[02:25] Im trying to install 13.10 on a Asus Z87-Pro, but It fails in non-uefi mode as well as uefi.. Different problems.. [02:26] I think UEFI fails right after partitioning [02:26] Its a new system with no other OS. === yeahpla is now known as Guest43332 === awalker is now known as linodil === awalker is now known as linodils [16:36] QUESTION: Hi there! I'm setting up NFS4 server. Can't find rquotad service. Should I install it manually? [17:02] hey, strange question, don't know if this is the right place but.. if I have a VPS running on a client's server, how secure is it from people who have access to the server? [17:02] say the VPS is encrypting it's data internally, but someone may have access to the box the vps is physically running on? [17:03] sorry by vps I mean a virtual machine [17:04] As long as someone has physical access to that machine, someone has full control over everything. [17:06] as in they could read all the encrypted data within? [17:06] sync0pate: The main benefit of encrypted data on your VPS is that it helps against some accidently accessing the data, such as afterwards when another customer reuses the same disk blocks. [17:07] sync0pate: It also forces the owner of the physical machine to be more explicilty "evil" to be able to access your data. [17:07] well to be honest, I'm mostly worried about accidental access rather than malicious intent [17:07] and sorry [17:07] when I said VPS, I meant a VM [17:07] what I'm actually talking about, is a VM running at a client site, on one of their servers [17:08] if they provide access to that physical server to other contractors [17:08] how much access could they get to the VM? [17:08] Then the above still applies. [17:08] so they'd theoretically be able to access everything? [17:08] Physical access to the server means that they have full control. [17:08] how would they be able to decrypt everything? [17:09] They dont have to encrypyt anything as long as your VM is running. [17:09] *decrypt even [17:09] what if there's encrypted data within the VM? [17:09] Not to mention that they can grab the encryption keys from RAM. [17:09] right ok [17:09] so, assume they could get full access [17:10] but considering I'm worried more about accidental access than deliberate malicious intent [17:10] from *that* perspective, it's fairly safe? [17:10] sync0pate: I would use the word safe, but there are certain scenarios you do midigate. [17:10] As long as your VM is running, they have full, decrypted access to it. [17:11] I wouldn't [17:12] but they're unlikely to get full, decrypted access to it unless they deliberately wanted to? [17:12] Read again: [17:12] < bekks> As long as your VM is running, they have full, decrypted access to it. [17:12] ok, how do they? [17:12] We already told you. [17:13] you told me how someone could get access through grabbing the encryption keys from ram or something [17:13] Yes, thats one of the attacking vectors possible. [17:13] It perfectly answers your question "Is it safe?" with a clear "No.". [17:14] I think it shows "Is it secure?" would be a clear "no" [17:14] would their be a better alternative though? [17:15] Dont host valuable data at a site where others have physical control. :) [17:15] that's not an option [17:15] Thats the only option. [17:15] OK, I'll explain the situation a bit better [17:16] it's a client site [17:16] a database system I have provided them [17:16] Doesnt matter actually. If you dont want someone to be able to access your data, take care no one besides you has physical access. [17:16] their internal IT has physical access to the machines [17:16] so, I'm not really concerned about malicious attack [17:16] just curious IT folk changing settings accidentally or something [17:17] deleting the wrong thing etc [17:17] You better crerate backups then. [17:17] yeah [17:17] Encryption is not providing any security against logical errors. [17:18] well no, the encryption is more in case someone does take the data out of the office [17:18] or for when I backup [17:18] as I do [17:18] As long as the VM is running, everyone with physical access has FULL ACCESS to ALL data. [17:18] Is that clear now? [17:19] that was clear from the start [17:19] Then why did you ask it on and on? [17:19] because it's not exactly what I'm asking [17:19] thanks anyway though [17:20] It is exactly what you are asking. You just ont want to accept the answer. Your proposed solution is not providing any security for the usecase you are providing. [17:20] well there isn't a solution that does provide the security I would like [17:21] because I'm not allowed to host the data off site [17:21] There are. But not for the price you would pay. [17:21] there are? [17:21] hey, I wouldn't be paying [17:21] Or are you willing to license a full blown Oracle Enterprise Edition with Encryption Option? [17:22] It will cost several hundreds of thousand of dollars for the license only. [17:22] seems unlikely then :) [17:22] Then the answer is "No." [17:23] so then there isn't really an affordable solution that would provide the desired level of security [17:25] is there anything more you would suggest to gently discourage curious IT people from poking at stuff? [17:25] other than a stern talking to? [17:26] Let them sign "Whatever I break, I have to fix it. No one else will help me." [17:26] Aha [17:26] yeah, that's probably what I need [17:27] bekks oh, I LIKE that one! [17:27] sync0pate: http://www.tacticalknives.biz/ImagesProductsLarge/926795.jpg [17:27] also a good idea andol :) [17:27] cfhowlett: :D [17:27] sorry if I was unclear before! [17:28] Our Server QA team lead has something like that on his desk. [17:31] tbh it's probably not even a concern [17:31] in this case [17:32] I just had a bad experience once when a marketing manager with a little knowledge started changing my SQL views to try and add extra data to his reports [17:32] sync0pate so you must also enforce the CLIENT policy; you break, you fix (or you pay the consultant 2X) [17:33] sync0pate: That kind of stuff appear to be more related to who has what kind of access credentials? [17:33] yeah absolutely [17:33] I mean, I still did charge for the fix [17:33] but I would like to not have the headache [17:34] how so andol ? [17:34] like you said, they have physical access to the machine..s o.. [17:35] sync0pate: Yeah, but I doubt a marketing manager would leverage physical root access to root access on the vm, to access to the *sql database. More like the marketing manager had been provided access to the database directly? [17:36] that's kind of what I was getting at earlier andol [17:36] like, I doubt the IT guys are gonna be pulling encryption keys from RAM to piss about with connection settings [17:36] but yeah, in the earlier situation, the guy was given direct access to the DB [17:36] again, nothing I had control over [17:41] Given a choice between UEFI and Legacy installation, what would you recommend? [19:12] morning [19:12] What does a + mean next to a file in a file ls? [19:20] not the right channel i'm sure, i'm attempting to use tsung to test my server setup -- it's not generating any traffic... #tsung has been dead all weekend.. anyone with experience with this that can help? [19:23] can I follow symlinks in webdav server? [19:30] i added Options Indexes FollowSymLinks to the configuration but doesnt works [19:34] How can I remove custom acl settings for a specific folder? [19:36] is this in the directory listing: dr- -r- -rwx+ on my folders, what does the + mean? [20:07] are there any big changes in apache server between raring and saucy? [20:08] I updated one server and everything still works, except the apache2 [20:08] well, apache2 still works, but the virtual hosts are not found anymore [20:08] sites-enabled is somehow ignored or whatever === mc_bluebeard_ is now known as mc_bluebeard === esde_ is now known as esde === Rasmus`- is now known as Rasmus` === justizin_ is now known as justizin === arlen_ is now known as arlen [20:51] Does anyone know how to setup ntp server authentication. I only found one with the centos, but none with the ubuntu. [20:52] the service is the same ;) [20:54] bekks: you've tried it before? [20:56] I dont see a reason to authenticate for ntp access. If you ont want my clients being able to change the time of the ntp server, I just use nomodify. [20:56] So "no." :) [20:58] bekks: because i've heard that if you don't have this, than it is possible to ddos it. [20:59] Every service may be ddos'ed, regardless of unneeded authentication. [20:59] nomodify is totally enough for disallowing modifications. [21:01] ok [21:01] tnx [21:44] my apache server is no longer working under saucy [21:44] the VirtualHosts are not matched [21:44] always the default is taken [21:44] what could be wrong? [21:45] are there any big changes that I have to consider? [21:47] when I try to access index.php of a virtual domain, always the default one is taken: [21:47] [:error] [pid 29379] [client 10.0.1.1:52937] script '/var/www/default/index.php' not found or unable to stat [21:47] Aison: https://wiki.ubuntu.com/SaucySalamander/ReleaseNotes [21:48] thx === baggar11_ is now known as baggar11 [22:14] TJ-, no luck. somehow VirtualHost matching is not working [22:14] damn [22:15] Aison: That'll be because of the Apache 2.2 > 2.4 update. Lots of things changed. Run the configuration test option of the apache2 [22:28] apachectl configtest says Syntax OK [22:33] Aison: That's good then! [22:34] Aison: Did you check the apache 2.4 upgrade guide, particularly the "NameVirtualHost" changes? [22:35] yes, I didn't use it before anyway [22:35] Is it HTTP or HTTPS? [22:37] HTTP [22:38] Aison: have you confirmed that the site files are being parsed? [22:39] you mean the files in sites-enabled? [22:39] Yes [22:40] Look at /etc/apache2/apache2.conf, and the "IncludeOptional" statement. Does it match the naming of the files in your "/etc/apache2/sites-enabled/" ? [22:42] yeah, there is a IncludeOptional sites-enabled/*.conf [22:42] well, I can try to add some syntax error to one of the files and config check again [22:42] Aison: And your sites files are all named $SOMETHING.conf ? [22:47] aaaaaaahhh, damn *hit head on table* [22:47] some have got no conf... [22:47] lol === thumper is now known as thumper-gym