[00:36] <ddsss> what is export DEBIAN_FRONTEND=noninteractive  for?
[00:41] <sarnold> ddsss: to keep debconf from stopping an install to ask you a question
[00:45] <ddsss> sanderj_, makes sense. thanks
[00:45] <ddsss> sarnold, makes sense. thanks
[01:54] <jnix> howdy, the time has come for me to familiarize myself with ubuntu administration, any suggestions on where to start?
[01:54] <jnix> my bacground is with RHEL (RHCE)
[01:55] <lifeless> the wiki perhaps?
[01:56] <jnix> hoping to get fairly decent with it so i can start badgering my company to start supporting it too
[01:58] <jnix> the way you guys do apache is a ton different, this is my first area of study
[01:59] <sarnold> jnix: this may be a good starting point: https://help.ubuntu.com/12.04/serverguide/httpd.html
[01:59] <jnix> the serverguide, this looks like exactly what i'm trying to find, sweet
[02:00] <jnix> first step is to stop trying to use chkconfig ;)
[02:01] <sarnold> hehe
[02:02] <sarnold> jnix: you'll probably need this bookmarked, at least for a while: http://upstart.ubuntu.com/cookbook/#override-files
[02:03] <jnix> will do, started my learning process by installing 12.04 on my home server, running a minimal kvm hypervisor currently, now i need to get my php scripts working again
[02:03] <jnix> thank goodness theres so much documentation out there
[02:07] <jnix> sweet.. i can use kickstart files with ubuntu!
[04:45] <IdleOne> pangolin: would you please stop trying to log into my nickserv account
[04:45] <IdleOne> every time you do nickserv sends me a notice.
[04:46] <IdleOne> that'll learn you
[05:02] <elkingrey> I'm in the process of learning my first programming language, Python. I'm still sort of a tech noob. I've been using Linux for three years. I built a VPS by following directions. I still host my own website. But anywho, I feel like I need to gain a better understanding of things like Apache, sockets, tcp/ip, and so many more things that I don't even know I need to know. What I'd really like is to be able to thorough know and understand my LAMP
[05:02] <elkingrey> stack and be a good sys admin for my server. For example, I run my own mail server. I never maintain it. It works and I can send and receive my email, but often times mail gets returned for being considered spam. Somebody once excoriated me because I don't know how to properly run a mail server, and that's why there's so much spam in the world. I don't even know where to go to learn how to be a good sys admin. I browsed some books on oreilly.co
[05:02] <elkingrey> m, but didn't find anything that relevant. Can somebody give me some good book recommendations to be a good sysadmin so that I can be a better programmer?
[05:49] <sarnold> elkingrey: wow, that's years worth of knowledge and experience you're looking to acquire :)
[05:50] <sarnold> elkingrey: knowing how things works is always worthwhile though; I strongly recommend W. Richard Steven's Advanced Programming in the Unix Environment for a good, all-around introduction to the operating system. It'll be too detailed in many places, but it'll be a fantastic reference for the next decade or two.
[05:52] <sarnold> elkingrey: understanding TCP/IP deeply is also extremely helpful; W. Richard Stevens also has many good TCP/IP books; I _think_ TCP/IP Illustrated is probably the series to get. Skip over the XPI and STREAMS stuff. Read the T/TCP stuff but realize none of it is going to happen.
[05:54] <sarnold> elkingrey: I learned absolute tons about email from reading the three-inch-thick ora sendmail book, but I wouldn't wish sendmail on anyone; postfix's manpages are good and detailed but I haven't found a similarly good "overview" page of the thing.
[05:57] <elkingrey> sarnold: Browsing your recommendations now. Thanks!
[05:58] <sarnold> elkingrey: hrm, I just now remember that djb's qmail docs seemed good, when I read them 10~13 years ago. I bet they'd hold up well, those might help provide some nice perspective on things
[06:06] <elkingrey> sarnold: Here's a book that looks important. http://shop.oreilly.com/product/9780596002978.do
[06:21] <sarnold> elkingrey: ah, yes!
[06:22] <sarnold> elkingrey: I read an earlier version of that book, I thought it was a touch light in places, but it'll probably serve you better than TCP/IP Illustrated.
[06:26] <sarnold> elkingrey: this website will help you understand some of the deep deep linux networking magic: http://www.lartc.org/
[07:54] <koolhead17> hi all
[10:06] <_ruben> oh boy .. do i get to hate perl's RRDs module's thread unsafety .. sigh
[10:15] <io> you seem intent on using that nick and trying to identify to it
[10:16] <io> pangolin: feel free to register the nick. I ungrouped it.
[10:44] <pgp> Hi, i got problem with my ubuntu server, eth0 isnt coming on after a scheduled reboot :(
[10:45] <pgp> i can see the network controller in lspci
[10:45] <pgp> i keep getting msg No DHCPOFFERS received.
[10:47] <pgp> anyone please.
[10:48] <SuperMatt> well, sounds like your DHCP isn't offering it an IP address
[10:48] <pgp> well i've tried same router plugged into windows machine.
[10:48] <pgp> picks up fine
[10:48] <pgp> with same cable
[10:48] <SuperMatt> weird
[10:48] <pgp> when i do ifconfig eth0 it isnt showing me any ip address.
[10:49] <pgp> routing table is empty
[10:49] <SuperMatt> well it sounds like your router just isn't offering the ip address... have you tried rebooting/resetting the router?
[10:50] <pgp> its working fine with other devices SuperMatt...
[10:50] <pgp> also i dont know if i should be alarmed.
[10:50] <pgp> ethenet lights do not lit up?
[10:50] <pgp> on my ubuntu server.
[10:50] <SuperMatt> ah
[10:50] <pgp> where the cable goes in.
[10:50] <SuperMatt> sounds like there's a physical problem
[10:50] <pgp> bummer!
[10:51] <SuperMatt> as in, the connector just isn't working
[10:51] <SuperMatt> ubuntu may recognise the chip, but it sounds like the port is deaded
[10:51] <SuperMatt> though have a look inside the port for some fluff, maybe
[10:52] <pgp> ok
[10:53] <pgp> no luck...
[10:53] <pgp> am i correct in thinking that lights should lit up no matter wt?
[10:53] <SuperMatt> when I went to uni, I had an ethernet port in my room. I couldn't plug in my ethernet cable, so I investigated. I found a broken off "tab" from the last user's ethernet cable
[10:53] <SuperMatt> some people just don't know how to remove ethernet cables
[10:54] <SuperMatt> yeah, one should come on straight away
[10:54] <SuperMatt> it basically means it has power
[10:54] <SuperMatt> shouldn't matter if the os have brought the device up
[10:54] <pgp> i thought so,
[10:54] <pgp> well nothing changed really, only change that happened was scheduled reboot
[10:54] <pgp> and after that it never came back on
[10:55] <SuperMatt> hurm
[10:55] <SuperMatt> have you checked the bios? could be a bios option changed to turn it off
[10:55] <pgp> checked already
[10:55] <pgp> disabled and re-enabled.
[10:56] <SuperMatt> I'd be looking in to getting another nic then
[10:56] <SuperMatt> is it on the motherboard or is it a daughter board?
[10:56] <pgp> onboard :(
[10:56] <SuperMatt> I think it's new nic time then
[10:57] <pgp> i got a usb wifi stick
[10:58] <pgp> is it straight forward to configure them from command prompt
[13:14] <avickery>  I installed Ubuntu desktop a while back and then installed each lamp component manually. Worked great. I could access the server from any device in the house by browsing to http://xx.local. I wanted learn more about the command line so I installed ubuntu server and  did the same manual install of LAMP. I can access it by IP address but not by name, what gives?
[13:16] <ogra_> you want avahi-daemon to get the .local domain
[13:18] <avickery> Is it not installed by default and do I need to get rid of bind9?
[13:19] <ogra_> it is installed on the desktop but not in servers by default
[13:19] <ogra_> no idea if it clashes with bind
[13:19] <ogra_> i doubt it though
[13:19] <avickery> sudo apt-get install avahi-daemon?
[13:21] <ogra_> right
[13:21] <ogra_> if it doesnt work OOTB restert your network or reboot
[13:22] <avickery> Rock n' Roll. Worked in like 2 seconds. You rule! Thank you!
[14:04] <mah454> Hello
[14:05] <mah454> How can do this ? http://www.linuxquestions.org/questions/linux-networking-3/vpn-connection-peer-user-4175444976/
[14:14] <samba35> is it advisable to install pre-release package ?
[14:25] <gema> Daviey: ping
[14:26] <Daviey> gema: pong-a-dong
[14:29] <sw> Hi, is there a guide for upgrading a 12.04 server -> 12.10 via command line?
[14:30] <[conrad]> sw: do-release-upgrade should do the trick for you. I'm not sure if this is still the case, but a month or two ago when I used that approach to go to 12.10, I had a few additional steps because 12.10 was not considered stable.
[14:32] <[conrad]> Has something changed with isc-dhcp-server in Ubuntu 12.x ( in this case using the Alternative CD to do an LTSP server install? ). I had previously used deny unknown-clients; in combination with the removal of the range ( as proposed by shauno and patdk-lap ), and found this to work as expected, which was to allow a second DHCP server to run in our environment exclusively for thin clients who are "approved" via a host definiti
[14:32] <[conrad]> on with static ip's by MAC addresses, without interfering with the first ( which handles all other devices on the network ). Since deploying the 12.04 item, we've found some devices seem to still try and make a request from the DHCP server ( for which they are never given a response, which is partially correct )
[14:33] <ogra_> sw, you need to edit /etc/update-manager/release-upgrades  on 12.04 to use non LTS for upgrading (by default 12.04 would only upgrade to 14.04), then use do-release-upgrade
[14:40] <sw> ogra_ Thanks.
[14:46] <hallyn> jamespage: ping on ipxe push?
[14:51] <M0rsa> Hello. Has anyone used squid and snort together over a bridge connection before. I've asked here before but I just got some guy saying it won't work w/out giving me any reason why
[14:51]  * jamespage puts down jenkins for a bit
[14:51] <jamespage> hallyn: sorry - been dealing with a jenkins security issue
[14:51] <jamespage> hallyn, I'll look right now
[14:52] <M0rsa> Hello?
[14:52] <M0rsa> Anyone live here?
[14:52] <M0rsa> Hello?
[14:52] <M0rsa> Anyone here?
[14:53] <jamespage> bye
[14:55] <jamespage> hallyn, is the end plan to get rid of kvm-ipxe?  i.e. transition to ipxe-qemu?
[14:58] <feisar> I have 12.04 server running with raid1 and I'd like to install the grub bootloader on both disks (sda, sdb) but I'm getting the following error: '/dev/mapper/../dm-0 does not have any corresponding BIOS drive'. Could anyone point me in the right direction?
[14:58] <feisar> (the command I'm running is sudo grub-install --recheck /dev/sda)
[15:02] <patdk-wk> you install it to sda and sdb
[15:05] <feisar> well I need the system to boot even if I remove a failed disk, at the moment it will only boot if one specific drive is plugged in
[15:05] <feisar> sda and sdb make md0 (raid1)
[15:06] <feisar> but I think at the moment grub2 is only installed on the mbr of sda
[15:06] <feisar> if that makes sense
[15:08] <feisar> should I be running 'grub-install /dev/md0'?
[15:10] <sw> Hi, if I wanted to block all traffic apart from SSH connections on port 22 from 192.168.0.2, can someone give an example of the command?
[15:12] <feisar> use ufw
[15:12] <feisar> ufw default deny
[15:13] <feisar> ufw allow tcp/22
[15:13] <feisar> ufw emable
[15:13] <feisar> *enable
[15:13] <feisar> oh sorry that allows any connections to 22
[15:14] <sw> Why ufw over iptables?
[15:14] <hallyn> jamespage: probably
[15:14] <feisar> ufw creates your iptables rules for you
[15:15] <sw> So again, why ufw over iptables?
[15:15] <hallyn> jamespage: but at the moment i wanted to minimize the already huge # of moving pieces
[15:15] <jamespage> hallyn, so why not just depend on kvm-ipxe until we are ready to change its name?
[15:16] <feisar> sw: ufw allow from 192.168.0.2 to any port 22
[15:16] <jdstrand> sw: ufw is a frontend for iptables. it handles common situations and integrates into the boot process. it provides an easy mechanism to update your firewall and a framework for configuring it
[15:17] <jdstrand> sw: it works particularly well as a host-based firewall. you can learn more about it with 'man ufw' and 'man ufw-framework'
[15:18] <hallyn> jamespage: to minimize the delta from debian for qemu...
[15:18] <hallyn> i'm trying to make future merges as simple as possible
[15:18] <jamespage> hallyn, ah - so qemu in debian depends on ipxe-qemu?
[15:18] <hallyn> right
[15:19] <hallyn> kvm-ipxe (/qemu-ipxe) also needs to drop 3 of the links it ships so qemu can ship them as it does in debian, but again i'm putting that off right now
[15:19] <sw> jdstrand So why should it be used over iptables?
[15:19] <sw> Or, 'instead of using iptables directly', I mean.
[15:20] <feisar> sw: if you want to use iptables, go ahead, or you could use ufw to create some iptables rules for you, either is fine. ufw is a little easier
[15:20] <jdstrand> sw: because it makes things easier for you
[15:20] <jdstrand> sw: if you don't care about that, use iptables
[15:20] <jdstrand> directly
[15:21] <sw> jdstrand I'm not saying I don't care, I'm asking a question as to how. And so far all I've gathered is 'it's just easier'. How is it easier, is what I'm asking?
[15:22] <jdstrand> sw: I just said why it is easier: it handles common situations and integrates into the boot process. it provides an easy mechanism to update your firewall and a framework for configuring it'
[15:22] <sw> Common situations?
[15:22] <jdstrand> sw: perhaps perusing https://wiki.ubuntu.com/UncomplicatedFirewall would demonstrate it better
[15:23] <feisar> sw: I gave you the commands you need to achieve what you want, using ufw. What you want to achieve is a common request. use those commands and get up and running or go and learn how to create rules directly using iptables
[15:24] <sw> Or you could have just given the iptables command, which is the question that was asked?
[15:24] <sw> Thanks anyway.
[15:25] <jdstrand> sw: iptables rules are not persistent
[15:25] <jdstrand> sw: and a simple iptables rule isn't enough to configure a firewall for the system
[15:25] <ssvss> HI, I have ubuntu-server running in virtual box. I wanted to increase the hd size. from the virtual box side I have increased the size. it shows the new size when checking from the host. how can I extend the hd size in the ubuntu-server guest machine.
[15:26] <jdstrand> sw: so you need to do things like configure ingress, egress, dhcp, logging, loading the firewall on boot, etc
[15:26] <jdstrand> sw: and ufw provides that
[15:26] <jamespage> hallyn, OK - I understand - working right now
[15:27] <jdstrand> 'sudo ufw allow OpenSSH && sudo ufw enable' and you have a working firewall. to see what it is doing under the hood, read the man pages I mentioned and look at the rules in /etc/ufw
[15:29] <feisar> how do I install grub on the mbr of a disk when the disk is part of a raid1?
[15:31] <sw> jdstrand so ufw enable;ufw default deny;ufw allow from 192.168.0.2 to any port 22 does more than iptables -A INPUT -s 192.168.1.0/24 --destination-ports 22 -j ACCEPT; iptables -P INPUT DROP?
[15:33] <feisar> they would do different things
[15:33] <jdstrand> sw: yes (and you could just use 'ufw allow from 192.168.0.2 to any app OpenSSH ; ufw enable'
[15:33] <jdstrand> sw: like I said, it makes it so your rule is applied on reboot. sets up allowing dhcp, etc
[15:34] <sw> jdstrand Ok I'll use that, just seems odd 'speaking to it' rather than the default --options.
[15:35] <jdstrand> sw: to learn more, examine /etc/ufw/*rules and 'man ufw-framework'
[16:20] <jamespage> hallyn, uploaded
[16:24] <hallyn> jamespage: thanks!
[16:24]  * hallyn biab
[16:56] <thesheff17> anyone know allot about unattended-upgrades....I'm starting to test this some with 12.04 and some machines get 20auto-upgrades.ucf-dist
[16:56] <thesheff17> and the apt-get complains
[17:05] <matt_keys> I could use some help troubleshooting a Marvell 88E8001 GbE NIC on 12.10amd64 desktop. the link shows up, however it won't ping the gateway and the gateway can't ping it. ifconfig shows 2 "overruns"... i'm not sure what that means
[17:05] <matt_keys> pastebin.com/zmFTBwk2
[17:08] <matt_keys> this nic is dedicated for iscsi traffic. the other nic, eth0, is connected the exact same way and is working fine. i did have mtu set at 9000, but i backed it back down to 1500 and restarted to see if that was the cause. the switches are all "dumb"
[17:17] <ssvss> q
[17:38] <ssvss> Hi, when I run ubuntu server as virtuabox guest. when I increase the hd size from 8GB to 50GB, the ubuntu-server guest doesn't recognize the increased size. but the same works fine on ubuntu-desktop.
[17:39] <ssvss> After increasing the hd size, following command "blockdev --getsize64 /dev/sda5" in server shows the old hd size, but in ubuntu-destop it shows the increased hd size correctly
[17:39] <ssvss> any idea what I can do further to make it work in the server.
[17:39] <patdk-wk> reboot
[17:40] <patdk-wk> dunno if a scsi rescan would do it or not
[17:40] <ssvss> I increase the hd size after powering down the vm only. and check the size after a fresh boot
[17:40] <patdk-wk> how did you check the size?
[17:41] <ssvss> I used this cmd  - ""blockdev --getsize64 /dev/sda5'
[17:41] <patdk-wk> why would you expect it to change size?
[17:41] <patdk-wk> you checked the size of a partition, not the disk
[17:43] <sarnold> I thought '5' was special, used for storing the _other_ extended partitions?
[17:43] <patdk-wk> partitions 1-4 are *REAL* mbr partitions, 5+ is for logical partitions
[17:43] <patdk-wk> or extended partitions
[17:43] <patdk-wk> still, it's a partition, not a disk
[17:44] <patdk-wk> you checked the partition size, not the disk size
[17:44] <RoyK> patdk-wk: extended partition must be on 1-4
[17:44] <RoyK> logicals inside one extended
[17:44] <patdk-wk> confusing, it's just a partition containing partitions :)
[17:48] <RoyK> patdk-wk: and you can have only one extended partition...
[17:49] <patdk-wk> not sure, never used them
[17:49] <sarnold> this kind of fiddly old stuff is why I've stuck to / /boot swap /home on my drives -- anything finer-grained means figuring out the odd details.
[17:49] <patdk-wk> oh, I do have /boot, /, /home, /usr, /var, /??? seperate on many systems
[17:49] <RoyK> patdk-wk: beleive me on that ;)
[17:49] <patdk-wk> but those systems don't use partitions
[17:49] <RoyK> patdk-wk: having /usr on a separate partition is so ninetees :)
[17:50] <patdk-wk> not when it causes the system to take forever to boot
[17:50] <patdk-wk> my freebsd systems, won't boot till fsck is done on the /, so I make it only like 1gig
[17:50] <patdk-wk> and everything else seperate
[17:51] <RoyK> doesn't fbsd have journaled filesystems these days?
[17:51] <patdk-wk> these days/ probably
[17:51] <patdk-wk> 3years ago when it was setup? using ufs2
[17:51] <patdk-wk> I think it's ufs they use
[17:52]  * RoyK concludes that sitting mostly still for three months and then taking a small hour's bike ride makes some bodyparts ache...
[17:52] <sarnold> RoyK: iirc, journalled softupdates is work-in-progress
[17:52] <RoyK> k
[17:53] <ssvss> I am not sure why I used /dev/sda5. I followed an advice from vbox channel. Now when I check the disk size using "fdisk -l", it shows the increased size. any help on how I can extend the partion to increased size.
[17:53] <ssvss> https://gist.github.com/4504203
[17:54] <patdk-wk> ssvss, hmm, it should never auto-expand automatically
[17:54] <patdk-wk> you just need to use whatever patition program you want, gparted, fdisk, parted, ...
[17:55] <patdk-wk> and increase it
[17:55] <patdk-wk> then you will have to run resizefs to increase the filesystem
[17:56] <RoyK> patdk-wk: or resize2fs
[17:56] <patdk-wk> something like that
[17:56] <RoyK> exctly like that (if on ext[234])
[17:56] <patdk-wk> won't bash spellcheck? :)
[17:56] <RoyK> or autocomplete...
[17:57] <RoyK> well, it suggests alternate commands
[17:57] <RoyK> so yes
[18:20] <Flavr> hello guys :)!
[18:21] <SpamapS> you know, even though hpcloud doesn't have a local mirror.. it downloads packages pretty darn fast from the main mirrors
[18:21] <Flavr> Anyone got any idea how to set up hiphop php ? :o
[18:21] <SpamapS> Fetched 55.0 MB in 17s (3197 kB/s)
[18:21] <SpamapS> Flavr: how many requests per second do you handle across all of your servers?
[18:22] <sarnold> SpamapS: not bad, faster than my home connectin anyway
[18:22] <SpamapS> sarnold: well its faster than my 20Mbit too. :)
[18:22] <Flavr> Spamaps We got big sponsors wait second
[18:22] <SpamapS> Flavr: if its less than 10000, you don't need hiphop php.
[18:23] <Flavr> We got server with 16 cpu 16gb ram and 200gb.... and we are setting up it on short url service...
[18:24] <SpamapS> one server
[18:24] <Flavr> tup
[18:24] <Flavr> yup
[18:24] <SpamapS> Flavr: http://www.hilarious-pictures.com/sites/www.hilarious-pictures.com/files/images/youre-doing-it-wrong.jpeg
[18:25] <Flavr> Sure I am, JUST designer...
[18:25] <Flavr> Who need developers...
[18:25] <SpamapS> Flavr: let me introduce you to this cloud thing...
[18:25] <Flavr> Its cloud server :o
[18:25] <SpamapS> right, but you're still doing it wrong
[18:25] <Flavr> cloud server node *
[18:25] <SpamapS> see the point is *lots of cloud nodes*
[18:25] <SpamapS> not one big one
[18:26] <Flavr>  i see :o
[18:26] <Flavr> so you just say i sould run normal lamp stack ? :o
[18:26] <SpamapS> Flavr: in your situation, I'd recommend a PaaS
[18:26] <Flavr> what about tornado web server ?
[18:26] <SpamapS> Flavr: let people who know how to scale php do it for you.
[18:27] <Flavr> okey so what about the future.... if we get bigger and get more requests... sould we then move to hiphop ?
[18:32] <SpamapS> Flavr: look at what hip hop tells you. Its not like, 5x faster or anything
[18:32] <Flavr> okey... so what about tornado web server ? :o
[18:32] <Flavr> any benefits ?
[18:32] <SpamapS> Flavr: never heard of it
[18:33] <SpamapS> Flavr: honestly, your problem is not your software. Its your architecture.
[18:33] <Flavr> its from facebook too... lol
[18:33] <SpamapS> Flavr: let s PaaS vendor do this for you. They'll scale the PHP out, and handle things like databases and loadbalancers.. you just write your code.
[18:34] <Flavr> Tornado is an open source version of the scalable, non-blocking web server and tools that power FriendFeed. The FriendFeed application is written using a web framework that looks a bit like web.py or Google's webapp, but with additional tools and optimizations to take advantage of the underlying non-blocking infrastructure.
[18:34] <Flavr> SpamapS lol :p
[18:34] <Flavr> I am designer...
[18:34] <SpamapS> right
[18:34] <Flavr> We are looking for developers...
[18:34] <SpamapS> who isn't?
[18:34] <Flavr> Just trying... to figure what would ok to do...
[18:36] <Flavr> Btw.... any idea how we could handle out multiple requests... like randomly... generates... flvr.io flvr.me flvr.im
[18:53] <TheBronx> hi all!
[18:54] <TheBronx> I need help again, under a syn flood attack I see this message: "dst cache overflow" a lot of times.
[18:55] <TheBronx> and the network goes down until I force a remote restart of the server
[18:55] <TheBronx> is it possible to solve this problem?
[18:56] <sarnold> TheBronx: talk to hetzner. get them to nail down the largest sources upstream.
[18:56] <TheBronx> hey, hi sarnold! upgrading to ubuntu 12 solved the first problem (the link up problem) hehe
[18:57] <TheBronx> it is not hetzner directly, it is "providerservice.com", and they told me they don't provide any firewall
[18:57] <TheBronx> so I'm trying to mitigate the problem just with software...
[18:58] <Flavr> iptables ? :o
[18:58] <TheBronx> csf yeah
[18:58] <TheBronx> with SYNFLOOD activated
[18:58] <TheBronx> wait a second
[18:58] <Flavr> iptables -A INPUT -p tcp ! --syn -m state --state NEW -j DROP
[18:59] <sarnold> TheBronx: heh, nullrouting flood sources is just part of being a network provider, I'm afraid. I'd expect them to call hetzner then and push for the largest sources of flooding to be ignored for a while..
[18:59] <TheBronx> http://pastebin.com/rxBN6HU1
[18:59] <sarnold> TheBronx: glad to hear the one problem went away on upgrade though :) woo
[19:00] <TheBronx> as you can see CSF was doing great xD but then the error came up
[19:01] <TheBronx> they provide a "blackhole" when I'm under attack
[19:01] <sarnold> they switched attacks from syn to random udp flooding
[19:01] <TheBronx> but once the server is up, they attack again and again and again... and tomorrow will be 7 days under attack
[19:02] <Flavr> If you are not running a game server and are a victim of UDP attacks, request from your hosting provider that UDP traffic to your IP address or IP addresses are blocked. Most VPS or hosting providers will be more than glad to implement preventative measures to prevent problems to their network and customers.
[19:02] <TheBronx> yeah, I don't need UDP at all. But the attack is against port 80 TCP
[19:04] <Flavr> got apache installed ? :o or what ?
[19:04] <TheBronx> yes, but apache is not the problem. The network crashes, apache is idle
[19:05] <TheBronx> so, what does "dst cache overflow" mean? is it possible to increase the size of that buffer?
[19:05] <Flavr> mod evasive got ? :o
[19:05] <TheBronx> the attack succeeds even with apache stopped
[19:06] <escott> TheBronx, destination cache (ie routing table)
[19:06] <TheBronx> where can I increase the size of that table?
[19:06] <TheBronx> I have 8GB of RAM, only using about 2GB
[19:06] <escott> TheBronx, http://www.enyo.de/fw/security/notes/linux-dst-cache-dos.html
[19:07] <TheBronx> it that table is stored in memmory I don't care
[19:07] <TheBronx> ok, thanks!
[19:07] <Flavr> try ?  /proc/sys/net/ipv4/tcp_syncookies = 1
[19:07] <sarnold> escott: excellent.
[19:07] <Flavr> oh
[19:08] <Flavr> :d
[19:08] <TheBronx> sysctl.conf -> http://pastebin.com/HUk0RVip syn cookies already enabled
[19:08] <TheBronx> I will read the article, thanks escott
[19:15] <TheBronx> Which Linux version resolves this issue?
[19:15] <TheBronx> This issue is resolved in Linux 2.4.21.
[19:15] <TheBronx> really? xD
[19:16] <sarnold> I wouldn' be surprised if an updated version of the attack has been made
[19:17] <sarnold> since 2003 or 2004 (when that paper was written) the hash functions in common languages have been forced through several iterations
[19:17] <sarnold> perhaps the kernel's dst cache hash function needs another re-work
[19:18] <TheBronx> if I do understand it correctly the attack tries to provoke a collision in the routing table
[19:19] <escott> TheBronx, yes
[19:19] <TheBronx> a collision produces a dst cache overflow?
[19:19] <escott> TheBronx, hash tables reduce to linked lists when there is a collision
[19:20] <TheBronx> yeah, and the performance is reduced. but how about the overflow?
[19:20] <escott> TheBronx, so you collide and reduce to a linked list or fixed length array at which point it can either overflow or hit some performance limit
[19:21] <TheBronx> ok, so the linked list has in fact less capacity than the hash table
[19:21] <escott> TheBronx, its also possible that there is some other kind of overflow going on. if the kernel has a total size limit on the table you might just fill it by trying to make the entire IP space routable
[19:23] <TheBronx> is it possible to disable route cache under a DDoS so that there is no overflow, collision or whatever?
[19:24] <TheBronx> cat /proc/sys/net/ipv4/route/max_size
[19:24] <TheBronx> 4194304
[19:24] <TheBronx> seems big... isn't it?
[19:25] <escott> TheBronx, thats probably in bytes
[19:25] <escott> TheBronx, which is only 4Kb so one page... ie not that large
[19:25] <TheBronx> I have no idea, but the article says: "echo 4096 > /proc/sys/net/ipv4/route/max_size"
[19:26] <TheBronx> so, option 1, reducing the size to avoid collisions. option 2, increase the size to avoid overflow
[19:27] <escott> TheBronx, if you did that echo from a root terminal you would set the max_size to 4Kb and then you would see that file output a size of 419434 bytes
[19:27] <TheBronx> oh. ok, newbie fails hehe
[19:27] <escott> TheBronx, reducing the size would increase collisions. for reference mine is 8Kb
[19:27] <escott> TheBronx, and thats Linux HAF-UBUNTU 3.5.0-21-generic #32-Ubuntu SMP Tue Dec 11 18:51:59 UTC 2012 x86_64 x86_64 x86_64 GNU/Linux
[19:29] <TheBronx> so, increasing the size can help. They will attack again and I will see if that helped
[19:31] <escott> TheBronx, you could also decrease the timeout/increase the frequency with which the GC runs
[19:32] <TheBronx> how can I do that? sorry but I'm not a linux expert (not even close)
[19:33] <escott> TheBronx, the other tunables for the routing cache are in that same folder
[19:33] <escott> TheBronx, best thing to do is to figure out a way to block the attacks. everything else is just papering over the issue
[19:34] <TheBronx> when CSF blocks an IP, does it delete the entry in the routing table?
[19:36] <escott> TheBronx, presumably not, but after some time it should get purged from the table
[19:37] <RoyK> Flavr, sarnold: for those tcp_syncookies to be persistent, use sysctl
[19:39] <TheBronx> yeah, but I don't know what shoud I put in sysctl, 4096?
[19:39] <RoyK> btw, tcp_syncookies are on as of default on 12.04 and 10.04
[19:39] <TheBronx> net.ipv4.route.max_size = 4096?
[19:40] <escott> TheBronx, that sounds like what you currently have. so setting that value wouldn't change it
[19:40] <RoyK> TheBronx: what routing protocols do you use?
[19:41] <TheBronx> error: technical question :P sorry, how can I answer that RoyK?
[19:42] <TheBronx> oh, and hi RoyK!
[19:42] <RoyK> ho
[19:42] <TheBronx> tcpdump capture during the attack: http://i.imgur.com/aZl21.png
[19:42] <TheBronx> net.ipv4.route.max_size = 16384 then, x4
[19:43] <TheBronx> those are spoofed ips?
[19:43] <RoyK> TheBronx: that's a truckload of SYNs - I doubt the route settings will help much - SYNs aren't put in routing tables, are they?
[19:43] <escott> TheBronx, they are just progressing through 204.253 why not block that subnet
[19:44] <RoyK> ufw block ...
[19:44] <TheBronx> this is not the only block xD those are just a few packets
[19:44] <TheBronx> there are a lot of blocks, very different
[19:45] <TheBronx> SYNs are blocked by CSF, but the problem is that the network crashes due to the dst cache overflow
[19:45] <RoyK> TheBronx: you're getting DDoSed
[19:45] <RoyK> you can't block SYN alone
[19:45] <RoyK> that'll stop all TCP traffic
[19:47] <TheBronx> these options were not in sysctl during the attack:
[19:47] <TheBronx> # Enable IP spoofing protection, turn on source route verification
[19:47] <TheBronx> net.ipv4.conf.all.rp_filter = 1
[19:47] <TheBronx> net.ipv4.conf.lo.rp_filter = 1
[19:47] <TheBronx> net.ipv4.conf.eth0.rp_filter = 1
[19:47] <TheBronx> net.ipv4.conf.default.rp_filter = 1
[19:47] <RoyK> !pastebin
[19:47] <RoyK> TheBronx: http://www.cyberciti.biz/faq/linux-kernel-etcsysctl-conf-security-hardening/
[19:47] <addisonj> someone piss of 4chan? ;)
[19:47] <RoyK> read this yet?
[19:48] <TheBronx> nope, thanks!
[19:48] <TheBronx> cat /proc/sys/net/ipv4/route/max_size
[19:48] <TheBronx> 16384
[19:49] <TheBronx> oops, unit problem hehe
[19:51] <TheBronx> routing table cache increased (x4) and sysctl is much more complete now
[19:51] <TheBronx> lets see what happens in the next attack
[19:51] <TheBronx> I don't know if CSF can ban entire blocks if it finds lets say 3 or 4 very similar IPs
[19:53] <RoyK> CSF?
[19:53] <TheBronx> iptables for newbies hehe
[19:53] <RoyK> not ufw?
[19:54] <TheBronx> I have to leave, thank you guys again. RoyK, sarnold. Thank you, really, I'm learning a lot and I'm not thinking of killing people =)
[19:54] <sarnold> TheBronx: good luck :)
[19:54] <sarnold> TheBronx: oh!
[19:54] <sarnold> TheBronx: wait1
[19:55] <TheBronx> yes?
[19:55] <sarnold> TheBronx: the point of the article escott found was to _lower_ the size of the dst cache, to reduce the expenses of every incoming packet
[19:55] <TheBronx> yeah, thats what I understood at first
[19:55] <TheBronx> but dont worry, if increasing doesnt work, I will try the oposite hehe
[19:56] <RoyK> just decrease it ;)
[19:56] <TheBronx> (i don't think the attack is that sophisticated, collisions... it is probably a bored kid)
[19:56] <TheBronx> have to leave now, thank you again!!!!!!!!!!!
[20:06] <Flavr> hey yaa
[20:06] <Flavr> can some one tell me clear out about big data
[20:07] <Jeeves_> Flavr: Take a byte. Copy it a gazillion times
[20:07] <Jeeves_> and you have big data. PROFIT!
[20:07] <RoyK> Flavr: what?
[20:07] <Flavr> hmm
[20:08] <RoyK> what about big data?
[20:08] <Flavr> I am just thinking cause they are looking alot big data spealists
[20:08] <Flavr> Would like to learn more
[20:08] <RoyK> well, I'm managing a few hundred terabytes
[20:08] <RoyK> I'd rather do it on zfs than on what we're using now, but still
[20:09] <Flavr> okey can you tell me litle more about it... I know basics about lamp stack... so maybe if i understand ?
[20:09] <escott> Flavr, read the original mapreduce paper
[20:09] <escott> Flavr, http://fastandfuriousdecisiontree.googlecode.com/svn-history/r474/trunk/DIVERS/mapReduceByGoogle.pdf
[20:10] <Flavr> thanks i will read it out
[20:10] <escott> sarnold, i didn't actually read that link (perhaps I should have) just seemed that it would explain what the dst cache was
[20:11] <sarnold> escott: it did, and gave good advice on mitigation :) it even seemed familiar to my eight-year-old-neurons which might have read it once before.. :)
[20:12] <adam_g> zul: im still confused about the openstack master tarballs.  if the per-commit tarballs are going away, what does the $proj-master.tar.gz represent?
[20:12] <RoyK> Flavr: it's just mysql (or postgres?) and apache (or something?) with php
[20:12] <RoyK> Flavr: it's nothing magic about it
[20:13] <zul> its the same thing just not versioned
[20:13] <Flavr> na i am just thinking why hell they got somany place open...
[20:13] <Flavr> if its just some basic...
[20:13] <RoyK> Flavr: what do you want to know?
[20:14] <RoyK> mysql and linux and php and apache are all open
[20:14] <Flavr> Yep so what is the big deal in hadoop ? :o
[20:14] <RoyK> so are postgresql and a diverse set of other webservers
[20:14] <Flavr> Can anyone install it on anykind server ?
[20:14] <escott> Flavr, hadoop/mapreduce are very different from SQL/traditional RDBMS
[20:14] <RoyK> hadoop is another thing
[20:15] <Flavr> hmm :o... any kind books out there ? :o about hadoop and big data ?
[20:15] <RoyK> Flavr: what are you building?
[20:16] <Flavr> I am looking for job
[20:16] <escott> Flavr, when people talk about big data they usually mean that they are willing to sacrifice something in the traditional relational database in order to get decent performance when working with very large datasets
[20:16] <RoyK> heh
[20:16] <Flavr> as "big data " specialist lol
[20:16] <RoyK> Flavr: you don't become a "big data" specialist until you've actually worked with big data
[20:16] <Flavr> yep thats why I think how i could get in tho that...
[20:16] <escott> Flavr, usually consistency is relaxed in favor of something like eventual consistency
[20:16] <RoyK> theory you can learn, but all sort of shite come up later
[20:17] <Flavr> what they mean with data crafting / mining ? :o
[20:17] <escott> Flavr, mapreduce drops the SQL type query processing for something more limited but more scalable
[20:17] <Flavr> sounds like wow game lol..
[20:19] <Flavr> so i need hadoop and some kind map /reduce program
[20:19] <Flavr> lol
[20:19] <Flavr> need set up vps server and get in to it
[20:19] <sarnold> or just do it on your laptop
[20:19] <Flavr> sarnold tip me out litle bit ? :o
[20:20] <Flavr> so ineed hadoop what else ? :O
[20:20] <sarnold> Flavr: a way to generate huge piles of nonsense data to work with :)
[20:20] <Flavr> oh i see..
[20:21] <Flavr> awesome that we got community that helps out..
[20:21] <Flavr> lol
[20:22] <addisonj> Flavr: why don't you just google "hadoop tutorial" or "hadoop for dummies" and see what comes up?
[20:22] <Flavr> haha thanks :)
[20:23] <Flavr> omg some indian guys.. that why.... so messy http://www.youtube.com/watch?v=ziqx2hJY8Hg
[20:26] <Flavr> 45 minutes...
[20:26] <Flavr> omg
[20:35] <jiboumans> smoser: if you're around, I could use your wisdom on building AMIs. I'm building a new AMI from the ubuntu stock 10.04 one, and oddly enough, the ephemeral hard drives are getting remapped and I can't quite figure out how to fix that.
[20:35] <smoser> remapped ?
[20:36] <RoyK> Flavr: really - learn basic administration, learn that well, then, after a years of practice, you may learn enough to *learn* large systems
[20:36] <jiboumans> smoser: they're /dev/sd* on the machine i'm building from, but upon boot, they're /dev/xvd*
[20:36] <jiboumans> (upon boot of the new ami)
[20:37] <jiboumans> smoser: using ec2-bundle-vol -B … ephemeral0=sdb makes fstab have the '/dev/sdb' entry, but upon boot, the devices are still /dev/xvd*. setting ephemeral0=xvdb throws this error when registering the ami: Client.InvalidManifest: Invalid block device mapping: Invalid device name 'xvdb'
[20:38] <jiboumans> interestingly enough, the non-ephemeral drives are /dev/sda* no matter what.
[20:39] <smoser> jiboumans, it just has to do with the kernel
[20:40] <smoser> xen is stupid
[20:40] <jiboumans> smoser: hmm, that rings a bell - i think the ami host has an updated kernel, but did not reboot (yet).
[20:40] <smoser> the kernel you're booting names those devices xvd*
[20:41] <jiboumans> that might cause the confusion there...
[20:41] <jiboumans> smoser: for my understanding, how come there's still /dev/sda* on the newly booted machine?
[20:44] <smoser> it jsut depends on the kernel
[20:44] <smoser> maybe its running an older kernel?
[20:44] <resno> hey yall question. whats the most lean version of ubuntu to use in a vm enviroment?
[20:46] <jiboumans> smoser: actually, the point of the ami is to update the stock kernel (and some other stuff), so it runs:  2.6.38-16-virtual #67~lucid1-Ubuntu SMP x86_64
[20:47] <smoser> i dont follow. at some point in lucid-updates the kernel changed its naming for /dev/sd[x] to /dev/xvd[x] (i think)
[20:49] <jiboumans> so, the ami-builder host is running stock 10.04, just as you released the image. the ami i'm trying to build installs some stuff by default, including an updated kernel (the one i just pasted above). one of the side effects appears to be that /mnt is no longer mounted, because the device names changed.
[20:49] <jiboumans> i (wrongly) assumed it had to do with the flags one passed to ec2-bundle-vol
[20:50] <smoser> its possible its a bug in cloud-init in lucid that doesn't realize that new name
[20:51] <jiboumans> if cloud-init intends to alter the fstab based on the devices detected, then yes, it doesn't do that
[20:52] <jiboumans> the fstab is identical to what was shipped from the builder
[20:54] <smoser> jiboumans, ah. ok so it makes more sense now.
[20:54] <smoser> you're wanting to run some > lucid kernel, right?
[20:54] <jiboumans> yup
[20:55] <wdev> As per the directions on the Ubuntu Kerberos docs, I'm here out of some level of desperation.  Has anybody set up a KDC on 12.04?
[20:57] <smoser> jiboumans, it is bug https://bugs.launchpad.net/ubuntu/+source/cloud-init/+bug/611137
[20:58] <smoser> http://paste.ubuntu.com/1517992/ is the commit, jiboumans
[20:59] <jiboumans> smoser: thanks. did that ever make it to lucid-updates?
[21:00] <smoser> no.
[21:00] <smoser> but you could nominate for release, and i do the work and i'd sponsor the upload for you
[21:17] <jiboumans> smoser: ah, missed that comment. that'd be fine by me, but i don't think i have the permission to nominate that bug in LP
[21:17] <SpamapS> smoser: hey, do Ubuntu's cloud images no longer inject a bunch of static randomness into the entropy pool?
[21:18] <SpamapS> jiboumans: o/
[21:18] <jiboumans> SpamapS: o/
[21:18] <jiboumans> long time no see
[21:18] <smoser> jiboumans, you can probably nhominate you just can't accept
[21:19] <smoser> SpamapS, i dont think they ever did inject static randomness.
[21:19] <smoser> but a static randomness stored inside in a public image is quite arguably no better than no randomness.
[21:20] <SpamapS> smoser: its faster.. but definitely no better. ;)
[21:20] <jiboumans> smoser: are we talking about the same? I dont have a nominate link on the bug page, and adding the +nominate to the url (hax!) gives me permission denied :)
[21:20] <SpamapS> as in, things that want randomness won't block
[21:20] <SpamapS> smoser: http://www.slideshare.net/astamos/cloud-computing-security suggests there is something like that in practice, on slide 66
[21:22] <jiboumans> oh and smoser, i've been meanign to ask, what's the clean way to re-run all of cloud-init after the machine has booted (for debugging/testing purposes)?
[21:22] <smoser> jiboumans, you're logged in ?
[21:22] <jiboumans> smoser: yes
[21:22] <smoser> i'll nominate then
[21:23] <jiboumans> thanks.. odd though
[21:23] <smoser> strange though i thought anyone could nominate
[21:23] <smoser> and only certain could accept
[21:23] <jiboumans> i logged out, nominate link /is/ there, i click it, asks for log in, and then i get permission denied
[21:23] <jiboumans> smoser: that's how i remember it too
[21:24] <smoser> SpamapS, i'mn  not sure if that file is "" or not
[21:25] <smoser> it doesn't matter
[21:25] <smoser> its the same really.
[21:25] <smoser> on reboot, you do get it.
[21:25] <smoser> and SpamapS https://review.openstack.org/#/c/14550/ is quite relevant
[21:25] <smoser> (although cloud-init doesn't use it yet)
[21:34] <jiboumans> smoser: thanks for the nomination.
[21:34] <jiboumans> oh and smoser, i've been meanign to ask, what's the clean way to re-run all of cloud-init after the machine has booted (for debugging/testing purposes)?
[21:35] <smoser> lusid is old... i'm not sure :)
[21:35] <smoser> but i usually do:
[21:35] <smoser> rm -Rf /var/lib/cloud-init && reboot
[21:35] <smoser> or somethign to that extent. its not purely idempotent, but not far off.
[21:36] <jiboumans> smoser: i particularly want to see what it's doing while it's doing it, without rebooting if possible
[21:36] <jiboumans> is there anyway?
[21:36] <smoser> ah. yeah.
[21:36] <smoser> just look in /etc/init and run the same stuff upstart would run
[21:36] <Debs> Hi! I'm a bit confused following a manual whilst setting up bind9 on an Ubuntu server. I'm creating the zone file and am wondering about this line -> '@       IN      SOA     ns.example.com. root.example.com. ('. The hostname of the server is rs-01.exp.com, do I put this where 'ns.example.com' is, or do I put ns.exp.com?
[21:36] <Debs> I'm setting up as a Master.
[21:36] <jiboumans> smoser: i'm taking the rm -rf is the key part there to have it re-run its steps right?
[21:41] <Debs> Any help?
[21:51] <Debs> Hi! I'm a bit confused following a manual whilst setting up bind9 on an Ubuntu server. I'm creating the zone file and am wondering about this line -> '@       IN      SOA     ns.example.com. root.example.com. ('. The hostname of the server is rs-01.exp.com, do I put this where 'ns.example.com' is, or do I put ns.exp.com?
[21:51] <Debs> I'm setting up as a Master.
[21:59] <RoyK> Debs: try #bind
[21:59] <Debs> I did, RoyK. It's dead in there :(
[22:00] <RoyK> perhaps people are sleeping
[22:03] <SpamapS> Debs: crazy thought: BIND is really antiquated.. unless you intend to become a DNS guru, there's no point in learning the ins and outs. I recommend using an online DNS service provider.
[22:04] <Debs> SpamapS: It's just a thing that I want to do, and then I'll probably never do it again.
[22:04] <Debs> SpamapS: I just can't figure out if I put ns.domain.com, or server1.domain.com there, for e.g
[22:04] <Debs> Both point to the same IP
[22:05] <SpamapS> Debs: ns.example.com should be the name of the server where you want people to check as "the ultimate authority" for the domain.
[22:06] <SpamapS> Debs: I'd do ns.domain.com .. but it actually doesn't matter
[22:06] <SpamapS> Debs: its mostly informational
[22:07] <SpamapS> Debs: http://www.zytrax.com/books/dns/ch8/soa.html
[22:07] <SpamapS> good explanation
[22:07] <Debs> SpamapS: Just on the Ubuntu docs, it says to put the FQDN of the server where ' ns.example.com. ' is in the example. The FQDN is rs-01.domain.com
[22:07] <Debs> ns.domain.com points to the same place as rs-01.domain.com though
[22:07] <Debs> So put ns., right?
[22:09] <SpamapS> Debs: as that link says, it really doesn't matter if you're not using DDNS (as its where writes go).
[22:10] <sarnold> heh, that field predates ddns by, what, two decades? :) Is it really that useless?
[22:12] <SpamapS> sarnold: useless? no, but matters to somebody who isn't running ddns and doesn't care about becoming a DNS guru, no.
[22:13] <SpamapS> Its basically only useful when you're wondering what the "primary master" is.
[22:13] <sarnold> aha
[22:13] <sarnold> thanks SpamapS :)
[22:13] <SpamapS> also if its a private domain, not in a whois server, is can be helpful
[23:40] <segv> heyo
[23:41] <segv> Hey guys quick question
[23:41] <segv> so with MaaS I keep getting tftp to connect, and i get the request from pserv (maas)
[23:41] <segv> just times out almost instantly though, any of you ever experience that?
[23:41] <segv> Got some cisco gear in between with trunked vlans over to a cage (that may be causing this)
[23:42] <bigjools> request from pserv?  pserv is the tftp server
[23:43] <bigjools> can you paste a relevant log part
[23:43] <segv> yeah
[23:44] <segv> https://gist.github.com/105c29324c42cc24f201
[23:45] <segv> if I tftp it from my client, I can get to it okay and pull the same file
[23:48] <segv> ~.