/srv/irclogs.ubuntu.com/2013/11/21/#ubuntu-server.txt

=== freeflying_away is now known as freeflying
ElricStormgot a question for you folks, i've recently installed a ew7811un wifi *stick*02:19
ElricStormi've tried every guide i can find online and cannot get it to connect successfully to my home wireless connection02:19
ElricStormi've even rebuilt the kernel module for it, and it will not connect to my wireless...i have no GUI installed on this box, so everything must be done via cli02:19
ElricStormle sigh02:22
=== Ursinha-afk is now known as Ursinha
=== freeflying is now known as freeflying_away
=== freeflying_away is now known as freeflying
makararreset08:48
makarareset08:48
makaradammit :)08:48
ChillaholicHow can i change a digit of a defined variable? SERVICE=$SERVICE$1 does not work.08:51
=== freeflying is now known as freeflying_away
=== freeflying_away is now known as freeflying
znfHello. Is there any way to install Squid 2.7 under Saucy? I can only find squid3 packages, and I kind of need squid2.7 :-/10:17
=== freeflying is now known as freeflying_away
jamespagezul, OpenStack virtualization session PM today = are you running that one?12:54
zulyeah12:54
zuli think12:54
=== freeflying_away is now known as freeflying
moutamanhey13:59
zuljamespage:  http://docs.openstack.org/admin-guide-cloud/content//section_manage-logs.html15:01
=== freeflying is now known as freeflying_away
=== Jikan is now known as Jikai
=== Jikai is now known as Jikan
rbasakTheLordOfTime: I just filed https://bugs.launchpad.net/debian/+source/nginx/+bug/1253691. Do you have any interest in working on it?16:01
uvirtbotLaunchpad bug 1253691 in nginx "Specially crafted request URI permits security restriction bypass" [Undecided,New]16:01
rbasakFiling the MIR for nginx is still on my TODO.16:01
rbasakSo I will do this first, unless you want to take it?16:01
tom___hello16:58
tom___I got a question about postfix16:58
tom___ehlo diablo3post.com 250-vividgn.com 250-PIPELINING 250-SIZE 10240000 250-VRFY 250-ETRN 250-STARTTLS 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSN auth plain 503 5.5.1 Error: authentication not enabled auth login 503 5.5.1 Error: authentication not enabled16:59
tom___Im getting the error authentication not enabled16:59
tom___when i have it enabled.16:59
=== matanya_ is now known as matanya
michelehi there. quick question. on /etc/crontab I have this row: 47 6    * * 7   root    test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.weekly ) ; how come this machine executes cron.weekly every Thursday instead of Sunday (dow in crontab row is 7)17:04
TheLordOfTimerbasak: absolutely, you'll notice my comments on the bug (via my phone)17:06
TheLordOfTimerbasak: note that there's another nginx CVE that i also need to address and i need to get the changes from Debian first (they just issued release 1.4.4 so a merge of 1.4.4 from Debian to Trusty would fix two CVEs AFAICT.)17:06
rbasakTheLordOfTime: great. Thanks! Please let me know how it's going and if you need any help.17:11
TheLordOfTimerbasak: don't think there'll be an issue, after consulting with #ubuntu-hardened i'm settging confirmed/high other than that i'm just getting the source so i can debdiff it.17:11
TheLordOfTimesince apparently it went missing on my system17:11
TheLordOfTimerbasak: since of course i'm not security team, i always consult with them before changing a security bug's status ;)17:13
TheLordOfTimebut first... coffee.17:13
TheLordOfTimerbasak: the only thing i might not be able to do is a merge... #ubuntu-hardened suggests merging 1.4.4 from Debian to Trusty, but the last couple "merge" attempts I tried FTBFS locally17:21
TheLordOfTime(I always build with sbuild to test that it actually builds)17:21
rbasakTheLordOfTime: OK. If it fails, stick what you have in the bug and I'll take a look at it.18:02
TheLordOfTimerbasak: the patch as is from upstream will fail to apply, because p0 patch18:04
TheLordOfTimeadding a/ and b/ to the beginning of the filepaths made it import.18:04
TheLordOfTimethen apply :)18:04
rbasakGreat!18:04
TheLordOfTimethanks to -motu for that guidance on the fix18:04
SyphtahHello18:20
SyphtahI need help with setting up a web-server for saving backups. It has to accept HTTP POSTs and save the files sent18:22
SyphtahHow would you reccomend going about doing it?18:22
TheLordOfTimerbasak: feel free to check the debdiffs i put onto that bug if you want, but ultimately security has to upload them.18:45
TheLordOfTimerbasak: and security would also have to approve them, so meh.18:47
TheLordOfTimerbasak: and not sure if you saw in -motu, but cjwatson will merge 1.4.4 into trusty and that should take care of the CVE for Trusty.18:49
zulhallyn_:  i just uploaded a new libvirt we should be ok when python-libvirt is split out18:54
TheLordOfTimerbasak: as for other security bugs drifting around for nginx: CVE-2013-0337 still has no patch that I'm able to see just yet... and CVE-2011-4968 is still bouncing around the nginx-devel mailing list and has no solution yet as a result of that.18:56
uvirtbotTheLordOfTime: The default configuration of nginx, possibly 1.3.13 and earlier, uses world-readable permissions for the (1) access.log and (2) error.log files, which allows local users to obtain sensitive information by reading the files. (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0337)18:56
uvirtbotTheLordOfTime: ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem.  When the candidate has been publicized, the details for this candidate will be provided. (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4968)18:56
TheLordOfTimeuvirtbot: you need to die18:56
uvirtbotTheLordOfTime: Error: "you" is not a valid command.18:56
TheLordOfTimesorry for general channel spam everyone :/18:56
rbasakTheLordOfTime: I don't think that nginx users expect more from us than what nginx upstream provide. I wouldn't fret about those for now. Just leave the bugs be, and the security team can make a decision once I've filed the MIR.18:57
TheLordOfTimerbasak: yep, i just put that there as an FYI18:57
TheLordOfTimebecause i'm constantly on the lookout for those fixes18:57
TheLordOfTimerbasak: note trusty won't have a fix until... monday i think cjwatson said...18:58
TheLordOfTime(merge of 1.4.4 from Debian -> Trusty)18:58
TheLordOfTime... lol i just got spammed by launchpad, and it's all my changes xD18:58
hallyn_zul: sweet18:59
=== gary_poster is now known as gary_poster|away
=== thumper is now known as thumper-afk
airtonixhttps://bugs.launchpad.net/ubuntu/+source/screen/+bug/574773?comments=all#yui_3_10_3_1_1385064379062_183920:07
uvirtbotLaunchpad bug 574773 in screen "Cannot make directory '/var/run/screen': Permission denied (convert init to upstart)" [Medium,Fix released]20:07
=== gary_poster|away is now known as gary_poster
=== gary_poster is now known as gary_poster|away
Slingjust installed default lamp stack on fresh ubuntu 13.10, noticed it defaults to mod_php + prefork, is there an 'ubuntu' way of switching to event + php-fpm + mod_proxy_fcgid ?20:44
Slingor should I just manually unload mod_php, load & configure mod_proxy_fcgid and switch MPM20:45
wam_Sling: is this non-prefork stuff working meanwhile? A few years ago most php software didn't run on fcgi or other stuff.20:47
Slingwam_: yup works fine20:47
Slingabout to setup an owncloud + zimbra install on it20:48
wam_Sling: wtf? You won't need php for zimbra ;)20:48
Slingwell, for the webmail stuff20:48
wam_zimbra is java20:48
wam_and has its own hosting20:48
Slingoh20:49
wam_which is perfectly fine20:49
Slingwell then ill be reverse proxying to it20:49
wam_good product20:49
Slingwhatever :)20:49
wam_don't20:49
Slingbecause?20:49
wam_run zimbra on a dedicated vm.20:49
wam_because you'll have a lot of trouble sharing this.20:49
Slingthis vm wont be doing any webhosting or w/e20:49
wam_zimbra even brings its own nginx20:49
Slingwhich can listen on any port20:49
wam_sure20:49
wam_prepare for evil things ;)20:50
wam_zimbra has LOTS of things to configure if you want to do it yourself.20:50
Slingim trying to ditch gmail ;)20:50
wam_Sling: btw: zimbra brings its own webdav and cal.20:50
wam_so no need for owncloud20:50
wam_which doesn't work either.20:50
Slingill be using owncloud across desktops/machines for my documents20:51
wam_Sling: look at seafile and be happy20:51
wam_instead of crying every day because webdav just sucks20:51
Slingi wasnt planning on using webdav20:51
wam_plus you get client side encryption20:51
Slingbut yeah im not here to discuss every piece of software im going to install, was just wondering about the mpm/fpm stuff20:52
Sling:)20:52
wam_M)20:52
wam_You will have to go through all this yourself ;)20:53
Slingthats fine20:53
wam_sure20:53
wam_I had to do it too20:53
jkyleheya21:12
jkyleI'm getting periodic errors form apt-cacher-ng like "storage error [500 Server reports unexpected range], last errno: Operation now in progress" and "storage error [500 Server reports unexpected range], last errno: Resource temporarily unavailable"21:13
jkylehaving trouble figuring out what the root cause might be21:14
jkylefrom the source, http://git.fsinf.at/apt/apt-cacher-ng/blobs/d656c645d99ac99b0045e663492f0824d8cfee2e/source/fileitem.cc, it looks like it might be an upstream mirror problem where it's not giving me a complete header response21:15
rostamHI we have recently ported all of our applications and drivers from redhat to ubuntu (RH6.4 to Ubuntu 12.04 update 3) . We see some slowness while applications open the device drivers, any idea why and how to tackle this? thx21:25
=== thumper-afk is now known as thumper
fishcooker1i want to encyrpted  my home folder.. and i've plan to put some apps on it that will run after the user login21:41
PryMar56rostam, are you running ubuntu-server? should be empty -> dpkg -l | grep xserv21:41
PryMar56rostam, what is your pkg count? dpkg -l | grep -c ''21:43
PryMar56full ubuntu with GUI is bloated at 1300 pkgs or more21:44
sander^homeDo anyone know how I can mount a remote directory using webdav with digest authentication?23:15
sander^homeI'm using the command: mount -t davfs http://xxxx/webdav /home/USER1  and I got: Digest mutual authentication failure: request-digest mismatch23:16
tonyyarussosander^home: No, but my first guess would be that you need to provide the credentials in the URL, eg http://user@xxxx:password/webdav/23:18
tonyyarussosander^home: Ah, looking at the man page, it looks like you're supposed to give -o username=someuser, then the password is read from stdin23:20
tonyyarussosander^home: http://linux.die.net/man/8/mount.davfs23:21
tonyyarussosander^home: For use in fstab, looks like you're supposed to put that information in a special secrets file.23:21
CoreyBah, false hilights. I blame tonyyarusso. :-p23:22
tonyyarussoCorey: ha, what did you hilight on there?23:22
sander^hometonyyarusso, I get promted for the username and password23:22
sander^hometonyyarusso, I think the problem is that the server requires digest autentication..23:23
Coreytonyyarusso: I'm cquinn at die.net23:24
tonyyarussosander^home: Digest and basic should be the same as far as the client is concerned...23:24
tonyyarussoCorey: ooooh, neat.23:24
tonyyarussosander^home: are you using a secrets file already?  I see the format is (sort of) explained in the "Examples" section.23:24
sander^hometonyyarusso, long time ago.. I had the same problem.. ending up changing to basic authentication.. then it worked. But in this case I cant change.23:24
sander^hometonyyarusso, im not. Let me see23:25
tonyyarussoCorey: what's the story behind the domain name?23:25
CoreyIt predates me; it's a friend's.23:29
sander^hometonyyarusso, Im not using a secret file.23:31
tonyyarussoWhat happened to Ubuntu Orchestra after precise?23:31
sander^hometonyyarusso, tried to be using it now..but failed.23:32
sarnoldtonyyarusso: I think you're looking for 'juju' now23:32
tonyyarussosarnold: ah, could be23:32
* tonyyarusso hasn't kept track of all of the pieces and funny names over the years; trying to figure out what they do these days23:32
tonyyarussoIn short, should I set up a Puppet server, PXE/TFTP server, and APT cache manually, or use a prepackaged deal.23:33
fishcookeri've got error there is message.. so that i have to check /var/log/syslog on virtual console 423:36
fishcookermany error don't know how to start23:36
fishcooker...23:36
fishcookerext4-fs.. errors=remount-ro23:37
sarnoldtonyyarusso: that's a tough call; juju and maas are pretty slick, but it feels like they shine when you're either using a public cloud provider or have plenty of machines for an internal private cloud (maas or openstack).. juju can deploy to specific machines these days, which is neat, but it isn't really where it's awesome.23:37
tonyyarussosarnold: I'm working with probably one or two dozen physical machines, and then a few dozen more virtual ones that are in VMware, so as far as I see them very similar to physical since I can't do magic with VMware in the same way.23:39
tonyyarussosarnold: Right now we have an "initial setup checklist" that we do by hand on ALL servers, which is getting too long and tedius, 20 of the virtualized servers should have the same packages, some of the same settings, etc. (they all run the same app, just for different clients/domains), but currently differ in ways unknown, and I have no good way of changing the "master" (non-LDAP) user's password on all machines at once.23:41
sarnoldtonyyarusso: oh, man, that sounds like something that would benefit greatly from puppeting or juju charming23:43
tonyyarussoYeah, it definitely needs SOMETHING along these lines - just a question of what exactly.23:43
sarnoldsince your machines mostly exist as-is, I'd be tempted to go down the puppet route. if at some point in the future you've got an openstack setup or juju grows a vmware provider that can make new instances, you can still use those puppet recipes in juju charms to pipe everything together; it's not entirely a one-way decision23:46
tonyyarussotrue23:47
tonyyarussoAs for the "exist as-is" part, we do have several machines that need to be rebuilt right now, and we just lost the second sysadmin this quarter, leaving just me, so it's a great opportunity to push hard on any automation I can.23:47
tonyyarussoI found a server the other day running 6.06 still...23:48
Rorytonyyarusso: My favourite release! \o/23:49
Rorytonyyarusso: Wait, a live server?23:49
Rorytonyyarusso: Regarding automation, I've used Puppet and Salt, they're both fine23:50
sarnoldtonyyarusso: yikes :)23:50

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!