[00:01] <shauno> I'm still using lucid.  it's still supported!
[00:01] <neuro> yeah but with le packages du ancient
[00:01] <shauno> pffft.  I prefer to think of them as "tried and trusted"
[00:01] <daftykins> ^
[00:02] <daftykins> i'm typing from a lucid VM for irssi alone
[00:02] <neuro> precise is tried and trusted
[00:02] <daftykins> aaand my local web server is still lucid
[00:02] <neuro> lucid is like le old
[00:02] <neuro> however
[00:02] <daftykins> i might skip precise and go straight to trusty, but i know it's gonna be constant upgrades galore =/
[00:02] <neuro> i'm not deliberately slagging lucid for the sake of it
[00:02] <neuro> i just prefer my "cluster" to have release parity
[00:05] <shauno> I've just been putting off upgrading because I tend to spawn a new VM, get everything up and going, and then kill the old one
[00:05] <shauno> which means an IP change, and this machine is my dns server
[00:06] <neuro> at some point i'm going to migrate my external-facing name servers to route53
[00:07] <shauno> I like to keep them under my control because if I stop doing things myself, I completely forget how to and turn into an apple user
[00:20] <neuro> well, that seemed to go swimmingl
[00:20] <neuro> y
[00:20] <neuro> shauno: once you learn how to work with bind zone files, you never forget
[01:17] <diddledan> the uk has a eurovision entry: http://www.bbc.co.uk/iplayer/episode/b03y10yq/Eurovision_Song_Contest_2014_The_UK_Launch/
[02:44] <shauno> \o/
[02:44] <shauno> iplayer says I'm not allowed to see it.  I assume it's a state secret for now
[06:55] <jussi> shauno: or maybe just that bad that yyour computer is trying to protect you... :P
[07:06] <jennie>  I am trying to do exact same thing and I am facing exact same problem. any solution for this ? http://ubuntuforums.org/showthread.php?t=1998543
[07:07] <jussi> jennie: you want to preserve the whole disk, right ?
[07:07] <jussi> !info dd
[07:08] <jussi> bah
[07:08] <jennie> jussi: I want to copy my C drive to other drive in the same PC for backup
[07:13] <jussi> jennie: I havent time to explain it properly, but if you are on linux, you can use dd. (dd if=path/to/cdrive of backup.img)
[07:13] <jussi> google some
[07:13] <jussi> err
[07:13] <jussi> dd if=path/to/cdrive of=backup.img
[07:14] <jennie> jussi: I have to copy all directories and files in C :  except " windows " directory.
[07:15] <jussi> jennie: sorry, I cant help more right now, got to run
[07:27] <MooDoo> morning all
[07:30] <mapps> hey
[07:30] <mapps> whays up
[07:31] <mapps> time to watch the following
[08:09] <mapps> hmm strange
[08:09] <mapps> my crontab entry didnt run
[08:17] <MartijnVdS> mapps: check /var/log/auth.log and /var/log/syslog
[08:17] <MartijnVdS> mapps: crontab syntax might be incorrect, or file permissions
[08:26] <mapps> ah it did run but the file my script create went into a diff dir than expected
[08:27] <mapps> MartijnVdS,  what do you use to stop bruce force ssh i was reading up on it and there's a few options..just ive got quite a lot of attempts in auth.log
[08:29] <MooDoo> mapps: I use denyhosts.
[08:31] <mapps> thanks is it easy to configure?
[08:36] <MooDoo> yeah only issue is that if you block your own IP it causes grief ;)
[08:37] <mapps> thanks will look into that later:)
[08:43] <diplo> Morning all
[08:44] <mapps> morning diplo
[08:45] <MartijnVdS> mapps: I use fail2ban
[08:46] <MartijnVdS> mapps: you can also configure it to block IPs that are h4x0ring your apache server, or anything that logs failed login attempts
[08:46] <mapps> aha thats handy
[08:46] <mapps> i was going to say i should probably look at doing somethig for apache
[08:49] <diplo> +1 for Fail2Ban
[08:50] <MooDoo> ok apt-cache finds fail2ban - ban hosts that cause multiple authentication errors
[08:50] <MooDoo> might give that a try too
[08:51] <diplo> By default it does ssh I believe, need to enable the others, lots of info on the net though and configs are fairly straight forward
[08:55] <MartijnVdS> yeah, you have to configure the others
[08:55] <MartijnVdS> but the config file is easy to read/expand
[08:55] <MartijnVdS> and you can write your own log filters for finding unauthorized logins if you want
[09:05] <JamesTait> Good morning all; happy Grammar Day!  :-D
[09:08] <MartijnVdS> JamesTait: no no no, it's Pancake Day!
[09:09] <MooDoo> MartijnVdS: +1
[09:10] <bashrc> sadly, polar bear day is over
[09:10] <MartijnVdS> MooDoo: A day to eat pancakes sounds a lot saner than the whole "carnaval" thing they have in the south of the Netherlands.. 4 days of binge drinking and partying.. *shudder*
[09:11] <bashrc> carnival of pancakes?
[09:12] <MartijnVdS> bashrc: http://en.wikipedia.org/wiki/Carnival_in_the_Netherlands
[09:12] <JamesTait> MartijnVdS, carnival of pancakes sprinkled with apostrophes?
[09:13] <mapps> installed MartijnVdS  and setup for ssh that was easy
[09:13] <MartijnVdS> JamesTait: Just the pancakes please. I like them alot. :P
[09:14] <DJones> mapps: How did you install MartijnVdS, was it just a straight sudo apt-get install MartijnVdS :)
[09:15] <MartijnVdS> MaaS.. MartijnVdS as a Service?
[09:15] <MooDoo> DJones: you can't sudo apt-get install MartijnVdS as there are dependancy failures
[09:15] <bashrc> :)
[09:15] <MooDoo> ;)
[09:15] <DJones> MooDoo: :)
[09:15] <JamesTait> DJones, I think it was a git clone. ;)
[09:15] <MartijnVdS> JamesTait: oi!
[09:15] <MartijnVdS> ;)
[09:16] <JamesTait> :D
[09:16] <mapps> heh DJones  :D
[09:17] <mapps> now these pesky people will be blocked
[09:17] <mapps> china/brazil/france trying all kinds of usernames
[09:17] <mapps> guest/staff/a and of course root lol
[09:18] <diplo> You could if you're having issues block Russia/china etc if you're not expecting areas like that to access
[10:43] <brobostigon> morning boys and girls.
[10:43] <MooDoo> brobostigon: good morning sir
[10:44] <brobostigon> morning Mr MooDoo
[10:45] <DJones> Will somebody please go out and shoot the plonker that developed mysearchdial crapware, preferably using a time machine to go back 10-15 years and then do the shooting to make sure the bugger doesn'tr release the junk into the wild
[10:55] <IdleOne> DJones: not condoning murder by time travel, but perhaps going back and killing the grandfather to be certain.
[10:55] <GingerDog> or just providing him with contraception at the right moment.
[10:55] <DJones> IdleOne: GingerDog: Either of those would be a suitable solution
[11:00] <davmor2> Morning all
[11:01] <foobarry> anyone still use solaris sparc here?
[11:01] <foobarry> spun up a t1000 hoping the single threads would run a lot faster than a 280R, seem *much* slower
[11:04] <MartijnVdS> foobarry: you spun up a T-1000?! http://www.sideshowtoy.com/mas_assets/jpg/900996_press01-001.jpg
[11:06] <MartijnVdS> JamesTait: http://www.reddit.com/r/britishproblems/comments/1zil2e/i_just_overheard_someone_wishing_someone_else_a/
[11:06] <JamesTait> MartijnVdS, St Pancakes!
[11:09] <foobarry> crashing LO-draw, also crashes LO-calc...:(
[11:22] <cocoa117> the iptables MASQUERADE is only apply to private IP address range right? when I want to route IP traffic from internal network with computers on non-private IP range I don't have to use it, do i?
[11:22] <MartijnVdS> cocoa117: it applies to anything you set it to apply to :)
[11:23] <MartijnVdS> cocoa117: you need it to connect from a private address to a public one
[11:23] <MartijnVdS> cocoa117: you don't need it for priv->priv or pub->pub, as long as you have routing set up
[11:23] <cocoa117> MartijnVdS, so that means by appling the iptables MASQUERADE, the traffic will be showing coming from firewall rather then from internal client?
[11:23] <MartijnVdS> cocoa117: indeed
[11:23] <MartijnVdS> also called "NAT", or "network address translation", or SNAT (source NAT)
[11:24] <MartijnVdS> (as it mangles at the source of the (outgoing) connection)
[11:24] <cocoa117> MartijnVdS, got it, the NAT in my mind always associated with private IP addresses. Never thought about the non-private IP ranges
[11:25] <MartijnVdS> cocoa117: not many people NAT connections from public addresses, as that would be silly :)
[11:26] <cocoa117> MartijnVdS, I do, in this case. by the way, 1.8.32.11/13 is public IP range right?
[11:26] <cocoa117> MartijnVdS, yes it is from China
[11:26] <MartijnVdS> cocoa117: it is.
[11:27] <MartijnVdS> descr:          KNET Techonlogy (BeiJing) Co.,Ltd.
[11:27] <cocoa117> MartijnVdS, got it, yes i got same results
[11:27] <MartijnVdS> they can't spell Technology 8-)
[11:27] <cocoa117> ha, :)
[11:33] <smittix> Morning all
[11:41] <knightwise> hey everyone :)
[11:42] <MooDoo> hello all
[11:55] <MooDoo> long time no see smittix :p
[12:06] <smittix> heh
[12:06] <smittix> Yeah in and out ;)
[12:08] <brobostigon> pebble android beta11, lets see if things have been fixed.
[12:08] <brobostigon> app-2-beta11
[12:09] <MooDoo> brobostigon: beach robot and alpha.....are we playing word association?
[12:09] <brobostigon> MooDoo: no.
[12:10] <MooDoo> brobostigon: sorry just trying to make people smile
[12:10] <ali1234> i do wonder why software companies release update after update without fixing any of the glaring bugs
[12:10] <brobostigon> MooDoo: ah, i see.
[12:10] <MooDoo> ali1234: quite normal to be honest
[12:10] <ali1234> but why do they even bother?
[12:11] <brobostigon> actually, it has improved an awful lot, and lots been fixed.
[12:11] <MooDoo> ali1234: releasing new features makes it more attractive so they'll do that first
[12:11] <ali1234> they never release new features though
[12:11] <ali1234> router firmwares are great examples of this
[12:12] <ali1234> they'll release maybe 10 updates in the course of a router's lifetime
[12:12] <ali1234> none will add any features or fix any bugs
[12:12] <ali1234> if you look at the source changes they are trivial
[12:13] <ali1234> seems fairly normal for firmware in anything really
[12:14] <foobarry> i had a bug fixed in router firmware
[12:14] <foobarry> adsl router
[12:14] <foobarry> resolved issues with adsl2
[12:17] <ali1234> i had the opposite experience actually
[12:19] <ali1234> the update broke adsl and also made qos useless
[12:23] <brobostigon> no wacking great bugs yet, all is good,
[12:30] <ikonia> curious to if anyone has any preferences or recommendations to open source CMDB's I've got an oppertunity to do something different from my normal prefernce and wondered if anyone had one they recommend and why
[12:36] <MartijnVdS> ikonia: CMDB?
[12:40] <awilkins> Config Management DB
[12:40] <awilkins> THink ICT Asset Management +
[12:41] <MartijnVdS> ah.. not like chef/puppet
[12:42] <MartijnVdS> /ansible/cfengine/etc.
[12:46] <ikonia> nah, although that's what I was actually using, a puppet extension
[12:46] <ikonia> but I need something a bit stand alone
[12:47] <ikonia> just wondered if there was any people would say "yeah, that's good" as I'm just reading now
[12:47] <MartijnVdS> vim inventory.txt ;)
[12:47] <foobarry> ikonia: for pcs or servers
[12:47] <ikonia> not the best suggestion.....
[12:47] <ikonia> foobarry: for "everything"
[12:47] <foobarry> good luck
[12:47] <foobarry> agentless?
[12:47] <ikonia> pc,server,switch,router,firewall, etc
[12:47] <ikonia> agent or agentless, doesn't matter really
[12:48] <foobarry> if < 100 desktops then invetory.xls
[12:48] <ikonia> just looking for food for thought really
[12:48] <foobarry> if > 100 then spiceworks etc
[12:48] <foobarry> or office junior
[12:48] <ikonia> spiceworks....what's that
[12:48] <foobarry> if only servers and switches then netdisco+racktables
[12:50] <ikonia>  basically "all infrastructure"
[12:50] <foobarry> or use facter from puppet to pump into mysql and use php to manage via web page
[12:51] <jussi> openerp has asset management stuff, (not sure how that suits what you are after)
[12:51] <jussi> (because Ive no idea what a cmdb was until I googled it)
[12:53] <ikonia> foobarry: don't want to write anything, off the shelf, and as I said don't want to use puppet as it will be for things not controlled/managed by puppet too
[12:57] <foobarry> as i say, good luck
[12:57] <foobarry> hire a teenager and deploy inventory.xls
[12:57] <foobarry> or use the asset db
[12:57] <foobarry> that the finance dept will give u
[13:01] <popey> Afternoon
[13:02] <MooDoo> hi popey
[13:04] <daftykins> client texts me saying their 'system is slow'
[13:04] <daftykins> so i connect in, sure enough having some serious latency issues
[13:04] <daftykins> http://pastebin.com/GApCEbvZ
[13:04] <daftykins> get that pinging their first hop out
[13:09] <ikonia> foobarry: can't be that tough, there appear to be quite a few off the shelf cmdb's
[13:10] <ali1234> whoever sent me a moderator invite on reddit needs to look at my posting history. i am a massive troll on reddit.
[13:10] <bashrc> :)
[13:10]  * daftykins looks shocked
[13:11] <daftykins> ;)
[13:11] <popey> moderator invite to what?
[13:11] <bashrc> I rarely use reddit
[13:17] <bigcalm> Good morning peeps :)
[13:17] <bashrc> morning
[13:17] <bigcalm> Are opendns' dns servers being pants for anybody today?
[13:18] <bigcalm> Lookups are taking an age
[13:18] <MooDoo> I use googles. so no idea :p
[13:18] <bashrc> I've never investigated it, but I wonder if it's possible to run your own dns server
[13:20] <bigcalm> It is
[13:20] <ali1234> of course it is....
[13:20] <bigcalm> But it would still have to perform lookups against other DNS servers
[13:20] <ali1234> exactly
[13:20] <bashrc> yes I expect so
[13:21] <ali1234> it's more for when you want to control the DNS of your own domain
[13:21] <ali1234> ubuntu runs a local caching dns server anyway
[13:21]  * bigcalm moves over to google's DNS servers
[13:22] <ali1234> i use google's, they're much better than opendns
[13:22] <MooDoo> yeah mee to
[13:22] <bashrc> I don't really know how dns works, but I'd guess that it has to automatically synchronise with other dns servers
[13:22] <ali1234> there's no synchronization as such
[13:22] <bashrc> 8.8.8.8
[13:23] <bashrc> oh
[13:23] <ali1234> records are cached
[13:23] <bigcalm> Is the 2nd 8.8.4.4 or 4.4.4.4?
[13:23] <daftykins> record propogation
[13:24] <bashrc> so what if a domain name stays the same but the underlying IP address changes?
[13:24] <ali1234> records have a ttl
[13:24] <bigcalm> That's where TTL comes into play
[13:24] <bashrc> is that a sort of synchronisation?
[13:24] <daftykins> no
[13:25] <daftykins> it's a value in seconds of how long to keep a record for before requerying it
[13:25] <bashrc> ah
[13:25] <ali1234> synchronization implies pushing
[13:25] <daftykins> thus anyone holding the IP for a domain in cache gets instructed to ask for an update
[13:25] <ali1234> the cached dns records aren't updated until someone asks for it
[13:26] <awilkins> Time To Live
[13:26] <daftykins> bashrc: think of it like requesting your phone number gets changed in the phone book, it's correct at source but everyone else needs to go get the latest directory print to know ;)
[13:26] <bashrc> yes
[13:26] <awilkins> 8.8.8.8 is Google's DNS, no?
[13:26] <bashrc> it is
[13:26]  * awilkins reads further up
[13:27] <daftykins> it's one of theirs yes
[13:27] <awilkins> Apparently my router just proxies whatever it gets told by DHCP
[13:28] <awilkins> my /etc/resolv.conf says 127.0.1.1
[13:28] <awilkins> Hmm, that's a local address innit?
[13:28] <daftykins> yep loopback
[13:28] <daftykins> wow my cat is in a serious playful mood today
[13:29] <awilkins> Probably got hold of some black market catnip
[13:29] <daftykins> quick spot of tail-chase breakdancing followed by attacking a key on a window sill upstairs
[13:29] <ali1234> awilkins: because ubuntu runs dnsmasq locally as a caching proxy
[13:29] <MartijnVdS> resolvconv daemon
[13:29] <MartijnVdS> or scripts
[13:29] <MartijnVdS> or whatever
[13:29] <ali1234> by default it's dnsmasq
[13:31] <MartijnVdS> yeah but resolvconf manages /etc/resolv.conf and points it at dnsmasq afaik?
[13:31] <awilkins> Yus
[13:32] <awilkins> Router is also running dnsmasq
[13:32] <ali1234> yes they often do
[13:32] <awilkins> Router is running OpenWRT
[13:32] <awilkins> (rather old build of it)
[13:33] <awilkins> Having sshd on your router 4tw
[13:33] <ali1234> ssh is really slow on those things :/
[13:33] <awilkins> All I use it for is tunnelling traffic mostly
[13:33] <awilkins> Can peg my upstream bandwidth, so it's fast enough
[13:37] <ali1234> bandwidth isn't the issue... the slooooow cpu in most routers is
[13:37] <ali1234> unless you have a x86 routerboard or something
[13:37] <awilkins> ali1234, No, it's a Broadcom
[13:37] <awilkins> It's ancient
[13:38] <ali1234> so MIPS then... and not even a good one
[13:38] <awilkins> Has crappy WIFI but it all still works well enough that I haven't desired the pain of changing it
[13:38] <MooDoo> my router just patched a major flaw in it sigh!
[13:38] <ali1234> i have a MIPS NAS somewhere, it can't even sustain 10mb and that's without encryption
[13:39] <ali1234> speaking of NAS, should i get a kirkwood one that can run debian or red sleeve, or just get a HP microserver?
[13:40] <ali1234> i'm going to put it in a cupboard so it should be low power/ low heat
[13:40] <awilkins> I suppose I could use my ISPs router instead and stick a Pi in the loop to do my current routing
[13:40] <ali1234> meh, Pi isn't exactly fast either
[13:41] <diddledan> I've got an RB2011 box doing my routing
[13:41] <awilkins> Tried to use my laptop as a bridge for my Pi but bridging wlan0 to eth0 is fiddly
[13:42] <diddledan> http://routerboard.com/RB2011L
[13:42] <ali1234> nah, it's easy
[13:42] <awilkins> ali1234, Fiddlier than typing two commands :-)
[13:42] <ali1234> well yeah
[13:42] <awilkins> You need to install some packages and configure them
[13:42] <ali1234> it's three commands
[13:44] <diddledan> three-finger-salute
[13:44] <awilkins> "Level4 RouterOS license. "
[13:44] <awilkins> I presume you can run something non-commercial on it?
[13:44] <diddledan> no you can only run routeros afaik
[13:45] <awilkins> Splitter!
[13:45] <awilkins> :-P
[13:45] <smittix> Does anyone know if there is a version of ubuntu to install on a samsung galaxy tab 8"?
[13:45] <diddledan> if you had the time it would be possible to run a linux-derivative on there
[13:46] <diddledan> I think it uses uboot which is open to the world
[13:46] <smittix> I need to look into it then.
[13:46] <diddledan> smittix: don't know
[13:47] <diddledan> smittix: there are many ports available/in-progress by "the community"
[13:47] <jussi> smittix: its "likely" but it probably isnt complete
[13:47] <diddledan> smittix: whether anyone is doing one for the tab 8, though I don't know
[13:49] <smittix> Ok, thank you both.
[14:00] <BigRedS_> Is there some new fashionable replacement for dpkg --get-selections for getting the same packages on one machine installed on another?
[14:03] <dogmatic69_> lol http://esolangs.org/wiki/IRP
[14:06] <ali1234> is there a way to give google my dropbox password and have them suck everything into drive?
[14:09] <dogmatic69_> ali1234:  not used it https://mover.io
[14:09] <ali1234> meh, i dont want a third party service
[14:11] <dogmatic69_> ali1234:  how about http://www.lbreda.com/grive/start
[14:11] <dogmatic69_> you can just sync the dropbox folder to drive
[14:11] <ali1234> the thing is, i don't want to deal with dropbox
[14:12] <dogmatic69_> well do it once, then delete db
[14:12] <ali1234> i can't
[14:12] <ali1234> people insist on using it to share files with me
[14:12] <dogmatic69_> oh you dont have dropbox already
[14:12] <dogmatic69_> I see...
[14:12] <ali1234> i have dropbox
[14:12] <ali1234> i don't want to install their software
[14:12] <ali1234> i don't want to log in to their website
[14:13] <ali1234> i just want a copy of the files people shared with me on dropbox inside my drive
[14:13] <MartijnVdS> ali1234: Synology's 5.0 firmware beta has an app that can connect to both.. I guess if you select the same directory, it'll sync them of for you
[14:13] <dogmatic69_> well both drive and dropbox have an api so it would be possible to write a script and run it on a cron
[14:13] <MartijnVdS> though you'd need a NAS from them 8-)
[14:14] <ali1234> i don't want to sync the files over my broadband either
[14:14] <dogmatic69_> server?
[14:15] <MooDoo> yay nas
[14:16] <diddledan> YayNAS?
[14:16] <diddledan> :-p
[14:16] <MooDoo> :p
[14:16] <diddledan> is that a new product?
[14:16] <diddledan> if not, it should be
[14:16] <diddledan> do it!
[14:23] <MooDoo> lol I meant yay       nas :)  I love nas
[14:25] <ali1234> http://www.youtube.com/watch?v=qh9TIYXKSFk
[14:43] <smittix> ali1234: Heh, strange. I have just been looking how to migrate all of my stuff from onedrive to dropbox.
[14:43] <ali1234> dropbox are really pushy. they keep emailing me to "finish setting up dropbox" with a link for their installer
[14:44] <smittix> I'm sure you can stop those coming through.
[14:44] <ali1234> sure, i can just filter them on gmail
[14:44] <smittix> No I mean I'm sure you can stop them as in unsubscribe.
[14:44] <ali1234> i know :)
[14:45] <smittix> heh
[14:45] <smittix> Ubuntu looks lovely on my new laptop. What a difference better resolution makes.
[14:46] <MooDoo> smittix: 14.04?
[14:46] <smittix> 13.10
[14:46] <MooDoo> smittix: even better of 14.04 as they have corner smoothing etc :) looks wicked
[14:46] <smittix> :)
[14:51] <smittix> MooDoo: Just submitted a photograph for the Wallpapers in 14.04
[14:53] <smittix> http://www.flickr.com/photos/smittix/10742521275/in/pool-2535978@N21
[14:54] <smittix> Don't know how well it will do but it's worth a try.
[15:06] <diddledan> I doubt they'll be able to use it - all rights reversed
[15:07] <smittix> I will change the licencing to open
[15:07] <smittix> Forgot about that
[15:08] <diddledan> :-) if it's your photo then obviously you'll be able to assign rights willy-nilly. I was assuming you'd just linked a random photo :-p
[15:08] <smittix> No heh, it's my photo.
[15:10] <knightwise> Harg !
[15:10] <knightwise> I never new starting your own company would be that intesive
[15:10] <diddledan> knightwise: own company?!
[15:10] <diddledan> what are you selling?
[15:10] <knightwise> Freelance consultant
[15:11] <knightwise> Whore for Hire :)
[15:11] <daftykins> :O
[15:11] <bashrc> Hired gun
[15:11] <daftykins> that's what i'm trying to setup
[15:11] <knightwise> Still a little bit of a secret. Will tell the folks at work tomorrow
[15:11] <knightwise> :) indeed "guns for hire" :)
[15:11] <daftykins> are they shiny?
[15:11]  * diddledan tries to flex his guns
[15:11] <TheOpenSourcerer> knightwise: What do you consult on?
[15:11] <knightwise> The have a STAR :)
[15:11] <diddledan> hmm, flabby
[15:12] <knightwise> TheOpenSourcerer: IT architecture, change management , service delivery , infra design
[15:12] <knightwise> and dragging companies into the 21st century (kicking and screaming if I have to)
[15:12] <TheOpenSourcerer> OK thanks. Don't need any of that right now but will keep you in mind.
[15:13] <knightwise> TheOpenSourcerer: where are you located ?
[15:13] <TheOpenSourcerer> Farnham, Surrey.
[15:13] <TheOpenSourcerer> But that is not really important
[15:13] <diddledan> not far from me
[15:13] <TheOpenSourcerer> we have customers all over the place, many we never actually visit
[15:14] <TheOpenSourcerer> Like the ones in the USA :-(
[15:14] <diddledan> concord ftw
[15:14] <diddledan> oh wait, it lost
[15:14] <diddledan> dammit >.<
[15:14] <TheOpenSourcerer> Yeah - I missed that one. Went to the F1 grand Prix in Monaco instead.
[15:15] <diddledan> the world got slightly larger when the concord died
[15:15] <TheOpenSourcerer> Had the choice to go to NY and watch a boxing match and come back on Concorde or go to Monaco for 4 days and party hard...
[15:15] <diddledan> up until that point it was gradually shrinking
[15:15] <TheOpenSourcerer> Guess which one won ;-)
[15:16] <diddledan> I should eat lunch
[15:16] <TheOpenSourcerer> I should think about heading off to parent's evening
[15:20] <bashrc> otherwise you will get a bad report
[15:22] <TheOpenSourcerer> My kids are perfect :-D
[15:22] <foobarry> everyones kids are perfect and everyones wife is the most beautiful in the world
[15:22] <TheOpenSourcerer> Their reports are always *way* better than mine ever were...
[15:29] <daftykins> TheOpenSourcerer: sounds like they're secretly Stewey from family guy, covering their world domination antics
[15:31] <smittix> What's a decent RDP client these days? I normally use Remmina but I heard it's not actively developed?
[15:32] <MartijnVdS> vinagre?
[15:32] <MartijnVdS> with rdesktop integration?
[15:32] <smittix> I will have a look, thanks
[15:45] <smittix> Hmm, keyboard is US layout despite UK being chosen.
[15:47] <daftykins> how rude
[15:47] <smittix> heh
[16:09] <bigcalm> That physically happened to me
[16:09] <bigcalm> Ordered a UK layout keyboard from the USA. They shipped a US layout
[16:10] <bigcalm> Still have it under my bed. Anybody want a US layout keyboard? :D
[16:18] <foobarry> chiclet or big keys?
[16:18] <daftykins> lawd no
[16:18] <daftykins> they put pipe in an obscene place!
[16:18] <daftykins> and that single height enter! *shudder*
[16:30] <bashrc> If you bought a decent keyboard then you'd just be able to remove and swap the keys around
[16:30] <bashrc> i.e. removable keycaps
[16:32] <ali1234> 12345678/98/*-+
[16:37] <daftykins> bashrc: er, you know that doesn't work for a US layout right?
[16:37] <daftykins> their actual style is different
[16:37] <Azelphur> wow, the DPS are stupid, they refuse to accept evidence through dropbox, they want me to attach 100+mb videos to an email
[16:37] <Azelphur> >.<
[16:37] <ali1234> do it
[16:38] <Azelphur> can't, gmail limits 25mb
[16:38] <ali1234> split it
[16:38] <Azelphur> lol
[16:38] <Azelphur> could do
[16:38] <ali1234> what is DPS anyway?
[16:38] <Azelphur> deposit protection scheme, former landlord is trying to scam me
[16:38] <bashrc> email bombs!
[16:38] <ali1234> the couch guy?
[16:39] <Azelphur> ali1234: couch guy?
[16:39] <daftykins> the Azelphur's-gonna-go-nuts-and-trash-my-property guy?
[16:39] <ali1234> yeah there was a counch outside your house or something
[16:39] <Azelphur> daftykins: yup that's the one
[16:39] <daftykins> winner \o/
[16:39] <Azelphur> he told DPS I left the place unclean
[16:39] <Azelphur> xD
[16:39] <daftykins> hmm who did i use for DPS
[16:39] <daftykins> i guess you didn't have snaps upon leaving? :(
[16:39] <Azelphur> daftykins: actually, I have before and after video
[16:39] <daftykins> mydeposits.co.uk i think?
[16:40] <daftykins> oic :D
[16:40] <Azelphur> place was left in a far better condition than I arrived, the video shows that
[16:40] <daftykins> but they just don't have the tech :(
[16:40] <Azelphur> hehe
[16:41] <Azelphur> https://www.dropbox.com/s/8rmrhid16luh2ag/2012-11-27%2020.11.46.mp4 before, notice busted kitchen, splinters all over the floor, cutlery, horrible toilet seat, etc. After, https://www.dropbox.com/s/d7s3ro909ayg94c/2013-05-12%2013.50.18.mp4 all fixed up and tidy
[16:41] <Azelphur> apparently the state I left the place in warranted "cleaning"
[16:42] <ali1234> before looks okay to me
[16:42] <mapps> yep access _log full of people trying all sorts on my apache
[16:43] <mapps> crazy /cgi-bin and massive strings etc heh
[16:43] <popey> happens to us all
[16:43] <mapps> how can i stop it?
[16:43] <popey> you cant
[16:43] <popey> firewall off your webserver
[16:43] <mapps> fail2band will auto block people doing it a lot but thats all
[16:43] <Azelphur> ali1234: sure it was /okay/ that's why I moved in, but point is it's much cleaner in after
[16:44]  * daftykins slaps Azelphur's hands once again for portrait videos
[16:44] <Azelphur> lol
[16:44] <ali1234> the bathroom looks kind of dirtier in the after video
[16:45] <mapps> is there anything i could to do to make my apache more secure then?
[16:48] <daftykins> i used to change a variable that stopped it showing its' exact version number
[16:49] <foobarry> block the whole of china
[16:49] <ali1234> block the whole of china, india, eastern europe, and america
[16:50] <ali1234> wait i forgot someone
[16:50] <bashrc> block all the countries!
[16:50] <foobarry> brazil
[16:50] <ali1234> no reason to block brazil
[16:50] <foobarry> and those 8 guys on teh antarctic station
[16:51] <foobarry> and wales
[16:51] <foobarry> just for fun
[16:51] <daftykins> XD
[17:03] <mapps> heh
[17:05] <mapps> 68.49.8.147 - - [04/Mar/2014:12:12:47 +0000] "GET /HNAP1/ HTTP/1.1" 404 204
[17:05] <mapps> HNAP?
[17:09] <shauno> http://www.securityfocus.com/bid/37690/exploit
[17:19] <daftykins> mapps: do you run one of those D-Links 0o
[17:21] <shauno> you don't need one for it to show up in logs; you'll still get drive-bys
[17:24] <mapps> nope daftykins  rubbish o2 wirelessbox (thomson 780wl)
[17:24] <mapps> O_O
[17:24] <mapps> :)
[17:25] <daftykins> yeah, was just checking
[17:25] <daftykins> figured it was a hammer-all style of thing
[17:26] <shauno> they're only really worrying if any of them aren't 404 ;)
[17:26] <daftykins> :>
[17:26] <daftykins> this makes me lul
[17:26] <daftykins> http://www.thinkbroadband.com/ping/share/de004f24c8feb5d8408d296a9ed65fc5.html
[17:27] <daftykins> look at that fine connection there
[17:27] <daftykins> first hop pings are anywhere from 6ms to 3,5 seconds
[17:28] <mapps> lol
[17:30] <mapps> so got fail2ban setup for apache and sshd - should i add any ip range blocks to iptables?
[17:30] <mapps> hm
[17:37] <Laney> 0.0.0.0/0
[17:40] <mapps> hah
[17:48] <bigcalm> How would you set that up for IPv6?
[18:04] <mapps> could someone try ssh to my machine multiple times using wrong user/pass? just wanna see if it blocks you
[18:13] <diddledan> mapps: what if I use the correct password?
[18:13] <daftykins> X
[18:13] <daftykins> D
[18:13] <daftykins> mapps : mapps123
[18:13] <daftykins> GOTCHA!
[18:14] <MartijnVdS> mapps: fail2ban will do that
[18:14] <mapps> lol
[18:14] <MartijnVdS> bigcalm: there's ip6tables -- fail2ban also uses that afaik
[18:14] <diddledan> argh, itchy bum
[18:14] <MartijnVdS> diddledan: tmi
[18:20] <mapps> did someone try for me?
[18:20] <diddledan> what's the addy?
[18:20] <mapps> 94.193.78.219
[18:21] <MartijnVdS> ssh: connect to host 94.193.78.219 port 22: Connection refused
[18:21] <MartijnVdS> it blocked me! after only 3 tries!
[18:21] <diddledan> I believe I'm now blocked
[18:22] <mapps> ya
[18:22] <mapps> i set it to 3 tries
[18:22] <mapps> Chain fail2ban-ssh (1 references)
[18:22] <mapps> target     prot opt source               destination
[18:22] <mapps> REJECT     all  --  li680-63.members.linode.com  anywhere             reject-with icmp-port-unreachable
[18:22] <mapps> REJECT     all  --  hetinternetisstuk.xs4all.nl  anywhere             reject-with icmp-port-unreachable
[18:22] <mapps> maybe i should put it to 5? although i thought 3 is enough
[18:22] <diddledan> top one is me
[18:22] <MartijnVdS> mapps: I have it on 5
[18:22] <mapps> :D
[18:22] <MartijnVdS> mapps: note the it will also lock *you* out if you do it wrong
[18:23] <mapps> is there any way i can stop/restrict those pests doing the cgi-bin posting and stuff to apache..not totally comfortable with that
[18:23] <MartijnVdS> mapps: also, note that you can disable password auth completely in sshd, so you can only log in using keys
[18:23] <mapps> yea i thought about that but then i wouldnt be able to login from work i dont think
[18:23] <MartijnVdS> mapps: yeah, see /etc/fail2ban/jail.conf
[18:23] <mapps> i tried some config for apache and fail2ban but it gave me errors when restarting
[18:23] <mapps> yea ive enabled all the default for apache
[18:23] <mapps> do you use anything else?
[18:24] <MartijnVdS> mapps: you can add multiple keys to your account (in ~/.ssh/authorized_keys) and keep one key at work
[18:24] <MartijnVdS> I don't
[18:24] <mapps> another thing. if someone was nmap'ing me where would that be logged on my machine
[18:24] <mapps> or would it not by default?
[18:24] <MartijnVdS> mapps: that's harder to detect
[18:24] <mapps> ah
[18:25] <mapps> thought that might be the case
[18:25] <MartijnVdS> mapps: scanlogd looks promising. or portsentry.
[18:25] <mapps> cool will check them thanks
[19:08] <mapps> portsentry sounds good MartijnVdS
[19:09] <MartijnVdS> mapps: but is it "port-sentry" or "ports-entry"
[19:10] <mapps> ports-entry ;D
[19:10] <mapps> hm i wonder how well it works tho
[19:12] <mapps> port 111?
[19:12] <mapps> hm odd syslog showed my laptop IP as connecting to my ubuntu box on port 111 and said now blocked
[20:40] <bigcalm> MartijnVdS: I meant the equivalent of 0.0.0.0/0
[20:42]  * ball decides to have a look at Ubuntu 13.10.
[20:56] <ball> ...seems to take forever to install but that's because it's fetching things from the Internet, from the looks of things.
[20:57] <daubers> Evening
[20:58] <ball> Afternoon.
[21:00] <diddledan> night
[21:02]  * daubers waits for 13.04 to install
[21:02] <daubers> or 13.10
[21:02]  * daubers needs coffee
[21:02] <diddledan> 14.04 \o/
[21:09] <ball> Coffee sounds like a plan.
[21:09] <ball> I'll go and put some on, now.
[21:09] <ball> I'd have tea but we don't have a kettle at work
[21:09] <ball> ...not sure I trust the water cooler thing.
[21:12] <MartijnVdS> bigcalm: ::
[21:30] <ball> What is an IBus?
[21:31] <ball> Oh wow, it magically detected our printers.
[21:43] <maps|wrk> hi
[21:44] <maps|wrk> could someone run an nmap port scan on my IP please..want to see if portsentry works right :D
[21:44]  * lopta tries a .deb
[21:44] <lopta> maps|wrk: Sure, hang on.
[21:44] <maps|wrk> nmap -v -sS -sS -sV -A -O -P0-65535 94.193.78.219
[21:44] <maps|wrk> hopefully portsentry will pick it up:)
[21:46] <lopta> Wierd. I can look it up but can't route to it for some reason.
[21:47] <maps|wrk> nmap didnt work? hm
[21:47] <maps|wrk> i dont see anything in syslog monitorring it atm
[21:47] <lopta> int route_dst_generic(const sockaddr_storage*, route_nfo*, const char*, const sockaddr_storage*): Failed to obtain system routes: sys_route* getsysroutes_dnet(int*, char*, size_t): sysroutes_dnet_find_interfaces() failed
[21:48] <lopta> Do you have the U.S. blocked? :-)
[21:49] <maps|wrk> havent blocked anywhere atm, so you cant even traceroute my ip?
[21:49]  * lopta tries it
[21:49] <maps|wrk> seems odd, wonder why
[21:55] <lopta> Is there a maximum number of hops?
[21:56] <maps|wrk> not sure, i couldnt stop you being able to traceroute my ip though? surely you'd still reach the ISPs routers at least?
[21:56] <diddledan> the scan type requires root privs apparently
[21:57] <maps|wrk> ya
[21:57] <maps|wrk> sudo before it then;p
[21:57] <diddledan> it's scannerising
[21:58] <maps|wrk> hm and nothing in my logs yet
[21:58] <maps|wrk> got syslog open tail -f /var/log/syslog
[21:58] <maps|wrk> surely it should detect you and block
[21:58] <diddledan> 50% done
[21:58] <maps|wrk> gah
[21:58] <maps|wrk> why isnt it working
[21:59] <maps|wrk> back to the config file i guess
[22:00] <lopta> maps|wrk: I'm on hop 45 and still waiting.
[22:00] <maps|wrk> lopta whats the latest hop
[22:00] <maps|wrk> this seems odd
[22:00] <lopta> * * *
[22:00] <maps|wrk> last with an IP?
[22:01] <lopta> le i guess
[22:01] <lopta> 17:00 < lopta> maps|wrk: I'm on hop 45 and still waiting.
[22:01] <lopta> 17:00 < maps|wrk> lopta whats the latest hop
[22:01] <lopta> sorry
[22:01] <maps|wrk> 162.202.67.158 <--- your IP? i'll see if i can traceroute to you
[22:01] <lopta> Hang on.
[22:01] <lopta>  7  telefonica-international-wholesale.ethernet21-1.ar9.lon3.gblx.net (64.212.32.246)
[22:01] <maps|wrk> hmm
[22:01] <lopta> That was about 48 hops ago though.
[22:02] <lopta> Everything since then has been * * *
[22:03] <diddledan> my own traceroute blackholes after 195.66.237.189 (195.66.237.189)  9.906 ms  13.794 ms  11.996 ms
[22:03] <diddledan> that's hop4
[22:03] <lopta> diddledan: We're coming at it from different angles ;-)
[22:03] <maps|wrk> lets see where i get to with lopta s ip :)
[22:04] <lopta> Oh good. Now it works.
[22:04] <lopta> I've got ssh, http and https, squid and http-alt.
[22:04] <diddledan> what did you do?
[22:04] <lopta> (port 8000?)
[22:04] <maps|wrk> hop 24, quite a few misses though 16-18 *** then 21-29 *****
[22:04] <maps|wrk> so a lot of missing hoops
[22:04] <lopta> diddledan: I waited ;-)
[22:04] <maps|wrk> ah 8000 shoutcast
[22:05] <lopta> 64 hops.
[22:05] <maps|wrk> i had 30~ to your IP with a fair few *s
[22:05] <maps|wrk> seems weird?
[22:05] <lopta> maps|wrk: It's uphill your way though. ;-)
[22:05] <maps|wrk> again 16,17.18 *** / 21-29 *** then i end at hop 20 with an IP
[22:06] <maps|wrk> 20  99-59-192-239.lightspeed.livnmi.sbcglobal.net (99.59.192.239)  154.354 ms  156.099 ms  155.852 ms 21  * * *
[22:06] <lopta> Oh. I was forgetting that I'm in Michigan.
[22:06] <lopta> Ah, that's it!
[22:06] <lopta> I'm running irssi in another state.
[22:07] <maps|wrk> ah
[22:07] <lopta> ...so it's reasonable to see a different number of hops.
[22:07] <lopta> I'm in Illinois but I'm running irssi in Michigan
[22:07] <maps|wrk> yea
[22:07] <maps|wrk> but
[22:07] <lopta> Also, I need more coffee.
[22:07] <maps|wrk> diddledan:'s ip 7-27 ****
[22:07] <maps|wrk> what  the hell
[22:08] <diddledan> o_O
[22:08] <diddledan> my ip is 151.229.92.11?
[22:08] <maps|wrk> ya didnt get there
[22:08] <diddledan> according to /whois anyway
[22:09] <diddledan> this client is annoying in that it doesn't respect ipv4 vs ipv6 per the spec
[22:09] <maps|wrk> root@frogs:/etc/default# ps aux | grep port                                                           root      1594  0.0  0.0   2216   320 ?        Ss   22:02   0:00 /usr/sbin/portsentry -stcp root      1600  0.0  0.0   2216   488 ?        Ss   22:02   0:00 /usr/sbin/portsentry -sudp
[22:09] <diddledan> it has a toggle switch for "prefer ipv6 over ipv4" which when on an ipv4-only network causes a complete failure to connect
[22:09] <maps|wrk> running but seeminglyu ignoring nmap scans
[22:09] <maps|wrk> :(
[22:10] <lopta> diddledan: I see http and pptp on your IP (if it's the one you mentioned)
[22:11] <lopta> (fwiw)
[22:11] <diddledan> http?
[22:11] <lopta> I wonder what ports I have open.
[22:11] <diddledan> what's that go to I wonder
[22:11] <lopta> ftp, ssh and a couple of X11s.
[22:11] <lopta> Odd that VNC doesn't show up.
[22:12] <maps|wrk> router?
[22:12] <maps|wrk> owncloud
[22:12] <lopta> maps|wrk: That was run against 127.0.0.1
[22:12] <lopta> ;-)
[22:12] <maps|wrk> Access to the application you were trying to use has been blocked in accordance with company policy. Please contact your system administrator if you believe this is in error.  User: uk36officet  Application: owncloud
[22:12] <maps|wrk> that was trying to access diddledan s ip
[22:12] <maps|wrk> lol
[22:13] <diddledan> aah, it's my owncloud
[22:13] <maps|wrk> yea
[22:13] <maps|wrk> heh
[22:13] <lopta> Oh, so the ubuntu galaxy button is for searching?
[22:13] <diddledan> forgot I had that running :-p
[22:13]  * lopta stumbles around in search of a Start menu
[22:13] <maps|wrk> any suggestions as to why this pesky thing isnt working?
[22:14] <diddledan> the "proper" url is http://cloud.bowlhat.net/
[22:14] <lopta> Ah, alt-F2 works.
[22:14] <daftykins> although alt+f2 seems to give varying success at running progs ime =|
[22:14] <lopta> Hmm... the Ubuntu box doesn't even show ssh.
[22:15] <lopta> I suppose I could install that though.
[22:15] <maps|wrk> i guess thats a no then:D
[22:15] <diddledan> and yeah, pptp is open
[22:15] <diddledan> so that I can VPN if needed
[22:16] <maps|wrk> what VPN you using..ive got openVPN setup
[22:16]  * lopta doesn't VPN
[22:16] <maps|wrk> hi Guest94830 ;p
[22:16] <Guest94830> Ah pants.
[22:16] <maps|wrk> =]
[22:17] <ball> That's better.
[22:18] <ball> Unity doesn't feel /quite/ as bad as I remember.
[22:18] <ball> I think it's improving.
[22:19] <ball> I was impressed that I could print, too.
[22:20] <ball> In a corporate environment, could I control which printers appear on an Ubuntu desktop?
[22:24] <ball> Is Ubuntu One the cloud storage product?
[22:24] <diddledan> yes
[22:25] <diddledan> I don't know about the printers thing though
[22:25] <diddledan> AFAIK there isn't really much in the way of corporate control over individual machines in that manner
[22:26] <diddledan> if you paid for landscape (v. expensive) you might get some management tools there
[22:26] <ball> Hmm... ok
[22:27]  * ball tries video over X11
[22:27] <maps|wrk> cloud printers diddledan ?
[22:28] <diddledan> hmm?
[22:29]  * ball tries video over VNC
[22:30] <ball> Oh that's way better.
[22:49] <maps|wrk> anyone any ideas re portsentry?
[22:50]  * ball doesn't know what that offers.
[22:55] <maps|wrk> http://manpages.ubuntu.com/manpages/precise/en/man8/portsentry.8.html
[23:19] <maps|wrk> sudo nmap -v -A -T4 94.193.78.219 -- can someone try that for me please
[23:19] <bigcalm> Anybody know how to concatenate PDFs into one file for printing?
[23:20] <maps|wrk> hm
[23:24] <shauno> do you have 'pdfunite' installed?  (poppler-utils)
[23:24] <shauno> pdfunite (1)         - Portable Document Format (PDF) page merger
[23:25] <maps|wrk> can anyone lend me a hand and run that scan on me:)
[23:26] <popey> ya
[23:26] <popey> ip?
[23:26] <maps|wrk> 94.193.78.219
[23:26] <maps|wrk> thanks
[23:26] <diddledan> maps|wrk: running
[23:27] <diddledan> maps|wrk: host seems down
[23:27] <diddledan> ""
[23:27] <popey> 22/tcp   open   ssh
[23:27] <popey> 80/tcp   open   http
[23:27] <popey> 443/tcp  open   https
[23:27] <popey> 3128/tcp closed squid-http
[23:27] <popey> 8000/tcp open   http-alt
[23:27] <maps|wrk> ARGHH
[23:27] <maps|wrk> and nothing in syslog
[23:28] <diddledan> http://paste.ubuntu.com/7035734/
[23:28] <maps|wrk> yet portsentry says its active and listening
[23:28] <maps|wrk> ive set BLOCK_TCP and BLOCK_UDP to 1
[23:29] <maps|wrk> could someone try ssh to my ip and 3 incorrect user/pass check fail2ban works..if i do it myself i may get locked out
[23:29] <maps|wrk> cant figure out why portsnetry wont work
[23:30] <diddledan> fail2ban seems to work
[23:31] <diddledan> wow, is it really 11:30 alreayd?!
[23:31] <diddledan> ouch
[23:31] <maps|wrk> yep
[23:31] <maps|wrk> thanks diddledan
[23:31] <maps|wrk> so what to do with portsentry :D hm
[23:39] <daftykins> i don't think trying to do anything about nmap is practical
[23:43] <maps|wrk> but everywhere says portsentry can
[23:43] <maps|wrk> :((
[23:43] <maps|wrk> so what am i doing wrong!
[23:54] <daftykins> running insecure stuff at home :(
[23:54] <daftykins> ;D
[23:56] <maps|wrk> 3 more days at work then off for 11 yesss