| === Ursinhal is now known as Ursinha | ||
| === Ursinha-afk is now known as Ursinha | ||
| === Ursinha is now known as Ursinha-afk | ||
| === Ursinha-afk is now known as Ursinha | ||
| === Ursinha is now known as Ursinha-afk | ||
| === Ursinha-afk is now known as Ursinha | ||
| === thumper is now known as thumper--afk | ||
| Shadowandlight | im very new at using linux / cmd line... but i am trying to get this app running on ubuntu server... i had it running and now its not working after i restarted the server... [29/Jul/2013 04:53:30] "GET /static/bootstrap/css/slate.css HTTP/1.1" 500 59 | 04:54 |
|---|---|---|
| Shadowandlight | apache shows running, but there is no style sheet coming up for the web app | 04:55 |
| babinlonston | I want to monitor the Whole Posgresql in nagios how can i do it | 05:08 |
| === smb` is now known as smb | ||
| hack13 | I have a pretty fresh install of ubuntu 12.04 LTS 64bit running on a new dedicated server. I installed webmin as I have done hundreds of times before, however this time I seem to have it stuck. It is showing it working, firewall dissabled, but I have no idea what log to look at to see what is wrong. | 09:04 |
| antihero | how do I get raw keys from keyserver.ubuntu.org? | 09:14 |
| antihero | http://keyserver.ubuntu.com/pks/lookup?op=get&search=0xCBCB082A1BB943DB that without the HTML | 09:14 |
| andol | antihero: By speaking hkp? | 09:27 |
| andol | antihero: Unless you want to use the regular gpg binary for that I'm sure there are plenty of libraries which should be able to do that key fetching for you. | 09:28 |
| === jdstrand_ is now known as jdstrand | ||
| bigbrovar | let me take a screenshot | 11:19 |
| bigbrovar | http://imgur.com/7Raxc1z | 11:22 |
| bigbrovar | thats the screenshot | 11:22 |
| bigbrovar | under the record information it is listed as a book | 11:22 |
| bigbrovar | but the holding information is blank | 11:23 |
| mgz | anyone know any issues with the current saucy-daily cloud images? | 11:34 |
| mgz | I'm not getting my machine out of BUILD currently | 11:34 |
| === dduffey_afk is now known as dduffey | ||
| GH0 | Hello, I was wondering is SELinux policies enabled by default, or is AppArmor a replacement of that? | 14:41 |
| iclebyte | has anyone ever managed to get ncftp to work through an FTP proxy? | 14:41 |
| GH0 | I have been having some issues with a web app (which I think is just the fault of the dev), but he wants me to disable SELinux, which I don't think is enabled in the first place. | 14:42 |
| Madkiss | folks, I am seeing a problem here with Ubuntu Server. I have a DRBD resource that delivers me about 1.3gb/s of performance. and then, I run an iSCSI target on top of that, and the iSCSI target gets me about 45mb/s. I wonder what's wrong? | 14:49 |
| patdk-wk | Madkiss, likely? nothing | 14:49 |
| Madkiss | hu? | 14:49 |
| patdk-wk | why would that be wrong? | 14:50 |
| Madkiss | well. there is a little performance drop between DRBD and the iSCSI stack laying right on top of DRBD, don't you think so? | 14:50 |
| patdk-wk | I dunno, you didn't finish describing the test you did | 14:50 |
| patdk-wk | was this done over gigabit network? | 14:51 |
| Madkiss | no. This is 10GE throughly. And ... did my message get cut off? | 14:51 |
| patdk-wk | was the iscsi lun setup for sync or async? | 14:51 |
| Madkiss | it's the lio default | 14:51 |
| Madkiss | patdk-wk: I'm testing with DD, btw. | 14:54 |
| jdstrand | GH0: selinux is not enabled by default in Ubuntu | 15:48 |
| jdstrand | GH0: apparmor is used instead, but we don't confine apache by default | 15:49 |
| herent_laptop | Hi - I have a question about backing up a remote server before attempting an upgrade | 17:30 |
| herent_laptop | Right now I'm rsyncing down everything to my local machine | 17:30 |
| herent_laptop | But I'm not sure exactly how to restore that if my upgrade from 10.04 (think that's what it's at now) doesn't work right | 17:31 |
| herent_laptop | I've been trying to find tutorials online, but haven't seen much | 17:31 |
| herent_laptop | Any help would be appreciated | 17:31 |
| ikonia | why are you doing an rsync backup if you don't know how to use it to restore ? | 17:31 |
| herent_laptop | To have the files | 17:32 |
| ikonia | what good are they if you can't use them to restore ? | 17:32 |
| herent_laptop | I'm guessing that there is a way to use them, I'm just not completely sure how | 17:32 |
| sarnold | .. hence the question :) | 17:32 |
| ikonia | herent_laptop: is this a vps ? | 17:32 |
| herent_laptop | Yeah | 17:32 |
| ikonia | herent_laptop: right, the best way is to ask your vps provider to take a snap shot of the disk | 17:32 |
| herent_laptop | There's no real gui for it, though | 17:33 |
| ikonia | then in the event of failure the disk can be switched/restored from that snap shot | 17:33 |
| herent_laptop | I'll ask them, it's my old job that's hosting it | 17:33 |
| ikonia | you're not going to realistically rsync a whole machine over the internet, for a restore, more so when you potentically can't even boot the machine | 17:33 |
| herent_laptop | I asked the sysadmin a few months ago and he just said that it could be rsynced pretty much anywhere to restore | 17:34 |
| ikonia | then he should be sacked | 17:34 |
| herent_laptop | So I started in on that, there's only 14gb | 17:34 |
| sarnold | depends on your goals and abilities, and the data you're backing up.. | 17:34 |
| ikonia | rsyncing the os for a potentical upgrade restore over the inernet....is crazy | 17:34 |
| herent_laptop | Pretty much the only stuff I _really_ need is the web root | 17:35 |
| ikonia | rsyncing some personal data that is nothing to do with the OS or configuration files, sure | 17:35 |
| ikonia | herent_laptop: right, so grab that, and ask them to take a snap shot of your OS disk | 17:35 |
| herent_laptop | There isn't really much for personal stuff on there at all | 17:35 |
| Mosselman | hey guys. I want to host my e-mails myself in order to (partially) prevent employees of my web host (and the NSA) snooping through my stuff. Would it be possible to setup a VPS with my e-mail server and then prevent employees from the cloud company to access the machine? | 17:44 |
| Mosselman | I was thinking something along the lines of 2 way authentication | 17:45 |
| sarnold | Mosselman: 2fa cannot prevent the hard drive from being pulled, or the machine being pulled from the rack while under an altnerative power supply | 17:46 |
| Mosselman | sarnold: I was thinking of encrypting either way | 17:47 |
| sarnold | Mosselman: how would you provide the decryption key at boot? :) | 17:47 |
| Mosselman | sarnold: it is primarily that I don't want them just looking around | 17:47 |
| Mosselman | sarnold: that is a good point ;) | 17:47 |
| Mosselman | impractical for e-mail | 17:47 |
| patdk-wk | sarnold, thinking too hard :) | 17:52 |
| patdk-wk | mosselman, even if you encrypted everything, all emails outside of that server could easily be read | 17:52 |
| patdk-wk | so any emails you send/receive from me, could easily be snooped by the nsa | 17:53 |
| patdk-wk | or gmail, or anyone else, that doesn't have a user account on that server | 17:53 |
| Mosselman | patdk-wk: I know, but I can't control that part (without pgp). I can only do what I can | 17:53 |
| patdk-wk | yes, but if that part isn't secure, why even bother securing the rest? it's a pointless excersize | 17:54 |
| sarnold | patdk-wk: heh, yeah, here's me assuming that gpg was of course part of the solution :) | 17:54 |
| patdk-wk | well, you have a few issues | 17:55 |
| patdk-wk | you can encrypt the whole server, and use an initrd ssh unlock | 17:56 |
| patdk-wk | the issue there is, anyone with physical access *nsa/fbi/...* can modify the initrd so it will record the unlock password when you supply it | 17:56 |
| patdk-wk | you can't use a tpm device, as that is pointless, cause when they take the server, they take the tpm also | 17:57 |
| patdk-wk | so best you can do, is do the initrd thing, and hope you never type your password in, after someone is monitoring it onsite | 17:58 |
| Mosselman | patdk-wk: thanks for the info | 17:59 |
| Mosselman | the alternative is running it on my NAS, but I am not sure about reliability (up-time etc) | 17:59 |
| patdk-wk | I think your giving too much credit to the employees at the cloud company | 18:00 |
| patdk-wk | they aren't going snoop through your emails | 18:00 |
| ikonia | this is just a crazy question | 18:00 |
| patdk-wk | cause they are like every other employee, too lazy | 18:00 |
| ikonia | as you've been told in #ubuntu | 18:00 |
| ikonia | while your runnign on a VPS the host will always be able to access | 18:01 |
| Mosselman | patdk-wk: I agree with that, I am not under the impression that they are all waiting to read my mail anyway, but it is like with bike locks, if you have 1, someone might figure they'd like to cut it and steal your bike, if you have 100 there will still be that guy who, if he wants to, will cut all 100 of them | 18:04 |
| Mosselman | so it is not so much about 100% security, but rather making it a tiny bit harder | 18:04 |
| ikonia | you're not making it harder | 18:04 |
| ikonia | the vps host owners will be able to access your data | 18:05 |
| Mosselman | ikonia: sure love | 18:05 |
| patdk-wk | as long as they don't poweroff your machine, all bets are off, they have full access | 18:05 |
| ikonia | Mosselman: you must understand that the virtual machines are "virtual" provided by the physical resources of the host, the people control the "host" so they can access your virtual devices, | 18:05 |
| patdk-wk | lucky, the fbi hasn't figured this out yet | 18:05 |
| IdleOne | Mosselman: They own the servers, they keep root access. The real question is why would they bother accessing your data. | 18:05 |
| ikonia | Mosselman: hence why I keep telling you, what you are suggesting doesn't matter, the hosts will have access to the guests | 18:06 |
| ikonia | as administrators of the host they have power over the guests | 18:06 |
| ikonia | it's just stupid NSA paranioa | 18:06 |
| sarnold | patdk-wk: sure they have; they know to shove a UPS onto powerstrips :P | 18:06 |
| Mosselman | I am not talking about theoretical access, I am talking about the way in which you access things. From a practical point of view. | 18:06 |
| ikonia | Mosselman: they have total practical access | 18:06 |
| patdk-wk | there is nothing theoretical about it | 18:07 |
| Mosselman | Lets say that you leave your diary with me. If I leave it in my car I will still have full access, but I'd have to walk all the way over there to read it. If I have it lying next to me on my desk I'd just flip through it right then and there. | 18:07 |
| ikonia | Mosselman: multiple people are telling you "they will have access" and you keep arguing | 18:07 |
| ikonia | Mosselman: if you think you are correct, why are you asking ? | 18:07 |
| ikonia | get on with "doing" | 18:07 |
| Mosselman | ikonia: I don't disagree with them having access | 18:08 |
| ikonia | Mosselman: then whats the problem, your question was to stop them having access | 18:08 |
| ikonia | what is your question if it's not that ? | 18:08 |
| Mosselman | no it wasn't | 18:08 |
| Mosselman | ikonia: do you have trouble with analogies or what? | 18:08 |
| Mosselman | or are you just trolling? | 18:08 |
| ikonia | just ask the clear question then | 18:09 |
| ikonia | both myself and patdk-wk seemed to be under the impression you where trying to stop them having access | 18:09 |
| patdk-wk | Mosselman, just hope you are not my customer :) | 18:09 |
| Mosselman | ok, so lets say I am an employee of a VPS service. How would you access my VPS's files? | 18:09 |
| patdk-wk | the harder someone makes it, the more *interesting* it becomes to do | 18:09 |
| * sarnold makes note .. don't .. buy .. from .. patdk.. | 18:09 | |
| Mosselman | unencrypted etc | 18:09 |
| ikonia | Mosselman: I'd mount your disks onto the hosts | 18:09 |
| ikonia | Mosselman: and read them | 18:09 |
| LjL | Mosselman: i hope you're going to encrypt RAM too | 18:09 |
| LjL | (how the CPU will be able to read that then is a question left to the reader) | 18:10 |
| Mosselman | LjL: you raise the point that I am trying to make. So ikonia what if the drives are encrypted. Does that change any of the commands you need to perform to mount the drives? | 18:10 |
| ikonia | Mosselman: no, because you've unencypted them to access them | 18:10 |
| ikonia | Mosselman: so I can own your session and either read directly, or mount where I want | 18:11 |
| ikonia | because the resources are on the "host" not the "guest" | 18:11 |
| Mosselman | ikonia: and is there a way to prevent this or make it harder? with harder I mean even adding a few commands | 18:11 |
| patdk-wk | with a vps? impossible | 18:11 |
| ikonia | Mosselman: no, as I've said multiple times | 18:12 |
| patdk-wk | you don't have host root access to do anything | 18:12 |
| patdk-wk | I was atleast assuming a real physical server | 18:12 |
| LjL | Mosselman: what you're trying to achieve is called "security by obscurity", and is frowned upon by anyone in the security field, so you're probably going to be on your own implementing it | 18:12 |
| patdk-wk | cause the second you talk about encryption, you don't do *sharing* | 18:12 |
| Mosselman | LjL: I know, it is not so much security, but more about security through lazyness | 18:12 |
| ikonia | Mosselman: and as I said anyone, it doesn't matter as you fire emails out across the public interenet, so they can be read in transit | 18:13 |
| ikonia | Mosselman: it's not security at all | 18:13 |
| Mosselman | LjL: because lets say in the case of a physical server you'd be able to still attack through the RAM ,but that is waaaay more trouble than just doing ssh root@127.0.0.1 | 18:13 |
| ikonia | Mosselman: I'm sorry "shell attack" | 18:13 |
| ikonia | what ??? | 18:13 |
| patdk-wk | on both, I would just attack your website :) | 18:14 |
| Mosselman | ikonia: I still don't really believe you are getting the point, but thanks for the answer earlier | 18:14 |
| Mosselman | patdk-wk: probably the best way yes | 18:14 |
| ikonia | Mosselman: you don't seem to grasp how this works | 18:14 |
| patdk-wk | and once I did so, I wold have access to your unencrypted system | 18:14 |
| Mosselman | ikonia: it was an example | 18:14 |
| ikonia | Mosselman: what is the point of all this fantasy security to stop people reading your emails, if I can sit reading them as they pass through your ISP's gateway | 18:14 |
| LjL | Mosselman: yeah except no, that's just deluding yourself into thinking the attacker is probably an idiot and won't read your RAM. "waaaaay more trouble", in security terms, is when it takes you 100000000 years to crack something instead of just 100, not when it takes someone who knows the right command | 18:14 |
| Mosselman | also, sniffing the network for all my e-mails or something is also more trouble than just opening up the drive | 18:14 |
| ikonia | Mosselman: no it's not | 18:15 |
| ikonia | Mosselman: it's a doddle | 18:15 |
| patdk-wk | what would be just as *secure* | 18:15 |
| patdk-wk | would be to use pop3, and not allow emails to be left on the server | 18:15 |
| sarnold | Mosselman: heh, except the email-sniffing infrastructure is already set up, running well for eight or ten years :) | 18:15 |
| Mosselman | patdk-wk: I like that idea | 18:15 |
| ikonia | sarnold: exactly | 18:15 |
| Mosselman | sarnold: haha yeah that is another story | 18:15 |
| Mosselman | ;) | 18:15 |
| ikonia | I see it every day | 18:15 |
| patdk-wk | ovh *claims* to have set up one | 18:16 |
| patdk-wk | that mirrors all smtp traffic for monitoring | 18:16 |
| ikonia | which is why I do'nt get why Mosselman is telling me what is easy / hard to do, when he doesn't really seem to understand the basics | 18:16 |
| Mosselman | ikonia: just because I ask something doesn't mean I don't know anything about it. | 18:16 |
| Mosselman | sometimes you have to verify what you know or might not know | 18:16 |
| ikonia | Mosselman: I don't think it does, but you telling me "X is hard to do" when its easy, suggests you don't | 18:16 |
| ikonia | more so when it's already in place with every ISP/DC | 18:17 |
| Mosselman | ikonia: 'hard' is relative | 18:17 |
| ikonia | Mosselman: you're just making excuses now to hide the fact that you didn't know | 18:17 |
| Mosselman | So lets say for example, 'harder' would be switching from web hosting e-mail to VPS run e-mail? | 18:17 |
| Mosselman | ikonia: you can believe whatever you want | 18:17 |
| ikonia | Mosselman: why ? what benifit would that do | 18:17 |
| ikonia | when I can read your mail as it goes through the ISP gateway | 18:17 |
| Mosselman | ikonia: because then I don't have to convince you otherwise | 18:18 |
| ikonia | which is VERY easy | 18:18 |
| ikonia | Mosselman: what is the point in asking for help for you to disagree with everything and say you know already | 18:18 |
| ikonia | why not get on with your setup if you know already | 18:18 |
| Mosselman | ikonia: you are ignoring the physical situation, the human element | 18:18 |
| ikonia | what physical situation ? | 18:18 |
| Mosselman | of the employee | 18:18 |
| ikonia | you've just mentioned that | 18:18 |
| ikonia | of what employee ? | 18:18 |
| patdk-wk | well, if we take humans into account | 18:19 |
| patdk-wk | there is no point in securing anything | 18:19 |
| patdk-wk | cause humans will leak passwords willingly | 18:19 |
| Mosselman | who is sitting around in the call centre bored and decides to check whether my gf has sent me any naked pictures while he is waiting for his next call | 18:19 |
| ikonia | Mosselman: call centre ? | 18:19 |
| ikonia | Mosselman: a call centre doesn't manage your email | 18:19 |
| Mosselman | ikonia: that is what I mean, we are talking about 2 different things | 18:19 |
| ikonia | Mosselman: network ops teams do - who sit there monitoring it 24x7 - as thats their job | 18:19 |
| ikonia | so "who sits there doing that" - the people who run your network do | 18:20 |
| Mosselman | ikonia: anyone who is bored who works there with access to files | 18:20 |
| ikonia | Mosselman: what ?? | 18:20 |
| ikonia | Mosselman: you are making zero sense and just changing fantasy situations every 30 seconds | 18:20 |
| Mosselman | You are talking about attackers, I am talking about untrustworthy employees who are just killing time doing a shitty job | 18:20 |
| ikonia | Mosselman: tone down the language | 18:21 |
| Mosselman | ikonia: I am not, I started with this in my very first message | 18:21 |
| ikonia | Mosselman: I'm not talking about attackers | 18:21 |
| ikonia | Mosselman: I'm talking about people monoitoring network infrastrcture as their job | 18:21 |
| * patdk-wk would wonder why gf would email said pictures, and who else she sent them too | 18:21 | |
| patdk-wk | she would be gone that moment | 18:21 |
| Mosselman | patdk-wk: haha I don't know, was an example. could be the mistress as well | 18:21 |
| patdk-wk | ya same deal, I don't need a *log* that would show her | 18:22 |
| Mosselman | ikonia: never mind dude, thanks for the info and sorry for making your life miserable | 18:22 |
| patdk-wk | and that includes her email client | 18:22 |
| ikonia | you've not made my life miserable | 18:22 |
| Mosselman | ikonia: I am glad, it seemed that way | 18:22 |
| ikonia | not really | 18:22 |
| ikonia | just didn't want you to waste time with a pointless task, or believe something was secure when it was far from it | 18:22 |
| Mosselman | thanks for the info patdk-wk | 18:22 |
| Mosselman | ikonia: I think it was just a misunderstanding | 18:23 |
| ikonia | it really wasn't | 18:23 |
| Mosselman | that is the definition | 18:23 |
| Shogoot | Hi people. Just wondering if this is at all possible. I got a ubutnu server box that runs a seedbox - rutorrent and a webgui listening on port 80 (its installed with a script from the torrent invite site). I own a adress mysite1.com and it pointing to my routers public ip. IS it possible to have ANOTHER box running a webserver to host my personal site? How would the two machines listening on port 80 know who of them are cal | 19:00 |
| Shogoot | led? | 19:00 |
| sarnold | Shogoot: run a proxy in front of them, nginx, apache, something like that. the proxy is on port 80, and based on the pathnames knows whether to bounce to the serve on port 81 or server on port 82 | 19:01 |
| Shogoot | oh ok... would that be a third machine requied for doing that? | 19:03 |
| adam_g | roaksoax, check out the tests in nova-compute. you can copy test_utils.py to your charm and inherit from CharmTestCase, then you have a fully mocked relation environment | 19:03 |
| sarnold | Shogoot: you can use one, two, or three machines, as you wish :) | 19:03 |
| Shogoot | im going to have a challenge in making this work :) | 19:05 |
| Shogoot | thanks for your tip ill look into it, now that i know where to look. | 19:05 |
| sarnold | Shogoot: check out "reverse proxy" here: http://httpd.apache.org/docs/2.2/mod/mod_proxy.html | 19:06 |
| Shogoot | sarnold, nice, thank you very much | 19:07 |
| roaksoax | adam_g: ok cool | 19:08 |
| GH0 | jdstrand, thanks for the response. That is what I figured, I think the web app developer just doesn't want to admit that the problem is his issue. I will let him. Thanks. :) | 19:24 |
| === VD is now known as Guest37498 | ||
| === schmidtm_ is now known as schmidtm | ||
| === thumper--afk is now known as thumper | ||
| roaksoax | adam_g: so how do you run the tests? | 21:06 |
| === Mosselman_ is now known as Mosselman | ||
| adam_g | roaksoax, ive been running with nose | 21:21 |
| roaksoax | adam_g: ok cool thanks | 21:22 |
| adam_g | roaksoax, nosetests -svd $tests_dir/ should discover and run the tests | 21:23 |
| roaksoax | adam_g: yep! thanks! | 21:25 |
| === andreas__ is now known as ahasenack | ||
| === daker_ is now known as daker | ||
Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!