=== Ursinha-afk is now known as Ursula
[00:03] <buengenio> hello, routing question - I'm connecting via VPN to another site on a WiFi connection (client IP: 10.0.0.4). On the local wired connection I have another machine connected (ip: 192.168.0.222). Question: how to access ping or http on 192.168.0.222 from the VPN server-side ?
=== blkperl_ is now known as blkperl
=== pug is now known as Guest31299
=== Ursinha-afk is now known as Ursinha
=== fenris is now known as Guest24195
=== fenris is now known as Guest18389
[04:46] <zerooneone> i just started using ubuntu for some servers i'm managing. question: how long does it usually take for security vulns to be fixed, such as the issue with apache 2.2.22?
[04:58] <TheLordOfTime> zerooneone, #ubuntu-hardened might be a better place to ask.  but which vulnerability are you talking about>?
[04:59] <zerooneone> nm i think i found it. i'm confused by the ubuntu version numbers. i should just look at the USN from now on :)
[05:00] <TheLordOfTime> i'm still curious though :P
[05:04] <zerooneone> TheLordOfTime: it was apache2 http://www.ubuntu.com/usn/usn-1765-1/
[05:06] <zerooneone> apache2 says to upgrade to 2.2.23 but the ubuntu security upgraded version is 2.2.22-1ubuntu1.3 for ubuntu 12.04
[05:06] <TheLordOfTime> zerooneone, note the four CVE links in the USN.,
[05:06] <TheLordOfTime> they're all "released" or "not-affected"  :)
[05:06] <zerooneone> tell me that's not confusing
[05:06] <TheLordOfTime> nope.
[05:06] <TheLordOfTime> it isn't confusing.
[05:06] <TheLordOfTime> but... i've worked with the security process for a couple of packages, so... :P
[05:06] <TheLordOfTime> here's how to see if they've been fixed though
[05:07] <TheLordOfTime> http://people.canonical.com/~ubuntu-security/cve/2013/CVE-2013-1048.html    http://people.canonical.com/~ubuntu-security/cve/2012/CVE-2012-4558.html    people.canonical.com/~ubuntu-security/cve/2012/CVE-2012-4557.html
[05:07] <uvirtbot> TheLordOfTime: The Debian apache2ctl script in the apache2 package squeeze before 2.2.16-6+squeeze11, wheezy before 2.2.22-13, and sid before 2.2.22-13 for the Apache HTTP Server on Debian GNU/Linux does not properly create the /var/lock/apache2 lock directory, which allows local users to gain privileges via an unspecified symlink attack. (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1048)
[05:07] <uvirtbot> TheLordOfTime: Multiple cross-site scripting (XSS) vulnerabilities in the balancer_handler function in the manager interface in mod_proxy_balancer.c in the mod_proxy_balancer module in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via a crafted string. (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4558)
[05:07] <uvirtbot> TheLordOfTime: The mod_proxy_ajp module in the Apache HTTP Server 2.2.12 through 2.2.21 places a worker node into an error state upon detection of a long request-processing time, which allows remote attackers to cause a denial of service (worker consumption) via an expensive request. (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4557)
[05:07] <TheLordOfTime> http://people.canonical.com/~ubuntu-security/cve/2012/CVE-2012-3499.html
[05:07] <uvirtbot> TheLordOfTime: Multiple cross-site scripting (XSS) vulnerabilities in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors involving hostnames and URIs in the (1) mod_imagemap, (2) mod_info, (3) mod_ldap, (4) mod_proxy_ftp, and (5) mod_status modules. (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3499)
[05:07] <TheLordOfTime> can we disable that thing?
[05:07] <zerooneone> haha
[05:07]  * TheLordOfTime slaps uvirtbot with /dev/null
[05:07] <TheLordOfTime> zerooneone, anyways, if you look at those links, you'll see it also says which "version" each CVE was fixed in.
[05:08] <zerooneone> i can see that now thanks. but can't we just call it 2.2.23 then? help me understand...
[05:09] <TheLordOfTime> because it isn't 2.2.23.
[05:09] <zerooneone> it's just been patched then
[05:09] <TheLordOfTime> there may be other code changes between the version in the repos for a software, but the security patch has been applied
[05:09] <TheLordOfTime> but not the other code changes.
[05:09] <TheLordOfTime> there ARE cases where a security update may need a version bump
[05:09] <TheLordOfTime> but i've never seen that in any of the packages I monitor.
[05:10] <TheLordOfTime> (it's rare is what I"m trying to say)
[05:12] <zerooneone> so when our security guy wags his finger at the fact that apache 2.2.22 is installed i can just tell him to go find his black hat then
[05:12] <zerooneone> ok i understand. but i'm not happy about it
[05:12] <zerooneone> thanks for your help TheLordOfTime
[05:17] <TheLordOfTime> yep
[08:50] <one> How doos I change console font?
[08:51] <one> andol: how doos i change console font?
[08:54] <one> kevinsky: how doos i change console font?
[08:55] <one> freeflying: how doos i change console font?
[09:03] <one> diplo: thank you that look better
[09:04] <one> diplo: how about do you know how to turn down the brightness my eyes hurt
=== AlanChicken is now known as AlanBell
[09:05] <one> Do they still sell radiation filters for screens maybe it is burning my retina.
=== tedski- is now known as tedski
=== skarface is now known as antix
=== Myrtti_ is now known as Myrtti
[09:10] <one> how does I lower the brightness from console only?
[09:10] <one> ^ slightly different question
[09:10] <uvirtbot> one: Error: "slightly" is not a valid command.
[09:11] <one> ^ help
[09:11] <uvirtbot> one: (help [<plugin>] [<command>]) -- This command gives a useful description of what <command> does. <plugin> is only necessary if the command is in more than one plugin.
[09:11] <one> ^ help gdef
[09:11] <uvirtbot> one: Error: There is no command "gdef".
[09:11] <one> ^ help ping
[09:11] <uvirtbot> one: (ping takes no arguments) -- Checks to see if the bot is alive.
[09:11] <Myrtti> one: can you please stop
=== tsimpson_ is now known as tsimpson
[09:12] <one> Myrtti: ok that is cat toy for someoneelse
[09:13] <one> my eyes are burning how to stop the radiation?
[09:13] <one> Do i have to buy a filter or is there a way to tell it from console?
=== huats_ is now known as huats
[09:14] <Myrtti> one: can you please stop playing around? I'm sure there are other hobbies available for you than fooling around in IRC channels. My personal recommendation is either medieval and renessaince literature, knitting or woodwork.
[09:14] <Myrtti> cycling is also a nice hobby.
[09:15] <one> huh
[09:15] <one> im serious I want to know how to turn down brightness
[09:16] <Myrtti> in most cases you can do it with the hardware. The displays usually have a button for doing it.
[09:16] <one> its a fuction key which isn't working from console only
[09:17] <rbasak> one: this is on a laptop?
[09:17] <one> Also I know some software can make it go lower than usual even to black, yes a laptop.
[09:17] <one> I want it very vary low barley readable.
[09:17] <rbasak> one: try #ubuntu, or perhaps askubuntu.com is more likely to get an answer. This is a server channel.
[09:18] <one> I am not fooling around I think it is burning my retina laptop screens look brighter than looking out the window on a sunny day.
[09:19] <one> I have to stop and cool my eyeballs off from time to tiem
[09:26] <one> rbasak: for some reason or another I am unable to join #ubuntu
[09:27] <Myrtti> that would be because you are banned there. If you want to discuss it, join #ubuntu-ops.
[10:37] <one> Myrtti: unsuccessful
[10:37] <Myrtti> that would be because you didn't actually discuss.
[10:37] <Myrtti> but it's your choice.
[10:38] <one> false
[10:38] <one> bearing false witness against a neighbor
[10:38] <ikonia> this isn't going to end well
[10:39] <Myrtti> one: how about you just stop there, and we can go on with our lives?
[10:40] <one> Myrtti and consider every day a blessing in that you have another chance to repent of your false witness before JUDGMENT DAY
=== masACC is now known as maswan
[12:59] <zul> grrr
[13:01] <zul> jamespage: so im lookin at this bug: https://bugs.launchpad.net/ubuntu/+source/quantum/+bug/1107114 and it depends on a ryu package which isnt packaged in ubuntu or debian
[13:01] <uvirtbot> Launchpad bug 1107114 in quantum "quantum-ryu-agent crashed with ImportError in /usr/lib/python2.7/dist-packages/quantum/plugins/ryu/agent/ryu_quantum_agent.py: No module named ryu.app" [Medium,New]
[13:02] <jamespage> zul, might be a propreity bit
[13:02] <zul> jamespage:  you would think so but its available on pypi
[13:02] <jamespage> hmm OK
[13:03] <zul> https://pypi.python.org/pypi/ryu/1.7
=== jrib1 is now known as jrib
[13:05] <jamespage> zul, I'm guessing the unit testing covers none of that plugin then
[13:05]  * jamespage sighs
[13:05] <jamespage> and its not in pip-requires or anything
[13:05] <jamespage> bah
[13:05] <zul> doubt it
[13:05] <zul> ive seen other stuff that is not in pip-requires
[13:14] <drag0nius> i've installed zentyal on non-standard port, but web access does not start (netstat doesnt show port open)
[13:17] <jamespage> zul, cinder rc3 out yet?
[13:18] <zul> jamespage:  not yet quantum rc2 is out though
[13:18] <jamespage> zul, oh - and can you prepare a update for the grizzly cloud archive for that latest libvirt fix as well pls
[13:18] <zul> ack
[13:18] <jamespage> zul, marvellous
[13:21] <jamespage> zul, also all of the rc1's are in grizzly-updates now - did you want to tweet that or something?
[13:21] <zul> jamespage:  sure
[13:24] <jibel> hallyn, stgraber another annoying bug with lxc on arm bug 1160360 . I filed it against lxc although it is more like something in flash-kernel that should detect the platform it is running on.
[13:24] <uvirtbot> Launchpad bug 1160360 in lxc "flash-kernel failed in an armhf lxc container on ARM: /usr/sbin/flash-kernel: 214: /usr/sbin/flash-kernel: mkimage: not found" [Undecided,New] https://launchpad.net/bugs/1160360
[13:26] <stgraber> jibel: ah, sounds like the same kind of problem we had with grub on x86
[13:26] <stgraber> jibel: btw, I'm still trying to figure out what happened with the python module, it's a really weird bug ;)
[13:26] <jibel> stgraber, I'm sorry :)
[13:27] <stgraber> jibel: well, I'm glad you noticed it before we release the final 0.9 :)
[13:27] <hallyn> stgraber: so to deal with the veth create scalability, we might want to have all templates default to specifying names and peer names for all veths
[13:27] <jibel> stgraber, I'm feeling like the only user of lxc on ARM
[13:28] <stgraber> hallyn: ah, I didn't follow the discussion too closely but is the extra delay caused by the generation of a unique name for the pair?
[13:28] <hallyn> jibel: you might be, but i'm setting up my arm laptop right now so you won't be
[13:28] <stgraber> jibel: you're not, I'm using it on my pandaboard for package builds ;)
[13:28] <hallyn> stgraber: yeah finding a new name is o(n^2)
[13:29] <hallyn> stgraber: but those build containers don't get upgraded?
[13:29] <stgraber> hallyn: they do but they don't have a kernel in them ;)
[13:29] <hallyn> i've got a bad feeling about 1160360,
[13:29] <hallyn> we had to go to some effort to fix that with grub
[13:29] <hallyn> so will mkimage have to detect if it's in a container too?
[13:30] <jamespage> zul, could you ack the python-coverage update here please - http://people.canonical.com/~jamespage/ca-updates/
[13:30] <stgraber> hallyn: so I'm not sure I like the idea of forcing people to set the names for the pair in the config as it may be a bit tricky for people to figure out when moving containers around
[13:30] <stgraber> hallyn: however we can easily generate something better than the current random names
[13:30] <zul> jamespage:  +1
[13:30] <jibel> stgraber, oh wait, about the kernel bug, maybe it's just me doing weird things because I reused a cloud-config script that is normally used to provision local VMs
[13:30] <hallyn> stgraber: they're usually random, how is 'containername.1 and containername.2' worse?
[13:30] <jibel> I'm trying something
[13:31] <hallyn> though there is probably a rather short length limit
[13:31] <stgraber> hallyn: veth<PID of lxc-start>-<index>
[13:31] <hallyn> jibel: no i'm guessing any instance based from cloud image will have a kernel and cause this
[13:31] <stgraber> hallyn: I'd rather we have LXC generate good unique names than assuming that people or our template will ;)
[13:31] <hallyn> stgraber: or just v<initpid>.1 and v<initpid>.2.  something like that, yeah
[13:32] <jamespage> zul: ta
[13:32] <hallyn> stgraber: sounds good
[13:32] <stgraber> hallyn: right. The only problem I can think of with initpid is when doing nesting, as you can technically get a clash
=== masACC is now known as maswan
[13:33] <stgraber> hallyn: not sure what else we can use though ;)
[13:34] <jamespage> zul, "        self.fake_ryu = fake_ryu.patch_fake_ryu_client().start()"
[13:34] <hallyn> stgraber: that should still be mostly not o(n^2), and should be very rare
[13:34] <jamespage> so it does have unit tests but it stubbs out the client - which is fair enough
[13:34] <zul> jamespage:  well thats something i guess
[13:34] <hallyn> jamespage: at first glance i thought you were telling zul off
[13:34] <zul> hallyn:  wouldnt surprise me ;)
[13:35] <stgraber> hallyn: oh nevermind, with nesting we also get a new netns so the veth name won't clash
[13:35] <hallyn> true :)
[13:35] <stgraber> hallyn: so yeah, v<initpid>.<increment> sounds good, should be reliable and will fix the allocation time issue
[13:35] <zul> yolanda/jamespage: https://code.launchpad.net/~zulcss/quantum/rc2/+merge/155486
[13:36] <stgraber> hallyn: is that something you want to do for 0.9?
[13:36]  * jamespage hopes he's not getting a rep for telling people off
[13:37] <hallyn> stgraber: yeah i think so
[13:38] <hallyn> stgraber: not right now though, and i'm not sure where to record that task :)
[13:38] <hallyn> we need a 0.9 and 1.0 blueprint
[13:38] <hallyn> s
[13:38] <stgraber> hallyn: ok. My hope is to send the pull request for 0.9 on Monday
[13:39] <hallyn> oh.  hm.
[13:39] <stgraber> hallyn: assuming I figure out that damn python bug by then ;) I did a dozen test build yesterday and it's just plain weird...
[13:39] <hallyn> ok i'm still waiting for my arm to update.
[13:40] <hallyn> (and then of course i'll have to drop back into android to flash the old kernel since new kernel doesn't work)
[13:40] <stgraber> so far, I've come to the conclusion that it's not some kind of weird function name clash (my function was called get_version so could have clashed with one of the LXC ones) and it's not caused by what we get from the LXC API as even returning a fixed string gives the error
[13:41] <hallyn> /build/buildd/sparc-cross-toolchain-base-0.9ppa1/debian/tmp/usr/include/stdc-predef.h:30:26: fatal error: bits/predefs.h: No such file or directory    hmmmmm
[13:43] <hallyn> oh.  feh.  my arm kernel doesn't have bridge support
[13:44] <hallyn> guess i'll leave that to stgraber
[13:46] <stgraber> I found quite a few bugs so far, but none that explain what I see ;)
=== hito_jp0 is now known as hito_jp
[13:49] <gQuigs> I can't seem to find documentation on the Ubuntu 10.04 Kernel Backports; the best I could find was http://askubuntu.com/questions/29961/why-are-only-some-versions-of-the-kernel-backported-to-certain-releases
[13:49] <gQuigs> but no "official" doc backing that up
[13:50] <gQuigs> specifically I'm wondering if support for the 3.0 kernel ends in April with Oneiric
[13:52] <stgraber> hallyn: oh wow, so I can confirm that it's nothing to do with the function in my python binding, it seems to have something to do with the structure listing the functions related to the python module
[13:52] <hallyn> huh
[13:52] <stgraber> hallyn: the bug happens whenever that struct contains two items. If I remove get_current_config_dir, then get_version works
[13:52] <hallyn> does it need to be (and is not) null terminated?
[13:53] <stgraber> now to go check the python documentation to figure out what I missed ;)
[13:53] <stgraber> it needs to be NULL terminated and it's
[13:53] <hallyn> :)
[13:53] <hallyn> +1 then :)
=== wedgwood_away is now known as wedgwood
=== manjo` is now known as manjo
=== wedgwood is now known as Guest28578
[14:08] <jamespage> zul: +1 on quantum rc2 MP
[14:08] <zul> jamespage:  cool thanks
[14:08] <jamespage> zul, sorry - got distracted by something else
[14:08] <zul> jamespage:  no worries i had other things to keep me busy
[14:27] <zul> jamespage:  http://people.canonical.com/~chucks/ca/
[14:32] <hallyn> stgraber: actually, i wasn't thiniing right.  since we always pass in a random name, we should be ok now in lxc - we're passing in a name, so kernel doesn't have to find one.
[14:33] <eagles0513875> hey guys quick question ufw automatically denies all or do i need to setup a rule to deny everything
[14:34] <RoyK> eagles0513875: "ufw enable" will deny all incoming access
[14:35] <eagles0513875> thankjs RoyK :) deny everythign unless i tell it to allow a certain port or service
[14:35] <RoyK> eagles0513875: if you need external access, such as ssh, run "ufw allow 22/tcp" *before* running "ufw enable"
[14:35] <RoyK> eagles0513875: deny everything *incoming*. It normally allows everything outgoin and related/established return traffic
[14:36] <eagles0513875> ok kool :)
[14:36] <eagles0513875> all i do know RoyK is that there is lots of inbound attempts thank god it denys everything except what i have allowed
[14:38] <stgraber> hallyn: ah, we already do that now?
[14:58] <nottheoilrig> smoser: i'm getting a lot of 403 errors from one of the ec2 archive mirror
[14:58] <stgraber> hallyn: fixed!
[14:58] <nottheoilrig> e.g. http://us-east-1.ec2.archive.ubuntu.com/ubuntu/pool/universe/a/aria2/aria2_1.15.1-1.debian.tar.gz
[14:59] <stgraber> hallyn: you were right on a null-terminated list that wasn't null-terminated, except it wasn't the one I changed at all ;) it was some get/setters list that we've had around for ages
[14:59] <stgraber> hallyn: properly ending that one fixed everything...
[15:00] <nottheoilrig> is this a known issue? can you please help me find the right bug number for this 403 behavior?
[15:00] <smoser> nottheoilrig, are you sure you have apt-get updated ?
[15:01] <stgraber> hallyn: I'll upload a fixed lxc in a few minutes
[15:01] <stgraber> jibel: ^
[15:01] <nottheoilrig> smoser: yes, that was the first thing i thought, but even after apt-get update i get the same 403 error
[15:02] <jibel> stgraber, great, I'll be happy to test it.
[15:02] <smoser> nottheoilrig, looking at it.
[15:03] <nottheoilrig> smoser: thank you
[15:03] <jamespage> zul, +1 on ca update for quantum rc2 as well if I've not already done so
[15:04] <zul> jamespage:  thanks
[15:04] <hallyn> stgraber: great :)
[15:06] <nottheoilrig> is there an option that i can pass to apt-get update to print the actual URL it uses for the line:
[15:06] <nottheoilrig> Hit http://us-east-1.ec2.archive.ubuntu.com quantal/universe Sources
[15:06] <Jeeves_> https://github.com/tuxis-ie/monitoring/tree/master/mklivestatus
[15:06] <Jeeves_> (For those of you playing with Nagios :))
[15:09] <nottheoilrig> ah, --print-uris
[15:10] <smoser> nottheoilrig, just so you're aware, that is "just" a source package.
[15:10] <smoser> ie, i can 'apt-get install aria2', just not 'apt-get source aria2'
[15:10] <stgraber> hallyn: patch sent to the ML, not sure how long it'll take for you to get it though :)
[15:12] <hallyn> stgraber: was right quick that time
[15:12] <nottheoilrig> smoser: yes, i was trying to "apt-get source" to find all the places in ubuntu where Libgcrypt GCRYCTL_SET_THREAD_CBS is invoked
[15:14] <SpamapS> I believe some people were working on getting opengrok setup for everything in Ubuntu main
[15:15] <smoser> nottheoilrig, right. its a valid problem, just making sure you realized that it wasnt affecting binaries.
[15:15]  * nottheoilrig nods
[15:16] <smoser> its being worked, by canonical IS, nottheoilrig
[15:16] <nottheoilrig> smoser: thank you!
[15:16] <hallyn> smoser: it seems to me canonistack is suffering frmo bug 1100843.  where after some time, qemu vm performance degrades significantly.  Have you ever noticed that anywhere?
[15:16] <uvirtbot> Launchpad bug 1100843 in qemu-kvm "Live Migration Causes Performance Issues" [Medium,Confirmed] https://launchpad.net/bugs/1100843
[15:16] <hallyn> (i.e. start up a vm, it's quick, let it sit for a few hours or days, then it's slow)
[15:16] <stgraber> hallyn: I'm glad we found that one before 0.9 because it could have been the source of quite a few very very weird python-related bugs :)
[15:17] <hallyn> stgraber: now q is is that the last one for this release :)
[15:17] <stgraber> hallyn: it's almost a miracle it showed up as that simple UnicodeError and not as some kind of weird corruption
[15:18] <stgraber> hallyn: well, I've got a dozen production servers running rc1 with a ton of containers and sub-containers using hooks, seccomp and everything scripted with the API, if there was anything horrible, I should have noticed ;)
[15:18] <stgraber> (though that's not on arm, so the python one went unnoticed)
[15:19] <smoser> hallyn, i've noticd that, yes. but i'm not sure that that has to do with live migration.
[15:19] <smoser> what evidence of live migration link do you have?
[15:19] <Daviey> m_3: around?
[15:20] <hallyn> smoser: i have none, and was the one who pointed out that it may not be related to live migration at all
[15:21] <hallyn> all right i'll see if i can get some metrics on that
[15:31] <stgraber> hallyn: so for bug 1159818 I guess the right solution is to allow armhf, copy some of the non-native arch magic from lxc-ubuntu and nag utlemming until cloudimg-query works with armhf?
[15:31] <uvirtbot> Launchpad bug 1159818 in lxc "Allow architecture armhf with template ubuntu-cloud when running on ARM" [High,Confirmed] https://launchpad.net/bugs/1159818
=== Ursinha_ is now known as Ursinha-afk
[15:34] <hallyn> stgraber: yeah,
[15:35] <hallyn> i think utlemming may be dev-nulling his lxc bugmail :)
[15:35] <utlemming> hallyn: I saw it...I just haven't had a chance
[15:36] <hallyn> utlemming: ive been assuming you want to be cloud template maintainer, but if you just don't have time for it let me know i guess
[15:37] <hallyn> (presumably you can crank it out a lot faster than I)
[15:37] <stgraber> hallyn: I'll take a look at the lxc-ubuntu-cloud change myself as I've done the armhf stuff in lxc-ubuntu and I think we want to allow for lxc-ubuntu-cloud armhf on x86
[15:37] <stgraber> but I'll let utlemming deal with cloudimg-query
[15:40] <hallyn> cool
[15:43] <tedski> i am so fucking spoiled on coffee
[15:43] <tedski> i just pulled a shot from the superauto at work
[15:46] <tedski> i had to go pour it down the drain
[15:47] <tedski> whoops, wrong channel
[15:47] <tedski> derp
[16:05] <one> How do I share a connection over wifi on the server system?
[16:05] <one> Is it going to be in the server guide?
[16:11] <hallyn> one: http://s3hh.wordpress.com/2011/12/15/simple-netboot-setup/  is how i do it
[16:12] <one> hallyn: how do I export a link into another console from irssi in console?
[16:13] <hallyn> if you're under screen you can cut/paste the link in screen
[16:13] <hallyn> really that link isn't so unworkable to not be typable
[16:13] <one> theres no mouse in my console though
[16:13] <hallyn> but, in a mtg, bbl
[16:13] <hallyn> you don't need a mouse if you're under screen
[16:14] <hallyn> ctrl-a esc, j/k/h/l over, 'space' to start sleecting, $ to end of line, space to finish selectnig, enter, ctrl-a ] to ppaste
[16:15] <one> hallyn: how long will you be gone
[16:15] <one> let me move to a screen session and try it
[16:16] <one_> I am in screen now
[16:16] <one_> please repaste the link so I can try this
[16:19] <one> screen looks very useful but there arent any apparmor profiles made for it so I have been shying away from it
[16:20] <one> I will have to make an apparmor profile for it
[16:20] <one> seems like every progrum access the root password file
[16:20] <one> so pretty much everything needs apparmor
[16:20] <Brace> one: I can strongly recommend byobu, it's a userfriendly overlay onto screen
[16:21] <Brace> one: this is ubuntu, you shouldn't have a root password really
[16:21] <one> Brace: come on im not a sucker
[16:21] <one> please
[16:21] <one> refrain from antagonizing me
[16:22] <Brace> one: sorry, I'm not trying antagonise you, it's just that as I understand it, the 'ubuntu way' is not to have a root password
[16:22] <one> yes its called stupid by default
[16:22] <Brace> one: or if you mean byobu, then it's a really good program, I strongly recommend it
[16:23] <one> Brace: thanks but im not interested in extras
[16:23] <one> I am trying to cut and paste a link at the moment
[16:23] <one> will you repaste that link for me
[16:23] <kirkland> Brace: :-)
[16:25] <one> will you repaste that link for me
[16:26] <one> hey nutmeg
[16:26] <Brace> one: as I'm feeling nice - http://s3hh.wordpress.com/2011/12/15/simple-netboot-setup/
[16:26] <Brace> kirkland: I see what you mean :-)
[16:27] <hallyn> one: link repaste http://s3hh.wordpress.com/2011/12/15/simple-netboot-setup/
[16:27] <andol> Brace: Why make generalized statements about (not) having a root password? Assuming I have my server setup not to accept root logins over ssh I might still find a root password very convenient if I need to repair something from the physical console.
[16:29] <hallyn> Brace: oh, thx :)  missed yoru repaste
[16:29] <hallyn> ok, bbl
[16:29] <Brace> hallyn: np :)
[16:30] <Brace> andol: it wasn't really generalised, I was directing it at one, if you want to have root passwords, then that's your choice
[16:36] <one> ok I got it into buffer now how do I open a new window?
[16:38] <zul> jamespage:  https://code.launchpad.net/~zulcss/ceilometer/rc1/+merge/155552
[16:39] <one_> screen is pretty nice, figured it out
[16:40] <hallyn> ctrl-a c
[16:40] <one_> If you want to get to the Father you must go through the Son.
[16:41] <one_> Not the wife not the mother, try it only mutilate her it is similar to quantum encryption.
[16:41] <one_> Brace: choose the way of the Master
=== one_ is now known as one
[16:50] <jamespage> zul: ceilometer LGTM
[16:51] <zul> jamespage:  thanks
[16:51] <zul> jamespage:  i expect to get happybase from debian anyways
[16:52] <jamespage> zul, yeah - zigo uploaded it - its in NEW
[16:52] <jamespage> zul, we still need to package ming tho
[16:52] <jamespage> zul, next cycle along with ryu for quantum I think
[16:52] <zul> jamespage:  pythyon-ceilometerclient is still in new as well
[16:52] <jamespage> Daviey, please please please ^^
[16:53] <jamespage> Daviey, oh and please please please openstack folsom updates in quantal-proposed queue
[16:53] <samba35> i have 2 ubuntu systems 1 is on physical desktop and another on vmware ,i want to access firefox of vmware ubuntu from physical desktop using ssh or better option (???)
[16:54] <holstein> access? you mean,, you want to forward -x via ssh ?
[16:54] <holstein> samba35: ^
[16:55] <samba35> yes
[16:55] <holstein> samba35: sure.. that'll work
[16:55] <samba35> but i am not able to get desktop /remote firefox
[16:56] <samba35> try export display also
[16:56] <holstein> samba35: can you ping them from each other? did you set the networking up properly? can you ssh in?
[16:56] <samba35> if you dont mind can you pls tell me how it can be achive
[16:56] <samba35> yes
[16:56] <holstein> samba35: yes, you can ping? and ssh in?
[16:56] <samba35> i can ping to each other able to use ssh from both side
[16:58] <holstein> samba35: did you configure ssh to forware x?
[16:58] <holstein> forward*
[16:58] <Daviey> jamespage: ack
[16:58] <samba35> on which machine
[16:59] <samba35> X11Forwarding yes
[16:59] <holstein> samba35: http://unix.stackexchange.com/questions/12755/how-to-forward-x-over-ssh-from-ubuntu-machine
[16:59] <holstein> samba35: and you restarted the service?
[17:00] <samba35> yes
[17:00] <jamespage> Daviey, ya
[17:00] <jamespage> ta rather
[17:00] <samba35> infact restart system also :)
[17:00] <holstein> samba35: what error messages are you getting?
[17:01] <samba35> Error: no display specified
[17:02] <holstein> samba35: https://bbs.archlinux.org/viewtopic.php?id=88945
[17:03] <holstein> https://wiki.archlinux.org/index.php/SSH#X11_forwarding
[17:03] <holstein> samba35: use a pastebin to paste your terminal with the command and the error message
[17:03] <samba35> ok let me try
[17:03] <samba35> pls wait ,be right back
[17:03] <stgraber> hallyn: wow, make dist was really quite broken in upstream LXC :) I just noticed when comparing my tarball with Daniel's. Patch incoming
[17:04] <stgraber> hallyn: next up is fixing make clean to actually cleanup everything, then I think I'll be happy with our build system :)
[17:09] <hallyn> stgraber: why is lxc.c in EXTRA_DIST?
[17:09] <stgraber> hallyn: that's the python lxc.c so it's not built through the standard automagic
[17:10] <stgraber> hallyn: so needs to be specifically included in EXTRA_DIST along with setup.py if we want to see it in the tarball at all
[17:10] <hallyn> oh the release tarball
[17:11] <hallyn> gotcha, thx :)
[17:11] <samba35> now i am getting X11 connection rejected because of wrong authentication.
[17:11] <samba35> Error: cannot open display: localhost:10.0
[17:11] <stgraber> right, that whole commit is about fixing the release tarball not including quite a bunch of files :)
[17:11] <stgraber> (and including some files it shouldn't)
[17:11] <hallyn> yup, ack is in the mail.  not sure when you'll getit
[17:11] <stgraber> hallyn: got it
[17:11] <hallyn> i hear sf.net doesn't deliver email on saturdays any more
[17:11] <hallyn> k :)
[17:12] <stgraber> hallyn: I just hope Dwight will be able to answer my follow-up lxc.spec question
[17:13] <hallyn> maybe you shouldn't have beatn around the bush :)
[17:15] <hallyn> woohoo, got past install-gcc1
[17:16] <ikonia> ? install-gcc1 ?
[17:17] <stgraber> jibel: updated lxc should be in the archive now
[17:18] <jibel> stgraber, okay, I'll try in a moment.
[17:28] <smoser> jibel, ping
[17:29] <smoser> bug 1160462
[17:29] <uvirtbot> Launchpad bug 1160462 in cloud-init "Don't run resizefs hook during installation of an LXC container with cloud-init" [Undecided,New] https://launchpad.net/bugs/1160462
[17:29] <smoser> is that a regression ? i dont think it stricktly is.
[17:29] <jibel> stgraber, python3-lxc 0.9.0~rc1-0ubuntu2 works fine.
[17:30] <stgraber> jibel: yay!
[17:30] <jibel> smoser, I don't think it's a regression
[17:33] <jibel> smoser, in the context of LXC it just doesn't make sense to try to resize the hard drive of the host.
[17:42] <smoser> jibel, right. it doesn't make sense to do it. i should have caught the ENOENT on the stat.
[17:42] <smoser> but it doesn't make sense specifically to *not* do it just because its lxc
[17:51] <jibel> smoser, right too :)
=== hatch_ is now known as hatch
[18:28] <Free99> hello everyone, I'm running an asterisk server on a ubuntu server via linode, having trouble getting phones to call each other, but they can call asterisk and run the echo test just fine
[18:41] <Kubes_> Hello, cloudinit question.  How does cloudinit determine initial boots (for run once) vs post start-ups?  Can this be reset?  (Testing and build amis from a current instance?>  Thanks!
[18:58] <Kubes_> Is this correct place for ask cloud init questions?
[18:59] <sarnold> Kubes_: it's not wrong..
[18:59] <zul> jamespage:  http://people.canonical.com/~chucks/ca/
[19:03] <Kubes_> Ok, thanks.  the #ubuntu channel send me here, what is the correct place?
[19:03] <holstein> Kubes_: just ask, and we'll see what the issue is
[19:03] <sarnold> Kubes_: I don't know if this is the _best_ place, but at least this is good enough. :) feel free to re-ask in another few minutes...
[19:04] <Kubes_> How does cloudinit determine initial boots (for run once) vs post start-ups?  Can this be reset?  (Testing and build amis from a current instance?
[19:13] <smoser> utlemming, fun
[19:13] <smoser> http://paste.ubuntu.com/5650240/
[19:13] <smoser> raring instance
=== JanC_ is now known as JanC
[19:17] <jamespage> zul: +1
[19:17] <zul> thanks
[19:19] <zul> Daviey:  *cough* python-ceilometerclient *cough*
[19:23] <Daviey> zul: yes, i will do it today.
[19:23] <zul> Daviey:  cool then we should be ok for grizzly
[19:33] <smoser> utlemming, https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1160543
[19:33] <uvirtbot> Launchpad bug 1160543 in linux "kernel crash on EC2 raring" [Undecided,Incomplete]
[19:39] <hallyn> woohoo!  sparc-cross-toolchain-base built
[19:42] <stgraber> hallyn: congrats!
[19:48] <philpem> Any postfix gurus in the building? I'm getting this when I try to send mail: Mar 26 19:46:16 wolf postfix/smtp[11111]: 7842A2C0E04: to=<philpem@philpem.me.uk>, relay=mail.philpem.me.uk[96.47.225.116]:587, delay=0.84, delays=0.2/0/0.37/0.26, dsn=5.0.0, status=bounced (host mail.philpem.me.uk[96.47.225.116] said: 550 SMTP AUTH is required for message submission on port 587 (in reply to RCPT TO command))
[19:49] <philpem> Relayhost is set up, smtp_sasl_auth_enable is set, smtp_sasl_password_maps is set, smtp_sasl_security_options is clear.
[19:51] <jcastro_> sebrock: hallyn: so which one of you is putting docker in ubuntu? :)
[19:52] <jcastro_> sorry sebrock, I meant stgraber
[19:53] <hallyn> wow i've never gotten so many 'your email is awaint approval' msgs from just one email :)
[19:54] <stgraber> jcastro_: well, unlikely to happen for 13.04 considering how new it's and that we're about to freeze for good, but for 13.10, I'm sure we'll find volunteers
[19:54] <stgraber> jcastro_: ideally by then they'll have talked to upstream LXC and we can get them to use the API instead of wrapping around our binaries
[19:54] <hallyn> jcastro_: personally i'm still waiting for the hype to settle down
[19:55] <jcastro_> I was more hoping for a ppa than anything else
[19:55] <hallyn> but maybe i'll go learn some go from their github repo :)
[19:55] <jcastro_> stgraber: ack.
[19:56] <hallyn> stgraber: this thread may be a sign that at the next 'ubuntu irc days'/whatever another lxc demo is needed
[19:57] <stgraber> hallyn: I guess so, I've been pretty consistent at showing off LXC at every single conference I've been attending in the past 3 years, but I guess not everyone attends those, so maybe an IRC session would be a good idea too (or an hangout? hangout on air has the advantage that we can screenshare)
[20:00] <hallyn> stgraber: that's a good idea
[20:01] <hallyn> perhaps to celebrate 0.9 :)
[20:02] <stgraber> as good a pretext as any ;)
[20:02] <hallyn> all right lemme finally take care of the libvirt dnsmasq.d sru, then i'll look at the lxc-clone patch
[20:02] <hallyn> we dont have clone in teh api yet do we?
[20:02] <stgraber> no, I have it in the python API though but it just calls lxc-clone
[20:03] <stgraber> but I have plans to kill all of those in 1.0 anyway and move to a clean C implementation + backend plugins in shell
[20:03] <hallyn> i think we need lxc-clone rewritten in python
[20:03]  * hallyn looks around for a volunteer
[20:03] <stgraber> so that create/destroy/clone/... can all use some common functions to deal with the various backends
[20:03] <hallyn> right
[20:04] <stgraber> sure, once we have clone() in C with the plugins and everything, lxc-clone can be made a 5 lines python script ;)
[20:04] <hallyn> stgraber: can you put up a wiki page with the todolist (including rewriting lxc-clone as c) so we can easily prioritize?
[20:04] <hallyn> todolist for 0.9 and 1.0 i mean
[20:05] <hallyn> (i can start it if you prefer, but i think you have an actual list you can start from :)
[20:05] <stgraber> hallyn: I'll publish something after 0.9 is out, I don't want to confuse people :)
[20:05] <hallyn> ok
[20:06] <stgraber> for now I want bugfixes, then get 0.9 out next week, then start preparing 1.0 and getting people to start sending feature patches for 1.0
[20:06] <hallyn> right
[20:06] <hallyn> ok, biab
[20:10] <hggdh> /join #ubuntu
[20:23] <stgraber> jibel: testing a patch to the lxc-ubuntu-cloud template to support armhf on x86 and armhf on armhf (will still need manually passing the URL until utlemming uploads a new cloudimg)
[20:30] <blistov> Anyone having issues with AMD-Vi initialization failing after updating to xen-hypervisor-4.1-amd64:amd64 (4.1.2-2ubuntu2.5, 4.1.2-2ubuntu2.6) ?
[20:40] <stgraber> hallyn, jibel: So I'll send a patch to make armel/armhf work on armel/armhf hosts for both lxc-ubuntu and lxc-ubuntu-cloud. armel/armhf on x86 for the cloud image is working here but the change is rather massive and I'd rather avoid rushing this in 0.9
[20:41] <hallyn> send to lxc-devel?
[20:41] <stgraber> especially as it wouldn't work out of the box anyway until flash-kernel is fixed or removed
[20:42] <stgraber> hallyn: yeah. Finishing the tests here, will send in a few minutes. The bits I'll send for 0.9 are just some simple changes to the arch checks. For 1.0 I'll push the rest of the changes I have here which basically doubles the size of lxc-ubuntu-cloud (we need function sharing between our two templates ;))
[20:42] <hallyn> thx will look for it
[20:43] <hallyn> hm, yeah, with abstraction/templating (in the OO sense :) we could actually make fn sharing between lxc templates pretty nice
[20:43] <hallyn> i've been looking for a good way to move all that away from shellscript
[20:44] <hallyn> ideally would've been to c, but this might make it worth doing in python (or c++) and continuing to have the c api wrap program calls
[20:44] <stgraber> I think python would be better for the Ubuntu templates. I'm not a huge fan of subprocess handling and wgetting stuff from C :)
[21:02] <stgraber> yay, got an armhf cloud instance running in LXC on my x86 machine, so that patch works too. Just need to keep it around for LXC 1.0
[21:05] <Kubes_> A cloudinit question I asked prior, but still answered, maybe there's a expert here now.  How does cloudinit determine initial boots (for run once) vs post start-ups?  Can this be reset?  (Testing and build amis from a current instance?
=== Pyus is now known as contigi
[21:53] <hallyn> stgraber: now, arm ubuntu-cloud containers on amd64, that should just be a matter of updateing the template a bit right?  no technical reason for that restriction?
[21:54] <stgraber> hallyn: correct and I have a patch for that, expect that "a bit" is around 80 lines of pretty weird code to deal with qemu-user-static and multi-arch
[21:54] <hallyn> stgraber: also, on raring on arm i thought qemu-i386-static should work
[21:54] <hallyn> stgraber: yup, ok.
[21:54] <stgraber> so I'm not planning on allowing qemu-user-static for cloud images in 0.9, but for 1.0 I expect to have it
[21:55] <stgraber> i386 on arm is interesting, I didn't know it actually worked nowadays
[21:55] <hallyn> it should, with the new qemu source in raring
[21:55] <hallyn> but, not worth worrying about now :)
[21:55] <hallyn> thx - ttyl
[21:55] <stgraber> I'll run a quick test, if it works, I'll allow it in lxc-ubuntu
[21:56] <stgraber> hallyn: is that just i386 or x86_64 too?
[21:57] <hallyn> stgraber: should both be there...
[21:57] <stgraber> hallyn: ok. I'll run a test. Last I tried, they were "there", working was a whole other thing though :)
[21:57] <stgraber> (things segfaulting all over)
[21:58] <hallyn> sigh
[22:13] <stgraber> hallyn: /bin/sh: 1: Cannot fork
[22:14] <stgraber> hallyn: that's what I get under qemu-i386-static on armhf
[22:14] <stgraber> hallyn: so I can spawn a first process but that's about it :)
[22:16] <stgraber> hallyn: same with amd64 on armhf
[22:16] <Fleck> hello, ubuntu server uses old package for courier-imap
[22:17] <Fleck> have some problems because of this!
[22:22] <Iapetus> hello!
[22:22] <Iapetus> Can someone help this newb with directions to make my server available to the world?
[22:23] <Iapetus> It's working and I can access it on my own network, but no one elsewhere can seem to get to it.
[22:23] <Iapetus> and I suck at networking ;_;
[22:25] <sarnold> Iapetus: can you ping from your server to e.g. google.com? can you ping to 4.2.2.1? Is your server on an rfc1918 private network address? do you have NAT in place?
[22:26] <Iapetus> ooo hang on
[22:27] <Iapetus> yes, and yes, I do not know what a rfc1918 private network is, and I don't think so about NAT
[22:28] <sarnold> rfc1918 is the 192.168/16, 10/8, and ... 172.something addresses
[22:28] <Iapetus> one second
[22:32] <Iapetus> oh and to be a little more clear: I am running two computers. One of them has the server installation, and this is the one I am chatting with. I can SSH to the server as well.
[22:33] <Iapetus> after reading a little more, I would say yes the server is on an rtf1918
[22:34] <sarnold> Iapetus: okay, hosts in the private unroutable address space tend to get internet access through network address translation; that complicates other machines contacting the host directly. (ping, for example, will never really work.) you'll need to do some port forwarding on your NAT firewall.
[22:36] <Iapetus> using router settings?
[22:36] <sarnold> Iapetus: yeah; how you do that varies from system to system...
[22:39] <Iapetus> I logged into my router and set the Port Forwarding Range to point to the server's IP address, with start port at 22 and and port at 80, allowed both TCP and UDP. Was this wrong?
[22:40] <sarnold> Iapetus: heh, forwarding port 53 dns may cause you problems looking up hosts -- depends on how well the designers of your router thought things through :)
[22:41] <sarnold> Iapetus: I'd start with only ports 22 and 80 over tcp. use only what you need..
[22:41] <Iapetus> right on
[22:42] <Iapetus> good to know I'm on the right path
[22:43] <Iapetus> damn that %10 configuration and %90 content :S
[22:45] <Iapetus> is the 192.168.0.xxx address accessable from anywhere though? or do I need to change that to something more unique?
[22:46] <sarnold> Iapetus: that address range can't be routed over the internet. (Every reasonable ISP will perform ingress and egress filtering on those address ranges to prevent them from being on the internet.)
[22:46] <Iapetus> makes sense
[22:46] <sarnold> Iapetus: we ran out of ipv4 addresses, so you don't really have an option. You can still get IPv4 addresses from some ISPs, but they've all been handed out now, so...
[22:47] <Iapetus> wait, what?
[22:48] <Iapetus> does that mean I cannot make my home server accessable to the internet?
[22:50] <sarnold> Iapetus: you can, it just means using NAT and setting up port forwarding.
[22:50] <Iapetus> thank you for the help btw, sometime google is a needle in a haystack
[22:51] <Iapetus> time to read some more :S
[22:53] <sarnold> Iapetus: if you're like most home-users, you'll next want to read about "dynamic DNS" systems; if your NAT firewall's IP address changes due to a new dhcp lease, a dynamic dns thing will let you continue using a convenient hostname.
[22:58] <Iapetus> yeaaaah, I just read about NAT on wikipedia FML
[22:59] <Iapetus> I went to school for programming, not networking ;_;
[23:02] <Iapetus> well fudge
[23:03] <Iapetus> think you could walk me through this?
=== wedgwood is now known as wedgwood_away