shaunoI'm still using lucid.  it's still supported!00:01
neuroyeah but with le packages du ancient00:01
shaunopffft.  I prefer to think of them as "tried and trusted"00:01
daftykinsi'm typing from a lucid VM for irssi alone00:02
neuroprecise is tried and trusted00:02
daftykinsaaand my local web server is still lucid00:02
neurolucid is like le old00:02
daftykinsi might skip precise and go straight to trusty, but i know it's gonna be constant upgrades galore =/00:02
neuroi'm not deliberately slagging lucid for the sake of it00:02
neuroi just prefer my "cluster" to have release parity00:02
shaunoI've just been putting off upgrading because I tend to spawn a new VM, get everything up and going, and then kill the old one00:05
shaunowhich means an IP change, and this machine is my dns server00:05
neuroat some point i'm going to migrate my external-facing name servers to route5300:06
shaunoI like to keep them under my control because if I stop doing things myself, I completely forget how to and turn into an apple user00:07
neurowell, that seemed to go swimmingl00:20
neuroshauno: once you learn how to work with bind zone files, you never forget00:20
diddledanthe uk has a eurovision entry: http://www.bbc.co.uk/iplayer/episode/b03y10yq/Eurovision_Song_Contest_2014_The_UK_Launch/01:17
shaunoiplayer says I'm not allowed to see it.  I assume it's a state secret for now02:44
jussishauno: or maybe just that bad that yyour computer is trying to protect you... :P06:55
jennie I am trying to do exact same thing and I am facing exact same problem. any solution for this ? http://ubuntuforums.org/showthread.php?t=199854307:06
jussijennie: you want to preserve the whole disk, right ?07:07
jussi!info dd07:07
lubotu3Package dd does not exist in saucy07:07
jenniejussi: I want to copy my C drive to other drive in the same PC for backup07:08
jussijennie: I havent time to explain it properly, but if you are on linux, you can use dd. (dd if=path/to/cdrive of backup.img)07:13
jussigoogle some07:13
jussidd if=path/to/cdrive of=backup.img07:13
jenniejussi: I have to copy all directories and files in C :  except " windows " directory.07:14
jussijennie: sorry, I cant help more right now, got to run07:15
MooDoomorning all07:27
mappswhays up07:30
mappstime to watch the following07:31
mappshmm strange08:09
mappsmy crontab entry didnt run08:09
MartijnVdSmapps: check /var/log/auth.log and /var/log/syslog08:17
MartijnVdSmapps: crontab syntax might be incorrect, or file permissions08:17
mappsah it did run but the file my script create went into a diff dir than expected08:26
mappsMartijnVdS,  what do you use to stop bruce force ssh i was reading up on it and there's a few options..just ive got quite a lot of attempts in auth.log08:27
MooDoomapps: I use denyhosts.08:29
mappsthanks is it easy to configure?08:31
MooDooyeah only issue is that if you block your own IP it causes grief ;)08:36
mappsthanks will look into that later:)08:37
diploMorning all08:43
mappsmorning diplo08:44
MartijnVdSmapps: I use fail2ban08:45
MartijnVdSmapps: you can also configure it to block IPs that are h4x0ring your apache server, or anything that logs failed login attempts08:46
mappsaha thats handy08:46
mappsi was going to say i should probably look at doing somethig for apache08:46
diplo+1 for Fail2Ban08:49
MooDoook apt-cache finds fail2ban - ban hosts that cause multiple authentication errors08:50
MooDoomight give that a try too08:50
diploBy default it does ssh I believe, need to enable the others, lots of info on the net though and configs are fairly straight forward08:51
MartijnVdSyeah, you have to configure the others08:55
MartijnVdSbut the config file is easy to read/expand08:55
MartijnVdSand you can write your own log filters for finding unauthorized logins if you want08:55
JamesTaitGood morning all; happy Grammar Day!  :-D09:05
MartijnVdSJamesTait: no no no, it's Pancake Day!09:08
MooDooMartijnVdS: +109:09
bashrcsadly, polar bear day is over09:10
MartijnVdSMooDoo: A day to eat pancakes sounds a lot saner than the whole "carnaval" thing they have in the south of the Netherlands.. 4 days of binge drinking and partying.. *shudder*09:10
bashrccarnival of pancakes?09:11
MartijnVdSbashrc: http://en.wikipedia.org/wiki/Carnival_in_the_Netherlands09:12
JamesTaitMartijnVdS, carnival of pancakes sprinkled with apostrophes?09:12
mappsinstalled MartijnVdS  and setup for ssh that was easy09:13
MartijnVdSJamesTait: Just the pancakes please. I like them alot. :P09:13
DJonesmapps: How did you install MartijnVdS, was it just a straight sudo apt-get install MartijnVdS :)09:14
MartijnVdSMaaS.. MartijnVdS as a Service?09:15
MooDooDJones: you can't sudo apt-get install MartijnVdS as there are dependancy failures09:15
DJonesMooDoo: :)09:15
JamesTaitDJones, I think it was a git clone. ;)09:15
MartijnVdSJamesTait: oi!09:15
mappsheh DJones  :D09:16
mappsnow these pesky people will be blocked09:17
mappschina/brazil/france trying all kinds of usernames09:17
mappsguest/staff/a and of course root lol09:17
diploYou could if you're having issues block Russia/china etc if you're not expecting areas like that to access09:18
brobostigonmorning boys and girls.10:43
MooDoobrobostigon: good morning sir10:43
brobostigonmorning Mr MooDoo10:44
DJonesWill somebody please go out and shoot the plonker that developed mysearchdial crapware, preferably using a time machine to go back 10-15 years and then do the shooting to make sure the bugger doesn'tr release the junk into the wild10:45
IdleOneDJones: not condoning murder by time travel, but perhaps going back and killing the grandfather to be certain.10:55
GingerDogor just providing him with contraception at the right moment.10:55
DJonesIdleOne: GingerDog: Either of those would be a suitable solution10:55
davmor2Morning all11:00
foobarryanyone still use solaris sparc here?11:01
foobarryspun up a t1000 hoping the single threads would run a lot faster than a 280R, seem *much* slower11:01
MartijnVdSfoobarry: you spun up a T-1000?! http://www.sideshowtoy.com/mas_assets/jpg/900996_press01-001.jpg11:04
MartijnVdSJamesTait: http://www.reddit.com/r/britishproblems/comments/1zil2e/i_just_overheard_someone_wishing_someone_else_a/11:06
JamesTaitMartijnVdS, St Pancakes!11:06
foobarrycrashing LO-draw, also crashes LO-calc...:(11:09
cocoa117the iptables MASQUERADE is only apply to private IP address range right? when I want to route IP traffic from internal network with computers on non-private IP range I don't have to use it, do i?11:22
MartijnVdScocoa117: it applies to anything you set it to apply to :)11:22
MartijnVdScocoa117: you need it to connect from a private address to a public one11:23
MartijnVdScocoa117: you don't need it for priv->priv or pub->pub, as long as you have routing set up11:23
cocoa117MartijnVdS, so that means by appling the iptables MASQUERADE, the traffic will be showing coming from firewall rather then from internal client?11:23
MartijnVdScocoa117: indeed11:23
MartijnVdSalso called "NAT", or "network address translation", or SNAT (source NAT)11:23
MartijnVdS(as it mangles at the source of the (outgoing) connection)11:24
cocoa117MartijnVdS, got it, the NAT in my mind always associated with private IP addresses. Never thought about the non-private IP ranges11:24
MartijnVdScocoa117: not many people NAT connections from public addresses, as that would be silly :)11:25
cocoa117MartijnVdS, I do, in this case. by the way, is public IP range right?11:26
cocoa117MartijnVdS, yes it is from China11:26
MartijnVdScocoa117: it is.11:26
MartijnVdSdescr:          KNET Techonlogy (BeiJing) Co.,Ltd.11:27
cocoa117MartijnVdS, got it, yes i got same results11:27
MartijnVdSthey can't spell Technology 8-)11:27
cocoa117ha, :)11:27
smittixMorning all11:33
knightwisehey everyone :)11:41
MooDoohello all11:42
MooDoolong time no see smittix :p11:55
smittixYeah in and out ;)12:06
brobostigonpebble android beta11, lets see if things have been fixed.12:08
MooDoobrobostigon: beach robot and alpha.....are we playing word association?12:09
brobostigonMooDoo: no.12:09
MooDoobrobostigon: sorry just trying to make people smile12:10
ali1234i do wonder why software companies release update after update without fixing any of the glaring bugs12:10
brobostigonMooDoo: ah, i see.12:10
MooDooali1234: quite normal to be honest12:10
ali1234but why do they even bother?12:10
brobostigonactually, it has improved an awful lot, and lots been fixed.12:11
MooDooali1234: releasing new features makes it more attractive so they'll do that first12:11
ali1234they never release new features though12:11
ali1234router firmwares are great examples of this12:11
ali1234they'll release maybe 10 updates in the course of a router's lifetime12:12
ali1234none will add any features or fix any bugs12:12
ali1234if you look at the source changes they are trivial12:12
ali1234seems fairly normal for firmware in anything really12:13
foobarryi had a bug fixed in router firmware12:14
foobarryadsl router12:14
foobarryresolved issues with adsl212:14
ali1234i had the opposite experience actually12:17
ali1234the update broke adsl and also made qos useless12:19
brobostigonno wacking great bugs yet, all is good,12:23
ikoniacurious to if anyone has any preferences or recommendations to open source CMDB's I've got an oppertunity to do something different from my normal prefernce and wondered if anyone had one they recommend and why12:30
MartijnVdSikonia: CMDB?12:36
awilkinsConfig Management DB12:40
awilkinsTHink ICT Asset Management +12:40
MartijnVdSah.. not like chef/puppet12:41
ikonianah, although that's what I was actually using, a puppet extension12:46
ikoniabut I need something a bit stand alone12:46
ikoniajust wondered if there was any people would say "yeah, that's good" as I'm just reading now12:47
MartijnVdSvim inventory.txt ;)12:47
foobarryikonia: for pcs or servers12:47
ikonianot the best suggestion.....12:47
ikoniafoobarry: for "everything"12:47
foobarrygood luck12:47
ikoniapc,server,switch,router,firewall, etc12:47
ikoniaagent or agentless, doesn't matter really12:47
foobarryif < 100 desktops then invetory.xls12:48
ikoniajust looking for food for thought really12:48
foobarryif > 100 then spiceworks etc12:48
foobarryor office junior12:48
ikoniaspiceworks....what's that12:48
foobarryif only servers and switches then netdisco+racktables12:48
ikonia basically "all infrastructure"12:50
foobarryor use facter from puppet to pump into mysql and use php to manage via web page12:50
jussiopenerp has asset management stuff, (not sure how that suits what you are after)12:51
jussi(because Ive no idea what a cmdb was until I googled it)12:51
=== alan_g is now known as alan_g|lunch
ikoniafoobarry: don't want to write anything, off the shelf, and as I said don't want to use puppet as it will be for things not controlled/managed by puppet too12:53
foobarryas i say, good luck12:57
foobarryhire a teenager and deploy inventory.xls12:57
foobarryor use the asset db12:57
foobarrythat the finance dept will give u12:57
MooDoohi popey13:02
daftykinsclient texts me saying their 'system is slow'13:04
daftykinsso i connect in, sure enough having some serious latency issues13:04
daftykinsget that pinging their first hop out13:04
ikoniafoobarry: can't be that tough, there appear to be quite a few off the shelf cmdb's13:09
ali1234whoever sent me a moderator invite on reddit needs to look at my posting history. i am a massive troll on reddit.13:10
* daftykins looks shocked13:10
popeymoderator invite to what?13:11
bashrcI rarely use reddit13:11
bigcalmGood morning peeps :)13:17
bigcalmAre opendns' dns servers being pants for anybody today?13:17
bigcalmLookups are taking an age13:18
MooDooI use googles. so no idea :p13:18
bashrcI've never investigated it, but I wonder if it's possible to run your own dns server13:18
bigcalmIt is13:20
ali1234of course it is....13:20
bigcalmBut it would still have to perform lookups against other DNS servers13:20
bashrcyes I expect so13:20
ali1234it's more for when you want to control the DNS of your own domain13:21
ali1234ubuntu runs a local caching dns server anyway13:21
* bigcalm moves over to google's DNS servers13:21
ali1234i use google's, they're much better than opendns13:22
MooDooyeah mee to13:22
bashrcI don't really know how dns works, but I'd guess that it has to automatically synchronise with other dns servers13:22
ali1234there's no synchronization as such13:22
ali1234records are cached13:23
bigcalmIs the 2nd or
daftykinsrecord propogation13:23
bashrcso what if a domain name stays the same but the underlying IP address changes?13:24
ali1234records have a ttl13:24
bigcalmThat's where TTL comes into play13:24
bashrcis that a sort of synchronisation?13:24
daftykinsit's a value in seconds of how long to keep a record for before requerying it13:25
ali1234synchronization implies pushing13:25
daftykinsthus anyone holding the IP for a domain in cache gets instructed to ask for an update13:25
ali1234the cached dns records aren't updated until someone asks for it13:25
awilkinsTime To Live13:26
daftykinsbashrc: think of it like requesting your phone number gets changed in the phone book, it's correct at source but everyone else needs to go get the latest directory print to know ;)13:26
awilkins8.8.8.8 is Google's DNS, no?13:26
bashrcit is13:26
* awilkins reads further up13:26
daftykinsit's one of theirs yes13:27
awilkinsApparently my router just proxies whatever it gets told by DHCP13:27
awilkinsmy /etc/resolv.conf says
awilkinsHmm, that's a local address innit?13:28
daftykinsyep loopback13:28
daftykinswow my cat is in a serious playful mood today13:28
awilkinsProbably got hold of some black market catnip13:29
daftykinsquick spot of tail-chase breakdancing followed by attacking a key on a window sill upstairs13:29
ali1234awilkins: because ubuntu runs dnsmasq locally as a caching proxy13:29
MartijnVdSresolvconv daemon13:29
MartijnVdSor scripts13:29
MartijnVdSor whatever13:29
ali1234by default it's dnsmasq13:29
MartijnVdSyeah but resolvconf manages /etc/resolv.conf and points it at dnsmasq afaik?13:31
awilkinsRouter is also running dnsmasq13:32
ali1234yes they often do13:32
awilkinsRouter is running OpenWRT13:32
awilkins(rather old build of it)13:32
awilkinsHaving sshd on your router 4tw13:33
ali1234ssh is really slow on those things :/13:33
awilkinsAll I use it for is tunnelling traffic mostly13:33
awilkinsCan peg my upstream bandwidth, so it's fast enough13:33
ali1234bandwidth isn't the issue... the slooooow cpu in most routers is13:37
ali1234unless you have a x86 routerboard or something13:37
awilkinsali1234, No, it's a Broadcom13:37
awilkinsIt's ancient13:37
ali1234so MIPS then... and not even a good one13:38
awilkinsHas crappy WIFI but it all still works well enough that I haven't desired the pain of changing it13:38
MooDoomy router just patched a major flaw in it sigh!13:38
ali1234i have a MIPS NAS somewhere, it can't even sustain 10mb and that's without encryption13:38
ali1234speaking of NAS, should i get a kirkwood one that can run debian or red sleeve, or just get a HP microserver?13:39
ali1234i'm going to put it in a cupboard so it should be low power/ low heat13:40
awilkinsI suppose I could use my ISPs router instead and stick a Pi in the loop to do my current routing13:40
ali1234meh, Pi isn't exactly fast either13:40
diddledanI've got an RB2011 box doing my routing13:41
awilkinsTried to use my laptop as a bridge for my Pi but bridging wlan0 to eth0 is fiddly13:41
ali1234nah, it's easy13:42
awilkinsali1234, Fiddlier than typing two commands :-)13:42
ali1234well yeah13:42
awilkinsYou need to install some packages and configure them13:42
ali1234it's three commands13:42
awilkins"Level4 RouterOS license. "13:44
awilkinsI presume you can run something non-commercial on it?13:44
diddledanno you can only run routeros afaik13:44
smittixDoes anyone know if there is a version of ubuntu to install on a samsung galaxy tab 8"?13:45
diddledanif you had the time it would be possible to run a linux-derivative on there13:45
diddledanI think it uses uboot which is open to the world13:46
smittixI need to look into it then.13:46
diddledansmittix: don't know13:46
diddledansmittix: there are many ports available/in-progress by "the community"13:47
jussismittix: its "likely" but it probably isnt complete13:47
diddledansmittix: whether anyone is doing one for the tab 8, though I don't know13:47
smittixOk, thank you both.13:49
BigRedS_Is there some new fashionable replacement for dpkg --get-selections for getting the same packages on one machine installed on another?14:00
=== alan_g|lunch is now known as alan_g
dogmatic69_lol http://esolangs.org/wiki/IRP14:03
ali1234is there a way to give google my dropbox password and have them suck everything into drive?14:06
dogmatic69_ali1234:  not used it https://mover.io14:09
ali1234meh, i dont want a third party service14:09
dogmatic69_ali1234:  how about http://www.lbreda.com/grive/start14:11
dogmatic69_you can just sync the dropbox folder to drive14:11
ali1234the thing is, i don't want to deal with dropbox14:11
dogmatic69_well do it once, then delete db14:12
ali1234i can't14:12
ali1234people insist on using it to share files with me14:12
dogmatic69_oh you dont have dropbox already14:12
dogmatic69_I see...14:12
ali1234i have dropbox14:12
ali1234i don't want to install their software14:12
ali1234i don't want to log in to their website14:12
ali1234i just want a copy of the files people shared with me on dropbox inside my drive14:13
MartijnVdSali1234: Synology's 5.0 firmware beta has an app that can connect to both.. I guess if you select the same directory, it'll sync them of for you14:13
dogmatic69_well both drive and dropbox have an api so it would be possible to write a script and run it on a cron14:13
MartijnVdSthough you'd need a NAS from them 8-)14:13
ali1234i don't want to sync the files over my broadband either14:14
MooDooyay nas14:15
diddledanis that a new product?14:16
diddledanif not, it should be14:16
diddledando it!14:16
MooDoolol I meant yay       nas :)  I love nas14:23
smittixali1234: Heh, strange. I have just been looking how to migrate all of my stuff from onedrive to dropbox.14:43
ali1234dropbox are really pushy. they keep emailing me to "finish setting up dropbox" with a link for their installer14:43
smittixI'm sure you can stop those coming through.14:44
ali1234sure, i can just filter them on gmail14:44
smittixNo I mean I'm sure you can stop them as in unsubscribe.14:44
ali1234i know :)14:44
smittixUbuntu looks lovely on my new laptop. What a difference better resolution makes.14:45
MooDoosmittix: 14.04?14:46
MooDoosmittix: even better of 14.04 as they have corner smoothing etc :) looks wicked14:46
smittixMooDoo: Just submitted a photograph for the Wallpapers in 14.0414:51
smittixDon't know how well it will do but it's worth a try.14:54
diddledanI doubt they'll be able to use it - all rights reversed15:06
smittixI will change the licencing to open15:07
smittixForgot about that15:07
diddledan:-) if it's your photo then obviously you'll be able to assign rights willy-nilly. I was assuming you'd just linked a random photo :-p15:08
smittixNo heh, it's my photo.15:08
knightwiseHarg !15:10
knightwiseI never new starting your own company would be that intesive15:10
diddledanknightwise: own company?!15:10
diddledanwhat are you selling?15:10
knightwiseFreelance consultant15:10
knightwiseWhore for Hire :)15:11
bashrcHired gun15:11
daftykinsthat's what i'm trying to setup15:11
knightwiseStill a little bit of a secret. Will tell the folks at work tomorrow15:11
knightwise:) indeed "guns for hire" :)15:11
daftykinsare they shiny?15:11
* diddledan tries to flex his guns15:11
TheOpenSourcererknightwise: What do you consult on?15:11
knightwiseThe have a STAR :)15:11
diddledanhmm, flabby15:11
knightwiseTheOpenSourcerer: IT architecture, change management , service delivery , infra design15:12
knightwiseand dragging companies into the 21st century (kicking and screaming if I have to)15:12
TheOpenSourcererOK thanks. Don't need any of that right now but will keep you in mind.15:12
knightwiseTheOpenSourcerer: where are you located ?15:13
TheOpenSourcererFarnham, Surrey.15:13
TheOpenSourcererBut that is not really important15:13
diddledannot far from me15:13
TheOpenSourcererwe have customers all over the place, many we never actually visit15:13
TheOpenSourcererLike the ones in the USA :-(15:14
diddledanconcord ftw15:14
diddledanoh wait, it lost15:14
diddledandammit >.<15:14
TheOpenSourcererYeah - I missed that one. Went to the F1 grand Prix in Monaco instead.15:14
diddledanthe world got slightly larger when the concord died15:15
TheOpenSourcererHad the choice to go to NY and watch a boxing match and come back on Concorde or go to Monaco for 4 days and party hard...15:15
diddledanup until that point it was gradually shrinking15:15
TheOpenSourcererGuess which one won ;-)15:15
diddledanI should eat lunch15:16
TheOpenSourcererI should think about heading off to parent's evening15:16
bashrcotherwise you will get a bad report15:20
TheOpenSourcererMy kids are perfect :-D15:22
foobarryeveryones kids are perfect and everyones wife is the most beautiful in the world15:22
TheOpenSourcererTheir reports are always *way* better than mine ever were...15:22
daftykinsTheOpenSourcerer: sounds like they're secretly Stewey from family guy, covering their world domination antics15:29
smittixWhat's a decent RDP client these days? I normally use Remmina but I heard it's not actively developed?15:31
MartijnVdSwith rdesktop integration?15:32
smittixI will have a look, thanks15:32
smittixHmm, keyboard is US layout despite UK being chosen.15:45
daftykinshow rude15:47
bigcalmThat physically happened to me16:09
bigcalmOrdered a UK layout keyboard from the USA. They shipped a US layout16:09
bigcalmStill have it under my bed. Anybody want a US layout keyboard? :D16:10
foobarrychiclet or big keys?16:18
daftykinslawd no16:18
daftykinsthey put pipe in an obscene place!16:18
daftykinsand that single height enter! *shudder*16:18
bashrcIf you bought a decent keyboard then you'd just be able to remove and swap the keys around16:30
bashrci.e. removable keycaps16:30
daftykinsbashrc: er, you know that doesn't work for a US layout right?16:37
daftykinstheir actual style is different16:37
Azelphurwow, the DPS are stupid, they refuse to accept evidence through dropbox, they want me to attach 100+mb videos to an email16:37
ali1234do it16:37
Azelphurcan't, gmail limits 25mb16:38
ali1234split it16:38
Azelphurcould do16:38
ali1234what is DPS anyway?16:38
Azelphurdeposit protection scheme, former landlord is trying to scam me16:38
=== Lcawte|Away is now known as Lcawte
bashrcemail bombs!16:38
ali1234the couch guy?16:38
Azelphurali1234: couch guy?16:39
daftykinsthe Azelphur's-gonna-go-nuts-and-trash-my-property guy?16:39
ali1234yeah there was a counch outside your house or something16:39
Azelphurdaftykins: yup that's the one16:39
daftykinswinner \o/16:39
Azelphurhe told DPS I left the place unclean16:39
daftykinshmm who did i use for DPS16:39
daftykinsi guess you didn't have snaps upon leaving? :(16:39
Azelphurdaftykins: actually, I have before and after video16:39
daftykinsmydeposits.co.uk i think?16:39
daftykinsoic :D16:40
Azelphurplace was left in a far better condition than I arrived, the video shows that16:40
daftykinsbut they just don't have the tech :(16:40
Azelphurhttps://www.dropbox.com/s/8rmrhid16luh2ag/2012-11-27%2020.11.46.mp4 before, notice busted kitchen, splinters all over the floor, cutlery, horrible toilet seat, etc. After, https://www.dropbox.com/s/d7s3ro909ayg94c/2013-05-12%2013.50.18.mp4 all fixed up and tidy16:41
Azelphurapparently the state I left the place in warranted "cleaning"16:41
ali1234before looks okay to me16:42
mappsyep access _log full of people trying all sorts on my apache16:42
mappscrazy /cgi-bin and massive strings etc heh16:43
popeyhappens to us all16:43
mappshow can i stop it?16:43
popeyyou cant16:43
popeyfirewall off your webserver16:43
mappsfail2band will auto block people doing it a lot but thats all16:43
Azelphurali1234: sure it was /okay/ that's why I moved in, but point is it's much cleaner in after16:43
* daftykins slaps Azelphur's hands once again for portrait videos16:44
ali1234the bathroom looks kind of dirtier in the after video16:44
mappsis there anything i could to do to make my apache more secure then?16:45
daftykinsi used to change a variable that stopped it showing its' exact version number16:48
foobarryblock the whole of china16:49
ali1234block the whole of china, india, eastern europe, and america16:49
ali1234wait i forgot someone16:50
bashrcblock all the countries!16:50
ali1234no reason to block brazil16:50
foobarryand those 8 guys on teh antarctic station16:50
foobarryand wales16:51
foobarryjust for fun16:51
mapps68.49.8.147 - - [04/Mar/2014:12:12:47 +0000] "GET /HNAP1/ HTTP/1.1" 404 20417:05
daftykinsmapps: do you run one of those D-Links 0o17:19
shaunoyou don't need one for it to show up in logs; you'll still get drive-bys17:21
mappsnope daftykins  rubbish o2 wirelessbox (thomson 780wl)17:24
daftykinsyeah, was just checking17:25
daftykinsfigured it was a hammer-all style of thing17:25
shaunothey're only really worrying if any of them aren't 404 ;)17:26
daftykinsthis makes me lul17:26
daftykinslook at that fine connection there17:27
daftykinsfirst hop pings are anywhere from 6ms to 3,5 seconds17:27
mappsso got fail2ban setup for apache and sshd - should i add any ip range blocks to iptables?17:30
bigcalmHow would you set that up for IPv6?17:48
mappscould someone try ssh to my machine multiple times using wrong user/pass? just wanna see if it blocks you18:04
=== alan_g is now known as alan_g|EOD
diddledanmapps: what if I use the correct password?18:13
daftykinsmapps : mapps12318:13
MartijnVdSmapps: fail2ban will do that18:14
MartijnVdSbigcalm: there's ip6tables -- fail2ban also uses that afaik18:14
diddledanargh, itchy bum18:14
MartijnVdSdiddledan: tmi18:14
mappsdid someone try for me?18:20
diddledanwhat's the addy?18:20
MartijnVdSssh: connect to host port 22: Connection refused18:21
MartijnVdSit blocked me! after only 3 tries!18:21
diddledanI believe I'm now blocked18:21
mappsi set it to 3 tries18:22
mappsChain fail2ban-ssh (1 references)18:22
mappstarget     prot opt source               destination18:22
mappsREJECT     all  --  li680-63.members.linode.com  anywhere             reject-with icmp-port-unreachable18:22
mappsREJECT     all  --  hetinternetisstuk.xs4all.nl  anywhere             reject-with icmp-port-unreachable18:22
mappsmaybe i should put it to 5? although i thought 3 is enough18:22
diddledantop one is me18:22
MartijnVdSmapps: I have it on 518:22
MartijnVdSmapps: note the it will also lock *you* out if you do it wrong18:22
mappsis there any way i can stop/restrict those pests doing the cgi-bin posting and stuff to apache..not totally comfortable with that18:23
MartijnVdSmapps: also, note that you can disable password auth completely in sshd, so you can only log in using keys18:23
mappsyea i thought about that but then i wouldnt be able to login from work i dont think18:23
MartijnVdSmapps: yeah, see /etc/fail2ban/jail.conf18:23
mappsi tried some config for apache and fail2ban but it gave me errors when restarting18:23
mappsyea ive enabled all the default for apache18:23
mappsdo you use anything else?18:23
MartijnVdSmapps: you can add multiple keys to your account (in ~/.ssh/authorized_keys) and keep one key at work18:24
MartijnVdSI don't18:24
mappsanother thing. if someone was nmap'ing me where would that be logged on my machine18:24
mappsor would it not by default?18:24
MartijnVdSmapps: that's harder to detect18:24
mappsthought that might be the case18:25
MartijnVdSmapps: scanlogd looks promising. or portsentry.18:25
mappscool will check them thanks18:25
mappsportsentry sounds good MartijnVdS19:08
MartijnVdSmapps: but is it "port-sentry" or "ports-entry"19:09
mappsports-entry ;D19:10
mappshm i wonder how well it works tho19:10
mappsport 111?19:12
mappshm odd syslog showed my laptop IP as connecting to my ubuntu box on port 111 and said now blocked19:12
bigcalmMartijnVdS: I meant the equivalent of
* ball decides to have a look at Ubuntu 13.10.20:42
ball...seems to take forever to install but that's because it's fetching things from the Internet, from the looks of things.20:56
* daubers waits for 13.04 to install21:02
daubersor 13.1021:02
* daubers needs coffee21:02
diddledan14.04 \o/21:02
ballCoffee sounds like a plan.21:09
ballI'll go and put some on, now.21:09
ballI'd have tea but we don't have a kettle at work21:09
ball...not sure I trust the water cooler thing.21:09
MartijnVdSbigcalm: ::21:12
ballWhat is an IBus?21:30
ballOh wow, it magically detected our printers.21:31
=== Lcawte is now known as Lcawte|Away
maps|wrkcould someone run an nmap port scan on my IP please..want to see if portsentry works right :D21:44
* lopta tries a .deb21:44
loptamaps|wrk: Sure, hang on.21:44
maps|wrknmap -v -sS -sS -sV -A -O -P0-65535
maps|wrkhopefully portsentry will pick it up:)21:44
loptaWierd. I can look it up but can't route to it for some reason.21:46
maps|wrknmap didnt work? hm21:47
maps|wrki dont see anything in syslog monitorring it atm21:47
loptaint route_dst_generic(const sockaddr_storage*, route_nfo*, const char*, const sockaddr_storage*): Failed to obtain system routes: sys_route* getsysroutes_dnet(int*, char*, size_t): sysroutes_dnet_find_interfaces() failed21:47
loptaDo you have the U.S. blocked? :-)21:48
maps|wrkhavent blocked anywhere atm, so you cant even traceroute my ip?21:49
* lopta tries it21:49
maps|wrkseems odd, wonder why21:49
loptaIs there a maximum number of hops?21:55
maps|wrknot sure, i couldnt stop you being able to traceroute my ip though? surely you'd still reach the ISPs routers at least?21:56
diddledanthe scan type requires root privs apparently21:56
maps|wrksudo before it then;p21:57
diddledanit's scannerising21:57
maps|wrkhm and nothing in my logs yet21:58
maps|wrkgot syslog open tail -f /var/log/syslog21:58
maps|wrksurely it should detect you and block21:58
diddledan50% done21:58
maps|wrkwhy isnt it working21:58
maps|wrkback to the config file i guess21:59
loptamaps|wrk: I'm on hop 45 and still waiting.22:00
maps|wrklopta whats the latest hop22:00
maps|wrkthis seems odd22:00
lopta* * *22:00
maps|wrklast with an IP?22:00
loptale i guess22:01
lopta17:00 < lopta> maps|wrk: I'm on hop 45 and still waiting.22:01
lopta17:00 < maps|wrk> lopta whats the latest hop22:01
maps|wrk162.202.67.158 <--- your IP? i'll see if i can traceroute to you22:01
loptaHang on.22:01
lopta 7  telefonica-international-wholesale.ethernet21-1.ar9.lon3.gblx.net (
loptaThat was about 48 hops ago though.22:01
loptaEverything since then has been * * *22:02
diddledanmy own traceroute blackholes after (  9.906 ms  13.794 ms  11.996 ms22:03
diddledanthat's hop422:03
loptadiddledan: We're coming at it from different angles ;-)22:03
maps|wrklets see where i get to with lopta s ip :)22:03
loptaOh good. Now it works.22:04
loptaI've got ssh, http and https, squid and http-alt.22:04
diddledanwhat did you do?22:04
lopta(port 8000?)22:04
maps|wrkhop 24, quite a few misses though 16-18 *** then 21-29 *****22:04
maps|wrkso a lot of missing hoops22:04
loptadiddledan: I waited ;-)22:04
maps|wrkah 8000 shoutcast22:04
lopta64 hops.22:05
maps|wrki had 30~ to your IP with a fair few *s22:05
maps|wrkseems weird?22:05
loptamaps|wrk: It's uphill your way though. ;-)22:05
maps|wrkagain 16,17.18 *** / 21-29 *** then i end at hop 20 with an IP22:05
maps|wrk20  99-59-192-239.lightspeed.livnmi.sbcglobal.net (  154.354 ms  156.099 ms  155.852 ms 21  * * *22:06
loptaOh. I was forgetting that I'm in Michigan.22:06
loptaAh, that's it!22:06
loptaI'm running irssi in another state.22:06
lopta...so it's reasonable to see a different number of hops.22:07
loptaI'm in Illinois but I'm running irssi in Michigan22:07
loptaAlso, I need more coffee.22:07
maps|wrkdiddledan:'s ip 7-27 ****22:07
maps|wrkwhat  the hell22:07
diddledanmy ip is
maps|wrkya didnt get there22:08
diddledanaccording to /whois anyway22:08
diddledanthis client is annoying in that it doesn't respect ipv4 vs ipv6 per the spec22:09
maps|wrkroot@frogs:/etc/default# ps aux | grep port                                                           root      1594  0.0  0.0   2216   320 ?        Ss   22:02   0:00 /usr/sbin/portsentry -stcp root      1600  0.0  0.0   2216   488 ?        Ss   22:02   0:00 /usr/sbin/portsentry -sudp22:09
diddledanit has a toggle switch for "prefer ipv6 over ipv4" which when on an ipv4-only network causes a complete failure to connect22:09
maps|wrkrunning but seeminglyu ignoring nmap scans22:09
loptadiddledan: I see http and pptp on your IP (if it's the one you mentioned)22:10
loptaI wonder what ports I have open.22:11
diddledanwhat's that go to I wonder22:11
loptaftp, ssh and a couple of X11s.22:11
loptaOdd that VNC doesn't show up.22:11
loptamaps|wrk: That was run against
maps|wrkAccess to the application you were trying to use has been blocked in accordance with company policy. Please contact your system administrator if you believe this is in error.  User: uk36officet  Application: owncloud22:12
maps|wrkthat was trying to access diddledan s ip22:12
diddledanaah, it's my owncloud22:13
loptaOh, so the ubuntu galaxy button is for searching?22:13
diddledanforgot I had that running :-p22:13
* lopta stumbles around in search of a Start menu22:13
maps|wrkany suggestions as to why this pesky thing isnt working?22:13
diddledanthe "proper" url is http://cloud.bowlhat.net/22:14
loptaAh, alt-F2 works.22:14
daftykinsalthough alt+f2 seems to give varying success at running progs ime =|22:14
loptaHmm... the Ubuntu box doesn't even show ssh.22:14
loptaI suppose I could install that though.22:15
maps|wrki guess thats a no then:D22:15
diddledanand yeah, pptp is open22:15
diddledanso that I can VPN if needed22:15
maps|wrkwhat VPN you using..ive got openVPN setup22:16
* lopta doesn't VPN22:16
=== lopta is now known as Guest94830
maps|wrkhi Guest94830 ;p22:16
Guest94830Ah pants.22:16
=== Guest94830 is now known as ball
ballThat's better.22:17
ballUnity doesn't feel /quite/ as bad as I remember.22:18
ballI think it's improving.22:18
ballI was impressed that I could print, too.22:19
ballIn a corporate environment, could I control which printers appear on an Ubuntu desktop?22:20
ballIs Ubuntu One the cloud storage product?22:24
diddledanI don't know about the printers thing though22:25
diddledanAFAIK there isn't really much in the way of corporate control over individual machines in that manner22:25
diddledanif you paid for landscape (v. expensive) you might get some management tools there22:26
ballHmm... ok22:26
* ball tries video over X1122:27
maps|wrkcloud printers diddledan ?22:27
* ball tries video over VNC22:29
ballOh that's way better.22:30
maps|wrkanyone any ideas re portsentry?22:49
* ball doesn't know what that offers.22:50
maps|wrksudo nmap -v -A -T4 -- can someone try that for me please23:19
bigcalmAnybody know how to concatenate PDFs into one file for printing?23:19
shaunodo you have 'pdfunite' installed?  (poppler-utils)23:24
shaunopdfunite (1)         - Portable Document Format (PDF) page merger23:24
maps|wrkcan anyone lend me a hand and run that scan on me:)23:25
diddledanmaps|wrk: running23:26
diddledanmaps|wrk: host seems down23:27
popey22/tcp   open   ssh23:27
popey80/tcp   open   http23:27
popey443/tcp  open   https23:27
popey3128/tcp closed squid-http23:27
popey8000/tcp open   http-alt23:27
maps|wrkand nothing in syslog23:27
maps|wrkyet portsentry says its active and listening23:28
maps|wrkive set BLOCK_TCP and BLOCK_UDP to 123:28
maps|wrkcould someone try ssh to my ip and 3 incorrect user/pass check fail2ban works..if i do it myself i may get locked out23:29
maps|wrkcant figure out why portsnetry wont work23:29
diddledanfail2ban seems to work23:30
diddledanwow, is it really 11:30 alreayd?!23:31
maps|wrkthanks diddledan23:31
maps|wrkso what to do with portsentry :D hm23:31
daftykinsi don't think trying to do anything about nmap is practical23:39
maps|wrkbut everywhere says portsentry can23:43
maps|wrkso what am i doing wrong!23:43
daftykinsrunning insecure stuff at home :(23:54
maps|wrk3 more days at work then off for 11 yesss23:56

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!