[00:18] thought systemd already did that [00:18] this is for kernel panics [01:33] http://www.zdnet.com/cisco-microsoft-vmware-and-other-tech-giants-unite-behind-critical-open-source-projects-7000028743/ [02:57] *yawn* [02:58] google has a new easter egg: google for "set a timer for X" where X is either a time, or an offset of time e.g. "30 seconds" or "5 minutes" or "3 hours" or "28 days" etc. [05:59] morning all [06:12] morning MooDoo [06:12] any plans for today [06:14] mapps: work then chill for the weekend, gutting the garage which I'm soooo looking forward too :D [06:14] gutting..taking everything out? [06:15] mapps: yeah clearing the rubbish [06:16] ah [06:16] that doesnt sound fun;p [08:10] morning === bashrc_ is now known as bashrc [08:31] how to redirect website when server is down [08:32] how to redirect all urls to homepage please guide me [08:32] MooDoo: [08:33] dvrr: so server is completely down and you can't see the site/ Can you use web forwarding on the domain to point it somewhere else? [08:36] i am running tomcat server [08:37] Good morning peeps :) [08:38] hello bigcalm [08:40] Ahoy popey [08:45] Morning all [08:46] hello davmor2 :) [08:56] if i do web forwarding on the domain if down server automatically redirect maintenance page [08:57] MartijnVdS: oi oi [08:57] MartijnVdS: you seeing my telepathy messages? [08:58] Hiya, I have a system that's deployed in an Ubuntu (12.04) VM (multiple installations across the world) and we need to update the system to disable the recovery mode on the grub menu. We have a way for users to send an encrypted package into the VM to perform updates. I have created such a package to do this update but sometimes when running it during testing, it would completely nerf the grub of a VM, and the VM would only boot to the grub command [08:58] line. The package we send in, contains a simple script (http://paste.ubuntu.com/7328354/), which replaces the standard grub file in our VMs (http://paste.ubuntu.com/7328269/) with the new one (http://paste.ubuntu.com/7328274/), there's only 1 line difference between the 2 files, and that's the uncommenting of the GRUB_DISABLE_RECOVERY="true" line. [08:58] If anyone has any ideas why this might sometime break the grub config, I'd be really appreciate for your help! [08:59] Oh, and the script that gets run, is run as sudo [09:01] popey: I saw one, when I installed it [09:02] ah there's a new message :) [09:10] theukdave: Looks like thats not something people have come across before [09:10] Djones: :( [09:10] *sigh* [09:11] Djones: The only thing I can think that's a little odd about what I'm doing, is cat'ing the contents to the grub config, rather than cp'ing or mv'ing the file into place, but I can't see what that'd hurt it ... also weird that MOST of the time it works fine, but then sometimes, it doesn't [09:12] My only thought it whether the file permissions are still the same after thye update [09:13] I think that's why I originally decided to cat the contents in, to be 'sure' of that [09:13] I'm not even sure whether file permission would make a difference [09:13] But anyway, any forums you might suggesting asking this to? [09:13] yeah, same. I'm a dev, not a sys admin, I'm not too familiar with grub in general [09:14] Heh, as a dev I suspect you'll still have a lot more experience than me (I'm an accountant with an interest in computers) [09:14] You could try askubuntu or the ubuntuforums [09:18] ok cool, cheers [09:24] theukdave: why do you need to disable grub recovery? [09:25] i'm confused by your problem because it seems circular [09:25] Oh excellent. Our new firewall software prevents my laptop making outbound SSH connections unless I'm in the office. [09:25] ie you need to disable recovery because when you try to disable recovery it goes to recovery [09:25] And accepting incoming RDP connections. And I don't have any control over it. [09:26] ali1234: Not quite, I need to disable the recovery boot option, since a user could interrupt the boot process, and gain root access to the whole VM, something they absolutely should not be able to do. I know that I can manually edit the grub config to uncomment the DISABLE_RECOVERY.. line, then sudo update-grub, reboot, and the security hole is plugged [09:27] theukdave: disabling those menu options won't prevent them doing that [09:27] but when I try to do this in an automated way, usually it works, but sometimes it doesn't [09:27] they can still get a grub shell (in theory anyway) [09:28] OK, I'm totally keen to hear about other ways they could get access, but at the moment, this is a glaringly obvious way for the user to get root access, and has been raised as something specific we need to fix [09:28] sure, i understand :) [09:28] since it's an intermittent problem, could it be because the disk isn't syncing before you restart the VM? [09:28] thus sometimes the config gets corrupted [09:28] so yeah, usually my script updater thingy works OK, but sometimes it seems to batter grub in such a way that you don't get the grub menu at all, it just falls to the grub cmd line, and I don't know why [09:29] MartijnVdS: www.webupd8.org/2014/04/telegram-unity-webapp-integrates.html [09:29] popey: you sending messages via telepathy now? or did you mean telegram? [09:29] I don't programmatically restart the VM as it goes ... I don't think ... The user loads this patch package through a web interface, and then is instructed to shut down and restart the VM afterwards [09:30] update-grub can take a LONG time [09:30] oh OK ... [09:30] interrupting it would probably cause what you're seeing [09:30] good to know, I'll check that [09:30] to know for sure you'd need to inspect the grub files inside the VM [09:30] davmor2: telegram webapp on the desktop [09:30] popey: Unity webapps? Don't you need firefox for that? [09:30] also, is there any risk/problem with the way that I'm replacing the file (by cat'ing the contents rather than cp'ing or mv'ing) [09:31] MartijnVdS: not in 14.04 - it uses oxide [09:31] MartijnVdS: you seeing my telepathy messages? this is the line that threw me [09:31] popey: because I've only seen the prompts to "add this to unity!" in firefox [09:31] theukdave: should be fine [09:31] MartijnVdS: its not one of them [09:31] davmor2: nah popey and I have telepathic contact 8-) [09:32] theukdave: i would consider using a smarter way, if you only want to set one line [09:32] ali1234: sure, like ..? [09:32] theukdave: something with sed maybe, that will respect any changes already made to the file [09:32] MartijnVdS: I have a telepathy connection with popey, via google and facebook :D [09:32] right, yeah [09:32] There *should* be no changes, since we ship the VM as is, and (theoretically) no one has access to change anything [09:33] but yeah, I could sed it [09:33] yeah theoretically nothing ever goes wrong :) [09:34] theukdave: so i guess you give the user the VM and don't give them root password, and then you give them signed updates? [09:34] ali1234: hahahahahahahahahaha, let me just pick myself upo off the floor after that one :D [09:35] ali1234: basically, yeah [09:35] and there's a network kvm that gives the access to the grub menu? [09:36] they run it inside vmplayer, so can just clic into the console whilst it's booting [09:36] oh ... [09:36] well all bets are off them [09:36] yeah [09:36] i can just mount the vmdk? [09:36] .. or they could just mount the v... [09:36] change any file i want [09:36] yes ☻ [09:37] it's pointless trying to keep the out [09:38] i can see why you'd want to hide grub from a UI perspective though [09:38] :) indeed [09:39] davmor2: no you don't ☻ [09:39] I've been saying that physical access is the first layer of security, and we just don't have it :( [09:40] as the security mantra goes, once physical access is available (by alice to bob's computer) bob's computer is as good as compromised [09:40] get into the cloud services business :) [09:40] hey diddledan, i decided to switch to less since i'm using bootstrap anyway and i can clean up my html classes :) [09:40] ali1234: nice [09:40] popey: okay maybe not via facebook [09:41] i'll probably have questions for you later :) [09:41] doesn't that mean that the company which hosts my data then has unlimited access to it? [09:41] dwatkins: yes [09:41] really impressed with this so far though... bootstrap + less makes webdesign fun again [09:41] mind you, in some cases it's encrypted before it's sent [09:42] ali1234: less is really cool - sass/scss combined with compass is arguably more feature-full ootb but with less that's mitigates by downloadable "mixins" [09:43] bootstrap uses less, so it seemed logical [09:43] compass does things like pre-packaged mixins for the various browser-prefixed rules where the standards process hasn't ratified yet [09:43] e.g. -moz-border-radius [09:44] though border-radius is pretty standard these days [09:44] ali1234: As for cloud services, it's not something we can do unfortunately, since this is deployed in places with no connectivity whatsoever [09:45] theukdave: you're completely out of luck then [09:46] if you can boot from USB or ISO, you can get root access [09:46] or just mount the disk image [09:47] morning boys and girls. [09:47] hiya brobostigon [09:48] morning dwatkins [09:48] theukdave: what part of the VM do you need to secure? e.g. your compiled binaries, data within it etc.? [09:48] dwatkins: just the mysql database really [09:49] but of course with root access ... [09:49] I suppose even if you encrypt the data in the database, you still have to have the key on the server. [09:49] this is the fundamental problem with all drm systems [09:49] store the key in a tpm [09:50] it's a VM [09:50] hmm, there were some tpm hacks for qemu, not sure if they still work [09:50] running on customer's own hardware [09:50] PKCS#11 \o/ [09:52] ali1234: Oh that gets even trickier [09:52] smartcards, perhaps? something like a credit card, where the encryption (i.e. decryption or checking of data) is done in hardware. [09:53] dwatkins: that's what PKCS#11 helps with :) === Lcawte|Away is now known as Lcawte [09:53] aha I see [09:53] there are PKCS#11 tools for smartcards, RFID, TPMs, etc. [10:03] Guys, I'm really eager to talk through the various security implication for our VM, and it's an important subject to us. And any genius ideas for how to increase security are well received. But as someone pointed out, at the moment any encryption done inside the VM, needs to be undoable inside the VM in order to make the (web) application usable. And generally speaking the way to get access to the keys/methods needed to reverse any encryption can [10:03] obtained quite easily if the user ends up as root. So for now, that's the key issue, and the easiest most obvious way that even a fairly non-techie individual can do that, is by spotting the recovery boot option on the grub menu :) [10:04] So first off, I'm'a try and get that working, but I'll hang about today, and be back in the future to discuss the rest ... hopefully we can come up with something [10:04] theukdave: but if they have access to the boot menu, they can just image the drive and pick it apart at their leisure [10:04] and by the end of the year, we're actually looking to ship a brand new VM with the next major revision of the application, so major overhauls can be entertained [10:05] MartjinVDS: for sure, although the VM is encrypted, albeit with a password that all end users have ... but at least that would be preventable for a stolen machine [10:06] theukdave: so it really is the DRM problem [10:06] theukdave: which is unsolveable in the long run [10:07] it's solvable in certain well defined circumstances [10:07] "view but don't copy" isn't one of them though [10:08] http://en.wikipedia.org/wiki/Mental_poker <- crazy === Hornet- is now known as Hornet [10:14] Oh, whilst I appreciate this isn't a jobs forum :) it's worth pointing out that if any of you are interested in a few days consultancy to help us look into this (and plan for the next major release), then I'm sure we'd be more than happy to have you onsite for a bit (we're in London) [10:15] cooleague says he can't upload files more than 2GB via http upload - is that just a conf setting? === alan_g is now known as alan_g|errands [10:16] foobarry: there's many config settings that could affect that. 2GB might be a hard limit though [10:16] :S in this day & age? [10:16] depends on the website [10:16] apache [10:16] we run the web site [10:16] php? [10:16] i'm aware of php.ini settings, [10:17] php has all kinds of limiters to stop it running wild [10:17] many of them could cause the problem (like memory limits etc) [10:17] don't think its php [10:17] check the server logs :) [10:19] create a phpinfo.php file and check the upload_max_filesize [10:20] php aint installed :( [10:21] then it's not a PHP limit :) [10:21] thanks sherlock :D [10:21] http://httpd.apache.org/docs/2.2/mod/core.html#limitrequestbody [10:21] ...and 2GB is the hard limit [10:22] foobarry: http://www.cyberciti.biz/faq/apache-limiting-upload-size/ [10:22] 2gb is the max [10:23] nginx can do it [10:23] i wonder if this still applies :( [10:26] "httpd is now built with support for files larger than 2GB on modern 32-bit Unix systems. Support for handling >2GB request bodies has also been added." [10:26] that's in the Apache 2.2 changelog [10:26] so i wonder if its a soft limit now [10:37] BBC, Y U NO KNO BOUT TIMEZONES?! according to the beeb the heartbleed bug was introduced by a developer working at 23:00 on new year's eve [10:37] FIAL [10:37] while I don't doubt that developers work at that time the beeb makes no mention of who and where that was [10:38] "The fact that the code change which caused the bug was done by an individual working at 23:00 on a New Year's Eve says a lot. The code simply wasn't reviewed enough and it went undetected for two years," he added." [10:38] the previous paragraph: "The details that have emerged about how the vulnerability came about speaks volumes about how little the industry has cared about the software that was securing their websites" [10:49] I wonder if the BSD folks' security checks would have found it. [10:58] dwatkins: if you believe the BSD folks it would [10:58] google for "exploit mitigation countermeasures" [11:04] popey: after i installed ubuntu-sdk yesterday my system is completely messed up :( [11:04] ☹ [11:05] i now have "accounts-daemon" using 25% cpu constantly, and a 3 second lag when adjusting volume [11:05] and my multimedia keys no longer work === alan_g|errands is now known as alan_g === Lcawte is now known as Lcawte|Away [11:25] oh dear - http://boycottsystemd.org/ [11:28] Oh dear indeed [11:30] MooDoo: I agree with a lot of those points [11:31] me too, it seems bad. [11:31] I hate the dbus thing, too [11:32] network manager is another non-unix-respecting feature [11:33] most of those points are rubbish [11:33] they sound like good points assuming they are correct (I haven't source checked) :P [11:33] 1. is meh [11:34] ali1234: #1 is the thing I think is most important [11:34] LOL [11:34] 2. isn't a problem because you can make it stream to text logs any query you want, automatically [11:34] xD [11:34] 3. is a big big problem [11:34] 4. is meh. who doesn't want udev and dbus? [11:34] 2 screams major bloat at me...a web server in an init system...wat? [11:34] 5. is meh. core files aren't useful [11:35] ali1234: core files are very useful when developing [11:35] Azelphur: any program written in ython has a built in webserver too. who cares? [11:35] 6. is just 1. again [11:35] ali1234: it does? [11:35] 7. well, that's a problem with gnome, not systemd [11:36] 8. is a design flaw but not unfixable [11:36] 9. is only a problem if you don't use linux [11:36] this is the "boycott systemd" thing? [11:36] yeah [11:37] 10. RTFM SUCKAH [11:37] 11. is just point 3. again [11:37] I just have one reply: As a user, I mostly don't care as long as it works. [11:37] someone should set up "don't boycott systemd" which says "if you want 1979-era SunOS, you know where to find it. Have fun" [11:37] lol [11:38] remember that pulseaudio didn't actually get good until lennart stopped working on it [11:38] i imagine it will be the same way with systemd [11:38] has lennart stopped working on systemd yet? [11:38] none of the issues they bring up have reasons which say *why* they're bad, just *that* they're bad. "It does a lot more than just an init system!" but doesn't explain why that's a problem from their point of view. [11:38] MartijnVdS: no, it's still just him and a couple of other guys [11:39] MartijnVdS: however, when it becomes widely used that will change, as with PA [11:39] nd then the problems will all get fixed [11:39] ali1234: and Hogwarts is a real place. [11:39] I remember the hue and cry when ubuntu started using pulseaudio [11:39] ali1234: and the tooth fairy exists [11:39] "It's terrible" "horrible piece of software that doesn't work" [11:39] Now, it actually works pretty well. [11:39] nigelb: at the time, it was [11:39] nigelb: the *very first* UDS(-like) thing had a session about "fixing the audio mess". In december 2004 [11:40] I found this thread interesting : http://lkml.iu.edu//hypermail/linux/kernel/1404.0/01331.html [11:40] diddledan: the banning of Kay Sievers [11:40] ali1234: I'm sure systemd is not as good as it will be say... 5 years down the line. [11:40] MartijnVdS: hah. [11:40] It can only be better with adoption [11:41] (I think the session's title was "Draining the audio swamp") [11:41] MartijnVdS: there's a whole thread related to that post which details chauvinism on the systemd side [11:42] https://wiki.ubuntu.com/MataroSessionsWorkshops/DrainingTheLinuxAudioSwamp "_\ [11:42] diddledan: ooh fun :) [11:42] in short, they hijacked the "debug" kernel commandline flag and caused the kernel to crash [11:42] by sending oodles of systemd debug logs to the kmsg device [11:44] because "you wanted debug right?" [11:44] sigh... [11:44] I am clearly not geeky enough... [11:45] on the plus side systemd has a bunch of stuff that you can't reasonably do any other way [11:45] such as cgroups manipulation [11:45] I CANT SEEM TO SOLVE THE FECKING RUBIKS CUBE!!!!!!!! [11:46] jussi: look at the right websites it will teach you the moves you need to learn to do it [11:46] davmor2: yeah, good point. I was hoping to be smart enough just to "work it out" but clearly not... [11:47] i never figured out how to do more than one side [11:47] jussi: matrix rules don't apply to rubix cubes it's a glitch in the program [11:47] doh! :P [11:49] I found the easy way to complete the rubix cube - the pieces are coercible to separate from each other allowing you to do it jigsaw style [11:50] hah === alan_g is now known as alan_g|lunch [12:06] wtf? apparently there's a "minister for the polar regions" [12:06] https://www.gov.uk/government/news/chancellor-puts-uk-at-forefront-of-ocean-research-with-new-polar-science-ship [12:07] The Borealis? :P [12:08] seems hardly surprising? we can't have 600,000 square miles of 'british antarctic territory' without someone making it their day job [12:08] it looks like they're planning on making the ship out of Lego [12:08] didn't he play "Angel" in "buggy the vampire layer"? [12:09] borealis, I mean.. [12:09] http://brickset.com/sets/316-1/Fire-Fighting-Launch [12:09] lol, I like having just "science" emblazoned down the side [12:09] not "research vessel" or anything formal. just "for science!" [12:10] like "for Gondor!" [12:10] for SPARTA! [12:10] for queen and country! [12:10] although I guess if you label it a research vessel, everyone will assume you're whaling [12:10] or spying [12:11] nah, we use lotus esprits for that :) [12:11] lol [12:11] are those the ones that turn into submarines? [12:11] is was that the lambo? [12:12] the Lotus was also a submarine, yeah [12:12] http://www.lotusespritturbo.com/James_Bonds_Lotus_Esprit_S1.htm [12:17] I didn't realise they actually had real underwater capability [12:17] albeit a secondary vehicle rather than a convertible [12:19] I'm still waiting for my flying car. [12:21] I have neither a drivers licence nor a pilots licence :( [12:21] If we do ever make cars which can fly, hoever etc. then we'll have a whole new set of safety issues. [12:22] so I should skip them and just go for my flying car licence? [12:22] I imagine (hope) that would be as hard as doing both licenses, if not harder. [12:23] why? flying's easy! [12:23] it's the whole "hitting the floor on purpose" bit that's messy [12:24] indeed, and not hitting other planes, cars, birds and so on === alan_g|lunch is now known as alan_g === ikonia is now known as Guest8168 === Guest8168 is now known as ikonia === alan_g is now known as alan_g|errand === alan_g|errand is now known as alan_g [13:27] diddledan: any idea about this? http://paste.ubuntu.com/7329829/ === alan_g is now known as alan_g|errand [13:30] ali1234: I don't believe less does _any_ rewriting of url paths [13:30] ali1234: there might be mixins which help though [13:30] yes it does, that's what the -ru option is for [13:30] those specific paths don't get rewritten because they are escaped [13:31] but if you just put the pat normally, it will be rewritten [13:31] aah yes, maybe I'm not understanding the issue? [13:32] here is a simpler example: http://paste.ubuntu.com/7329858/ [13:32] .b gets remapped, .a doesn't [13:33] so the problem is that if you ~import bootstrap into your wordpress style.css from a subdirectory, then all the paths are wrong [13:33] consequently it doesn't work properly [13:33] my question is who do i blame for this? bootstrap or less? [13:35] hmm, that's a tough one, I kinda think they're both to blame [13:35] yeah me too... and guess what? they each blame the other [13:35] >.< [13:44] https://github.com/twbs/bootstrap/issues/13429 [13:44] lets see what they say [13:55] hi [13:55] 9 seconds. [13:56] 9 whole seconds. [13:56] people are so patient [13:56] Must have learned everything they needed to know in the 9 seconds though [13:58] leave [13:58] oops [13:59] hello [13:59] hello [14:00] hi, how does one switch IRC channels? I am trying to get to the ubuntu Gnome support one...>.> [14:00] /join #channelname [14:09] * Cannot join #channelname (Channel is invite only). [14:09] :( === alan_g|errand is now known as alan_g [14:14] * davmor2 invites bigcalm to get a life and not try and join example channels :P [14:15] Boo [14:16] http://www.example.com/ [14:17] bigcalm: don't click it, NO!!!.......AH NO [14:22] Silly [14:22] I always cringe when people don't use example.com as an example domain. [14:23] What's even worse, is abbreviating domain names, e.g. u.com instead of ubuntu.com [14:24] u.c is common as well [14:24] oh dear [14:28] one-letter domains are specifically disallowed; I've seen some domain names abbreviated to two letters, in which case the domain is simply incorrect. === dw_ is now known as Guest50001 === Guest50001 is now known as guestdw [15:31] My nautilus preference settings to be ignored by nautilus. can anyone suggest why please? [15:32] could you rephrase your question first? [15:32] it's not grammatically correct [15:32] When I select which columns I want nautilus to display, it seems to ignore my settings [15:32] It just carries on doing the same as before I started [15:32] you need to then hit something to set it as default then re-run i think [15:33] but what? That is the problem. I cannot see a button to save it as default [15:33] is this 14.04? [15:33] Anyway, it does not even chenge them temporarily in the window I have open [15:33] Yes it is 14.04 [15:34] ok so details view after clicking on files, lets see what it does for me [15:34] yeah i'm getting an instant update when i click to add 'Location' [15:34] i take it yours is an upgrade install? [15:34] I meant that I want to be able to select which columns are displayed in list view - but it ignores my settings [15:35] http://www.codedwell.com/images/uploaded/security-fail.jpg [15:35] diddledan: >_< [15:35] Preferences | List Columns [15:35] NO. not an upgrade [15:35] A fresh install [15:36] totally clean disk or did you keep an existing /home ? [15:36] my home is messy [15:36] I need to springclean [15:37] When the installer gave me the two options I told it do do a fresh install rathe than upgrade - Though I do not recall the exact wording [15:37] I don't recognize anything old in home, so I think everything from the previous install is gone [15:38] Oldest directory of file curnetly at top leve in home is three days old [15:38] leve -> level [15:39] guestdw: try creating a second user account to test in [15:39] or just hit guest session [15:39] i do quite like that feature [15:40] OK - that's a good idea (but I can ony try it after I have left this login session and the chat, I suppose) [15:40] i think if you click it, it leaves both running [15:40] yep [15:40] use "switch user" not "logout" [15:40] yeah ^ i'm clicking the 'cog' top right here [15:41] how is diddledan this fine day? [15:42] I'm good [15:42] I don't see a switch user option on my desktop [15:42] guestdw: click the cog top right then select 'guest session' [15:42] busy doing a new commission which is, as per usual, a rushjob [15:42] Is there a package that would give me that funcitonality (it sounds useful for many porposes) [15:42] I'm actually trying to "do it right" on this one though [15:42] There is no cog top right [15:42] diddledan: hehehe [15:43] guestdw: is this something other than standard 'ubuntu' ? [15:43] Not as far as I know. I tried to ask for standard ubuntu during the install [15:43] Is there a way to check? [15:43] lsb_release -a [15:43] ^in a terminal [15:44] that doesn't work on my OS X :-p [15:44] $ lsb_release -a [15:44] -sh: lsb_release: command not found [15:44] No LSB modules are available. [15:44] Distributor ID: Ubuntu [15:44] Description: Ubuntu 14.04 LTS [15:44] Release: 14.04 [15:44] Codename: trusty [15:44] hmm, can't be sure with that [15:44] guestdw: http://upload.wikimedia.org/wikipedia/commons/b/b4/Ubuntu_Desktop_12.10.png [15:45] you're really not seeing that little cog shaped icon to the right of the clock in the extreme upper-right? [15:46] linked-to by popey : https://www.youtube.com/watch?v=qDrrIUujxsw [15:46] Chat crashed [15:46] serials?! [15:47] web dev ugh [15:47] not even THAT can get me doing some web related stuffs [15:47] daftykins: I don't see that cog on my desktop: the one that is there in your png [15:47] do you even have the unity sidebar on the left? [15:48] I have a list that drops down on the left when I select and item headed "Activities" [15:49] sounds like gnome shell [15:49] ok so what you have isn't stock ubuntu [15:50] OK - that's useful to know [15:50] you could well have downloaded gnome-ubuntu instead [15:52] dw__: perhaps guest session will be off your username menu top right instead? [15:52] No the only option there is "logOut" [15:53]