[02:25] <ska> Im trying to install 13.10 on a Asus Z87-Pro, but It fails in non-uefi mode as well as uefi.. Different problems..
[02:26] <ska> I think UEFI fails right after partitioning
[02:26] <ska> Its a new system with no other OS.
[16:36] <vlad_starkov> QUESTION: Hi there! I'm setting up NFS4 server. Can't find rquotad service. Should I install it manually?
[17:02] <sync0pate> hey, strange question, don't know if this is the right place but.. if I have a VPS running on a client's server, how secure is it from people who have access to the server?
[17:02] <sync0pate> say the VPS is encrypting it's data internally, but someone may have access to the box the vps is physically running on?
[17:03] <sync0pate> sorry by vps I mean a virtual machine
[17:04] <bekks> As long as someone has physical access to that machine, someone has full control over everything.
[17:06] <sync0pate> as in they could read all the encrypted data within?
[17:06] <andol> sync0pate: The main benefit of encrypted data on your VPS is that it helps against some accidently accessing the data, such as afterwards when another customer reuses the same disk blocks.
[17:07] <andol> sync0pate: It also forces the owner of the physical machine to be more explicilty "evil" to be able to access your data.
[17:07] <sync0pate> well to be honest, I'm mostly worried about accidental access rather than malicious intent
[17:07] <sync0pate> and sorry
[17:07] <sync0pate> when I said VPS, I meant a VM
[17:07] <sync0pate> what I'm actually talking about, is a VM running at a client site, on one of their servers
[17:08] <sync0pate> if they provide access to that physical server to other contractors
[17:08] <sync0pate> how much access could they get to the VM?
[17:08] <bekks> Then the above still applies.
[17:08] <sync0pate> so they'd theoretically be able to access everything?
[17:08] <bekks> Physical access to the server means that they have full control.
[17:08] <sync0pate> how would they be able to decrypt everything?
[17:09] <bekks> They dont have to encrypyt anything as long as your VM is running.
[17:09] <bekks> *decrypt even
[17:09] <sync0pate> what if there's encrypted data within the VM?
[17:09] <andol> Not to mention that they can grab the encryption keys from RAM.
[17:09] <sync0pate> right ok
[17:09] <sync0pate> so, assume they could get full access
[17:10] <sync0pate> but considering I'm worried more about accidental access than deliberate malicious intent
[17:10] <sync0pate> from *that* perspective, it's fairly safe?
[17:10] <andol> sync0pate: I would use the word safe, but there are certain scenarios you do midigate.
[17:10] <bekks> As long as your VM is running, they have full, decrypted access to it.
[17:11] <andol> I wouldn't
[17:12] <sync0pate> but they're unlikely to get full, decrypted access to it unless they deliberately wanted to?
[17:12] <bekks> Read again:
[17:12] <bekks> < bekks> As long as your VM is running, they have full, decrypted access to it.
[17:12] <sync0pate> ok, how do they?
[17:12] <bekks> We already told you.
[17:13] <sync0pate> you told me how someone could get access through grabbing the encryption keys from ram or something
[17:13] <bekks> Yes, thats one of the attacking vectors possible.
[17:13] <bekks> It perfectly answers your question "Is it safe?" with a clear "No.".
[17:14] <sync0pate> I think it shows "Is it secure?" would be a clear "no"
[17:14] <sync0pate> would their be a better alternative though?
[17:15] <bekks> Dont host valuable data at a site where others have physical control. :)
[17:15] <sync0pate> that's not an option
[17:15] <bekks> Thats the only option.
[17:15] <sync0pate> OK, I'll explain the situation a bit better
[17:16] <sync0pate> it's a client site
[17:16] <sync0pate> a database system I have provided them
[17:16] <bekks> Doesnt matter actually. If you dont want someone to be able to access your data, take care no one besides you has physical access.
[17:16] <sync0pate> their internal IT has physical access to the machines
[17:16] <sync0pate> so, I'm not really concerned about malicious attack
[17:16] <sync0pate> just curious IT folk changing settings accidentally or something
[17:17] <sync0pate> deleting the wrong thing etc
[17:17] <bekks> You better crerate backups then.
[17:17] <sync0pate> yeah
[17:17] <bekks> Encryption is not providing any security against logical errors.
[17:18] <sync0pate> well no, the encryption is more in case someone does take the data out of the office
[17:18] <sync0pate> or for when I backup
[17:18] <sync0pate> as I do
[17:18] <bekks> As long as the VM is running, everyone with physical access has FULL ACCESS to ALL data.
[17:18] <bekks> Is that clear now?
[17:19] <sync0pate> that was clear from the start
[17:19] <bekks> Then why did you ask it on and on?
[17:19] <sync0pate> because it's not exactly what I'm asking
[17:19] <sync0pate> thanks anyway though
[17:20] <bekks> It is exactly what you are asking. You just ont want to accept the answer. Your proposed solution is not providing any security for the usecase you are providing.
[17:20] <sync0pate> well there isn't a solution that does provide the security I would like
[17:21] <sync0pate> because I'm not allowed to host the data off site
[17:21] <bekks> There are. But not for the price you would pay.
[17:21] <sync0pate> there are?
[17:21] <sync0pate> hey, I wouldn't be paying
[17:21] <bekks> Or are you willing to license a full blown Oracle Enterprise Edition with Encryption Option?
[17:22] <bekks> It will cost several hundreds of thousand of dollars for the license only.
[17:22] <sync0pate> seems unlikely then :)
[17:22] <bekks> Then the answer is "No."
[17:23] <sync0pate> so then there isn't really an affordable solution that would provide the desired level of security
[17:25] <sync0pate> is there anything more you would suggest to gently discourage curious IT people from poking at stuff?
[17:25] <sync0pate> other than a stern talking to?
[17:26] <bekks> Let them sign "Whatever I break, I have to fix it. No one else will help me."
[17:26] <sync0pate> Aha
[17:26] <sync0pate> yeah, that's probably what I need
[17:27] <cfhowlett> bekks oh, I LIKE that one!
[17:27] <andol> sync0pate: http://www.tacticalknives.biz/ImagesProductsLarge/926795.jpg
[17:27] <sync0pate> also a good idea andol :)
[17:27] <bekks> cfhowlett: :D
[17:27] <sync0pate> sorry if I was unclear before!
[17:28] <andol> Our Server QA team lead has something like that on his desk.
[17:31] <sync0pate> tbh it's probably not even a concern
[17:31] <sync0pate> in this case
[17:32] <sync0pate> I just had a bad experience once when a marketing manager with a little knowledge started changing my SQL views to try and add extra data to his reports
[17:32] <cfhowlett> sync0pate so you must also enforce the CLIENT policy; you break, you fix (or you pay the consultant 2X)
[17:33] <andol> sync0pate: That kind of stuff appear to be more related to who has what kind of access credentials?
[17:33] <sync0pate> yeah absolutely
[17:33] <sync0pate> I mean, I still did charge for the fix
[17:33] <sync0pate> but I would like to not have the headache
[17:34] <sync0pate> how so andol ?
[17:34] <sync0pate> like you said, they have physical access to the machine..s o..
[17:35] <andol> sync0pate: Yeah, but I doubt a marketing manager would leverage physical root access to root access on the vm, to access to the *sql database. More like the marketing manager had been provided access to the database directly?
[17:36] <sync0pate> that's kind of what I was getting at earlier andol
[17:36] <sync0pate> like, I doubt the IT guys are gonna be pulling encryption keys from RAM to piss about with connection settings
[17:36] <sync0pate> but yeah, in the earlier situation, the guy was given direct access to the DB
[17:36] <sync0pate> again, nothing I had control over
[17:41] <ska> Given a choice between UEFI and Legacy installation, what would you recommend?
[19:12] <martisj> morning
[19:12] <martisj> What does a + mean next to a file in a file ls?
[19:20] <tcstar> not the right channel i'm sure, i'm attempting to use tsung to test my server setup -- it's not generating any traffic... #tsung has been dead all weekend.. anyone with experience with this that can help?
[19:23] <hxm> can I follow symlinks in webdav server?
[19:30] <hxm> i added Options Indexes FollowSymLinks to the configuration but doesnt works
[19:34] <martisj> How can I remove custom acl settings for a specific folder?
[19:36] <martisj> is this in the directory listing: dr- -r- -rwx+ on my folders, what does the + mean?
[20:07] <Aison> are there any big changes in apache server between raring and saucy?
[20:08] <Aison> I updated one server and everything still works, except the apache2
[20:08] <Aison> well, apache2 still works, but the virtual hosts are not found anymore
[20:08] <Aison> sites-enabled is somehow ignored or whatever
[20:51] <dzeko> Does anyone know how to setup ntp server authentication. I only found one with the centos, but none with the ubuntu.
[20:52] <bekks> the service is the same ;)
[20:54] <dzeko> bekks: you've tried it before?
[20:56] <bekks> I dont see a reason to authenticate for ntp access. If you ont want my clients being able to change the time of the ntp server, I just use nomodify.
[20:56] <bekks> So "no." :)
[20:58] <dzeko> bekks: because i've heard that if you don't have this, than it is possible to ddos it.
[20:59] <bekks> Every service may be ddos'ed, regardless of unneeded authentication.
[20:59] <bekks> nomodify is totally enough for disallowing modifications.
[21:01] <dzeko> ok
[21:01] <dzeko> tnx
[21:44] <Aison> my apache server is no longer working under saucy
[21:44] <Aison> the VirtualHosts are not matched
[21:44] <Aison> always the default is taken
[21:44] <Aison> what could be wrong?
[21:45] <Aison> are there any big changes that I have to consider?
[21:47] <Aison> when I try to access index.php of a virtual domain, always the default one is taken:
[21:47] <Aison>  [:error] [pid 29379] [client 10.0.1.1:52937] script '/var/www/default/index.php' not found or unable to stat
[21:47] <TJ-> Aison: https://wiki.ubuntu.com/SaucySalamander/ReleaseNotes
[21:48] <Aison> thx
[22:14] <Aison> TJ-, no luck. somehow VirtualHost matching is not working
[22:14] <Aison> damn
[22:15] <TJ-> Aison: That'll be because of the Apache 2.2 > 2.4 update. Lots of things changed. Run the configuration test option of the apache2
[22:28] <Aison> apachectl configtest says Syntax OK
[22:33] <TJ-> Aison: That's good then!
[22:34] <TJ-> Aison: Did you check the apache 2.4 upgrade guide, particularly the "NameVirtualHost" changes?
[22:35] <Aison> yes, I didn't use it before anyway
[22:35] <TJ-> Is it HTTP or HTTPS?
[22:37] <Aison> HTTP
[22:38] <TJ-> Aison: have you confirmed that the site files are being parsed?
[22:39] <Aison> you mean the files in sites-enabled?
[22:39] <TJ-> Yes
[22:40] <TJ-> Look at /etc/apache2/apache2.conf, and the "IncludeOptional" statement. Does it match the naming of the files in your "/etc/apache2/sites-enabled/" ?
[22:42] <Aison> yeah, there is a IncludeOptional sites-enabled/*.conf
[22:42] <Aison> well, I can try to add some syntax error to one of the files and config check again
[22:42] <TJ-> Aison: And your sites files are all named $SOMETHING.conf ?
[22:47] <Aison> aaaaaaahhh, damn *hit head on table*
[22:47] <Aison> some have got no conf...
[22:47] <Aison> lol