? what error did you get back?
[22:58] <imanc> sudo apt-get remove postfix
[22:58] <imanc> and the error is:
[22:58] <imanc> Package postfix is not installed, so not removed
[22:59] <sarnold> but dpkg -l postfix shows you that it _is_ installed? very curious.
[22:59] <imanc> yep
[22:59] <sarnold> imanc: you can remove it via dpkg --remove postfix
[22:59] <imanc> dpkg -l | grep postfix
[22:59] <imanc> rc  postfix                           2.7.0-1ubuntu0.2                                High-performance mail transport agent
[22:59] <jkyle> howdy
[22:59] <sarnold> or dpkg --purge postfix
[22:59] <imanc> okay, i'll try that
[22:59] <sarnold> but be sure you want it gone :) hehe
[23:01] <imanc> sarnold: that appears to have worked. Thanks
[23:01] <jkyle> looks like my postfix chroot is screwey somehow. I'm getting errors like failure to resolv domains, failure to find service maps (like smtp). even though the chroot contains valid resolv.conf, hosts, and services files
[23:02] <sarnold> jkyle: nsswitch, too?
[23:03] <jkyle> identical to system, world readable
[23:03] <jkyle> I also verified the libnss, libresolv libraries are there and I'm fully updated/upgraded (precise 12.04)
[23:03] <jkyle> drop it out of chroot, all is well
[23:04] <koolhead17> melmoth, around?
[23:05] <melmoth> yep koolhead17
[23:05] <koolhead17> melmoth, were you able to find/document getting keystone over SSL
[23:05] <melmoth> hmm
[23:05] <melmoth> in folsom there is a new thingy
[23:06] <melmoth> but i m not sure i undersand what i read
[23:06] <melmoth> if i understand correclty, now, you can have the token signed by keystone
[23:06] <koolhead17> melmoth, https://bugs.launchpad.net/openstack-manuals/+bug/1032788
[23:06] <koolhead17> i was wondering if you could help me with this
[23:08] <melmoth> last stuff i read was https://www.ibm.com/developerworks/mydeveloperworks/blogs/e93514d3-c4f0-4aa0-8844-497f370090f5/entry/openstack_keystone_workflow_token_scoping?lang=en
[23:08] <melmoth> see the pki bits
[23:08] <melmoth> but if i understand correclty, the token is still readable by other people
[23:08] <melmoth> it s just signed
[23:08] <melmoth> so you know it comes fro keystone , but anyone can read it.
[23:09] <jkyle> well....
[23:09] <jkyle> as far as fixes go, this was stupidly simple considering the time I wasted figuring it out lol
[23:09] <melmoth> (it s encrypted all right, but with the private key of keystone, so any one with its public key can decrupt it, and be sure it comes from keystone)
[23:09] <koolhead17> melmoth, i will think about it. thanks
[23:09] <melmoth> i m still not sure its what "i want".
[23:10] <melmoth> my main problem was not "not being sure my token comes from keystone"
[23:10] <melmoth> but "i m not sure somebody else than whoever i think it is is using a token from someone else"
[23:10] <melmoth> anyway, too complicated for me, too many stuff to learn
[23:10] <melmoth> but my feeling is, it s still a bit on the hippie side of things.
[23:51] <hallyn> woohoo!  stgraber: had some locking snafus, but finally got a owrking syslogns patch.
[23:51] <hallyn> now to prepare for ridicule on lkml
[23:54] <stgraber> hallyn: yay!
[23:55] <stgraber> hallyn: btw, http://www.stgraber.org/2012/11/16/running-steam-in-a-lxc-container/
[23:57] <hallyn> cool :)  guess i have no excuse not to try it
[23:57] <sarnold> stgraber: nice :)