[01:14] am tip: echo BYOBU_PYTHON=python >> .byoburc to prevent byobu from running python -c 'import snack' EVERY time it refreshes status line [01:17] I have a LVM LV snapshot which is not mounted, yet I cannot delete it. [01:17] Logical volume datavg/mirrored-snapshot-monthly contains a filesystem in use. === lynxman_ is now known as lynxman === eshlox_ is now known as eshlox === omfgitsasalmon_ is now known as omfgitsasalmon === hachre_ is now known as hachre === fhd___ is now known as fhd__ === BasedGeek is now known as BasedGeek_Sleep [03:11] hello all!! [03:28] oftc [04:08] https://bugs.launchpad.net/qemu/+bug/1305402 [04:08] Launchpad bug 1305402 in qemu "kvm fails to start 'trusty' machines" [Undecided,New] [04:19] lazyPower: please stop and restart libvirt-bin, that should fix it (assuming both qemu and libvirt are uptodate) [04:19] hallyn: it looks like the machine names were incorrect from what it was expecting. I had some machines that didn't get an updated flag. I updated teh bug with my findings [04:20] they had just 'trusty' as the designation, and it wanted pc-i440fx-trusty [04:20] not sure if virt-manager is to blame, or the update... [04:21] lazyPower: no, I am to blame - in previous version the machine type was just 'trusty' [04:22] libvirt was udated to handle that, but then that messed people up who were using newer qemu with older libvirt (in ppas) [04:22] so we renamed the machine type [04:22] ah, ok. weird that 2 of my machines had a proper machine type while the rest were just trusty. [04:22] probably depends on when they were created [04:22] zul: ^ we may just want to re-introduce the libvirt patch for a bit? [04:23] or, release-notes it [04:23] wasn't a big deal here. Only 7 VM's to virsh edit here. [04:24] but i can see this being a larger issue at scale for anyone using libvirt with "stale" machines [04:24] right [04:25] hallyn: thanks for taking a look at the bug though. Hope this helps. [04:25] lazyPower: having the bug open shoudl help guide others who run into it, so thanks for that [04:26] * hallyn out === G is now known as TWWOC [05:20] hi wondering anyone experience on working with a personal server in zotac aq01 boxes? or even maybe the newer aq02 [05:21] oh that's cute :) [05:22] :? [05:22] aq02 [05:22] you just saw it online :P? or you tried it before [05:22] Kiongku: never heard of it before, but the photos and specsheets look nice [05:23] hahaha hong kong.. space is premium :) [05:23] :) === TheBurgerKing_ is now known as TheBurgerKing === SpamapS_ is now known as SpamapS === PaulePan1er is now known as PaulePanter [07:55] Good morning. === airtonix_ is now known as airtonix [09:23] zul, want me todo nova rc2? [09:28] rcj, utlemming: bug 1305418 looks critical to me. On Saucy? [09:28] Launchpad bug 1305418 in walinuxagent "Broken SSHD configuration on Ubuntu 13.10 with latest walinuxagent update" [Undecided,New] https://launchpad.net/bugs/1305418 [09:54] rbasak, morning [10:02] zul, coreycb_: https://code.launchpad.net/~james-page/nova/rc2/+merge/215130 [10:02] or infact rbasak [10:02] ^^ [10:03] o/ [10:04] rbasak, just a new rc - running the package build including unit tests right now [10:05] jamespage: lgtm, though I'm not sure what exactly to review there! [10:05] rbasak, its really just a formality - I'd normally just push that as a trivial [10:06] rbasak, so long as I have the right bug and don't have any typos +1 [10:06] I did indeed check the changelog entry very quickly, and followed the bug link :) [10:07] rbasak, excellent [10:07] Uh, s/quickly/carefully/ is what I meant. It was also quite quick :) [10:22] I cant see ubuntu as an operating system in ec2 of amazon while i create a volume or instance.? === sync0new is now known as sync0pate [11:47] how to add various directories to a webdav ? [12:07] i created a webdav, added a Location added some ln -s files to there [12:07] when i want to create a directory in that symlink i get an error [12:07] i was able to create the directory but not to change the name [12:07] im in macos to ubuntu server [12:28] jamespage/coreycb: i got heat [12:28] zul, ack - I'm working on a fixup for vpn/l3 conflicting [12:28] in neutron [12:29] jamespage: cool beans [12:29] zul, anything else left? [12:29] coreycb: there is always more ;) [12:30] zul, :) [12:31] coreycb: there is a glance rc2 probably still [12:31] jamespage: it looks like your swift patch got merged [12:33] zul, I'll keep an eye on glance [12:36] zul, \o/ [12:37] jamespage: need to go fix ci packaging now :P [12:38] HI I am using 12.04 LTS. The openssl pkg version is 1.0.1. I like to use the later version which is provided by 13.xx . How could I upgrade this pkg? thx [12:39] rostam, why? [12:40] jamespage, It has a better TLS support according to our development team. If this is not the case please let me know. Thx [12:43] rostam: I suggest that you use 13.xx then. [12:44] (13.10 is the only 13.xx that is still supported) [12:45] rbasak, we need to stick with LTS , So is there a site that has backported 13.10 version of openssl to 12.04 LTS ? [12:46] rostam, what is the *problem*? [12:46] rbasak, Looking at bug #1305418. [12:46] Launchpad bug 1305418 in walinuxagent "Broken SSHD configuration on Ubuntu 13.10 with latest walinuxagent update" [Undecided,New] https://launchpad.net/bugs/1305418 [12:46] rostam: I'm not aware of one. Are you aware of https://wiki.ubuntu.com/UbuntuBackports? OpenSSL is a pretty core package though, with many reverse dependencies. A backport seems unlikely. [12:47] can't believe there is that much of a difference from 1.0.1 and 1.0.1f [12:47] rostam: why are you sticking with the LTS? I think that the recent openssl vulnerability demonstrates that using an unsupported openssl is far worse than using a non-LTS. [12:47] but with lts in 2 weeks, why really bother? [12:47] 1 week ... [12:48] rostam: or you could wait a week and use the next lts that is out next week [12:48] All, Thank you so much. I got very valuable help here. So I will wait one week for next LTS. [12:53] jamespage: https://code.launchpad.net/~zulcss/heat/2014.1.rc2/+merge/215165 [12:53] zul, -1 wrong bug [12:54] zul, gah - this l3/vpn thing is awkard; the vpn-agent needs all of the bits from the l3-agent package apart from the upstart config and the binary [12:55] zul, as a minimal change I might move bits into neutron-common (filters and config) and then have the binary and the upstart config in the -agent packages [12:55] how does that sound? [12:57] Hi. I try to config "log2ban" script and i dont like how it works. I want ban IP if it requests more than 40 requests per minute. But log2ban logic is that - 1 minute count requests and then ban. So you can send 100000 requests and will be banned only in 60secs. And that is problem when you have 97000 bots with 3 requests/sec. Anybody have experience with "log2ban"? Maybe i do something [12:57] wrong? [12:59] jamespage: erp...fixed [12:59] jamespage: sounds good to me [13:02] tiblock: How about using fail2ban? It will ban clients after three attempts, e.g. [13:02] bekks, as i know fail2ban is about SSH, but log2ban is for HTTP DDoS/flood/bruteforce [13:03] ah ok [13:03] fail2ban just uses regex on logfiles to determine bans/blocks iirc, so it could also help against bruteforce/flood/???/dovecot [13:04] bekks, ihre, yeah, i google and fail2ban may be solution. Thank you. [13:06] note, the default repositories contains a pretty old version of f2b [13:06] how I can be sure if tomcate is started? [13:07] how can i be sure that it is running http://pastie.org/9070315 I dont see it in nmap localhost nor on localhost:8080 [13:07] jamespage: heat fixed [13:09] zul, if you use debcommit it will auto-generated --fixes on the bzr commit and then the MP references then directly btw [13:09] zul, +1 [13:09] zul, oh actually [13:10] bug 1296912 [13:10] Launchpad bug 1296912 in heat "python-qpid-python package does not exist in precise" [Undecided,New] https://launchpad.net/bugs/1296912 [13:10] zul ^^ [13:12] zul, three of those - just de-duped them all [13:12] zul, can you check it out please? its a UCA issue [13:13] heh? fail2ban comes with dovecot rules by default [13:18] jamespage: ack [13:18] zul, just working on the upgrade testing for the neutron re-jig [13:19] just for the record, "fail2ban" will not work. Its good for very fast flood, but yesterday i was attacked by 50 requests/60 sec. Legit users requests static content faster. "log2ban" uses custom function to generate ID of attacker and i can use my own algorithms for detection. For example random hosts "39p6jml1s42lz.com nd02386x93477v.net s30l9m0i4ds.com 6o21b81yy94.com" and "POST /". [13:19] So i will search guy who have experienge with log2ban. [13:20] I suppose they'll always look for a way around effective defences. I must say fail2ban has done me a lot of good over the years. [13:21] jamescarr: looking [13:25] well, blocking via access logs, is very very hard [13:30] zul, coreycb: https://code.launchpad.net/~james-page/neutron/vpn-l3-fixup/+merge/215178 [13:33] jamespage: +1 [13:33] jamespage: heat fixed as well [13:33] zul, looking [13:34] jamespage: why didnt the adt tests pick up on this for heat i wonder [13:34] zul, I think its OK in 14.04 [13:36] zul, OK - uploaded neutron - thanks for the review [13:37] jamespage: actually its in the requirements.txt so pydist will add it anyways...best remove it for now and then we rethink qpid after trusty is out [13:44] zul: huh? [13:44] oh === Ursinha is now known as Ursinha-afk [14:00] zul, bah - can you ack http://paste.ubuntu.com/7230905/ [14:00] otherwise that there vpn agent won't work to well [14:00] jamespage: hah ok +1 [14:00] jamespage: mind +1 heat while you are at it [14:01] zul, approved but can you shift the fullstop after the bug reference - being super niggly today [14:02] jamespage: sure === matsubara_ is now known as matsubara === Ursinha-afk is now known as Ursinha [15:08] hey all [15:09] i'm a bit screwed on a cloud server i have and can't get root access after stupidly deleting the wrong key [15:09] and the grub boot line changes don't seem to work [15:10] what is a cloud server? [15:10] well vm [15:10] ;) [15:11] i have console access but the lost password instructions point to things i can't seem to see [15:11] i get the grub menu up, press e and have the boot code, but must not be putting things in the right place [15:11] are you pressing ctrl-x or f10 after making the change? [15:11] yeah i just get back to the login prompt [15:13] what cloud vendor? [15:14] brightbox [15:14] talking with one of their guys atm [15:14] these things always happen when i'm behind on deadlines lol [15:15] you have to also hold down shift to get into recovery console [15:15] I guess you are doing that [15:16] yeah did that, it prompted my for a root pass which i don't have [15:16] me* [15:16] so then tried lost password options which say press e on the boot option and edit that [15:16] can't seem to edit it correctly [15:18] well you have to edit the boot line and then somehow get it to continue boot otherwise it will revert to whatever it was before next boot [15:18] unless you can run update-grub which if you could do that we would not be here :) [15:19] yeah tried changing the boot line where it says ro to rw and adding a shell init, it just got stuck on boot commands then [15:21] Hi There, I am struggling to config my ubuntu-server with my wifi can any1 hemp me pls. [15:21] I think you can just add single to the end of the boot line and then f10 [15:21] and manually do the rw remount [15:21] yeah added that and ctrl-x and it just went back to login prompt [15:22] well i dont have a brightbox account and not sure of their security setups or I would try to help figure it out === Corey_ is now known as Corey [15:24] does any1 know how to connect the ubuntu-server system with a wifi router, kindly help me. [15:25] does the device show up ? [15:25] lshw -C network [15:26] Geeky_Vin: there are some examples of how to set up /etc/network/interfaces in /usr/share/doc/wpasupplicant/README.Debian.gz [15:27] @tmsiy: Thank you for ur response, I can see the device. [15:27] @rbasak: I tried them with no success, thank you anyway. [15:28] not sure about what security protocols you are trying to use but this looks like it mentions a good number: http://ubuntuforums.org/showthread.php?t=571188 [15:28] but I see *-network DISABLED in the first line, is that suppose to be like that? [15:29] yeah that is probably not a good thing :) [15:29] how do i enable it? [15:29] is there a button on the device to turn it off/on? [15:30] or it could not be set to managed in netowrk manager [15:30] assuming you are using network manager [15:30] /etc/NetworkManager/nm-system-settings.conf should tell you [15:31] that conf file seems to be empty [15:33] wait a sec I did ifconfig wlan0 up [15:33] now the nwtwork is enabled [15:34] and you can connect to AP? [15:35] I'm sry I'm a newbie to this, how do I chk that? [15:36] tmwsiy: which config do i edit to allow password based login until i can readd my key? [15:36] have a login now but only via the cloud terminal [15:37] rmarshall: /etc/ssh/sshd_config is the file and PasswordAuthentication yes is the option you want to change [15:38] just did that actually :) and it still says public key is the problem [15:38] don't know if you can get there from where you are now though [15:38] i also restarted ssh [15:38] wait if you are able to edit files as root what is the problem? [15:39] i'm on the cloud terminal, want to ssh in from my local machine [15:39] so need to replace my key but can't past it in there lol [15:39] and it's a big long to do manually [15:39] rsmarshall: ssh -v to see the protocol action [15:40] you should be able to edit whatever keys you need in the files in /root/.ssh/ right? [15:40] GeekyVin: are you logging in to a gui? [15:40] yeah but can't paste into the terminal, so was going to log in locally with password and then set it back to the key [15:41] I'm logged in to the chat in a GUI [15:41] rmarshall: put it on a web server real quick and pull it down with wget and delete [15:41] ok so what happens when you try and configure wireless with the nm-applet? [15:41] ah nice idea [15:43] Yes, I'm logged into the chat in a windows-7 machine, my server is a ubuntu-server 13.0 version [15:46] when I try wpa-supplicant -Dnl80211 -iwlan0 -c./wpa.conf I get wlan0: Failed to initiate AP Scan [15:48] sorted it thanks tmwsiy :) [15:50] @tmwsiy: do u hav any idea how shld I process, pls. [15:53] tmwsiy: for ftp am i best setting up vsftpd? [15:53] rsmarshall: yeah, thats the most easy one. [15:54] bekks: just installed it via ansible and when i try vsftpd in terminal it says it's not set as the correct user [15:54] hello, can anyone tell me why i can't see any packages when i browse to http://us.archive.ubuntu.com/ubuntu/dists/trusty/main/binary-amd64/ ? [15:54] however, my servers seem to be able to download them just fine via apt-get [15:54] rsmarshall: I never used ansible and all my vsftpd instance do work fine. [15:54] do i need to add users to a group? [15:54] i have a user setup and vsftp installed [15:58] can't connect to the server with the user i setup [16:00] when i run vsftp i get 500 OOPS: could not bind listening IPv4 socket [16:07] rsmarshall: thats totally different from "the user isnt in a group". [16:07] rsmarshall: vsftpd cannot bind to the port configured. [16:07] yeah wasn't sure the user was but it seems this is the issue [16:07] sorry [16:07] yeah not sure how to fix it, is it as there is another service on the port? [16:08] meant to be going home 10 mins ago lol [16:09] rsmarshall: The user isnt the issue. [16:09] rsmarshall: vsftpd cannot bind to the port configured. [16:09] yeah thanks, i am trying to work out how to solve that problem [16:09] actually i'd like to change it's port to a none standard one [16:10] Find out what is listening on that port. [16:10] how do i do that? [16:10] lsof -i [16:10] sudo lsof -i actually [16:10] And unless you are root, you cannot bind to a port < 1025 [16:11] not sure from that display [16:12] vsftpd 2727 root 3u IPv4 14531 0t0 TCP *:ftp (LISTEN) is listed [16:12] So it is already listening. [16:12] Running as root. [16:13] does that mean standard ftp port? [16:13] Geeky_Vin: try this and let me know where you have issues https://help.ubuntu.com/community/WifiDocs/WirelessTroubleShootingGuide [16:13] rsmarshall: Yes. [16:13] i can't connect though [16:15] appreciate the help bekks , just want to go home now lol [16:15] i can as soon as i can connect to this [16:15] :) [16:16] server refuses connection [16:16] in general, could it be a closed port? [16:19] opened port 21 i think, but nothing [16:21] rsmarshall: Stop vsftpd, ensure it is stopped, and start it again. Check for errors. Check the firewall is open on both the data and the control port. [16:23] i did iptables -A INPUT -p tcp --dport 21 [16:24] source port is needed as well. [16:24] For output, though [16:24] sudo ufw enable ftp? found something about using ufw [16:24] Yes. [16:24] still nothing [16:25] try "telnet 127.0.0.1 21" from the server itself, in a new terminal. [16:27] i can't connect at all since running that command [16:27] if you can get back in I would just do a sudo ufw disable to completely eliminate firewall as an issue [16:28] rsmarshall: since running which command? [16:28] and then correct your rules if that is the problem :) [16:28] if i can get back in tmwsiy [16:28] the ufw command bekks [16:28] can you do the console thing like you were before? [16:29] nope [16:29] well that sucks [16:29] now i can [16:30] rebooting now [16:30] after ufw off [16:30] i just want to go home lol [16:32] ok now i can get in [16:32] so need to get ftp working still [16:32] tmwsiy: many beers will be yours (should we ever meet) if you can fix my ftp woes ;) [16:34] haha: sounds like you need a beer for sure [16:34] damn right lol [16:35] other dev is on hol and he normally does all this, i'm still learning more on the server side [16:35] all been fine until now, provisioned with ansible and set the rest up, can't get this damn ftp to connect [16:35] just want to go home and have a beer ;) [16:35] it's vsftpd [16:40] any ideas? [16:42] what happens when you try to connect using the telnet method from localhost with the firewall off and the service started? [16:43] Trying 127.0.0.1... [16:43] Connected to 127.0.0.1. [16:43] Escape character is '^]'. [16:43] 500 OOPS: vsftpd: both local and anonymous access disabled! [16:43] Connection closed by foreign host. [16:52] can't connect at all [16:52] must be some port issue [16:52] but can't work it out [16:53] 500 OOPS: vsftpd: both local and anonymous access disabled! [16:53] that is your answer [16:54] yeah but i want to connect externally [16:54] well the telnet thing is just to test the port connectivity [16:54] you can try the same thing from a remote host [16:54] trying now with local on [16:54] and it's just hanging [16:54] Trying 127.0.0.1... [16:54] Connected to 127.0.0.1. [16:54] Escape character is '^]'. [16:54] 220 (vsFTPd 2.3.5) [16:54] then stops [16:54] that is correct [16:55] its working [16:55] its waiting for a command [16:55] right, but it doesn't tell me much [16:55] in the sense i'm not sure what to do enxt [16:55] next [16:56] rsmarshall: start a ftp client and try connecting from another machine. [16:56] you can test like this too: wget --user=user --password='myPassword' ftp://yourserver [16:56] tried that, refuses connection [16:57] well a full path to a file on your server [16:57] telnet ipofyourhost 21 [16:57] bekks: that works [16:57] Trying 109.107.38.204... [16:57] Connected to cip-109-107-38-204.gb1.brightbox.com. [16:57] Escape character is '^]'. [16:57] Connection closed by foreign host. [16:57] Then it isnt a ftp issue, but most likely a ftp client configuration issue. [16:58] ok [16:58] still no clue how to fix it :( [16:59] then provide a screenshot of your client connection settings for that host (and omit the IP if it is an internet reachable host) [16:59] what happens when you try the wget method? [17:01] seems to work [17:01] all i did was install vsftpd, nothing none standard [17:02] rsmarshall: "seems to work"? Does it work "yes/no"? [17:02] wget does [17:02] then provide a screenshot of your client connection settings for that host (and omit the IP if it is an internet reachable host) [17:02] how do i get those connections? [17:03] what ftp client are you using? [17:03] Well, what are you typing into your client to connect to your server? [17:03] ftp client to connect? filezilla and ftp from command line [17:03] Then what are your filezilla connection options? [17:04] normal ftp, user and pass, port [17:04] command line is just ftp ip [17:04] should then ask for username and password === 21WAABD33 is now known as sarnold [17:04] rsmarshall: Screenshot. [17:04] rsmarshall: I am not going to ask for a 4th time. [17:07] https://www.dropbox.com/s/wz8s3a8efryqwfl/Screen%20Shot%202014-04-10%20at%2018.07.30.png [17:07] ah hang on [17:08] https://www.dropbox.com/s/4u7bw8wp5mczvpz/Screen%20Shot%202014-04-10%20at%2018.08.37.png [17:09] rsmarshall: Host "4" is an invalid IP. [17:09] yeah i removed the ip [17:10] and when taking a screenshot it ended up in there when i mispressed a key [17:10] AH :) [17:10] on a mac it's command shift 4 lol [17:10] i just want to go home lol :( [17:10] so what happens with this? [17:10] refuses connection [17:11] and this is the machine that you can successfully use wget from? [17:11] yeah [17:11] weird [17:12] rsmarshall: Can you screenshot the other connection options tabs please? [17:13] rsmarshall: And can you ensure you are not using any form of proxy in filezilla? [17:13] i'm not, thing is command line ftp doesn't work either from my machine to the server [17:13] thats why I am talking about filezilla. [17:14] wget is a commadn line ftp client :) [17:15] https://www.dropbox.com/s/3ia0h3iewf5oomc/Screen%20Shot%202014-04-10%20at%2018.15.02.png [17:15] oh hang on [17:15] wget was from the wrong tab lol [17:16] that was on the machine itself [17:16] just tried from a local vm and it won't connect [17:16] then something other than the firewall on your machine is blocking it if you have run sudo ufw disable [17:17] yeah just not sure what [17:17] are you using the brightbox router/firewall service? [17:18] not that i know of [17:18] http://brightbox.com/docs/guides/cli/firewall/ [17:19] dont know if that is your problem but it seems like something like this to me [17:19] either way I dont think ubuntu is your issue [17:20] does anyone know a good way of indexing and searching files on a windows share? [17:20] from a ubuntu server [17:20] sync0pate: locate? [17:20] ? [17:21] how would you get it to index a share? [17:21] just mount the share [17:21] http://www.linfo.org/locate.html [17:21] and it'd automatically index it? [17:21] yep [17:21] it's.. that easy? [17:21] should be :) [17:22] it runs once a day by default I believe [17:22] sync0pate: it normally runs at night, so better run updatedb after mounting [17:22] well, I'll be simultaneously relieved and really pissed off if it's that simple [17:23] lol [17:23] sync0pate: the best solutions are often like that :) [17:24] and.. I guess I can just search that mount with /samba/mount/*filename.ext [17:24] or similar [17:24] man locate [17:24] you can just do an extra | grep /samba/mount on the end [17:24] it's got some filters, the rest can be done with grep/sed/awk [17:25] yeah but tmwsiy I'm working with some huuuuge shares here [17:25] so I don't want to have to find everything and then grep through it [17:25] if I can avoid it [17:25] once it indexes it will be fast [17:25] does not read filesystem but the database it gerneates [17:25] it was the damn firewall [17:26] you can probably do it with a filter directly to locate [17:26] yeah cool.. [17:26] as well [17:28] sync0pate: --regex is nice [17:28] RoyK, yeah just found that [17:28] I think I've only ever used locate for "locate php.ini" [17:28] heh [17:28] hehe [17:29] (because I'm somehow *never* editing the right one..) [17:29] i broke it again tmwsiy [17:29] lol [17:29] switched off anon access and local and now i can't connect [17:29] @tmsiy: IK followed this article http://unix.stackexchange.com/questions/92799/connecting-to-wifi-network-through-command-line and my WiFi is working now! Thak you! [17:30] sync0pate: I wrote this small thing to index everything in a tree with both filenames, dates and the files' checksums to check for duplicates - it should be easy to extend that to do a lot more https://github.com/rkarlsba/dupious [17:30] @tmsiy: let me knw when u come to India, I'll buy u a pint. [17:30] ;) [17:30] RoyK, perl :-| [17:30] perl <3 [17:31] never used it [17:31] delphi, C, java, C#, php.. [17:31] well, it's not hackish perl [17:31] I try to code so it's understandable [17:32] yeah it doesn't look ridiculous [17:33] I think locate will serve me fine for now tbf [17:33] probably [17:33] any idea about indexing file *contents* ? [17:33] I've looked at solr [17:33] Geeky_Vin: aawesome! [17:33] afaik solr is one of the best there [17:34] I got it set up, and added a file [17:34] but I can't see any way to just index a dir [17:34] we use it rather a lot at work [17:34] other than doing that manually [17:34] I mean I kinda gave up because I'm not being paid for that part, it was just curiosity and I had real work to do [17:34] you can run an index update IIRC, but there are som bugs there :P [17:34] * RoyK doesn't work with solr, but has spoken to people at work who do [17:35] but man, finding solr documentation is difficult [17:35] and when you find it it's seriously obfuscated, and seemingly 90% version-specific [17:35] heh - hope it's not in the land of RTFS [17:36] now i have 500 OOPS: vsftpd: both local and anonymous access disabled! [17:37] sync0pate: I would not discount just piping the output through grep until you try it for directory filtering [17:37] rsmarshall: why do you use ftp? [17:37] i don't want to lol [17:38] some legacy system a client has for sending data files to the server [17:38] for products [17:38] i asked for sftp and keys, but no [17:38] feel my pain RoyK ;) [17:38] know it already :P [17:39] should i turn chroot user on? [17:39] to restrict them to their home directory? seems a good option [17:39] tell them to use tftp over the open internet instead :P [17:39] you can configure vsftpd with chrooting [17:39] should be fairly secure [17:40] as secure as ftp with plain text auth can be :P [17:40] but then - vsftpd sucks rather badly at TLS, so the passwords will be sent in cleartext [17:40] hmm tirned it on and now it sends them to the server root [17:40] some issues with proftpd on that part as well, with certain clients [17:41] how do i restrict them to their home? chroot_local_user seems to do that [17:41] but it doesn't [17:41] then you did not setup it correctly. [17:41] For me, it does. [17:41] yeah figured that ;) [17:41] hey guys can anyone tell me why i can download packages off of the ubuntu archive from a server but if i browse to them directly i can't see them? i only see like Release.gpg, release, packages.gz ? [17:41] i just turned on the option [17:42] i'm talking about if i go to the archive with my web browser [17:43] bekks: how do i set the chroot directory for the user? [17:43] i guess that's just the way apache is configured so the package listing doesn't work via web browser? [17:43] rsmarshall: normally that's the user's homedir [17:43] doesn't seem to be atm [17:43] funcoland11: look in the pool/ directory [17:43] rsmarshall: https://help.ubuntu.com/community/vsftpd [17:44] what format does the regexp have to be in for locate --regex? [17:44] sync0pate: I guess standard posix regex - not perl regex [17:44] that's what I guessed, can't seem to get it working. hmm. [17:45] bekks i have : # 1. All users are jailed by default: [17:45] chroot_local_user=YES [17:45] chroot_list_enable=NO [17:45] sarnold: ahh i see packages now. so i guess those files like packages.gz only reference the packages under this pool/ dir? [17:46] ah [17:47] seems filezilla was remembering a previous connection and showing me a folder even though i didn't have access [17:47] right that's it, i'm off home [17:47] thanks all for your help, especially bekks and tmwsiy for their patience [17:48] sync0pate: same here - seems the regex there is rather faulty [17:48] funcoland11: exactly [17:50] sync0pate: just what I tried to produce with locate [17:50] yeah.. weird [17:50] http://paste.ubuntu.com/7231754/ <-- anyone that knows what's wrong with this regex? or is mlocate broken? [17:50] so I've changed my keyboard shortcuts 3 times now ... and on rebooting .. they continually are getting erased ... what should I fix here? [17:52] delinquentme: keyboard shortcuts? on a server? [17:55] RoyK: hrm, on my saucy laptop I get different output http://paste.ubuntu.com/7231782/ [17:55] I know RoyK however I've asked 3 times and people in #ubuntu are useless [17:55] delinquentme: this is about server stuff ;) [17:55] sarnold: which version? [17:55] Ok so where are profiles for a user saved ? [17:56] RoyK: 0.26-1ubuntu1 [17:56] Does the ceilometer openstack charm spin up a HTTP instance by default with the administrative gui? [17:56] RoyK, does locate not index the /home dirs? [17:56] sarnold: which distro version is this? [17:56] mine seems not to be.. [17:56] i've never tried to manage openstack outside of just using the horizon dashboard, so i'm really unfamiliar with the landscape. [17:56] delinquentme: ~/.profile ? what are you trying to do? [17:56] sync0pate: did you run updatedb as root? [17:57] no.. should I? [17:57] RoyK: 13.10, saucy [17:57] ah [17:57] I ran it as the user who's home dir isn't being indexed though.. [17:57] I'm on 12.04 on this box [17:57] sync0pate: don't know - sorry [17:58] I'm on 13.10 too though.. I get the same as you RoyK [17:58] sync0pate: do you have anything in those tmp dirs like /var/tmp? [17:58] just came to me I ran this on a RHEL box with a far older locate version :P [17:58] yeah [18:00] RoyK: ahhhhhh :) [18:00] i just got a 12.04 vm spun up and tested and it seemed to work fine too [18:00] so I'm running updatedb again [18:00] ok :) [18:00] as root [18:01] so maybe that's what was wrong, we'll see [18:01] takes a while huh! [18:01] is there a specific channel on freenode for ubuntu dev? [18:01] sarnold, apparently this is a OS-wide bug. [18:01] #ubuntu-dev [18:01] its empty [18:02] hm [18:02] ok it seems to be working on other dirs now, just the home dir, which I don't really need anyway [18:02] thanks :) [18:02] there's an #ubuntu-devel but I suspect they'll ask you the same questions -- what is a keyboard shortcut? how are you setting it? how does it not work? .. [18:02] sync0pate: #ubuntu-devel [18:03] ? [18:03] sorry - that was for delinquentme [18:03] delinquentme: see above [18:06] sarnold: touched /var/tmp/asdf and did an updatedb and it worked well [18:07] RoyK: woo :) [18:07] seems the old mlocate in RHEL6 is broken [18:07] I always uninstall mlocate, no need for it to use up disk i/o on my servers [18:07] wonder how RH survives - late with critical fixes and lots of crap [18:10] ok weird question but [18:10] I've occasionally encountered resistance to using ubuntu as a server [18:10] from clients [18:10] but I can never get a straight answer as to why [18:10] any ideas? [18:11] they've probably learned from marketing that ubuntu is a hack [18:11] from marketing? [18:11] from the FUD guys [18:11] from ubuntu's marketing? :) [18:12] but still, in risk of getting kicked out from here, I've turned back to Debian because of issues not being fixed. Seems to me the move to upstart wasn't the best of things [18:12] ugh, that's the one thing I've had trouble with actually [18:12] on one of my vps upstart just stopped working [18:13] bingo [18:13] no idea why [18:13] so - I went back to debian - it just works [18:13] I still use ubuntu for desktop things, though [18:13] I still occasionally have to use windows :( [18:13] so do I, at gunpoint [18:14] it feels like living in the past [18:14] luckily our government has paid so much to microsoft to continue supporting xp [18:15] :'( [18:18] sync0pate: "our government" as in "Murrica"? ;) [18:18] no, I'm in the UK [18:19] k [18:19] it's hardly any better here (in .no) [18:39] anyone here using btsync? [18:55] i have a web log that is of type "combined"... i know i can use https://gist.github.com/tcstar/51eabdfe21c88be0a6dc to get the results listed... but how can i modify that to get the actual browser name? [18:56] and maybe by version of that browser too [19:00] 1 Mozilla/5.0 (iPhone; CPU iPhone OS 7_0 like Mac OS X) AppleWebKit/537.51.1 (KHTML, like Gecko) Mobile/11A465 [FBAN/FBIOS;FBAV/6.7.2;FBBV/603804;FBDV/iPhone5,2;FBMD/iPhone;FBSN/iPhone OS;FBSV/7.0;FBSS/2; FBCR/Verizon;FBID/phone;FBLC/en_US;FBOP/5] === guntbert_ is now known as guntbert [20:03] hey guys for all static sites does would I be looking at RAM or CPU for best benefits? [20:17] rbasak, might you be able to give the Mythbuntu team (me) a pointer on why the default Apache2 website in 14.04 makes mythweb unavailable? [20:17] (daviey made me do it) [20:18] s3ri0us, you serious? [20:44] so, still having trouble with locate [20:44] locate -r '/var/web/.*' [20:44] works [20:44] but [20:45] locate -r '(/var/web|/home/user).*' [20:45] doesn't === metasansana is now known as metasanta [20:54] Hey. I have a number of Ubuntu server machines, and after `apt-get update && apt-get upgrade && reboot` followed by `apt-get update && apt-get dist-upgrade` - I seem to still be running openssl version 1.0.1e [20:55] Is there not a version of OpenSSL that isn't affected by heartbleed in Ubuntu yet? === s3ri0us is now known as s3ri0us|away [20:59] The updates have been published; check that the installed versions are still supported by security upgrades, and that the APT mirror those systems uses isn't out-of-sync with the primary repos [21:00] monokrome: you should have version 1.0.1e-3ubuntu1.2 of the packages [21:01] mdeslaur: It says OpenSSL 1.0.1e 11 Feb 2013 [21:01] monokrome: where does it say that? [21:01] Did Ubuntu backport the fixes? [21:01] $ openssl version [21:01] monokrome: yes, we backported the fixes [21:01] oic [21:01] monokrome: use "openssl version -b" [21:02] built on: Mon Apr 7 20:33:19 UTC 2014 [21:02] monokrome: congrats, you are secure [21:03] WHy would someone backport the fixes instead of just updating OpenSSL? If there's enough room for error in the portion of code affected by this, then why would it be a realistic solution to backport more changes into it instead of updating to the original fixed version? [21:04] I realize why Ubuntu changes packages, but this seems like a place where that wouldn't be wanted [21:07] monokrome: because the new version of packages introduce new bugs and incompatible changes [21:08] monokrome: testing a 4 line patch is pretty easy, testing a whole new version can take days/weeks === s3ri0us|away is now known as s3ri0us [21:10] monokrome: believe me, if simply updating to the latest upstream were a viable solution for packages, it's what all the distros would do [21:31] mdeslaur: I see [21:31] That surely makes sense, but still a bit concerning. === Peerbreed is now known as Tekmeout === xibalba_ is now known as xibalba === a1berto_ is now known as a1berto === Tekmeout is now known as techdesigns === techdesigns is now known as peerbreed [23:06] the new apt in trusty is refreshing === mikal is now known as stillbert