[00:32] <redtape|renegade> OT | Made me tickle :::   must be from blighty (?) :::: http://www.youtube.com/watch?v=DzlH5SDGoyA
[05:54] <n-iggerlove> ubuntu is for niggers,
[05:54] <n-iggerlove> ubuntu is for niggers,
[05:54] <n-iggerlove> ubuntu is for niggers,
[05:55] <n-iggerlove> ubuntu is for niggers,
[05:55] <n-iggerlove> ubuntu is for niggers,
[05:55] <n-iggerlove> ubuntu is for niggers,
[05:55] <n-iggerlove> ubuntu is for niggers,
[05:55] <n-iggerlove> ubuntu is for niggers,
[05:55] <n-iggerlove> ubuntu is for niggers,
[05:55] <n-iggerlove> ubuntu is for niggers,
[05:55] <n-iggerlove> ubuntu is for niggers,
[05:55] <n-iggerlove> ubuntu is for niggers,
[05:55] <n-iggerlove> ubuntu is for niggers,
[05:55] <n-iggerlove> ubuntu is for niggers,
[06:48] <knightwise> morning everyone
[06:49] <brobostigon> morning knightwise
[06:49] <knightwise> hey brobostigon
[06:49] <knightwise> how are you today
[06:50] <brobostigon> knightwise: not bad, busy day, jobcentre etc. and you?
[06:50] <knightwise> pretty ok, also a busy day , meetings and shit
[06:51] <brobostigon> :) :(
[06:51] <knightwise> its ok .got an ssh tunnel to my machine at home to keep me busy when its boring
[06:51] <knightwise> currently writing some simple backup scripts.
[06:51] <brobostigon> :)
[06:52] <knightwise> rsyncing my itunes library and making a monthly zip file and stuff
[06:52] <MooDoo> hello all
[06:52] <knightwise> hey MooDoo
[06:52] <MooDoo> :)
[06:52] <brobostigon> morning MooDoo
[06:52] <knightwise> btw : whats the best compresiion , zip or tar ?
[07:07] <TheOpenSourcerer> knightwise: technically tar isn't compressed.
[07:07] <TheOpenSourcerer> tar is gzip'd or bz2zipped subsequently to being tar'd
[07:08] <TheOpenSourcerer> bz2 give higher compressions ratios that zip IIRC
[07:08] <TheOpenSourcerer> Morning all BTW
[07:08] <TheOpenSourcerer> Sun in Farnham again today :-)
[07:10] <brobostigon> rain here, :(
[07:10] <diplo> Morning all
[07:11] <brobostigon> morning TheOpenSourcerer and diplo
[07:11] <diplo> Lets get some chatting going here so I don't have to see the messsages from earlier :)
[07:19] <knightwise> TheOpenSourcerer: so I would be better of b2z 'ing the entire directory
[07:20] <diplo> Takes a fair bit longer, also dependant on what compression you set- default is 5? maybe i think and can go up to 9
[07:20] <diplo> But yes bzip gives better compression but using more cpu etc
[07:21] <TheOpenSourcerer> you can tar with a -j to bzip2 the tar as you go, e.g. # tar jcf mytarball.tgz mydir/
[07:21] <TheOpenSourcerer> I generally just use gzip tar zcf
[07:22] <diplo> Moi aussi :)
[07:22] <dwatkins_> tar -cvzf
[07:29] <knightwise> what does the f do ?
[07:31] <diplo> Filename for the archive you're creating I believe
[07:35] <dwatkins> yeah
[07:35] <dwatkins> it also serves to remind me where the filename goes (immediately after the options)
[07:35] <knightwise> ah ok
[07:35] <dwatkins> as opposed to the spec of files to include in the archive
[07:36] <knightwise> trying it out now on my entire itunes library
[07:36] <dwatkins> I suspect the minus sign and possibly the 'f' are unnecessary, but I've been using tar so long, I forget where I started with those options, probably an RS6000 in 1994 ;)
[07:36] <TheOpenSourcerer> "f" must be the last switch before the filename. tar fcz mtfile.tgz mydir/ won't work.
[07:36] <TheOpenSourcerer> The - is not required, but is a throwback to long, long ago...
[07:37] <TheOpenSourcerer> You can use it or not as you wish
[07:37] <dwatkins> I always find it strange that commands are so inconsistent with each other, some needing the minus, some not, etc.
[07:37] <TheOpenSourcerer> man tar has lots of useful information
[07:37] <dwatkins> At least tar is adaptable, I suppose.
[07:37] <dwatkins> (as is ps)
[07:37] <TheOpenSourcerer> tar is one of the few left that do not require it from what I have noticed.
[07:38] <dwatkins> ah ok, my information is probably old then.
[07:38]  * TheOpenSourcerer waits to be informed...
[07:38] <dwatkins> I've waited a long time for that...
[07:39] <dwatkins> ...then I started reading the manual.
[07:48] <knightwise> I loved the XKCD about tar :)
[08:14] <dwatkins> heh yeah
[08:20] <JamesTait> Good morning all, happy UN Peacekeepers Day!
[08:37] <BigRedS_> Goooood Morning!
[08:39]  * diplo is playing with ldap this morning :)
[08:40] <diddledan> ldap's fun
[08:40] <diplo> Umm fun isn't a word I'd use so far :)
[08:40] <diddledan> :-p
[08:40] <diplo> pita, could make it a lot clearer, but it's starting to go in the noggin now
[08:40] <bigcalm> Good morning peeps :)
[08:41] <diplo> Wording in it could be clearer, writing my own notes for it as well
[08:42] <diddledan> I don't get with ldap how it manages to be entirely schemaless. with schemas
[08:43] <diddledan> and that the schemas are stored in the db according to a schema stored in the db that wasn't there when you started
[08:43] <diddledan> braingoo
[08:44] <SuperMatt> the day I have to configure my own ldap is that day I quit life
[08:44] <diddledan> lol
[09:19] <mungbean> wifey is out for 1hr max today. chances of citylink attempting to deliver in that 1hr window? high
[09:19] <diddledan> VERY high
[09:20] <mungbean> :'(
[09:20] <mungbean> though i hear the depot is v nearby
[09:28] <Laney> put a note on the door
[09:28] <Laney> usually works
[09:29] <mungbean> "leave with neighbour?"
[09:29] <Nafallo> "wifey gone shopping. please please please wait for her!"
[09:30] <Laney> leave in <x place>, yeah
[09:30] <BigRedS_> that's one thing I do like about Amazon's otherwise alarmingly insecure deliveries
[09:31] <popey> i got a DPD mail today giving me the exact 1 hour window it will be delivered in
[09:31] <popey> 16:16-17:16
[09:31] <mungbean> nice
[09:32] <mungbean> i know its out for delivery :-\
[09:33] <Laney> I decided to buy something right before I fell asleep last night
[09:33] <Laney> and now I can't remember what it was
[09:33] <popey> \o/
[09:33] <mungbean> bacon
[09:33] <popey> was it sheep?
[09:33] <Laney> oh yeah, homebrew stuff
[09:34] <mungbean> got put off the diea after my student days and a foul tasting conconction
[09:38] <diddledan> *like*
[09:38] <diddledan> foul tasting concoctions are great when you're a student
[09:40] <diddledan> I like student towns when you go out on the piss they come round near the end of trading with lashings of shots - usually either green or red and often in testtubes
[09:40] <diddledan> I have no idea what's in them, but they're awesome :-p
[09:40] <popey> ☻
[09:40] <Laney> I've made some quite drinkable stuff from kits
[09:41] <diddledan> lies!
[09:41] <Laney> want to step it up to choosing my own ingredients
[09:41] <Laney> I am jealous of kirkland's setup
[09:41] <diddledan> they're building a distilliary near where I grew up in freefolk/laverstoke - nr basingstoke
[09:42] <Laney> http://www.ubrewtu.com/
[09:43] <diddledan> http://www.basingstokegazette.co.uk/news/9554536.Gin_project_is_a_tonic/
[09:43] <Nafallo> Laney: No match for "UBREWTO.COM".
[09:44] <JamesTait> Nafallo, or ubrew.to
[09:52] <mungbean> best package for drawing diagrams in ubuntu?
[09:52] <mungbean> (or web based)
[09:52] <popey> http://www.asciidraw.com/
[09:52] <mungbean> that's my usual goto for wiki pages.
[09:53] <mungbean> this is more visio related
[09:53] <mungbean> i guess draw, dia or caligra
[09:55] <Nafallo> mungbean: dia
[09:55] <mungbean> doh, i chose calligra
[09:56] <Nafallo> gah
[09:56] <Myrtti> gah?
[09:56] <Nafallo> join/parts
[09:56] <diddledan> gah!
[09:56] <Nafallo> annoying
[09:56] <popey> \o/
[09:57] <Nafallo> cheers Myrtti :-)
[09:57] <Myrtti> be'er?
[09:57] <mungbean> still plagued by the debconf on <hostname> window flashing up multiple times during software install
[09:58] <diddledan> that's a strange banmask
[09:59] <diddledan> how does it know who's got broken connections to match the @*$##fix_your_connection?!
[09:59] <bigcalm> I've been listening to a string of The Infinite Monkey Cage podcasts. All caught up so thought I'd move onto the last uupc. My brain wasn't able to process Tony's voice in my headphones, I think it was expecting Brian Cox
[09:59] <bigcalm> diddledan: it's a message
[09:59] <diddledan> aah
[09:59] <Myrtti> er, no.
[09:59] <diddledan> so the mask is just *
[09:59] <Myrtti> it banforwards to a channel called ##fix_your_connection
[10:00] <bigcalm> Nice
[10:00] <Myrtti> and it knows it by the nickname, see the part before the !
[10:00] <Myrtti> andatche!*@*$##fix_your_connection
[10:06] <davmor2> Morning all
[10:06] <bigcalm> Morning davmor2
[10:15] <czajkowski> ello davmor2
[10:16] <SuperMatt> hulk smash!
[10:18] <bigcalm> Wish I could be in 2 places at once
[10:19] <bigcalm> Missing the LUG tonight because Hayley and I are out celebrating her birthday from yesterday
[10:19] <bigcalm> It's a shame that she doesn't see going to the LUG as a good form of celebration
[10:20] <popey> Clare went to out LUG meeting _once_
[10:20] <DJones> Tell her its a fountain pen converntion, then when you get there say they must have swapped the date with with LUG meeting
[10:20] <bigcalm> Hayley has been to the LUG xmas meal and is likely to attend the Pie Factory in 2 weeks. But no interest other than that
[10:20] <diddledan> that's sad :-(
[10:21] <diddledan> :'(
[10:21] <popey> understandable, lug meets are often boring to outsiders
[10:21] <popey> my kids go to them only because I drag them along and they can sit and play games while i do a talk
[10:21] <bigcalm> Yes and no. She says that it's my social thing
[10:21] <davmor2> bigcalm: you only want to go now that you saw my name go down on the life is too hectic to attend list ;)
[10:21] <popey> e.g. https://plus.google.com/109365858706205035322/posts/c12F6vLasK8
[10:22] <bigcalm> davmor2: just seen the post the ml. How can work be too busy for you when czajkowski does everything? :P
[10:22] <bigcalm> Minecraft \o/
[10:22] <mungbean> would a husband go to a jewellery party?
[10:22] <popey> indeed
[10:22] <bigcalm> popey: I'm guessing that your LUG doesn't meet in a pub?
[10:23] <bigcalm> (doesn't look very pubby)
[10:23] <diddledan> the linux community gets a reputation as being male because it's mainly male and therefore only male people join
[10:23] <popey> the one she went to was in a pub
[10:23] <popey> she was ~6 months pregnant with sophie, too
[10:23] <mungbean> was the beard count hgh?
[10:23] <popey> thats actually one of the first times I met Tony & Laura
[10:23] <czajkowski> I think it varies on the lug tbh and the people there on the day. I met my other half at the LUG meet up. But it's not one I go back to often either.
[10:24] <mungbean> i don't LUG because there are lots of linux users at work
[10:24] <mungbean> i would meet up at a scale model UG though
[10:24] <mungbean> since my friends haven't realised that this is the best hobby to do ....yet
[10:25] <bigcalm> Working from home means that I look forward to just seeing other people once a fortnight at the LUG :)
[10:25] <mungbean> nice
[10:26] <mungbean> drawing a diagram in calligra flow. its very visio ish but i can't change the colour of the lines :(
[10:26] <mungbean> and buggy
[10:26] <mungbean> got potential though
[10:43] <BigRedS> Just use paper, felt tips and a camera phone
[10:46] <mungbean> for sending to oracle?
[10:47] <BigRedS> Maybe crack out the crayons for them
[11:26] <czajkowski> Laney: popey one for ye http://imgur.com/r/funny/dRlvEOU
[11:28] <bigcalm> czajkowski: that's screwing with my mind!
[11:36] <JamesTait> czajkowski, that's the afternoon gone....
[11:37] <czajkowski> JamesTait: I know I have to avoid that site at all cost
[11:37] <czajkowski> s
[11:37] <JamesTait> :)
[11:39] <diddledan> that's ay maze zing!
[11:39] <diddledan> trippy, too
[12:21] <mungbean> whats this motorbike game thats in software center?
[12:21] <mungbean> anyone tried it?
[12:23]  * BigRedS installs it
[12:27] <popey> which game>?
[12:27] <popey> oh, its actually called motorbike ☻
[12:28] <popey> "payment authorized"
[12:28] <popey> uhm
[12:31] <BigRedS> yeah, I couldn't find a way to install the apparently-free bit of it
[12:32] <BigRedS> Hm, the software centre's pretty good
[12:33] <mungbean> costs £0.00
[12:33] <mungbean> you get 10 free levels
[12:34] <popey> heh, that is quite fun
[12:34] <BigRedS> yeah, I can see where it says that, but not where to click to make it install
[12:34] <Laney> without having looked at it, i just got reminded of elastomania
[12:34] <Laney> now that was a fun game
[12:34] <BigRedS> Though I've got distracted playing with the software centre
[12:34] <DJones> There are some apps that you have to go through the payment processing system and purchase at the £0.00 price, doesn't ask for a credit card or anything
[12:35] <popey> i just typed "motorbike" in USC then clicked "more info" then "buy"
[12:35] <BigRedS> Ahh, that might do it
[12:35] <BigRedS> yeah, the 'Buy' wants me to log in with an account I don't have, so I figured it was the payment bit. I expected a 'Download free bit' button somewhere
[12:35] <BigRedS> I'll try DJones' theory
[12:35] <BigRedS> Oh, it's just a launchpad account it wants
[12:35] <DJones> BigRedS: Isn't the login using a launchpad account?
[12:36] <BigRedS> yeah
[12:36] <BigRedS> something else in the software centre wanted a software centre account, I must've conflated the two
[12:36] <popey> it's an Ubuntu SSO account really
[12:37] <popey> not a launchpad account
[12:37] <BigRedS> Heh, the software centre is not responding...
[12:37] <popey> but if you've been around a while then it's technically your launchpad account which was migrated to an Ubuntu SSO account ☻
[14:03] <czajkowski> and there is a difference
[14:03] <czajkowski> if you have a SSO issue the folks in #canonical-isd can help you though
[14:04] <czajkowski> we get lots of confusion as  from an end user point of you can't tell the diference.
[14:34] <dogmatic69> anyone know how I could use terminal to extract the number in "refs/heads/feature/8494-saq-survey"? ...feature/[0-9]+-... would be a good pattern
[14:35] <dwatkins> dogmatic69: extracting the number from a string is easy, yeah
[14:35] <dogmatic69> dwatkins: you going to keep me in suspense? :/
[14:37] <dwatkins> make sure you escape the relevant slashes, but it should be fairly easy, depends on what exactly you're looking for
[14:38] <dwatkins> how are the digits shown in general, for example, and can other digits be present?
[14:41] <shauno> would a blunt sed 's/[^0-9]//g'  work?
[14:42] <dwatkins> shauno: that's why I'm asking, does dogmatic69 mean "remove" or "display only" the numbers
[14:43] <dwatkins> and if there are other numbers present, what should happen with them, nice way to negate the search, though :)
[14:43] <shauno> yeah, I'm skipping a few assumptions :)  'blunt' is my usual methodology.  start with something violently simple, and tune it for why it doesn't work
[14:44] <dogmatic69> dwatkins: get just the numbers in a var
[14:45] <dwatkins> shauno / dogmatic69 - indeed, that may well work, but what if other parts have numbers?
[14:45] <dogmatic69> shauno: that sed does the trick
[14:45] <dogmatic69> dwatkins: doubt it
[14:46] <dwatkins> fair enough, just saying as I've been caught out by sed in this manner before
[14:46] <dogmatic69> its a git branch feature/<ticket_id>-description
[14:46] <dwatkins> it gets as much as it can
[14:46] <dwatkins> and if someone calls a feature "mything123"? ;)
[14:48] <BigRedS> Personally, I'd write a script for it
[14:48] <BigRedS> in something more capable than bash
[14:48] <dwatkins> perl is probably best for this, yeahy
[14:48] <dwatkins> *yeah
[14:49] <BigRedS> yeah, "something more capable than bash" is my current euphemism for "Perl"
[14:49]  * dwatkins grins
[14:50] <shauno> ooh, I didn't know that .. you can use | as a delimiter in sed instead of /
[14:50] <dwatkins> or a hash
[14:50] <dwatkins> I think you can use all sorts of punctuation as delimiters
[14:50] <dogmatic69> if its anything like php you can use whatever you like as a delimiter
[14:50]  * bigcalm does everything in PHP and cares not for sanity
[14:51] <dwatkins> BigRedS: you don't care about your sanity?
[14:51] <bigcalm> Bwuahaha
[14:51] <BigRedS> *I* do. But I don't use PHP
[14:51] <BigRedS> :)
[14:51] <bigcalm> Tab strikes again
[14:51] <dwatkins> hehe
[14:51] <dwatkins> oops, sorry
[14:51]  * diplo has moved from perl to python recently for my scripts
[14:51] <BigRedS> actually, I do use PHP occasionally. But it does drive me bonkers
[14:51] <shauno> how did I live this long without knowing that :/  makes replacing paths a whole lot tidier, because then you don't need \/path\/to\/foo
[14:51] <dwatkins> I clearly havn't used PHP enough to see how insane it is.
[14:52] <dwatkins> shauno: I know the feeling
[14:52] <diplo> much prefering it, only downside I have is that certain features I code for in 6 don't work in centos4/5 :(
[14:52] <BigRedS> haha, yeah, I use hashes by default now. Though (in perl) you do need the m beforehand  -  if ($var m#/some/path/#)  rather than  if ($var #/some/path/#)
[14:53] <BigRedS> dwatkins: my main issue is with all the preg_* functions not being as easy as doing the same thing in Perl
[14:53] <dwatkins> I suspect I should be glad I don't know about this, BigRedS ;)
[14:54] <shauno> my solution to this is simply to not understand how things are supposed to work in perl.  that way I'm not injured when they don't
[14:54] <BigRedS> shauno: yeah, that's why I intend never to go to Ireland and have a Guinness
[14:54] <BigRedS> I'm quite enjoying my ignorance of how much better it is over there
[14:55] <shauno> oh now here's a dirty secret.  I can't tell the difference
[14:55] <BigRedS> haha, I suspect I'd not be able to. But it's not a risk I'm willing to take
[14:56] <shauno> most of it seems to be in guinness having QA chaps in wee vans doing inspections here, so you suffer the wrath of Guinness if your lines aren't clean enough
[14:57] <shauno> ie, good housekeeping, rather than any magical quality inherent to the liquid itself
[14:58] <BigRedS> That sounds like a cushy job
[14:58] <BigRedS> Ah, actually, I guess they don't just spend the day driving from quaint pub to quaint pub tasting a pint at each one
[14:59] <shauno> seriously, these guys are a very common sight here .. http://farm1.staticflickr.com/25/193675508_7511627bb6_z.jpg?zz=1
[14:59] <diddledan> omg, the channel started moving while I wasn't watching
[15:00] <diddledan> how dare you exist outside of my consciousness!
[15:00] <shauno> seems to me they're more likely contributors than the traditional myth/legend
[15:01] <BigRedS> yeah. I do like the notion that it "doesn't travel well" yet seems to make it to anywhere in Ireland fine, but not just across the water to Liverpool
[15:01] <shauno> and last bit before I drop the topic and go back to housework .. if you ever want to fluster an irishman, remind them that guinness (Diego) are a british company ;)
[15:01] <mungbean> diageo
[15:01] <shauno> that's the one
[15:02] <mungbean> boddingtons tasted lovely in manchester. beer snobs in the south don't believe me
[15:02] <mungbean> they will only drink something if its called wagglebadgerfoot
[15:02] <diddledan> I love that one
[15:02] <diddledan> it's very tasty
[15:03] <mungbean> you grow a beard while you drink it
[15:03] <diddledan> I've already got a beard
[15:03] <mungbean> did you drink some?
[15:04] <diddledan> yeah, I really like wagglebadgerfoot, it's awesome
[15:04] <shauno> reminds me of something I came across in slovakia.  beer snobs who have only ever drank pilsners.  shocking
[15:04] <diddledan> wtf?
[15:04] <diddledan> how can you be snobbish over pilsners
[15:04] <diddledan> ?
[15:04] <BigRedS> I've a friend who is
[15:04] <BigRedS> well, he's snobbish about *all* beers
[15:04] <mungbean> german?
[15:05] <BigRedS> including pilsners
[15:05] <BigRedS> nah
[15:06] <mungbean> people get snoobish about everything: coffee, beer, wine, distros
[15:06] <mungbean> irc clients..
[15:06] <popey> irssi!
[15:06] <popey>  /ban *
[15:06] <diddledan> >.<
[15:06] <mungbean> bikes
[15:06] <diddledan> I'm using smuxi atm
[15:06] <mungbean> oh you can't possibly ride THAT bike
[15:07] <BigRedS> I'm an awful bicycle snob :(
[15:07] <diddledan> bike == dyke?
[15:07] <BigRedS> And, er, completely the opposite with motorbikes. I appear to have no standards there
[15:07] <diddledan> lol
[15:07] <shauno> I guess if you're used to bicycles, all motorcycles are default jealousy ;)
[15:07] <mungbean> i like all bikes except for bromptons
[15:08] <BigRedS> Even Dahons? And the cheapo imitations?
[15:09] <mungbean> anything that looks like an adult stole a childs bike
[15:09]  * popey hugs his brompton
[15:09] <mungbean> says the guy who is waiting for his kick scooter to arrive
[15:09] <popey> which he no longer has
[15:09] <BigRedS> Ah, that's BMXes you're think of
[15:09] <mungbean> nah bmxes don't pretend to be anything else
[15:10] <BigRedS> They're kids bikes
[15:10] <BigRedS> adult bikes look the same but aren't built for a child
[15:10] <mungbean> there's a bromptonites bunch at work
[15:10] <BigRedS> at least bromptons have diddy wheels for a sane reason
[15:10] <mungbean> and proprietary everything
[15:10] <BigRedS> the left pedal is pretty standard
[15:10] <diplo> OK, to butt in with a linux based question :)
[15:10] <mungbean> bromptonites at work hang around together to validate their poor choice of bike
[15:10] <popey> yeah, had to have my bedal replaced
[15:11] <diplo> We have maybe 80+ customers
[15:11] <popey> wow
[15:11] <mungbean> you selling bikes diplo ?
[15:11] <popey> thats harsh mungbean
[15:11] <diplo> And we connect to them very insecurely at the moment
[15:11] <diddledan> bah.. loonikes sucks</troll>
[15:11] <mungbean> i'm being tongue in cheek, you just can't see me doing it
[15:11] <popey> riight
[15:12] <diplo> What I'd like to know is, how do others connect to multiple linux boxes with multiple users and manage keys
[15:12] <Laney> i'd use a brompton if i had to commute
[15:12] <popey> diplo: a gateway box
[15:12] <diplo> We have maybe 17 devs that can connect to multiple sites, some use there own machines so could have ssh keys on there
[15:12] <Laney> by public transport
[15:12] <BigRedS> if each customer has several machines, have a bastion host at each site, ssh to that and then on
[15:12] <mungbean> i jape about it to their face, just a bit of banter really
[15:12] <BigRedS> use puppet/chev/scp+cron to distribute the keys
[15:13] <diplo> Mainly a single machine
[15:13] <diplo> I have debated that BigRedS, I'm not the sysadmin, but the guys that are aren't that great :)
[15:13] <diplo> We're a very small company and trying to get them to use best practise etc is proving slow/difficult
[15:14] <diplo> One of my thoughts was to have a single user on a machine that has ssh keys for the customers
[15:14] <diplo> each of devs ssh's to that user and we could then just revoke the key from that authorized_keys
[15:15] <BigRedS> it depends how much you want to split these things up. We all log on as root with passwords to the huge majority of our machines. Internally it's logged who requested the password and when, and we're expected to log what we do. This is only permitted from one host, though, which everyone key-auths onto
[15:15] <BigRedS> it's not so great for auditing, but nor is `sudo su`, and it's a good deal less fragile than it might eb
[15:15] <diplo> yeah pretty much what I was thinking BigRedS, hadn't debated the logging though but also an idea
[15:16] <diddledan> can you store authorized keys in ldap?
[15:16] <diplo> heh, even if you can I gave up on ldap for today.. :D
[15:16] <diddledan> lol
[15:16] <diddledan> I'm going to have to google that now
[15:16] <BigRedS> yeah, knowing that your log-in has been documented is a pretty good incentive to go on to document what you did. Else the next problem is immediately blamed on you when it's checked who was last to fiddle :)
[15:16] <shauno> diddledan: I think that's enough wagglebadgerfoot for you :p
[15:17] <diddledan> >.<
[15:18] <shauno> you can use a different key for each customer though, which gets surprisingly sane once you start using IdentityFile ~/.keys/customer.pem in ~/.shh/config
[15:18] <diplo> One of my biggest issues is this company doesn't document *anything* !!!!
[15:18] <diplo> yeah I do that on my own machine, until I joined everyone was still using telnet :/
[15:18] <BigRedS> haha
[15:18] <diplo> These guys have been doing the same thing for 20 years and it's a pain to get anything to change
[15:19] <diplo> most are old and against it
[15:20] <BigRedS> well, using SSH and passwords isn't *bad*
[15:21] <diplo> We implemented svn just before I joined, apparently there was uproar.. so one of the guys wrapped the commands in bash so it looked like the old way they did things
[15:21] <BigRedS> it's still way better than telnet, for example. And with fail2ban or denyhosts you can make a brute-force attack pointless
[15:21] <diplo> We don't use ssh very much though :/ mainly on new sites where I've been involved.
[15:21] <diplo> I was going to break into a customers site from home to show them how easy it would be..
[15:22] <shauno> I wonder how transparent you could make it with ssh's ProxyCommand directive.  have ssh from the developers box go via a middle-man on your site, have the remote sites only accept connections from the middle-man, and then you've got a central point you can revoke access at, without changing their workflow
[15:22] <diplo> shauno: thats exactly what I was going to try and acheive
[15:23] <diplo> Wasn't sure if it was good practice though
[15:24] <BigRedS> shauno: might be smoothest to configure a VPN, and just mandate that they all connect with that first.
[15:24] <shauno> I think it kinda depends.  if the remote machines only need to accept connections from you, then firewalling ssh down to a single point of entry seems very sane
[15:24] <BigRedS> yeah, I meant have them VPN to your single host, and then ssh from that to the other hosts
[15:24] <BigRedS> rather than proxying SSH
[15:25] <shauno> if they need to accept connections from some vague definition of 'everywhere', you don't save yourself anything because the developers can still connect directly
[15:25] <BigRedS> just that ProxyCommand seems a less-well-tested system than both a VPN and SSH
[15:25] <shauno> ssh can be its own ProxyCommand, which reduces complexity a lot
[15:26] <ali1234> "how do others connect to multiple linux boxes with multiple users and manage keys" - i don't understand the question
[15:26] <ali1234> i just put my public key on the server and then forget about it
[15:28] <diplo> yeah, so I have 80 sites, some with more than 1 machine all with a users ssh pub key on it
[15:28] <shauno> something like "Host Remote, ProxyCommand ssh bastion -W %h:%p", and then 'ssh Remote' will ssh to 'bastion' and from bastion to Remote
[15:28] <diplo> If a member of staff left and the key was from a personal pc he'd still have access to all those customer servers
[15:29] <ali1234> diplo so your question is simply "how to revoke keys"
[15:29] <diplo> Or what is the best set up in that situation, it would be a pain to revoke that many keys and to check them
[15:30] <ali1234> "that many keys" - no, one key
[15:30] <diplo> Which is why I was asking about a single server connection, and we locally ssh to that server via a key, so only one server to revoke from
[15:30] <ali1234> sounds like a plan
[15:31] <ali1234> of course if someone wanted to be malicious they could just install their own keys on the other servers
[15:31] <ali1234> and then avoid the central server
[15:31] <diplo> yeah that is very true.. :)
[15:31] <ali1234> if you try to firewall it then they can set up a reverse tunnel
[15:32] <diplo> not sure they would, but it's just when I set it up I don't want to do it more than once :D
[15:32] <BigRedS> ali1234: only if they could get in to set it up
[15:32] <ali1234> i would probably go for some kind of system where there is a central authorization server
[15:33] <BigRedS> if you have a single server which is the only place SSH to the other servers is permitted from and you deny someone access to that, then they cannot ssh to the other servers
[15:33] <ali1234> BigRedS: if you don't want them to get in then this is not a problem. simply don't issue them any keys or logins at all
[15:33] <BigRedS> no, when you wish to revoke their access
[15:33] <BigRedS> you revoke their access to the bastion (by removing their key, user, whatever) adn then they cannot get to that machine to then get on to the others
[15:34] <diplo> yeah I think accept ssh logins from local network and from one server externally if that's possible
[15:34] <diplo> Right, I'm going to test this out over the next few days with a few customers
[15:34] <BigRedS> then you're asuming they can't get in to the local network
[15:34] <BigRedS> you'd need to have control over teh outermost firewall, really
[15:34] <diplo> Cheers for input guys
[15:34] <BigRedS> (where 'they' is recently-sacked staff)
[15:34] <diplo> We are in control of most of our customers setups
[15:35] <ali1234> BigRedS: i would install a reverse tunnel on the server along with my public key. i can then log in to it even if you revoke my bastion access
[15:35] <popey> that can be prevented in ssh config though can't it?
[15:35] <popey> (setting up tunnels)
[15:35] <popey> or indeed in the firewall
[15:35] <ali1234> who said i would use ssh?
[15:35] <diplo> heh
[15:36] <shauno> do the developers have/need sudo/root on the remote machines?
[15:36] <diplo> yeah occasionally
[15:36] <BigRedS> ali1234: ah, but can be blocked by the firewall
[15:36] <ali1234> you will have to lock down my user account so i can't install any software at all and can't initiate IP connections
[15:36] <diplo> But 90% of the time not
[15:36] <ali1234> or you will have to cnfigure the firewall to prevent any outgoing or incoming connections at all
[15:36] <shauno> was just wondering if making authorized_keys root:root 644 would work.
[15:37] <popey> no, ssh will fail
[15:37] <ali1234> if you do the first thing you might as well not give me access at all
[15:37] <shauno> ssh will fail if your private key is readable, not your public key
[15:38] <ali1234> effectively keeping out rogue admins is pretty hard since they need to be able to do all the things required to install back doors
[15:40] <diplo> The only one person they worried about has gone now, only one they'd need to worry about now is me :)
[15:41] <ali1234> what about is you use this bastion thing combined with an admin-only VPN
[15:42] <ali1234> and some really restrictive firewall rules on that VPN
[15:42] <diplo> I think that's where we need to be yeah
[15:43] <shauno> that depends on what the remote site needs though.  if they'll still allow connections from anywhere, your vpn isn't required
[15:43] <diplo> Some sites have the worst routers, the current support guys leave ports wide open to the net
[15:43] <ali1234> it's all rather pointless if there is only you using it though
[15:43] <diplo> It's just an overhaul we need, going to document and pass on I think
[18:16] <diplo> Anyone else seen this issue http://askubuntu.com/questions/296801/aboutblank-opens-in-chromium-when-i-type-into-the-dash ?
[18:16] <diplo> Quick search on launchpad I've not found anything yet
[18:16] <MartijnVdS> no, but I don't use the dash
[18:16] <diplo> Does it on boot, google trying to auth pops open chormium
[18:17] <diplo> after logging in, but also does it as per that as well
[18:17] <MartijnVdS> I do get an auth popup on login
[18:17] <MartijnVdS> that I don't type my password into because it doesn't identify itself properly (I don't know what I'm authenticating for)
[18:17] <diplo> I've already closed 3 about:blanks, another 3 open and a facebook auth one as well
[18:17] <diplo> yeah, can't say I like the way that works atm
[19:29] <Laney> just dropped a box of 12 eggs
[19:30] <Laney> surprisingly messy
[19:30] <brobostigon> oh dear.
[19:30] <brobostigon> sunny day, scrambled eggs. :)
[19:30] <Laney> luckily it was on a concrete floor in the garage
[19:30] <brobostigon> easy cleanup.
[19:31] <Laney> well they're pretty hard to wipe up
[19:31] <Laney> got up what i could and then dumped a watering can over the rest ...
[19:31] <brobostigon> ah.
[19:49] <AlanBell> evening
[19:49] <brobostigon> evening AlanBell
[20:06] <popey> evening AlanBell
[20:07] <iPenguin> Hello
[20:07] <popey> lo
[20:08] <iPenguin> Is it possible to install ubuntu with using a usb or a disc?
[20:08] <DJones> !usb | iPenguin
[20:08] <lubotu3`> iPenguin: For information about installing Ubuntu from USB flash drives, see https://help.ubuntu.com/community/Installation/FromUSBStick - For a persistent live USB install, see: https://wiki.ubuntu.com/LiveUsbPendrivePersistent
[20:09] <DJones> For a disk, you'd need a dvd to copy the iso to, but yes you can install froma live dvd
[20:11] <iPenguin> This does not help.
[20:12] <czajkowski> iPenguin: in what way doesnt it help?
[20:12] <iPenguin> I found it now.
[20:13] <iPenguin> http://www.ubuntu.com/download/desktop/install-ubuntu-with-windows
[20:15] <iPenguin> If i install ubuntu after i used the windows installer would xp be swiped off the system?
[20:17] <DJones> iPenguin: If you mean using the wubi installer, then no, that creates a fake file system within windows to run Ubuntu from, but its not intended for long term use, its more for people just wanting to try Ubuntu before installing it properly
[20:17] <AlanBell> iPenguin: no, it should shrink xp and let you install alongside it (if you have enough space, and enough partitions)
[20:17] <iPenguin> What happens if i install it properly from the windows boot?
[20:19] <AlanBell> so, do you know how your disk is partitioned at the moment?
[20:19] <AlanBell> is there a recovery partition etc?
[20:19] <AlanBell> there can be problems if it has been set up with 4 primary partitions (because that is the limit)
[20:20] <AlanBell> if there are fewer then you are OK as it can create secondary partitions (it needs 1 primary partition to put all the secondary partitions in)
[20:21] <AlanBell> so unless your manufacturer has been obnoxious and used 4 primary paritions you will be fine, it will be able to shrink the windows stuff and create linux partitions alongside, then on bootup you will get a menu that lets you choose which operating system to start
[20:38] <diddledan> evening
[20:39] <diddledan> popey: I've google+'d you some photos of my macbook
[20:47] <popey> ooh
[20:47] <popey> you sure?
[20:48] <diddledan> I think so?
[20:48] <popey> i see no notifications or owt
[20:50] <diddledan> oddness
[20:51] <popey> very
[20:51] <popey> i see them now
[20:51] <mungbean> the eagle has landed \o/
[20:52] <mungbean> watching it)
[21:16] <redtap|away> daftykins: You about ?, ping .
[21:19] <redtape|renegade> AlanBell: I thought you were in Wales this week ?
[21:25] <redtape|renegade> OT | What is a Mozspace, and why should I care ? .. https://wiki.mozilla.org/IRC#Commonly_Used_Mozilla_IRC_Channels
[21:25] <redtape|renegade> Apparently there's one in london  ( ? )  http://thenextweb.com/uk/2012/03/23/a-look-inside-mozillas-new-london-co-working-space/
[21:31] <diddledan> cool. now to make one happen in basingstoke :-p
[21:32] <redtape|renegade> diddledan: I guess it's a hackspace with an identity.
[21:32] <diddledan> looks friendly and welcoming
[21:32] <redtape|renegade> mm.. orange is a nice colour, i guess.
[21:34] <redtape|renegade> Why do they always have to be in the center of a city .. why not on the way to the airport etc ?
[21:35] <redtape|renegade> diddledan: I went to a FOSDEM talk with a key mozilla dude, and it all seemed very corporate to me, not a hacking community, per se.
[21:36] <diddledan> hmm
[21:36] <redtape|renegade> I know they are open, but I think it's not *that* 'open'.
[21:37] <redtape|renegade> most people are switching to chrome anyhow .
[21:37] <redtape|renegade> What do you use ?
[21:38] <diddledan> I'm a chromatic
[21:38] <shauno> I think firefox needs to go on a diet :/
[21:38] <redtape|renegade> I use firefox because it's just easier to download youtube videos etc .. but i use chrome when i need to get a good upload going ..
[21:40] <redtape|renegade> If only someone would actually make the 'thumbs-up-facebook-button' blocker extension, people would really have a reason to use it.   .. the hardcore users, that is
[21:41] <redtape|renegade> I'm just stuck with ABP and no script for now .. sigh.
[21:44] <redtape|renegade> shauno: Anything good on then  box, over there ? I hear there was a RTE documentary on nurseries that got ppl talking.
[21:44] <shauno> I don't watch a whole lot of TV, really
[21:44] <redtape|renegade> oh yes, i forgot ..
[21:44] <shauno> especially RTE.  I tend to avoid those, just because they make me irate about my €160 licence
[21:45] <redtape|renegade> fair enough.
[21:47] <redtape|renegade> shauno: I have to say, Galway has been quiet, or at least I haven't heard much from there, recently, .. much going on ?
[21:47] <shauno> dunno, I live on the internet :)
[21:48] <shauno> no volvo race this year, which has been the big noise the last few summers
[21:48] <redtape|renegade> iron man ?
[21:49] <shauno> I think that's later in the year.  I stumbled upon a couple of years ago, and would have been early august
[21:50]  * redtape|renegade is looking for a travel partner, but does know where to look .. :(
[21:50] <redtape|renegade> **doesn't know where to look..
[21:53] <shauno> I gotta say it bothers me that firefox was meant to be the 'reboot' because mozilla had turned into a meandering behomoth.  and is now considerably larger than mozilla ever was
[21:54] <redtape|renegade> OT | Anyone felt the quake today ? http://www.breakingnews.ie/ireland/experts-say-quake-aftershocks-likely-in-coming-days-595954.html
[21:57] <redtape|renegade> Funnily enough, I was awake at the time, but felt sod all ; due to not giving a ..
[21:59] <redtape|renegade> probably because I was playing Quake III at the time >_<
[21:59] <shauno> I can't say the earth's moved for me recently either
[22:00] <diddledan> I felt the earth move.. I had beans last night
[22:00] <redtape|renegade> they always seem to happen in the morning too .. strange that.
[22:01]  * redtape|renegade is still looking out for daftykins .. somewhere on the loose.
[22:04] <redtape|renegade> OOh got a good website ( like finding an old friend :) ) Some good links there ... http://techrights.org/2013/05/29/fedora-19-previews/
[22:06] <shauno> I mostly travel to visit friends now.  it's a bit more boring in some regards, but a lot more interesting in others
[22:10] <shauno> the biggest downside is that I have itchy feet, and keep looking at jobs in bizarre countries
[22:10] <redtape|renegade> shauno: Whereas, I travel 'cos I want to see something different that you can't really get a proper feel for on the internet .. like Cornwall.
[22:12] <shauno> that's where visiting people really works out.  you get to see a lot more with a local, instead of just driving around in circles until you end up drinking scrumpy jack on a tiny beach that'll kill you if you don't get off it at the right time
[22:12] <redtape|renegade> yeah, been there before ..
[22:13] <redtape|renegade> I suppose I should try to find my couchsurfing P/word again ..
[22:14] <redtape|renegade> I just don't like putting that type of pressure on people, for me to stay with them :/
[22:14] <shauno> I'm really curious about moving east, but I can't get my head around the difference in pay rates
[22:14] <redtape|renegade> east .. like Dulwich east or wat ?
[22:14] <shauno> lol
[22:15] <shauno> a little further than that
[22:15] <shauno> stredná európa type east
[22:16] <diddledan> you will go playing doctors with foreigners!
[22:16] <diddledan> it's your own fault
[22:16] <redtape|renegade> Oh, central europe .. https://sk.wikipedia.org/wiki/Stredn%C3%A1_Eur%C3%B3pa
[22:17] <redtape|renegade> whoops
[22:17] <shauno> that's the one :)
[22:17] <shauno> crazy language, but I'm trying.  I just look like an idiot whenever I actually try to use it
[22:18] <shauno> it's amazing how quickly conversations diverge from beginners vocab.  it's never anything like it is in the books
[22:19] <shauno> chap on the plane asked me how long the flight was.  told him three hours.  so he said something to the effect of "oh, we arrive at 2pm".  told him no, 1pm.  whereupon I realised I can barely explain timezones in english, let alone slovak
[22:19] <diddledan> lol
[22:20] <redtape|renegade> My pizza guy is from Bulgaria .. he says you can buy a house for £5K (in Bulgaria) .. but after a week the Gypsie's sense a disturbance of a newcomer in the force, wait till you pop out for the milk ; then pinch your furniture .. lol
[22:20] <diddledan> o_O
[22:20] <redtape|renegade> lets see if he's right, then ..
[22:21] <shauno> it's not quite that low in slovakia, but still .. it's very odd trying to consider job postings for roughly a third of what I'm making here
[22:21] <shauno> it'd almost help if they weren't on the euro, so my head would quit trying to draw direct comparisons
[22:23] <redtape|renegade> mm Bulgarian Property : Cheap, but is it legit /  [ http://bit.ly/Zu8Ngw ]
[22:24] <shauno> bulgaria seems a bit too remote to actually relocate to.  perhaps for a vacation property, but not somewhere to live & work
[22:26] <shauno> I've more been looking for cities that have a decent number of multinationals looking for a cheap workforce.  more likely to find tech work that is happy to take english-speaking that way
[22:28] <shauno> eg, bratislava has places like dell, ibm, at&t, novell, amazon, even msft .. where even the locals are expected to speak english at work
[22:29] <shauno> I'm all in favour of learning the language, but I'd rather not have to depend on it for work.  that's a pretty unachievable timeframe
[22:30] <redtape|renegade> shauno: All I recall from Slovakia is there's too many swinger parties :)
[22:31] <shauno> "too many"?  ;)
[22:31] <shauno> they've struck me as pretty conservative so far
[22:32] <shauno> and very family-centric.  even in the cities, most seem to keep strong connections with family in towns & villages, and still take the trek out for family pig-kilings
[22:34] <shauno> (it's "a thing".  they have a few "things" I don't quite understand yet.  like whipping their women to celebrate easter)
[22:35] <redtape|renegade> oh dear, it's all gone a bit /Borrat/
[22:35] <shauno> well, I doubt many countries understand gloucestershire cheese-rolling either.  we all have "things" that look bizarre
[22:36] <diddledan> my thing definitely looks bizarre
[22:36] <diddledan> wait, what?
[22:36] <diddledan> tmi?
[22:37] <shauno> or morris dancers
[22:40]  * redtape|renegade still still doesn't ' get ' Chris Evans ^_^
[22:40] <shauno> being british is hugely entertaining, but it doesn't make us the best judges of what's actually "normal".  we have men in plaid skirts who laugh at the germans for wearing leather pants
[22:40] <redtape|renegade> yeah.
[22:41] <shauno> the scottish national dress is worryingly similar to irish catholic school uniforms
[22:42] <redtape|renegade> shauno: On a lighter note .. I've been listening to 2XM for 3 months solid now on VLC / streaming .. and It's a great RTE station, for me. :::: http://icecast1.rte.ie/2xm
[22:42] <shauno> besides.  pigs taste good.  true story.
[22:43] <diddledan> pigs' fat tastes amazing when cooked right
[22:44] <redtape|renegade> must be the doughnutz .. lol.
[22:47] <redtape|renegade> http://www.youtube.com/watch?v=ZA_Tl1kvlQU : tonites' topic..
[22:51] <shauno> this was the one that made me o_O  http://www.youtube.com/watch?v=G5_dPOj86FA   but little things like having carp for christmas dinner still strike me as odd too (and that you're meant to bring it home alive and keep it in the bathtub)
[22:54] <redtape|renegade> i like the way they celebrate it with a photo .. very telling.
[22:55] <redtape|renegade> wow.. i just realized to the right/options .. there's a lot of them, like that .. :)
[22:56] <shauno> indeed
[23:02] <shauno> anyway, enough babbling from me.  suffice to say I find it fascinating.
[23:12]  * redtape|renegade opens a beer .. to end the day :D
[23:28] <redtape|renegade> shauno: Are there any IRC channels that people of Ireland use , other than #ubuntu-ie ?
[23:32] <shauno> no idea, to be honest
[23:33] <shauno> I know the local hackerspace have #091labs, but I haven't been in there, so I couldn't tell if how trafficked it is
[23:33] <shauno> but for the most part, freenode tends to be by subject, rather than geography
[23:36] <redtape|renegade> i clicked the #0911labs channel .. only two people on it !
[23:38] <redtape|renegade> and no 'topic' to talk of ! even worse.
[23:40] <shauno> no idea if they actually use it, besides the obvious (1am)