/srv/irclogs.ubuntu.com/2013/05/29/#ubuntu-uk.txt

redtape|renegadeOT | Made me tickle :::   must be from blighty (?) :::: http://www.youtube.com/watch?v=DzlH5SDGoyA00:32
n-iggerloveubuntu is for niggers,05:54
n-iggerloveubuntu is for niggers,05:54
n-iggerloveubuntu is for niggers,05:54
n-iggerloveubuntu is for niggers,05:55
n-iggerloveubuntu is for niggers,05:55
n-iggerloveubuntu is for niggers,05:55
n-iggerloveubuntu is for niggers,05:55
n-iggerloveubuntu is for niggers,05:55
n-iggerloveubuntu is for niggers,05:55
n-iggerloveubuntu is for niggers,05:55
n-iggerloveubuntu is for niggers,05:55
n-iggerloveubuntu is for niggers,05:55
n-iggerloveubuntu is for niggers,05:55
n-iggerloveubuntu is for niggers,05:55
knightwisemorning everyone06:48
brobostigonmorning knightwise06:49
knightwisehey brobostigon06:49
knightwisehow are you today06:49
brobostigonknightwise: not bad, busy day, jobcentre etc. and you?06:50
knightwisepretty ok, also a busy day , meetings and shit06:50
brobostigon:) :(06:51
knightwiseits ok .got an ssh tunnel to my machine at home to keep me busy when its boring06:51
knightwisecurrently writing some simple backup scripts.06:51
brobostigon:)06:51
knightwisersyncing my itunes library and making a monthly zip file and stuff06:52
MooDoohello all06:52
knightwisehey MooDoo06:52
MooDoo:)06:52
brobostigonmorning MooDoo06:52
knightwisebtw : whats the best compresiion , zip or tar ?06:52
TheOpenSourcererknightwise: technically tar isn't compressed.07:07
TheOpenSourcerertar is gzip'd or bz2zipped subsequently to being tar'd07:07
TheOpenSourcererbz2 give higher compressions ratios that zip IIRC07:08
TheOpenSourcererMorning all BTW07:08
TheOpenSourcererSun in Farnham again today :-)07:08
brobostigonrain here, :(07:10
diploMorning all07:10
brobostigonmorning TheOpenSourcerer and diplo07:11
diploLets get some chatting going here so I don't have to see the messsages from earlier :)07:11
knightwiseTheOpenSourcerer: so I would be better of b2z 'ing the entire directory07:19
diploTakes a fair bit longer, also dependant on what compression you set- default is 5? maybe i think and can go up to 907:20
diploBut yes bzip gives better compression but using more cpu etc07:20
TheOpenSourcereryou can tar with a -j to bzip2 the tar as you go, e.g. # tar jcf mytarball.tgz mydir/07:21
TheOpenSourcererI generally just use gzip tar zcf07:21
diploMoi aussi :)07:22
dwatkins_tar -cvzf07:22
=== dwatkins_ is now known as dwatkins
knightwisewhat does the f do ?07:29
diploFilename for the archive you're creating I believe07:31
dwatkinsyeah07:35
dwatkinsit also serves to remind me where the filename goes (immediately after the options)07:35
knightwiseah ok07:35
dwatkinsas opposed to the spec of files to include in the archive07:35
knightwisetrying it out now on my entire itunes library07:36
dwatkinsI suspect the minus sign and possibly the 'f' are unnecessary, but I've been using tar so long, I forget where I started with those options, probably an RS6000 in 1994 ;)07:36
TheOpenSourcerer"f" must be the last switch before the filename. tar fcz mtfile.tgz mydir/ won't work.07:36
TheOpenSourcererThe - is not required, but is a throwback to long, long ago...07:36
TheOpenSourcererYou can use it or not as you wish07:37
dwatkinsI always find it strange that commands are so inconsistent with each other, some needing the minus, some not, etc.07:37
TheOpenSourcererman tar has lots of useful information07:37
dwatkinsAt least tar is adaptable, I suppose.07:37
dwatkins(as is ps)07:37
TheOpenSourcerertar is one of the few left that do not require it from what I have noticed.07:37
dwatkinsah ok, my information is probably old then.07:38
* TheOpenSourcerer waits to be informed...07:38
dwatkinsI've waited a long time for that...07:38
dwatkins...then I started reading the manual.07:39
knightwiseI loved the XKCD about tar :)07:48
=== schwuk_away is now known as schwuk
dwatkinsheh yeah08:14
=== Hornet- is now known as Hornet
JamesTaitGood morning all, happy UN Peacekeepers Day!08:20
BigRedS_Goooood Morning!08:37
* diplo is playing with ldap this morning :)08:39
diddledanldap's fun08:40
diploUmm fun isn't a word I'd use so far :)08:40
diddledan:-p08:40
diplopita, could make it a lot clearer, but it's starting to go in the noggin now08:40
bigcalmGood morning peeps :)08:40
diploWording in it could be clearer, writing my own notes for it as well08:41
diddledanI don't get with ldap how it manages to be entirely schemaless. with schemas08:42
diddledanand that the schemas are stored in the db according to a schema stored in the db that wasn't there when you started08:43
diddledanbraingoo08:43
SuperMattthe day I have to configure my own ldap is that day I quit life08:44
diddledanlol08:44
=== Hornet- is now known as Hornet
mungbeanwifey is out for 1hr max today. chances of citylink attempting to deliver in that 1hr window? high09:19
diddledanVERY high09:19
mungbean:'(09:20
mungbeanthough i hear the depot is v nearby09:20
Laneyput a note on the door09:28
Laneyusually works09:28
mungbean"leave with neighbour?"09:29
Nafallo"wifey gone shopping. please please please wait for her!"09:29
Laneyleave in <x place>, yeah09:30
BigRedS_that's one thing I do like about Amazon's otherwise alarmingly insecure deliveries09:30
=== BigRedS_ is now known as BigRedS
popeyi got a DPD mail today giving me the exact 1 hour window it will be delivered in09:31
popey16:16-17:1609:31
mungbeannice09:31
mungbeani know its out for delivery :-\09:32
LaneyI decided to buy something right before I fell asleep last night09:33
Laneyand now I can't remember what it was09:33
popey\o/09:33
mungbeanbacon09:33
popeywas it sheep?09:33
Laneyoh yeah, homebrew stuff09:33
mungbeangot put off the diea after my student days and a foul tasting conconction09:34
diddledan*like*09:38
diddledanfoul tasting concoctions are great when you're a student09:38
diddledanI like student towns when you go out on the piss they come round near the end of trading with lashings of shots - usually either green or red and often in testtubes09:40
diddledanI have no idea what's in them, but they're awesome :-p09:40
popey09:40
LaneyI've made some quite drinkable stuff from kits09:40
diddledanlies!09:41
Laneywant to step it up to choosing my own ingredients09:41
LaneyI am jealous of kirkland's setup09:41
diddledanthey're building a distilliary near where I grew up in freefolk/laverstoke - nr basingstoke09:41
Laneyhttp://www.ubrewtu.com/09:42
diddledanhttp://www.basingstokegazette.co.uk/news/9554536.Gin_project_is_a_tonic/09:43
NafalloLaney: No match for "UBREWTO.COM".09:43
JamesTaitNafallo, or ubrew.to09:44
mungbeanbest package for drawing diagrams in ubuntu?09:52
mungbean(or web based)09:52
popeyhttp://www.asciidraw.com/09:52
mungbeanthat's my usual goto for wiki pages.09:52
mungbeanthis is more visio related09:53
mungbeani guess draw, dia or caligra09:53
Nafallomungbean: dia09:55
=== alan_g is now known as alan_g|tea
mungbeandoh, i chose calligra09:55
Nafallogah09:56
Myrttigah?09:56
Nafallojoin/parts09:56
diddledangah!09:56
Nafalloannoying09:56
popey\o/09:56
Nafallocheers Myrtti :-)09:57
Myrttibe'er?09:57
mungbeanstill plagued by the debconf on <hostname> window flashing up multiple times during software install09:57
diddledanthat's a strange banmask09:58
diddledanhow does it know who's got broken connections to match the @*$##fix_your_connection?!09:59
bigcalmI've been listening to a string of The Infinite Monkey Cage podcasts. All caught up so thought I'd move onto the last uupc. My brain wasn't able to process Tony's voice in my headphones, I think it was expecting Brian Cox09:59
bigcalmdiddledan: it's a message09:59
diddledanaah09:59
Myrttier, no.09:59
diddledanso the mask is just *09:59
Myrttiit banforwards to a channel called ##fix_your_connection09:59
bigcalmNice10:00
Myrttiand it knows it by the nickname, see the part before the !10:00
Myrttiandatche!*@*$##fix_your_connection10:00
davmor2Morning all10:06
bigcalmMorning davmor210:06
=== alan_g|tea is now known as alan_g
czajkowskiello davmor210:15
SuperMatthulk smash!10:16
bigcalmWish I could be in 2 places at once10:18
bigcalmMissing the LUG tonight because Hayley and I are out celebrating her birthday from yesterday10:19
bigcalmIt's a shame that she doesn't see going to the LUG as a good form of celebration10:19
popeyClare went to out LUG meeting _once_10:20
DJonesTell her its a fountain pen converntion, then when you get there say they must have swapped the date with with LUG meeting10:20
bigcalmHayley has been to the LUG xmas meal and is likely to attend the Pie Factory in 2 weeks. But no interest other than that10:20
diddledanthat's sad :-(10:20
diddledan:'(10:21
popeyunderstandable, lug meets are often boring to outsiders10:21
popeymy kids go to them only because I drag them along and they can sit and play games while i do a talk10:21
bigcalmYes and no. She says that it's my social thing10:21
davmor2bigcalm: you only want to go now that you saw my name go down on the life is too hectic to attend list ;)10:21
popeye.g. https://plus.google.com/109365858706205035322/posts/c12F6vLasK810:21
bigcalmdavmor2: just seen the post the ml. How can work be too busy for you when czajkowski does everything? :P10:22
bigcalmMinecraft \o/10:22
mungbeanwould a husband go to a jewellery party?10:22
popeyindeed10:22
bigcalmpopey: I'm guessing that your LUG doesn't meet in a pub?10:22
bigcalm(doesn't look very pubby)10:23
diddledanthe linux community gets a reputation as being male because it's mainly male and therefore only male people join10:23
popeythe one she went to was in a pub10:23
popeyshe was ~6 months pregnant with sophie, too10:23
mungbeanwas the beard count hgh?10:23
popeythats actually one of the first times I met Tony & Laura10:23
czajkowskiI think it varies on the lug tbh and the people there on the day. I met my other half at the LUG meet up. But it's not one I go back to often either.10:23
mungbeani don't LUG because there are lots of linux users at work10:24
mungbeani would meet up at a scale model UG though10:24
mungbeansince my friends haven't realised that this is the best hobby to do ....yet10:24
bigcalmWorking from home means that I look forward to just seeing other people once a fortnight at the LUG :)10:25
mungbeannice10:25
mungbeandrawing a diagram in calligra flow. its very visio ish but i can't change the colour of the lines :(10:26
mungbeanand buggy10:26
mungbeangot potential though10:26
BigRedSJust use paper, felt tips and a camera phone10:43
mungbeanfor sending to oracle?10:46
BigRedSMaybe crack out the crayons for them10:47
=== alan_g is now known as alan_g|afk
=== alan_g|afk is now known as alan_g
czajkowskiLaney: popey one for ye http://imgur.com/r/funny/dRlvEOU11:26
bigcalmczajkowski: that's screwing with my mind!11:28
JamesTaitczajkowski, that's the afternoon gone....11:36
czajkowskiJamesTait: I know I have to avoid that site at all cost11:37
czajkowskis11:37
JamesTait:)11:37
diddledanthat's ay maze zing!11:39
diddledantrippy, too11:39
=== alan_g is now known as alan_g|lunch
mungbeanwhats this motorbike game thats in software center?12:21
mungbeananyone tried it?12:21
* BigRedS installs it12:23
popeywhich game>?12:27
popeyoh, its actually called motorbike ☻12:27
popey"payment authorized"12:28
popeyuhm12:28
BigRedSyeah, I couldn't find a way to install the apparently-free bit of it12:31
BigRedSHm, the software centre's pretty good12:32
mungbeancosts £0.0012:33
mungbeanyou get 10 free levels12:33
popeyheh, that is quite fun12:34
BigRedSyeah, I can see where it says that, but not where to click to make it install12:34
Laneywithout having looked at it, i just got reminded of elastomania12:34
Laneynow that was a fun game12:34
BigRedSThough I've got distracted playing with the software centre12:34
DJonesThere are some apps that you have to go through the payment processing system and purchase at the £0.00 price, doesn't ask for a credit card or anything12:34
popeyi just typed "motorbike" in USC then clicked "more info" then "buy"12:35
BigRedSAhh, that might do it12:35
BigRedSyeah, the 'Buy' wants me to log in with an account I don't have, so I figured it was the payment bit. I expected a 'Download free bit' button somewhere12:35
BigRedSI'll try DJones' theory12:35
BigRedSOh, it's just a launchpad account it wants12:35
DJonesBigRedS: Isn't the login using a launchpad account?12:35
BigRedSyeah12:36
BigRedSsomething else in the software centre wanted a software centre account, I must've conflated the two12:36
popeyit's an Ubuntu SSO account really12:36
popeynot a launchpad account12:37
BigRedSHeh, the software centre is not responding...12:37
popeybut if you've been around a while then it's technically your launchpad account which was migrated to an Ubuntu SSO account ☻12:37
=== alan_g|lunch is now known as alan_g
czajkowskiand there is a difference14:03
czajkowskiif you have a SSO issue the folks in #canonical-isd can help you though14:03
czajkowskiwe get lots of confusion as  from an end user point of you can't tell the diference.14:04
dogmatic69anyone know how I could use terminal to extract the number in "refs/heads/feature/8494-saq-survey"? ...feature/[0-9]+-... would be a good pattern14:34
dwatkinsdogmatic69: extracting the number from a string is easy, yeah14:35
=== alan_g is now known as alan_g|tea
dogmatic69dwatkins: you going to keep me in suspense? :/14:35
dwatkinsmake sure you escape the relevant slashes, but it should be fairly easy, depends on what exactly you're looking for14:37
dwatkinshow are the digits shown in general, for example, and can other digits be present?14:38
shaunowould a blunt sed 's/[^0-9]//g'  work?14:41
dwatkinsshauno: that's why I'm asking, does dogmatic69 mean "remove" or "display only" the numbers14:42
dwatkinsand if there are other numbers present, what should happen with them, nice way to negate the search, though :)14:43
shaunoyeah, I'm skipping a few assumptions :)  'blunt' is my usual methodology.  start with something violently simple, and tune it for why it doesn't work14:43
dogmatic69dwatkins: get just the numbers in a var14:44
dwatkinsshauno / dogmatic69 - indeed, that may well work, but what if other parts have numbers?14:45
dogmatic69shauno: that sed does the trick14:45
dogmatic69dwatkins: doubt it14:45
dwatkinsfair enough, just saying as I've been caught out by sed in this manner before14:46
dogmatic69its a git branch feature/<ticket_id>-description14:46
dwatkinsit gets as much as it can14:46
dwatkinsand if someone calls a feature "mything123"? ;)14:46
BigRedSPersonally, I'd write a script for it14:48
BigRedSin something more capable than bash14:48
dwatkinsperl is probably best for this, yeahy14:48
dwatkins*yeah14:48
BigRedSyeah, "something more capable than bash" is my current euphemism for "Perl"14:49
* dwatkins grins14:49
shaunoooh, I didn't know that .. you can use | as a delimiter in sed instead of /14:50
dwatkinsor a hash14:50
dwatkinsI think you can use all sorts of punctuation as delimiters14:50
dogmatic69if its anything like php you can use whatever you like as a delimiter14:50
* bigcalm does everything in PHP and cares not for sanity14:50
=== alan_g|tea is now known as alan_g
dwatkinsBigRedS: you don't care about your sanity?14:51
bigcalmBwuahaha14:51
BigRedS*I* do. But I don't use PHP14:51
BigRedS:)14:51
bigcalmTab strikes again14:51
dwatkinshehe14:51
dwatkinsoops, sorry14:51
* diplo has moved from perl to python recently for my scripts14:51
BigRedSactually, I do use PHP occasionally. But it does drive me bonkers14:51
shaunohow did I live this long without knowing that :/  makes replacing paths a whole lot tidier, because then you don't need \/path\/to\/foo14:51
dwatkinsI clearly havn't used PHP enough to see how insane it is.14:51
dwatkinsshauno: I know the feeling14:52
diplomuch prefering it, only downside I have is that certain features I code for in 6 don't work in centos4/5 :(14:52
BigRedShaha, yeah, I use hashes by default now. Though (in perl) you do need the m beforehand  -  if ($var m#/some/path/#)  rather than  if ($var #/some/path/#)14:52
BigRedSdwatkins: my main issue is with all the preg_* functions not being as easy as doing the same thing in Perl14:53
dwatkinsI suspect I should be glad I don't know about this, BigRedS ;)14:53
shaunomy solution to this is simply to not understand how things are supposed to work in perl.  that way I'm not injured when they don't14:54
BigRedSshauno: yeah, that's why I intend never to go to Ireland and have a Guinness14:54
BigRedSI'm quite enjoying my ignorance of how much better it is over there14:54
shaunooh now here's a dirty secret.  I can't tell the difference14:55
BigRedShaha, I suspect I'd not be able to. But it's not a risk I'm willing to take14:55
shaunomost of it seems to be in guinness having QA chaps in wee vans doing inspections here, so you suffer the wrath of Guinness if your lines aren't clean enough14:56
shaunoie, good housekeeping, rather than any magical quality inherent to the liquid itself14:57
BigRedSThat sounds like a cushy job14:58
BigRedSAh, actually, I guess they don't just spend the day driving from quaint pub to quaint pub tasting a pint at each one14:58
shaunoseriously, these guys are a very common sight here .. http://farm1.staticflickr.com/25/193675508_7511627bb6_z.jpg?zz=114:59
diddledanomg, the channel started moving while I wasn't watching14:59
diddledanhow dare you exist outside of my consciousness!15:00
shaunoseems to me they're more likely contributors than the traditional myth/legend15:00
BigRedSyeah. I do like the notion that it "doesn't travel well" yet seems to make it to anywhere in Ireland fine, but not just across the water to Liverpool15:01
shaunoand last bit before I drop the topic and go back to housework .. if you ever want to fluster an irishman, remind them that guinness (Diego) are a british company ;)15:01
mungbeandiageo15:01
shaunothat's the one15:01
mungbeanboddingtons tasted lovely in manchester. beer snobs in the south don't believe me15:02
mungbeanthey will only drink something if its called wagglebadgerfoot15:02
diddledanI love that one15:02
diddledanit's very tasty15:02
mungbeanyou grow a beard while you drink it15:03
diddledanI've already got a beard15:03
mungbeandid you drink some?15:03
diddledanyeah, I really like wagglebadgerfoot, it's awesome15:04
shaunoreminds me of something I came across in slovakia.  beer snobs who have only ever drank pilsners.  shocking15:04
diddledanwtf?15:04
diddledanhow can you be snobbish over pilsners15:04
diddledan?15:04
BigRedSI've a friend who is15:04
BigRedSwell, he's snobbish about *all* beers15:04
mungbeangerman?15:04
BigRedSincluding pilsners15:05
BigRedSnah15:05
mungbeanpeople get snoobish about everything: coffee, beer, wine, distros15:06
mungbeanirc clients..15:06
popeyirssi!15:06
popey /ban *15:06
diddledan>.<15:06
mungbeanbikes15:06
diddledanI'm using smuxi atm15:06
mungbeanoh you can't possibly ride THAT bike15:06
BigRedSI'm an awful bicycle snob :(15:07
diddledanbike == dyke?15:07
BigRedSAnd, er, completely the opposite with motorbikes. I appear to have no standards there15:07
diddledanlol15:07
shaunoI guess if you're used to bicycles, all motorcycles are default jealousy ;)15:07
mungbeani like all bikes except for bromptons15:07
BigRedSEven Dahons? And the cheapo imitations?15:08
mungbeananything that looks like an adult stole a childs bike15:09
* popey hugs his brompton15:09
mungbeansays the guy who is waiting for his kick scooter to arrive15:09
popeywhich he no longer has15:09
BigRedSAh, that's BMXes you're think of15:09
mungbeannah bmxes don't pretend to be anything else15:09
BigRedSThey're kids bikes15:10
BigRedSadult bikes look the same but aren't built for a child15:10
mungbeanthere's a bromptonites bunch at work15:10
BigRedSat least bromptons have diddy wheels for a sane reason15:10
mungbeanand proprietary everything15:10
BigRedSthe left pedal is pretty standard15:10
diploOK, to butt in with a linux based question :)15:10
mungbeanbromptonites at work hang around together to validate their poor choice of bike15:10
popeyyeah, had to have my bedal replaced15:10
diploWe have maybe 80+ customers15:11
popeywow15:11
mungbeanyou selling bikes diplo ?15:11
popeythats harsh mungbean15:11
diploAnd we connect to them very insecurely at the moment15:11
diddledanbah.. loonikes sucks</troll>15:11
mungbeani'm being tongue in cheek, you just can't see me doing it15:11
popeyriight15:11
diploWhat I'd like to know is, how do others connect to multiple linux boxes with multiple users and manage keys15:12
Laneyi'd use a brompton if i had to commute15:12
popeydiplo: a gateway box15:12
diploWe have maybe 17 devs that can connect to multiple sites, some use there own machines so could have ssh keys on there15:12
Laneyby public transport15:12
BigRedSif each customer has several machines, have a bastion host at each site, ssh to that and then on15:12
mungbeani jape about it to their face, just a bit of banter really15:12
BigRedSuse puppet/chev/scp+cron to distribute the keys15:12
diploMainly a single machine15:13
diploI have debated that BigRedS, I'm not the sysadmin, but the guys that are aren't that great :)15:13
diploWe're a very small company and trying to get them to use best practise etc is proving slow/difficult15:13
diploOne of my thoughts was to have a single user on a machine that has ssh keys for the customers15:14
diploeach of devs ssh's to that user and we could then just revoke the key from that authorized_keys15:14
BigRedSit depends how much you want to split these things up. We all log on as root with passwords to the huge majority of our machines. Internally it's logged who requested the password and when, and we're expected to log what we do. This is only permitted from one host, though, which everyone key-auths onto15:15
BigRedSit's not so great for auditing, but nor is `sudo su`, and it's a good deal less fragile than it might eb15:15
diployeah pretty much what I was thinking BigRedS, hadn't debated the logging though but also an idea15:15
diddledancan you store authorized keys in ldap?15:16
diploheh, even if you can I gave up on ldap for today.. :D15:16
diddledanlol15:16
diddledanI'm going to have to google that now15:16
BigRedSyeah, knowing that your log-in has been documented is a pretty good incentive to go on to document what you did. Else the next problem is immediately blamed on you when it's checked who was last to fiddle :)15:16
shaunodiddledan: I think that's enough wagglebadgerfoot for you :p15:16
diddledan>.<15:17
shaunoyou can use a different key for each customer though, which gets surprisingly sane once you start using IdentityFile ~/.keys/customer.pem in ~/.shh/config15:18
diploOne of my biggest issues is this company doesn't document *anything* !!!!15:18
diployeah I do that on my own machine, until I joined everyone was still using telnet :/15:18
BigRedShaha15:18
diploThese guys have been doing the same thing for 20 years and it's a pain to get anything to change15:18
diplomost are old and against it15:19
BigRedSwell, using SSH and passwords isn't *bad*15:20
diploWe implemented svn just before I joined, apparently there was uproar.. so one of the guys wrapped the commands in bash so it looked like the old way they did things15:21
BigRedSit's still way better than telnet, for example. And with fail2ban or denyhosts you can make a brute-force attack pointless15:21
diploWe don't use ssh very much though :/ mainly on new sites where I've been involved.15:21
diploI was going to break into a customers site from home to show them how easy it would be..15:21
shaunoI wonder how transparent you could make it with ssh's ProxyCommand directive.  have ssh from the developers box go via a middle-man on your site, have the remote sites only accept connections from the middle-man, and then you've got a central point you can revoke access at, without changing their workflow15:22
diploshauno: thats exactly what I was going to try and acheive15:22
diploWasn't sure if it was good practice though15:23
BigRedSshauno: might be smoothest to configure a VPN, and just mandate that they all connect with that first.15:24
shaunoI think it kinda depends.  if the remote machines only need to accept connections from you, then firewalling ssh down to a single point of entry seems very sane15:24
BigRedSyeah, I meant have them VPN to your single host, and then ssh from that to the other hosts15:24
BigRedSrather than proxying SSH15:24
shaunoif they need to accept connections from some vague definition of 'everywhere', you don't save yourself anything because the developers can still connect directly15:25
BigRedSjust that ProxyCommand seems a less-well-tested system than both a VPN and SSH15:25
shaunossh can be its own ProxyCommand, which reduces complexity a lot15:25
ali1234"how do others connect to multiple linux boxes with multiple users and manage keys" - i don't understand the question15:26
ali1234i just put my public key on the server and then forget about it15:26
diployeah, so I have 80 sites, some with more than 1 machine all with a users ssh pub key on it15:28
shaunosomething like "Host Remote, ProxyCommand ssh bastion -W %h:%p", and then 'ssh Remote' will ssh to 'bastion' and from bastion to Remote15:28
diploIf a member of staff left and the key was from a personal pc he'd still have access to all those customer servers15:28
ali1234diplo so your question is simply "how to revoke keys"15:29
diploOr what is the best set up in that situation, it would be a pain to revoke that many keys and to check them15:29
ali1234"that many keys" - no, one key15:30
diploWhich is why I was asking about a single server connection, and we locally ssh to that server via a key, so only one server to revoke from15:30
ali1234sounds like a plan15:30
ali1234of course if someone wanted to be malicious they could just install their own keys on the other servers15:31
ali1234and then avoid the central server15:31
diployeah that is very true.. :)15:31
ali1234if you try to firewall it then they can set up a reverse tunnel15:31
diplonot sure they would, but it's just when I set it up I don't want to do it more than once :D15:32
BigRedSali1234: only if they could get in to set it up15:32
ali1234i would probably go for some kind of system where there is a central authorization server15:32
BigRedSif you have a single server which is the only place SSH to the other servers is permitted from and you deny someone access to that, then they cannot ssh to the other servers15:33
ali1234BigRedS: if you don't want them to get in then this is not a problem. simply don't issue them any keys or logins at all15:33
BigRedSno, when you wish to revoke their access15:33
BigRedSyou revoke their access to the bastion (by removing their key, user, whatever) adn then they cannot get to that machine to then get on to the others15:33
diployeah I think accept ssh logins from local network and from one server externally if that's possible15:34
diploRight, I'm going to test this out over the next few days with a few customers15:34
BigRedSthen you're asuming they can't get in to the local network15:34
BigRedSyou'd need to have control over teh outermost firewall, really15:34
diploCheers for input guys15:34
BigRedS(where 'they' is recently-sacked staff)15:34
diploWe are in control of most of our customers setups15:34
ali1234BigRedS: i would install a reverse tunnel on the server along with my public key. i can then log in to it even if you revoke my bastion access15:35
popeythat can be prevented in ssh config though can't it?15:35
popey(setting up tunnels)15:35
popeyor indeed in the firewall15:35
ali1234who said i would use ssh?15:35
diploheh15:35
shaunodo the developers have/need sudo/root on the remote machines?15:36
diployeah occasionally15:36
BigRedSali1234: ah, but can be blocked by the firewall15:36
ali1234you will have to lock down my user account so i can't install any software at all and can't initiate IP connections15:36
diploBut 90% of the time not15:36
ali1234or you will have to cnfigure the firewall to prevent any outgoing or incoming connections at all15:36
shaunowas just wondering if making authorized_keys root:root 644 would work.15:36
popeyno, ssh will fail15:37
ali1234if you do the first thing you might as well not give me access at all15:37
shaunossh will fail if your private key is readable, not your public key15:37
ali1234effectively keeping out rogue admins is pretty hard since they need to be able to do all the things required to install back doors15:38
diploThe only one person they worried about has gone now, only one they'd need to worry about now is me :)15:40
ali1234what about is you use this bastion thing combined with an admin-only VPN15:41
ali1234and some really restrictive firewall rules on that VPN15:42
diploI think that's where we need to be yeah15:42
shaunothat depends on what the remote site needs though.  if they'll still allow connections from anywhere, your vpn isn't required15:43
diploSome sites have the worst routers, the current support guys leave ports wide open to the net15:43
ali1234it's all rather pointless if there is only you using it though15:43
diploIt's just an overhaul we need, going to document and pass on I think15:43
=== alan_g is now known as alan_g|dance
=== nigelb_ is now known as nigelb
diploAnyone else seen this issue http://askubuntu.com/questions/296801/aboutblank-opens-in-chromium-when-i-type-into-the-dash ?18:16
diploQuick search on launchpad I've not found anything yet18:16
MartijnVdSno, but I don't use the dash18:16
diploDoes it on boot, google trying to auth pops open chormium18:16
diploafter logging in, but also does it as per that as well18:17
MartijnVdSI do get an auth popup on login18:17
MartijnVdSthat I don't type my password into because it doesn't identify itself properly (I don't know what I'm authenticating for)18:17
diploI've already closed 3 about:blanks, another 3 open and a facebook auth one as well18:17
diployeah, can't say I like the way that works atm18:17
Laneyjust dropped a box of 12 eggs19:29
Laneysurprisingly messy19:30
brobostigonoh dear.19:30
brobostigonsunny day, scrambled eggs. :)19:30
Laneyluckily it was on a concrete floor in the garage19:30
brobostigoneasy cleanup.19:30
Laneywell they're pretty hard to wipe up19:31
Laneygot up what i could and then dumped a watering can over the rest ...19:31
brobostigonah.19:31
AlanBellevening19:49
brobostigonevening AlanBell19:49
popeyevening AlanBell20:06
iPenguinHello20:07
popeylo20:07
iPenguinIs it possible to install ubuntu with using a usb or a disc?20:08
DJones!usb | iPenguin20:08
lubotu3`iPenguin: For information about installing Ubuntu from USB flash drives, see https://help.ubuntu.com/community/Installation/FromUSBStick - For a persistent live USB install, see: https://wiki.ubuntu.com/LiveUsbPendrivePersistent20:08
DJonesFor a disk, you'd need a dvd to copy the iso to, but yes you can install froma live dvd20:09
iPenguinThis does not help.20:11
czajkowskiiPenguin: in what way doesnt it help?20:12
iPenguinI found it now.20:12
iPenguinhttp://www.ubuntu.com/download/desktop/install-ubuntu-with-windows20:13
iPenguinIf i install ubuntu after i used the windows installer would xp be swiped off the system?20:15
DJonesiPenguin: If you mean using the wubi installer, then no, that creates a fake file system within windows to run Ubuntu from, but its not intended for long term use, its more for people just wanting to try Ubuntu before installing it properly20:17
AlanBelliPenguin: no, it should shrink xp and let you install alongside it (if you have enough space, and enough partitions)20:17
iPenguinWhat happens if i install it properly from the windows boot?20:17
AlanBellso, do you know how your disk is partitioned at the moment?20:19
AlanBellis there a recovery partition etc?20:19
AlanBellthere can be problems if it has been set up with 4 primary partitions (because that is the limit)20:19
AlanBellif there are fewer then you are OK as it can create secondary partitions (it needs 1 primary partition to put all the secondary partitions in)20:20
AlanBellso unless your manufacturer has been obnoxious and used 4 primary paritions you will be fine, it will be able to shrink the windows stuff and create linux partitions alongside, then on bootup you will get a menu that lets you choose which operating system to start20:21
=== dllewellyn is now known as diddledan
diddledanevening20:38
diddledanpopey: I've google+'d you some photos of my macbook20:39
popeyooh20:47
popeyyou sure?20:47
diddledanI think so?20:48
popeyi see no notifications or owt20:48
diddledanoddness20:50
popeyvery20:51
popeyi see them now20:51
mungbeanthe eagle has landed \o/20:51
mungbeanwatching it)20:52
redtap|awaydaftykins: You about ?, ping .21:16
=== redtap|away is now known as redtape|renegade
redtape|renegadeAlanBell: I thought you were in Wales this week ?21:19
redtape|renegadeOT | What is a Mozspace, and why should I care ? .. https://wiki.mozilla.org/IRC#Commonly_Used_Mozilla_IRC_Channels21:25
redtape|renegadeApparently there's one in london  ( ? )  http://thenextweb.com/uk/2012/03/23/a-look-inside-mozillas-new-london-co-working-space/21:25
diddledancool. now to make one happen in basingstoke :-p21:31
redtape|renegadediddledan: I guess it's a hackspace with an identity.21:32
diddledanlooks friendly and welcoming21:32
redtape|renegademm.. orange is a nice colour, i guess.21:32
redtape|renegadeWhy do they always have to be in the center of a city .. why not on the way to the airport etc ?21:34
redtape|renegadediddledan: I went to a FOSDEM talk with a key mozilla dude, and it all seemed very corporate to me, not a hacking community, per se.21:35
diddledanhmm21:36
redtape|renegadeI know they are open, but I think it's not *that* 'open'.21:36
redtape|renegademost people are switching to chrome anyhow .21:37
redtape|renegadeWhat do you use ?21:37
diddledanI'm a chromatic21:38
shaunoI think firefox needs to go on a diet :/21:38
redtape|renegadeI use firefox because it's just easier to download youtube videos etc .. but i use chrome when i need to get a good upload going ..21:38
redtape|renegadeIf only someone would actually make the 'thumbs-up-facebook-button' blocker extension, people would really have a reason to use it.   .. the hardcore users, that is21:40
redtape|renegadeI'm just stuck with ABP and no script for now .. sigh.21:41
redtape|renegadeshauno: Anything good on then  box, over there ? I hear there was a RTE documentary on nurseries that got ppl talking.21:44
shaunoI don't watch a whole lot of TV, really21:44
redtape|renegadeoh yes, i forgot ..21:44
shaunoespecially RTE.  I tend to avoid those, just because they make me irate about my €160 licence21:44
redtape|renegadefair enough.21:45
redtape|renegadeshauno: I have to say, Galway has been quiet, or at least I haven't heard much from there, recently, .. much going on ?21:47
shaunodunno, I live on the internet :)21:47
shaunono volvo race this year, which has been the big noise the last few summers21:48
redtape|renegadeiron man ?21:48
shaunoI think that's later in the year.  I stumbled upon a couple of years ago, and would have been early august21:49
* redtape|renegade is looking for a travel partner, but does know where to look .. :(21:50
redtape|renegade**doesn't know where to look..21:50
shaunoI gotta say it bothers me that firefox was meant to be the 'reboot' because mozilla had turned into a meandering behomoth.  and is now considerably larger than mozilla ever was21:53
redtape|renegadeOT | Anyone felt the quake today ? http://www.breakingnews.ie/ireland/experts-say-quake-aftershocks-likely-in-coming-days-595954.html21:54
redtape|renegadeFunnily enough, I was awake at the time, but felt sod all ; due to not giving a ..21:57
redtape|renegadeprobably because I was playing Quake III at the time >_<21:59
shaunoI can't say the earth's moved for me recently either21:59
diddledanI felt the earth move.. I had beans last night22:00
redtape|renegadethey always seem to happen in the morning too .. strange that.22:00
* redtape|renegade is still looking out for daftykins .. somewhere on the loose.22:01
redtape|renegadeOOh got a good website ( like finding an old friend :) ) Some good links there ... http://techrights.org/2013/05/29/fedora-19-previews/22:04
shaunoI mostly travel to visit friends now.  it's a bit more boring in some regards, but a lot more interesting in others22:06
shaunothe biggest downside is that I have itchy feet, and keep looking at jobs in bizarre countries22:10
redtape|renegadeshauno: Whereas, I travel 'cos I want to see something different that you can't really get a proper feel for on the internet .. like Cornwall.22:10
shaunothat's where visiting people really works out.  you get to see a lot more with a local, instead of just driving around in circles until you end up drinking scrumpy jack on a tiny beach that'll kill you if you don't get off it at the right time22:12
redtape|renegadeyeah, been there before ..22:12
redtape|renegadeI suppose I should try to find my couchsurfing P/word again ..22:13
redtape|renegadeI just don't like putting that type of pressure on people, for me to stay with them :/22:14
shaunoI'm really curious about moving east, but I can't get my head around the difference in pay rates22:14
redtape|renegadeeast .. like Dulwich east or wat ?22:14
shaunolol22:14
shaunoa little further than that22:15
shaunostredná európa type east22:15
diddledanyou will go playing doctors with foreigners!22:16
diddledanit's your own fault22:16
redtape|renegadeOh, central europe .. https://sk.wikipedia.org/wiki/Stredn%C3%A1_Eur%C3%B3pa22:16
redtape|renegadewhoops22:17
shaunothat's the one :)22:17
shaunocrazy language, but I'm trying.  I just look like an idiot whenever I actually try to use it22:17
shaunoit's amazing how quickly conversations diverge from beginners vocab.  it's never anything like it is in the books22:18
shaunochap on the plane asked me how long the flight was.  told him three hours.  so he said something to the effect of "oh, we arrive at 2pm".  told him no, 1pm.  whereupon I realised I can barely explain timezones in english, let alone slovak22:19
diddledanlol22:19
redtape|renegadeMy pizza guy is from Bulgaria .. he says you can buy a house for £5K (in Bulgaria) .. but after a week the Gypsie's sense a disturbance of a newcomer in the force, wait till you pop out for the milk ; then pinch your furniture .. lol22:20
diddledano_O22:20
redtape|renegadelets see if he's right, then ..22:20
shaunoit's not quite that low in slovakia, but still .. it's very odd trying to consider job postings for roughly a third of what I'm making here22:21
shaunoit'd almost help if they weren't on the euro, so my head would quit trying to draw direct comparisons22:21
redtape|renegademm Bulgarian Property : Cheap, but is it legit /  [ http://bit.ly/Zu8Ngw ]22:23
shaunobulgaria seems a bit too remote to actually relocate to.  perhaps for a vacation property, but not somewhere to live & work22:24
shaunoI've more been looking for cities that have a decent number of multinationals looking for a cheap workforce.  more likely to find tech work that is happy to take english-speaking that way22:26
shaunoeg, bratislava has places like dell, ibm, at&t, novell, amazon, even msft .. where even the locals are expected to speak english at work22:28
shaunoI'm all in favour of learning the language, but I'd rather not have to depend on it for work.  that's a pretty unachievable timeframe22:29
redtape|renegadeshauno: All I recall from Slovakia is there's too many swinger parties :)22:30
shauno"too many"?  ;)22:31
shaunothey've struck me as pretty conservative so far22:31
shaunoand very family-centric.  even in the cities, most seem to keep strong connections with family in towns & villages, and still take the trek out for family pig-kilings22:32
shauno(it's "a thing".  they have a few "things" I don't quite understand yet.  like whipping their women to celebrate easter)22:34
redtape|renegadeoh dear, it's all gone a bit /Borrat/22:35
shaunowell, I doubt many countries understand gloucestershire cheese-rolling either.  we all have "things" that look bizarre22:35
diddledanmy thing definitely looks bizarre22:36
diddledanwait, what?22:36
diddledantmi?22:36
shaunoor morris dancers22:37
* redtape|renegade still still doesn't ' get ' Chris Evans ^_^22:40
shaunobeing british is hugely entertaining, but it doesn't make us the best judges of what's actually "normal".  we have men in plaid skirts who laugh at the germans for wearing leather pants22:40
redtape|renegadeyeah.22:40
shaunothe scottish national dress is worryingly similar to irish catholic school uniforms22:41
redtape|renegadeshauno: On a lighter note .. I've been listening to 2XM for 3 months solid now on VLC / streaming .. and It's a great RTE station, for me. :::: http://icecast1.rte.ie/2xm22:42
shaunobesides.  pigs taste good.  true story.22:42
diddledanpigs' fat tastes amazing when cooked right22:43
redtape|renegademust be the doughnutz .. lol.22:44
redtape|renegadehttp://www.youtube.com/watch?v=ZA_Tl1kvlQU : tonites' topic..22:47
shaunothis was the one that made me o_O  http://www.youtube.com/watch?v=G5_dPOj86FA   but little things like having carp for christmas dinner still strike me as odd too (and that you're meant to bring it home alive and keep it in the bathtub)22:51
redtape|renegadei like the way they celebrate it with a photo .. very telling.22:54
redtape|renegadewow.. i just realized to the right/options .. there's a lot of them, like that .. :)22:55
shaunoindeed22:56
shaunoanyway, enough babbling from me.  suffice to say I find it fascinating.23:02
* redtape|renegade opens a beer .. to end the day :D23:12
redtape|renegadeshauno: Are there any IRC channels that people of Ireland use , other than #ubuntu-ie ?23:28
shaunono idea, to be honest23:32
shaunoI know the local hackerspace have #091labs, but I haven't been in there, so I couldn't tell if how trafficked it is23:33
shaunobut for the most part, freenode tends to be by subject, rather than geography23:33
redtape|renegadei clicked the #0911labs channel .. only two people on it !23:36
redtape|renegadeand no 'topic' to talk of ! even worse.23:38
shaunono idea if they actually use it, besides the obvious (1am)23:40

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!