=== freeflying_away is now known as freeflying
[02:19] <ElricStorm> got a question for you folks, i've recently installed a ew7811un wifi *stick*
[02:19] <ElricStorm> i've tried every guide i can find online and cannot get it to connect successfully to my home wireless connection
[02:19] <ElricStorm> i've even rebuilt the kernel module for it, and it will not connect to my wireless...i have no GUI installed on this box, so everything must be done via cli
[02:22] <ElricStorm> le sigh
=== Ursinha-afk is now known as Ursinha
=== freeflying is now known as freeflying_away
=== freeflying_away is now known as freeflying
[08:48] <makara> rreset
[08:48] <makara> reset
[08:48] <makara> dammit :)
[08:51] <Chillaholic> How can i change a digit of a defined variable? SERVICE=$SERVICE$1 does not work.
=== freeflying is now known as freeflying_away
=== freeflying_away is now known as freeflying
[10:17] <znf> Hello. Is there any way to install Squid 2.7 under Saucy? I can only find squid3 packages, and I kind of need squid2.7 :-/
=== freeflying is now known as freeflying_away
[12:54] <jamespage> zul, OpenStack virtualization session PM today = are you running that one?
[12:54] <zul> yeah
[12:54] <zul> i think
=== freeflying_away is now known as freeflying
[13:59] <moutaman> hey
[15:01] <zul> jamespage:  http://docs.openstack.org/admin-guide-cloud/content//section_manage-logs.html
=== freeflying is now known as freeflying_away
=== Jikan is now known as Jikai
=== Jikai is now known as Jikan
[16:01] <rbasak> TheLordOfTime: I just filed https://bugs.launchpad.net/debian/+source/nginx/+bug/1253691. Do you have any interest in working on it?
[16:01] <uvirtbot> Launchpad bug 1253691 in nginx "Specially crafted request URI permits security restriction bypass" [Undecided,New]
[16:01] <rbasak> Filing the MIR for nginx is still on my TODO.
[16:01] <rbasak> So I will do this first, unless you want to take it?
[16:58] <tom___> hello
[16:58] <tom___> I got a question about postfix
[16:59] <tom___> ehlo diablo3post.com 250-vividgn.com 250-PIPELINING 250-SIZE 10240000 250-VRFY 250-ETRN 250-STARTTLS 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSN auth plain 503 5.5.1 Error: authentication not enabled auth login 503 5.5.1 Error: authentication not enabled
[16:59] <tom___> Im getting the error authentication not enabled
[16:59] <tom___> when i have it enabled.
=== matanya_ is now known as matanya
[17:04] <michele> hi there. quick question. on /etc/crontab I have this row: 47 6    * * 7   root    test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.weekly ) ; how come this machine executes cron.weekly every Thursday instead of Sunday (dow in crontab row is 7)
[17:06] <TheLordOfTime> rbasak: absolutely, you'll notice my comments on the bug (via my phone)
[17:06] <TheLordOfTime> rbasak: note that there's another nginx CVE that i also need to address and i need to get the changes from Debian first (they just issued release 1.4.4 so a merge of 1.4.4 from Debian to Trusty would fix two CVEs AFAICT.)
[17:11] <rbasak> TheLordOfTime: great. Thanks! Please let me know how it's going and if you need any help.
[17:11] <TheLordOfTime> rbasak: don't think there'll be an issue, after consulting with #ubuntu-hardened i'm settging confirmed/high other than that i'm just getting the source so i can debdiff it.
[17:11] <TheLordOfTime> since apparently it went missing on my system
[17:13] <TheLordOfTime> rbasak: since of course i'm not security team, i always consult with them before changing a security bug's status ;)
[17:13] <TheLordOfTime> but first... coffee.
[17:21] <TheLordOfTime> rbasak: the only thing i might not be able to do is a merge... #ubuntu-hardened suggests merging 1.4.4 from Debian to Trusty, but the last couple "merge" attempts I tried FTBFS locally
[17:21] <TheLordOfTime> (I always build with sbuild to test that it actually builds)
[18:02] <rbasak> TheLordOfTime: OK. If it fails, stick what you have in the bug and I'll take a look at it.
[18:04] <TheLordOfTime> rbasak: the patch as is from upstream will fail to apply, because p0 patch
[18:04] <TheLordOfTime> adding a/ and b/ to the beginning of the filepaths made it import.
[18:04] <TheLordOfTime> then apply :)
[18:04] <rbasak> Great!
[18:04] <TheLordOfTime> thanks to -motu for that guidance on the fix
[18:20] <Syphtah> Hello
[18:22] <Syphtah> I need help with setting up a web-server for saving backups. It has to accept HTTP POSTs and save the files sent
[18:22] <Syphtah> How would you reccomend going about doing it?
[18:45] <TheLordOfTime> rbasak: feel free to check the debdiffs i put onto that bug if you want, but ultimately security has to upload them.
[18:47] <TheLordOfTime> rbasak: and security would also have to approve them, so meh.
[18:49] <TheLordOfTime> rbasak: and not sure if you saw in -motu, but cjwatson will merge 1.4.4 into trusty and that should take care of the CVE for Trusty.
[18:54] <zul> hallyn_:  i just uploaded a new libvirt we should be ok when python-libvirt is split out
[18:56] <TheLordOfTime> rbasak: as for other security bugs drifting around for nginx: CVE-2013-0337 still has no patch that I'm able to see just yet... and CVE-2011-4968 is still bouncing around the nginx-devel mailing list and has no solution yet as a result of that.
[18:56] <uvirtbot> TheLordOfTime: The default configuration of nginx, possibly 1.3.13 and earlier, uses world-readable permissions for the (1) access.log and (2) error.log files, which allows local users to obtain sensitive information by reading the files. (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0337)
[18:56] <uvirtbot> TheLordOfTime: ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem.  When the candidate has been publicized, the details for this candidate will be provided. (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4968)
[18:56] <TheLordOfTime> uvirtbot: you need to die
[18:56] <uvirtbot> TheLordOfTime: Error: "you" is not a valid command.
[18:56] <TheLordOfTime> sorry for general channel spam everyone :/
[18:57] <rbasak> TheLordOfTime: I don't think that nginx users expect more from us than what nginx upstream provide. I wouldn't fret about those for now. Just leave the bugs be, and the security team can make a decision once I've filed the MIR.
[18:57] <TheLordOfTime> rbasak: yep, i just put that there as an FYI
[18:57] <TheLordOfTime> because i'm constantly on the lookout for those fixes
[18:58] <TheLordOfTime> rbasak: note trusty won't have a fix until... monday i think cjwatson said...
[18:58] <TheLordOfTime> (merge of 1.4.4 from Debian -> Trusty)
[18:58] <TheLordOfTime> ... lol i just got spammed by launchpad, and it's all my changes xD
[18:59] <hallyn_> zul: sweet
=== gary_poster is now known as gary_poster|away
=== thumper is now known as thumper-afk
[20:07] <airtonix> https://bugs.launchpad.net/ubuntu/+source/screen/+bug/574773?comments=all#yui_3_10_3_1_1385064379062_1839
[20:07] <uvirtbot> Launchpad bug 574773 in screen "Cannot make directory '/var/run/screen': Permission denied (convert init to upstart)" [Medium,Fix released]
=== gary_poster|away is now known as gary_poster
=== gary_poster is now known as gary_poster|away
[20:44] <Sling> just installed default lamp stack on fresh ubuntu 13.10, noticed it defaults to mod_php + prefork, is there an 'ubuntu' way of switching to event + php-fpm + mod_proxy_fcgid ?
[20:45] <Sling> or should I just manually unload mod_php, load & configure mod_proxy_fcgid and switch MPM
[20:47] <wam_> Sling: is this non-prefork stuff working meanwhile? A few years ago most php software didn't run on fcgi or other stuff.
[20:47] <Sling> wam_: yup works fine
[20:48] <Sling> about to setup an owncloud + zimbra install on it
[20:48] <wam_> Sling: wtf? You won't need php for zimbra ;)
[20:48] <Sling> well, for the webmail stuff
[20:48] <wam_> zimbra is java
[20:48] <wam_> and has its own hosting
[20:49] <Sling> oh
[20:49] <wam_> which is perfectly fine
[20:49] <Sling> well then ill be reverse proxying to it
[20:49] <wam_> good product
[20:49] <Sling> whatever :)
[20:49] <wam_> don't
[20:49] <Sling> because?
[20:49] <wam_> run zimbra on a dedicated vm.
[20:49] <wam_> because you'll have a lot of trouble sharing this.
[20:49] <Sling> this vm wont be doing any webhosting or w/e
[20:49] <wam_> zimbra even brings its own nginx
[20:49] <Sling> which can listen on any port
[20:49] <wam_> sure
[20:50] <wam_> prepare for evil things ;)
[20:50] <wam_> zimbra has LOTS of things to configure if you want to do it yourself.
[20:50] <Sling> im trying to ditch gmail ;)
[20:50] <wam_> Sling: btw: zimbra brings its own webdav and cal.
[20:50] <wam_> so no need for owncloud
[20:50] <wam_> which doesn't work either.
[20:51] <Sling> ill be using owncloud across desktops/machines for my documents
[20:51] <wam_> Sling: look at seafile and be happy
[20:51] <wam_> instead of crying every day because webdav just sucks
[20:51] <Sling> i wasnt planning on using webdav
[20:51] <wam_> plus you get client side encryption
[20:52] <Sling> but yeah im not here to discuss every piece of software im going to install, was just wondering about the mpm/fpm stuff
[20:52] <Sling> :)
[20:52] <wam_> M)
[20:53] <wam_> You will have to go through all this yourself ;)
[20:53] <Sling> thats fine
[20:53] <wam_> sure
[20:53] <wam_> I had to do it too
[21:12] <jkyle> heya
[21:13] <jkyle> I'm getting periodic errors form apt-cacher-ng like "storage error [500 Server reports unexpected range], last errno: Operation now in progress" and "storage error [500 Server reports unexpected range], last errno: Resource temporarily unavailable"
[21:14] <jkyle> having trouble figuring out what the root cause might be
[21:15] <jkyle> from the source, http://git.fsinf.at/apt/apt-cacher-ng/blobs/d656c645d99ac99b0045e663492f0824d8cfee2e/source/fileitem.cc, it looks like it might be an upstream mirror problem where it's not giving me a complete header response
[21:25] <rostam> HI we have recently ported all of our applications and drivers from redhat to ubuntu (RH6.4 to Ubuntu 12.04 update 3) . We see some slowness while applications open the device drivers, any idea why and how to tackle this? thx
=== thumper-afk is now known as thumper
[21:41] <fishcooker1> i want to encyrpted  my home folder.. and i've plan to put some apps on it that will run after the user login
[21:41] <PryMar56> rostam, are you running ubuntu-server? should be empty -> dpkg -l | grep xserv
[21:43] <PryMar56> rostam, what is your pkg count? dpkg -l | grep -c ''
[21:44] <PryMar56> full ubuntu with GUI is bloated at 1300 pkgs or more
[23:15] <sander^home> Do anyone know how I can mount a remote directory using webdav with digest authentication?
[23:16] <sander^home> I'm using the command: mount -t davfs http://xxxx/webdav /home/USER1  and I got: Digest mutual authentication failure: request-digest mismatch
[23:18] <tonyyarusso> sander^home: No, but my first guess would be that you need to provide the credentials in the URL, eg http://user@xxxx:password/webdav/
[23:20] <tonyyarusso> sander^home: Ah, looking at the man page, it looks like you're supposed to give -o username=someuser, then the password is read from stdin
[23:21] <tonyyarusso> sander^home: http://linux.die.net/man/8/mount.davfs
[23:21] <tonyyarusso> sander^home: For use in fstab, looks like you're supposed to put that information in a special secrets file.
[23:22] <Corey> Bah, false hilights. I blame tonyyarusso. :-p
[23:22] <tonyyarusso> Corey: ha, what did you hilight on there?
[23:22] <sander^home> tonyyarusso, I get promted for the username and password
[23:23] <sander^home> tonyyarusso, I think the problem is that the server requires digest autentication..
[23:24] <Corey> tonyyarusso: I'm cquinn at die.net
[23:24] <tonyyarusso> sander^home: Digest and basic should be the same as far as the client is concerned...
[23:24] <tonyyarusso> Corey: ooooh, neat.
[23:24] <tonyyarusso> sander^home: are you using a secrets file already?  I see the format is (sort of) explained in the "Examples" section.
[23:24] <sander^home> tonyyarusso, long time ago.. I had the same problem.. ending up changing to basic authentication.. then it worked. But in this case I cant change.
[23:25] <sander^home> tonyyarusso, im not. Let me see
[23:25] <tonyyarusso> Corey: what's the story behind the domain name?
[23:29] <Corey> It predates me; it's a friend's.
[23:31] <sander^home> tonyyarusso, Im not using a secret file.
[23:31] <tonyyarusso> What happened to Ubuntu Orchestra after precise?
[23:32] <sander^home> tonyyarusso, tried to be using it now..but failed.
[23:32] <sarnold> tonyyarusso: I think you're looking for 'juju' now
[23:32] <tonyyarusso> sarnold: ah, could be
[23:32]  * tonyyarusso hasn't kept track of all of the pieces and funny names over the years; trying to figure out what they do these days
[23:33] <tonyyarusso> In short, should I set up a Puppet server, PXE/TFTP server, and APT cache manually, or use a prepackaged deal.
[23:36] <fishcooker> i've got error there is message.. so that i have to check /var/log/syslog on virtual console 4
[23:36] <fishcooker> many error don't know how to start
[23:36] <fishcooker> ...
[23:37] <fishcooker> ext4-fs.. errors=remount-ro
[23:37] <sarnold> tonyyarusso: that's a tough call; juju and maas are pretty slick, but it feels like they shine when you're either using a public cloud provider or have plenty of machines for an internal private cloud (maas or openstack).. juju can deploy to specific machines these days, which is neat, but it isn't really where it's awesome.
[23:39] <tonyyarusso> sarnold: I'm working with probably one or two dozen physical machines, and then a few dozen more virtual ones that are in VMware, so as far as I see them very similar to physical since I can't do magic with VMware in the same way.
[23:41] <tonyyarusso> sarnold: Right now we have an "initial setup checklist" that we do by hand on ALL servers, which is getting too long and tedius, 20 of the virtualized servers should have the same packages, some of the same settings, etc. (they all run the same app, just for different clients/domains), but currently differ in ways unknown, and I have no good way of changing the "master" (non-LDAP) user's password on all machines at once.
[23:43] <sarnold> tonyyarusso: oh, man, that sounds like something that would benefit greatly from puppeting or juju charming
[23:43] <tonyyarusso> Yeah, it definitely needs SOMETHING along these lines - just a question of what exactly.
[23:46] <sarnold> since your machines mostly exist as-is, I'd be tempted to go down the puppet route. if at some point in the future you've got an openstack setup or juju grows a vmware provider that can make new instances, you can still use those puppet recipes in juju charms to pipe everything together; it's not entirely a one-way decision
[23:47] <tonyyarusso> true
[23:47] <tonyyarusso> As for the "exist as-is" part, we do have several machines that need to be rebuilt right now, and we just lost the second sysadmin this quarter, leaving just me, so it's a great opportunity to push hard on any automation I can.
[23:48] <tonyyarusso> I found a server the other day running 6.06 still...
[23:49] <Rory> tonyyarusso: My favourite release! \o/
[23:49] <Rory> tonyyarusso: Wait, a live server?
[23:50] <Rory> tonyyarusso: Regarding automation, I've used Puppet and Salt, they're both fine
[23:50] <sarnold> tonyyarusso: yikes :)