=== dumfries_ is now known as dumfries
=== bitnumus is now known as Guest6432
DarylXianI found Ubu's "whoopsie" daemon installed, and spewing DNS queries, on a bunch of our Ubu servers.  *I* certainly never gave it, or apport, permission ... but there you have it.  I've rm'd the package from all the boxes -- QUESTION:00:39
DarylXianHow do you permanenetly lock/prevent the install of package?00:39
=== lifeless_ is now known as lifeless
holsteinDarylXian: nothing additionally should be installed without sudo permission00:50
DarylXianholstein: It was apparently installed, and enabled, without my permission in the 1st place.  I'd rather not trust the "should", and lock out 'whoopsie' from ever being (re)installed.00:51
DarylXianafaict, you can lock UPGRADES.  haven't figured out how to lock out INSTALLS.00:52
holsteinDarylXian: if the packages come with the OS, then they will have already been installed00:52
sarnoldit is installed by default on every system.00:52
holsteinDarylXian: i dont select "auto upagrades" at install00:52
holsteinDarylXian: you should be able to remove anything you please,a nd nothing will be added or changed without your doing so00:52
sarnoldperhaps you want to set up a debian installer preseed file that knows to uninstall it so your own installs won't hve it00:53
DarylXiansarnold: Right.  ANd apparently enabled.  Which is what's got me riled.  But, ignore me/that.  I simply don't trust this to not happen again.00:53
DarylXianIs there no locking mechanism -- like opensuse's zypper locks -- to prevent installs?00:53
sarnoldor just add 'apt-get purge whoopsie' or whatever to an after-install script you run on systems?00:53
sarnoldDarylXian: you can always make a fake whoopsie package to install.. kinda blunt as an instrument, but there you go00:54
holsteinDarylXian: things dont get installed without your permission.. nothing was installed.. it comes withthe pacakges you are mentioning00:54
DarylXianholstein: It's been ENABLED without my express permisson.  That's at best -- shoddy.00:54
DarylXiansarnold: Not elegant, but a workaround.  THanks.  I can stuff this into Puppet somehow ...00:55
holsteinDarylXian: enabled is not "installed after installation of the OS in the background without permission"00:56
holsteinDarylXian: you should have no trouble removing anything you please, and it wont "automatically" do anything00:56
DarylXianIt 'automatically' was enabled. ~10 million DNS queries later ... I'm simply interested in preventing it from doing so again.00:57
jrwren_its a good question, you could look into APT pinning?01:07
jrwren_Pin-Priority: -1  # should prevent it from being ever installed01:11
sarnoldthat's easier than what I mentioned to him, the equivs package01:11
jrwren_        Package: perl01:14
jrwren_           Pin: version 5.10*01:14
jrwren_clipboard fail01:14
jrwren_echo -e "Package: whoopsie\nPin-Priority: -1" | sudo tee /etc/apt/preferences.d/whoopsie01:14
jrwren_on all your servers should do it.01:14
jrwren_or in a shared cloud-init01:15
MavKendoes someone know of a good site that shows best practices for directory permissions?  I have /var/www/client1/public_html/ for each of my clients... lots of permission issues with joomla04:01
patdk-lapnot specific enough04:02
jkitchenMavKen: welcome to the wonderful world of "trying to make mod_php secure"04:02
patdk-lapthe question will be, how are you running php? what user?04:02
patdk-lapthere are really just 3 options04:02
jkitchensolution: don't. use php fpm or cgi or such04:02
MavKeni added all users to www-data04:03
patdk-laprun it as a single user, then any user can screw with other users04:03
MavKenthen made www-data owner of each04:03
patdk-laprun it as the user, then user can screw with themselfs, and anything outside their public_html folder04:03
patdk-lapor make a new user for each user that the php runs as for that user04:03
patdk-lapya, your going have lots of fun there, all you have to do is see what joomla says is required though04:04
MavKenI set permissions at 755 but no good... only 777 worked04:05
jkitchenMavKen: whatever you do, do NOT 77704:05
patdk-lapthat is not what I said04:05
patdk-lapI said set them up as joomla tells you to04:05
jkitchenNEVER 777.04:05
patdk-lapit will tell you what folder needs what permissions04:05
MavKenI don't plan on keeping 77704:05
jkitchenMavKen: don't ever even do it to start04:06
jkitchen777 is for /tmp and that's it.04:06
jkitchenand ever that is 177704:06
MavKenit says to use 755 for all directories04:07
MavKenbut wasnt sure if i should make client1 the owner or www-data04:07
jkitchenMavKen: you need to look into php fpm04:08
jkitchenmod_php should not be used for any multi-tenancy04:08
patdk-lapmod_php should never be used ever :)04:09
jkitchenI disagree04:09
patdk-lapit's a memory and performance hog04:09
patdk-lapwhy weird?04:09
jkitchenmaybe fpm is better now, then04:09
jkitchenI always assumed mod_php was the fastest because the interpreter was always there04:09
patdk-lapmod_php never beat php fcgi04:09
jkitchenahh, I don't think I ever ran it fcgi04:09
patdk-lapand requires apache prefork, and then you have lots of wasted memory04:09
patdk-lapphp_fpm runs as fastcgi, but even before fpm :)04:10
patdk-lapI was doing something like 97rps with mod_php and 114 with fcgi04:10
patdk-lapbut really it was about not wasting all that memory on php to fork apache for html files04:10
jkitchenwe just ran it as cgi. worked ok04:10
patdk-lapand pictures04:10
MavKeni keep wondering if i should try something other than php04:11
jkitchenyou should04:11
jkitchenphp should not be used04:11
patdk-lapyou mean, try a language that has a better reputation of developers not making stupid security mistakes? :)04:11
jkitchenoh set php's security issues aside and you still have an abomination.04:12
patdk-lapbetween joomla, wordpress, ...., endless issues04:12
jkitchenI admit it's getting better but it still carries way too much baggage04:12
jkitchenoh, I'm only talking core04:12
patdk-lapI'm not even talking php itself04:12
jkitchenpeople write horrible software in all languages04:12
patdk-lapya, just the liberty php gives, seems to attract them04:13
jkitchenI mean sendmail was written in C ...04:13
MavKenmy only experience is with php... what else should I look at?04:13
patdk-lapI will say, that is why I do code in php, cause it's quick and dirty04:13
jkitchenMavKen: ruby and python are kinda the new hotness nowadays04:13
MavKenyeah, its easy to throw something together using php04:13
patdk-lapthough, I have spent a long time *fixing* php issues, and also doing thing right04:13
jkitchenthey have excellent web frameworks (rails, django, to name a few)04:14
jkitchenthen things like node.js are becoming popular04:14
MavKennever would have imagined .js being used that way04:15
jkitchennode is pretty rad.04:15
MavKenthinking about trying www.django-cms.org04:16
jkitchenI don't know anything about it other than it has automatically created admin interfaces and is written in python and was extracted out of the CMS of a newspaper in kansas04:18
jkitchenI've known ABOUT it for like .. 8 years now? but never used it.04:19
=== Rasmus`- is now known as Rasmus`
=== jml_ is now known as jml
=== tjaalton_ is now known as tjaalton
=== Tm_K is now known as Tm_T
=== rvba` is now known as rvba
=== ivoks_ is now known as ivoks
=== gnuoy` is now known as gnuoy
=== diplo_ is now known as diplo
=== psivaa_ is now known as psivaa
jamespageapw, the 3.13 changes for openvswitch look a bit terrifying and are definately beyond my capability to fixup in openvswitch11:45
jamespageI'm going to punt this upstream and disable the DKMS package for the time being11:46
apwjamespage, do we lose anything significant by doing so, you mentioned a feature11:50
jamespageapw, just support for LISP based tunnelling which is pretty experimental11:50
apwjamespage, so not the end if the world i hope then11:55
jamespageapw, not at all - the 'supported' tunnelling mechanisms for openstack are GRE and VXLAN11:55
jamespageboth are support directly by the in-tree kernel module now11:56
apwok good11:57
=== railsraider_ is now known as railsraider
jamespagerbasak_, do you have the report generator that looks at server related package merges?12:14
=== rbasak_ is now known as rbasak
rbasakjamespage: http://bazaar.launchpad.net/~ubuntu-reports-dev/ubuntu-reports/trunk/view/head:/server/merges.py12:14
jamespagerbasak, ah - http://reqorts.qa.ubuntu.com/reports/ubuntu-server/merges.html12:15
jamespagegot it12:15
rbasakOh right. You wanted the report, not the generator. Sorry :)12:15
rbasakOne day, I want to get round to being able to prioritise the report.12:15
jamespagerbasak, np - that report gives me enough12:22
jamespagelooks like we have some merging todo still...12:22
rbasakI'm still working on apache2. php5 and mysql are on my list.12:22
=== gary_poster|away is now known as gary_poster
=== phunyguy_ is now known as phunyguy
rbasakhallyn or stgraber: is it expected that "lxc-ls" no longer works as a normal user, now that /var/lib/lxc permissions are locked down?14:36
hallynrbasak: yes, sadly.14:39
hallynrbasak: (you can list your own unprivileged containers, if you're on trusty)14:39
stgraberrbasak: as I just said in the other channel, note that lxc-ls in the next LXC milestone won't try to list system containers anyway14:43
stgraberrbasak: current upstream lxc-ls when run as non-root will list unprivileged containers present in ~/.local/share/lxc/14:43
stgraberwell, unless you force it to look somewhere else with "lxc-ls -P /var/lib/lxc" of course14:44
rbasakstgraber: that's interesting, thanks. Looking forward to your "Unprivileged containers" post :)14:48
stgraberrbasak: just waiting for slangasek to upload my PAM fix so that sshd works in them, then I'll publish it :)14:49
stgraber(well, maybe by that time we'll also have a 3.13 kernel in the archive which would also make unpriv containers slightly nicer)14:49
rbasakLocking down /var/lib/lxc broke adt-virt-lxc, btw, which assumes that it can see inside the guest rootfs as an unprivileged user in order to detect when a container has actually booted (by looking for cloud-init's boot-finished flag).14:50
rbasakI can probably fix that with sudo, but annoyingly that means that I can't just call os.path.exists, etc.14:50
rbasakAn extension to lxc-wait to detect container boot-finished status would be awesome ;-)14:51
makarahi. i've added moin.conf to /etc/init/ but "start moin" give "unknown job" ?14:56
makarahave to go14:57
jamespagerbasak, are your mongodb cross arch changes good for cherry picking? I see they are pending merge upstream now15:03
vipconsultanyone used the  ML350 G5 or ML150 G6 , I am considering between both for a small office. main cafeterias: SAS RAD 10, ilo, low noise, low size15:06
=== Guest6432 is now known as bitnumus
rbasakjamespage: I was waiting for the patches to actually be merged upstream in case they were changed at all, but it looks like that's unlikely now, so if you need it then go ahead.15:19
rbasakjamespage: (as we're synced with Debian I was going to send Debian cherry-picks and let Ubuntu sync it)15:20
jamespagerbasak, find - I'm hacking around on the juju-mongodb package at the moment - I've disabled scripting altogether so it might just build on arm64 with your patches :-)15:21
rbasakjamespage: also, I don't think you need the third commit. Might as well leave amd64/i386 alone until upstream take it.15:21
jamespagezul, is savanna actually in 14.04 yet?15:34
zuljamespage:  not yet i have to upload it15:42
=== railsraider_ is now known as railsraider
=== micahg_ is now known as micahg
vipconsulthow do you go about protecting the data in case of theft ?17:29
holsteinvipconsult: the machine physically getting taken?17:31
holsteinhttps://help.ubuntu.com/community/FullDiskEncryptionHowto ..but, if someone can touch the machine, i dont trust anything17:32
PiciDoesn't that require you to enter a password at boot?17:32
holsteini think it would make running a headless system more challenging.. if not impossible from a cold reboot without intervention17:33
=== ryan`c is now known as ryan-c
=== njbair_ is now known as njbair
=== balloons_ is now known as balloons
semiosisjamespage: ping17:38
jamespagesemiosis, hello17:41
semiosishi, marcoceppi suggested i get in touch with you about the glusterfs package in trusty, i have some updates17:42
semiosisbasically, due to upstart, glusterfs is merged rather than synced.  there's a new release of glusterfs, 3.4.2, and also improved upstart jobs, which I'd like to get merged into trusty17:43
semiosisthoughts?  advice?17:43
semiosisi take care of upstream ubuntu & debian packaging for the glusterfs project btw17:44
=== stgraber_ is now known as stgraber
=== daker_ is now known as daker
=== Tribaal_ is now known as Tribaal
=== balloons is now known as Guest99854
=== hachre_ is now known as hachre
=== seiflotfy__ is now known as seiflotfy_
=== gazoombo_ is now known as gazoombo
=== petey is now known as petey_
=== balloons_ is now known as balloons
keithzgHmphhh, I seem to be running into https://bugs.launchpad.net/ubuntu/+source/nfs-utils/+bug/976632 but am a bit scared to get too invasive chaning settings that otherwise work....sigh.19:09
keithzgWellllll, I gave in and set Domain = localhost on both the client and server /etc/idmapd.conf, which seems to have fixed it. Time for the fun part of eventually discovering unintended consequences and ramifications ;)19:13
addisonjhey, trying to make sense of something, in 12.04.3, the default kernel is 3.8, but under the cloud images, it seems like it defaults to 3.2 instead... is there a reason for that or a place to get the "official" ami with 3.8?19:22
sarnoldaddisonj: I don't know the exact answer you'r looking for but I hope this is helpful :) http://cloud-images.ubuntu.com/releases/12.04.2/release/19:26
sarnoldhunh, wonder why the url says 12.04.2 but the content all says
addisonjsarnold: yeah, I was looking at that, if you scroll down the list of content and look at kernel info, it shows 3.2...19:27
sarnoldaddisonj: how odd19:29
=== BrianH is now known as Guest65168
rbasakjamespage: https://github.com/mongodb/mongo/commit/df3d84e and https://github.com/mongodb/mongo/commit/c9edb7f just landed upstream.19:56
rbasakI'll file a Debian bug tomorrow.19:56
jvargasA server was hacked and it runs a fake program named /usr/sbin/nginx, but that file doesn't really exists19:58
jvargasInspecting /proc/PID_NUMBER I found that the excutable is a perl script19:58
rostamHI using ubuntu 12.04 LTS update 3, Missing files/directories: I have observed on afew of my systems, sometimes after reboot some of files or directories are missing,any idea why? thx19:58
jvargasAnd its current executing directory is /tmp19:59
jvargasHow can I find the original program being run as "/usr/sbin/nginx" if it doesnt exists?19:59
sarnoldjvargas: check /proc/pid/fd/20:02
sarnoldjvargas: you may be able to vi some of those; I can't recall if it still works if the file's been deleted, but I think it may..20:03
jvargassarnold: will check. brb20:03
sarnoldrostam: check your various /lost+found directories ? if the system lost power before umounting, perhaps the files were disconnected..20:04
dcosnet`which nginx`20:09
dcosnetor `lsof | grep nginx`20:09
dcosnetto see what it is talking to20:09
jvargassarnold: just did it, but no files open, just sockets and pipes. I found that its /proc/PID/fd/51 points to /proc/OTHER_PID/auxv20:10
jvargasBut that OTHER_PID doesn't exist anymore20:10
sarnoldjvargas: crazy20:11
semiosisjvargas: possible remote code execution, program code may have arrived over the network & only reside in memory.20:14
sarnoldyeah perl does make it easy to deliver executable code in a varieyt of ways.. stdin, -e, load a file and execute, etc..20:20
jvargassemiosis: maybe. since it is a perl program, is it possible to inspect the source code at execution time?20:20
dcosnetcheck /tmp and /var/tmp just incase20:21
dcosnetalso any possible memory filesystems like gnome has20:21
jvargasI just did, nothing there.20:22
semiosisis this a web server?  runing php perhaps?  i've seen plenty of RFI exploits do stuff like this20:22
semiosis(remote file include)20:23
jvargassemiosis: yes, a web server running php. Actually, the process runs as one of the web users20:24
keesjvargas: you could gdb attach and have it generate a core dump (without actually killing the process)20:24
semiosishehe, called it20:24
keesthe command is "gcore", fwiw20:25
jvargassemiosis: yes. What I am looking for is for the source of the program to eliminate it completely.20:26
sarnoldkees: oh! I didn't know that was an option. nice. /proc/self/mem isn't being friendly to e.g. strings -a  :) hehe20:26
keessarnold: right, /proc/$pid/mem needs the reader to be ptrace attached20:26
semiosisjvargas: most likely you have a php file on the server which is vulnerable to an rfi attack, and someone (many actually) are scanning teh whole internet looking for such vulnerable systems20:26
semiosisthese vulerabilities exist in lots of popular php apps20:26
sarnoldkees: oh! cool. thanks. :)20:27
semiosisthere's very likely no file on your server being executed20:27
keesin the generated core file, you may have a dump of the original source, if you're lucky20:27
jvargassemiosis: I know. I've removed some of these before, but this one is the most curious one ever.20:27
sarnoldthe /proc/pid/auxv is an odd touch, no doubt.20:27
keesfd/51 ? wow. I wonder what it was doing20:28
kees(like, that's a fair number of open files)20:28
jvargaskees: yes, I read that auxv file is "contains the contents of the  ELF  interpreter  information passed  to the process at exec time"20:29
jvargasSo, why does a process would have an open fd pointing to the AUXV file of another process?20:30
keesjvargas: there's a lot of weird stuff in the auxv file. the most sensitive is the ELF start location (which can be an ASLR bypass) and the random number seeds for glibc protections (ssp, ptr_mangle)20:30
jvargasCopying the full binary image of its parent process?20:30
semiosisjvargas: you might want to look into running mod_security - http://www.modsecurity.org/20:32
keesjvargas: my arbitrary guess was that it was trying to attack that process by examining its ASLR offset. but that's just a total guess.20:32
keesjvargas: but getting a gcore via gdb will tell you the most at this point.20:32
YamakasY_Hi all20:32
jvargaskees: will run gdb now.20:32
YamakasY_can apt-mirror not use mirror://20:32
YamakasY_ ?20:32
keesgdb, attach $pid, gcore, quit20:32
keeswell, quit if you want it to keep running. otherwise it'll stay paused while you have gdb open20:32
xperiahi. i am having problem with mailman on my ubuntu saucy server. installed and configured mailman with any problem but having trouble with permission and access of the new created mailing list. getting allways this error message here20:34
xperiaAH00670: Options FollowSymLinks and SymLinksIfOwnerMatch are both off, so the RewriteRule directive is also forbidden due to its similar ability to circumvent directory restrictions : /usr/lib/cgi-bin/mailman/listinfo20:34
xperiahave checked the apache conf and enabled Options +FollowSymlinks but it does not help. anybody who can suggest what need to be done?20:34
jvargaskees: got the core dump, now what can I do with that binary file?20:35
keestry "strings" on it, see if anything exciting appears :)20:36
sarnoldon a first shot, try strings -a on it20:36
jvargaskees: I used vim and found strings like "/tmp/bad" and "/usr/sbin/nginx" too near each other.20:37
keesno perl code snippets, eh?20:37
jvargasyes, some code snippets.20:38
jvargasalso found several URLs, joomla vulnerabilities info and search engine queries.20:39
keesnice! sounds like it might scanning for more vulnerabilities.20:40
semiosisit's most likely a botnet agent, able to propagate, spam, and ddos20:40
semiosisthat's my guess20:40
keesjvargas: if you want, gzip and email the gcore to me, I can look too. kees@ubuntu.com20:40
xperiaokay could solve the problem. was a apache config problem with the order of the directory rules.20:41
semiosissome of these botnet agenst propagate by searching google for paths that indicate possibly vulnerable hosts20:42
semiosisC&C is often handled over http, where the server address is generated based on a time index & some seed.  check what dns queries that host is generating20:43
semiosisjvargas: ^20:43
jvargassemiosis, kees: gimme a minute20:46
jvargaskees, semiosis: I used strings and checked some target URLs, for example this one: http://www.istanbuldenizotobusu.com/sodd.txt20:50
semiosisi'd recommend against opening that in a browser!20:50
semiosiscurl is your friend20:50
keesit's a perl script20:50
jvargasseems that code is retrieved remotely20:51
semiosiswow, using irc for C&C, thats old school20:51
jvargas$proc var is the process names it takes20:52
kees"BaDGuyS" is the admin control nick, fwiw (the base64 decode)20:53
semiosisa ddos agent20:53
jvargascuriously it also performs checks against speedtest.net for bandwidth performance20:54
jvargasso, it scans and also performs ddos20:57
=== BrianH is now known as Guest12982
keesyeah. you can probably find its outbound network connection in "netstat -anp" as root and find its pid20:58
jvargasIt seems that it used a JCE vulenrability on Joomla websites: http://www.istanbuldenizotobusu.com/update.php20:59
keescool, you found its entry point?20:59
jvargasi hope so. ill keep reading.21:01
semiosisjvargas: if you're feeling adventurous, you could set up a honeypot & point that exploit tool at it, then capture what it does... that would allow you to see the whole payload21:03
keesoh, hah. sodd == DDoS (backwards)21:04
semiosishoneypot could be as simple as a php script that writes the whole request, with headers & post data, to a file21:04
keesyeah, this thing in memory seems to be the attack-finder.21:08
keesopenflashchart ? another vuln?21:08
YamakasY_wow a 12.04 mirror is huge21:16
=== BrianH is now known as Guest92448
punapantteriI just installed the dovecot-postfix package21:31
punapantteriasd configured it as this said: https://help.ubuntu.com/10.04/serverguide/postfix.html21:31
jvargassemiosis, kees: problem solved now :-) thanks for ur help21:32
punapantteribut when I connect with netcat and test, it doesn't work as I suppose it should21:32
punapantteriI don't see the lines "250-AUTH LOGIN PLAIN" and "250-AUTH=LOGIN PLAIN" among others21:33
semiosisjvargas: yw. what did you do to prevent further attacks?21:33
jamespagesemiosis, hey - sorry - i missed your response21:35
jamespagere glusterfs21:35
jvargassemiosis: updated jce extension on that website and for further protection disabled direct php execution that doesnt passes throgh joomla cms21:35
semiosisjvargas: cool21:35
semiosisjamespage: yeah no worries :)21:35
xperiahi does somebody has mailman running on his ubuntu server? i have some strange permission problems. get allways this error message when i try to confirm my subscription => AH00037: Symbolic link not allowed or link target not accessible: /var/lib/mailman/archives/public/21:35
semiosisjamespage: what do you think about what I was saying?21:35
jamespagejust looking21:36
semiosisjamespage: fyi, my upstream packages (blessed as the official upstream packages for ubuntu) are here: https://launchpad.net/~semiosis/+archive/ubuntu-glusterfs-3.4/+packages21:40
jamespagesemiosis, what does the diff look like between your packags and the distro packages?21:40
semiosisthe glusterfs package in trusty has my old upstart job from 2 years ago21:41
jamespagesemiosis, that sucks a bit21:42
semiosisin summary, moved the mount block job, mounting-glusterfs.conf, from the -server to the -client package, and changed it to wait for static-network-up instead of started glusterfs-server21:42
semiosisroot issue this addresses is mounting glusterfs vols at boot time21:42
semiosisused to only be a problem when mounting vol from localhost21:42
YamakasY_damn why are mirrors that huge21:44
semiosisbut more recently (last year or so) many people have had issues with the mount being tried before network is up at all21:46
semiosisidk if that was caused by a change in ubuntu since precise, or just more people using/testing revealed an issue21:46
semiosislots of people use my ppa packages and blocking until static-network-up seems to work for everyone21:46
semiosisonly remaining issue i'm aware of with this config is that if you have multiple glusterfs mounts in fstab, the blocker only holds the first one :(21:46
semiosisidk how to resolve that21:46
semiosisor even how to approach it21:46
jamespagesemiosis, sounds like there are some good improvements to incorporate21:47
semiosisYamakasY_: why do you need a mirror?  maybe just a caching proxy will work for you?21:47
YamakasY_semiosis: to be sure :)21:48
jamespagesemiosis, any chance I can persuade you to raise a merge proposal against lp:ubuntu/glusterfs with relevant changes to incorporate into the Ubuntu package?21:48
jamespagethat can include the new point release as well21:48
semiosisjamespage: sure, i did that for precise, about time I do another one :)21:49
jamespagesemiosis, thanks - ping me when you have it ready - i'll review and sponsor :-)21:49
semiosisany thoughts on that issue of blocking multiple mounts with a single blocker job?21:49
YamakasY_semiosis: too much traffic over such proxy21:50
YamakasY_to too large cache21:50
semiosisnot as large as a mirror :)21:50
semiosiswell, not larger than21:51
jamespagesemiosis, tricky21:51
semiosisyep, i gave up on a general solution.  for my own servers I create an extra blocker for each mount with puppet21:51
=== markthomas_ is now known as markthomas
jamespagesemiosis, it might be possible to use the instance stanza in some way21:53
YamakasY_semiosis: yeah might be21:53
YamakasY_semiosis: but I wonder how good that works21:53
semiosisjamespage: i'll take another swing at that21:54
jamespagesemiosis, I'll think about it as well - and ping jodh for an opinion21:54
=== Ursinha-afk is now known as Ursinha
=== Ursinha is now known as Guest50378
=== gary_poster is now known as gary_poster|away
=== Ursinha-afk is now known as Ursinha
=== BrianH is now known as Guest36871
=== manjo` is now known as manjo
=== Ursinha is now known as Ursinha-afk
=== SJrX is now known as SJr
keithzgHmmm, why does virt-manager keep asking me for my passwords for my SSH connections, rather than just using the SSH keys as configured in .ssh/config?23:27
=== BrianH is now known as Guest71540
=== Ursinha-afk is now known as Ursinha

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!