=== SPeedY is now known as SPeedYdr === thumper-otp is now known as thumper === Lcawte is now known as Lcawte|Away === zz_swebb is now known as swebb === EzeQL is now known as Guest57139 [02:22] How do I remove a specific extension from a directory..? sample directory have 10K wav file adn 5K .mp3 files i want to remove the .wav files only..? any idea..? [02:27] rm /dir/*.wav \OR\ cd dir && rm *.wav ? [02:28] find /path/ -iname "*.wav" -delete (will do it recursively) === _Jeepbeats is now known as Jeepbeats === EzeQL is now known as Guest64591 [04:48] Having an issue with a fresh install of 14.04 server. Boot will freeze during adding swap. Will boot fine with "nomodeset" on kernel in grub. Verified UUID's match in /etc/fstab and blkid. Have not experienced this issue with any builds in the last few years. Any idea? [05:05] Hi all. What is the difference between the php5-mysql and php5-mysqlnd package? Both claim to provide the php mysql bindings? [05:09] jonascj: The mysqlnd library is highly optimized for and tightly integrated into PHP. The MySQL Client Library cannot offer the same optimizations because it is a general-purpose client library. [05:11] http://dev.mysql.com/downloads/connector/php-mysqlnd/ [05:13] OpenTokix: thanks, but I do not understand. All references indicate that mysql-server and mysql-client should be installed alongside both php5-mysql and php5-mysqlnd. So they both rely on anothe rinstallation of the mysql server and client, don't they? [05:14] *another installation [05:14] jonascj: "all references" beeing howtos on random webpages that you copy and paste from? [05:16] OpenTokix: no, I am actually stopping and thinking, otherwise I would have installed both. I wonder why some suggest one package and others the other package [05:16] jonascj: the thing is the mysqlnd is pretty new, so I am guessing the bulk of guides talking about php and mysql is pretty old. [05:17] 2http://packages.ubuntu.com/precise/php/php5-mysqlnd [05:17] vs http://packages.ubuntu.com/precise/php5-mysql [05:17] jonascj: I would go with the native driver, since it is recommended from the mysql docs [05:19] more or less the only thing setting those two pages apart is "native" [05:19] but why a native driver? I thought the idea was to go cleanly through well defined sql interfaces. [05:19] OpenTokix: thanks, I'll read mysql's own statement === Ursinha-afk is now known as Ursinha [07:43] hello, can someone please lend a hand? I am having issues post installation [07:44] Gaba1: hello ;irc tends to work best if uou jst ask questions :) [07:44] ok thanks [07:44] !details [07:44] Please elaborate; your question or issue may not seem clear or detailed enough for people to help you. Please give more detailed information, errors, steps, and possibly configuration files (use the !pastebin to avoid flooding the channel) [07:47] I used yumi to put ubuntu server onto a flash drive and then installed (completely) onto my PC and once I rebooted I just get a little white curser blinking at me [07:48] then I repeated the process and the same thing happened again [07:48] I then tried to use the check for errors function and I just got a screan that blinked white and black and I decided to turn my computer off before I began to seize [08:17] !I am now running Ubuntu 12.04 off of another flash drive. memory is 7.8Gig. [08:17] Gaba1: I am only a bot, please don't think I'm intelligent :) [08:17] !processor is AMD phenom 8750. OS is 64 bit [08:18] Gaba1: so a 'live image' works okay but installing it doesn't work? [08:18] I am running a live version of ubuntu 12.04, but I am attempting to instal ubuntu server [08:20] my ultimate goal is to run a minecraft server on that computer, but it was lagging using windows [08:26] I am now installing ubuntu 12.04.3 LTS and it recognizes that I have installed ubuntu 14.04 LTS (which I assume is the server I was trying to instal). I am splitting my partition in half for both to be installed at the same time === EzeQL is now known as Guest21061 [10:10] Hello. How can I see how much physical space is given on the drive and how much is mounted? Like "Disk Size: 200G, /dev/sda1 begin 1024M end 150G" or something like that [10:12] LeMike: 'df' will show you which filesystems are mounted and how much space they have; fdisk -l will show you partition table information [10:14] oh yee. `fdisk -l` ... i need coffee. sorry! but thanks sarnold :) [10:14] LeMike: have fun :) [10:15] Hi all. Is there a correct/clever way to install packages from one release in to a lower numbered release - trusty and precise to be exact? [10:15] stetho: check out 'package pinning', that might do what you want [10:31] sarnold: I always thought pinning was the other direction (new releases, old packages) but after reading PinningHowTo it looks exactly what I need - thanks [10:32] stetho: with the usual caveat that the packages weren't tested for that and wreen't intended for that :) === Ursinha is now known as Ursinha-afk === Lcawte|Away is now known as Lcawte === Ursinha-afk is now known as Ursinha === EzeQL is now known as Guest16666 [12:52] jamespage: we'd like to demote chkrootkit from main; any comments? https://bugs.launchpad.net/ubuntu/+source/chkrootkit/+bug/1324111 thanks [12:52] Launchpad bug 1324111 in chkrootkit "please remove chkrootkit from main" [Undecided,New] [13:07] Daviey, didn't you enable nested virt in 12.04 ? [13:42] \o/ === alexisb_bbl is now known as alexisb === medberry is now known as Guest77682 === swebb is now known as zz_swebb [14:52] anyone in here know much about UK data protection? [14:53] sync0pate: I have this url :) http://www.ico.org.uk/news/latest_news/2013/~/media/documents/library/Data_Protection/Detailed_specialist_guides/p [14:53] rivacy-in-mobile-apps-dp-guidance.pdf [14:54] sync0pate: There is none; apply to GCHQ for everything you need :p [14:54] I've got a client who is convinced that: [14:55] a) shared hosting or vps is not secure enough to meet their data protection requirements [14:55] b) they do not have the expertise or budget to host anything in-house [14:55] I don't know what other options they could possibly have [14:55] and I'm not convinced they're right on either count [14:56] sync0pate: Depending on the confidentiality of the data, then yes, a) makes perfect sense [14:57] but what options does it leave them with? [14:57] get out of the UK. [14:57] sync0pate: Depending on how it is operated and protected physically, dedicated servers might be a solution [14:57] well they're not legally allowed to transfer the data out of the UK either [14:58] amazon may have proper certifications to placate "cloud isn't safe enough" [14:58] and they've said they can't afford a dedi :\ [14:58] they're already e-mailing this data back and forth without any security :\ [14:58] Sounds like you have a sales or customer service issue there. [14:59] sync0pate: advise then withdraw, it sounds like the typical scenario where the consultant gets the blame later [14:59] TJ-, yeah [14:59] that's what I'm leaning towards [14:59] sync0pate: my experience has been the cheapest clients cause the most agro [14:59] it's just I've been brought into this by a friend, so I'm keen to help if I can [14:59] but [15:00] yeah you know [15:00] you're right [15:00] if they can't afford a dedi, how are they affording my invoice? [15:00] sync0pate: there are encrypted cloud solutions, maybe something like that'd work? [15:00] sync0pate: So, honour your intentions by providing them a 'no liability' free report, then explain why you have to withdraw if your advice is ignored [15:00] thanks, I appreciate the advice [15:01] dasjoe: Even with encrypted cloud, once the data is in memory it's rarely encrypted and out of control of the customer [15:01] I'm not even allowed to mention the word "cloud" [15:01] the irony is this is a system intended to share information... [15:02] with other organisations [15:02] TJ-: the idea is to never transfer unencrypted data into the "cloud" and for encryption keys to stay on the clients' computers [15:02] sync0pate: I hate that euphemism, but it seems to have taken over. It's simply using someone else's servers to run your core operations in most cases [15:02] dasjoe .. that's an interesting idea.. [15:02] I didn't even think of that [15:02] dasjoe: But I think sync0pate point is, they need to process the data 'in the cloud', too, not just store it. [15:03] well.. TJ- , yeah.. to an extent [15:03] but [15:03] hmm [15:03] it might be part of the solution [15:03] I could maybe convince them to do the data-processing in-house [15:03] and then anything that needs to be shared can be end-to-end encrypted [15:04] TJ-: Well, it wouldn't be possible to process data "in the cloud", no. That's why I like it so much ;) [15:04] sync0pate: In which case it'd be cheaper to store it in-house too, surely, only sharing on an as-required basis and encrypting any shared data to the recipients public key [15:04] TJ-, yeah, that makes more sense to me too [15:04] but they don't want incoming connections to their network [15:05] so maybe it could be in-house and locked off [15:05] and then upload the data that needs sharing [15:05] encrypted with the recipient key, like you say [15:05] sync0pate: What *do* they want? access by 'client's to a sub-set of their data ? [15:05] yeah [15:05] exactly that [15:07] sync0pate: If the 'client' requests are not high-volume then why not a mail auto-responder that simply takes well-formatted emailed requests to a named@domain.tld mailbox, uses the locally pre-shared public key of that client together with the locally stored pre-shared return email address, encrypts the requested data, and uses 'sendmail' to send it ? [15:07] sync0pate: Those well-formatted emails could be generated by a shared-hosting web-form [15:09] it's even simpler than that [15:09] the client doesn't even request the information [15:09] they are sent it [15:12] sync0pate: sorted then... provided they use the pre-shared keys and email addresses [15:12] well [15:12] it's still a battle to convince them to host in-house [15:13] they already have an in-house network, that is already secured [15:13] does adding another server add any security risk? [15:13] if it's a fully-internal server? [15:13] Maybe point out how insecure their secured network is, by emailing (unencrypted) from the secure side [15:14] well that's why I'm getting annoyed [15:14] I can understand the security requirements [15:14] but everything they do now is nowhere near secure [15:14] hah, sounds like a job from hell, I don't think I'd do it [15:14] and this is only a small part of their business [15:14] sync0pate: Maybe you need to provide a quick "security 101" lesson [15:16] am I wrong about that part though [15:16] if they have an already secured network [15:16] adding an internal server to it, assuming that is also secured and patched and etc [15:16] isn't introducing a security risk, is it? [15:18] sync0pate: Well, technically, any addition expands the exposure risk, but in practice, you're correct [15:19] sync0pate: It sounds to me like they don't even need a new server, just an additional service on an existing system [15:19] well exactly [15:19] they just need a DB [15:19] internally [15:19] that occasionally sends out encrypted data "somehow" [15:20] anyway, cheers for that [15:20] I've got a meeting with them next week [15:21] I think I need to stress to them that there are lots of other ways to achieve what they want without security issues [15:21] and more importantly [15:21] everything they do currently is insecure [15:22] sync0pate: And make sure to bracket each potential solution with its capital and ongoing costs [15:22] absolutely [15:22] the whole thing is a fucking mess for a ton of other reasons [15:23] the person I'm dealing with, who is in charge of procuring the solution.. [15:23] doesn't actually know the ongoing budget [15:23] so all this "that won't be affordable" is utterly speculative [15:24] I need to stop accepting work leads from friends === zz_swebb is now known as swebb === psivaa-sprint is now known as psivaa [16:00] Anyone have any ideas of a 'web interface for web hosting' - not designed for 'end users' but for fairly tech sasavy people - that will handle making apache virtual hosts, perhaps mySQL databases, etc- but is fairly integrated, and also does *not* conflict with creating or editing your config files yourself? [16:00] Something a bit like ISPConfig or t hat sort of thing? [16:00] (WHich I don't know if lets us edit config files manually as well) [16:05] <[lutchy]> Overand, Webmin ? [16:06] !webmin [16:06] webmin is no longer supported in Debian and Ubuntu. It is not compatible with the way that Ubuntu packages handle configuration files, and is likely to cause unexpected issues with your system. [16:06] * rbasak knows no more about it. [16:06] <[lutchy]> You can install it independently [16:06] I hear webmin is a good worm vector [16:07] I think the general issue is that a large number of tech savvy people who could write such a thing would choose not to use it, so it doesn't happen. [16:07] For a paid equivalent, there's cpanel. [16:07] <[lutchy]> I have it installed here on all my Ubuntu installations using Webmin repo. My public servers have Webmin blocked for security reasons [16:07] also a good worm vector.. [16:09] <[lutchy]> Well, use whatever you like that works for you... You can even go ahead and create you 'Web Interface System' or OPT for Server Appliance that has integrated 'Web Interface' [16:10] * patdk-wk created his own [16:10] too many crappy php stuff, with horrible md5 passwords [16:11] * [lutchy] plan to create a Web Interface of his own (huge project) === Ursinha is now known as Ursinha-afk [18:07] guys, when you log into an ubuntu server, it tells you the number of packages which can be upgraded and how many of these are security upgrades. anyone know how to manually do this at the command line? [18:09] I installed mongodb with apt-get install mongodb [18:09] it did install something. but composer still complains [18:15] jbwiv: /usr/lib/update-notifier/update-motd-updates-available [18:22] jbwiv: Actually, that file calls "/usr/lib/update-notifier/apt-check --human-readable" === EzeQL is now known as Guest53265 [18:44] dasjoe: great...thanks! [19:32] Hello, I just upgrade to 12 and I think I got into this https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1003854 [19:32] Launchpad bug 1003854 in openldap "Database upgrade/migration fails with nested db directories (lucid to precise)" [Medium,Confirmed] [19:32] i have no idea how to recover [19:38] how can I test slapd??? [19:41] can someone help me? [19:42] I added accesslog to /var/lib/ldap/ [19:42] slapd started but it doesn't seem to have anything [19:42] how can I recover? [19:45] what package is responsible for generating /etc/nsswitch.conf? [19:45] dpkg-query -S /etc/nsswitch.conf doesn't list anything [19:46] I really could use some help right now... [19:46] cwillu_at_work: I'd guess either libc-bin or base-files. Both contain an nsswitch.conf file, and could be likely candidates. [19:46] Pici, thanks [19:47] pakcjo: check #ubuntu-server channel logs, I think I saw someone else mention this before, no idea if I ever saw a resolution. [19:48] Pici, where do you see that they contain that? dpkg -L doesn't show that, but maybe it's generated in a post-install script or some such? [19:49] cwillu_at_work: I did: dpkg -S nsswitch.conf, and also looked at the nsswitch.conf manpage. [19:49] ah, yes, there's a psotinst [19:49] sarnold: where are the logs? [19:50] pakcjo: irclogs.ubuntu.com [19:50] sarnold: thanks [19:50] pakcjo: good luck, sleep time here [19:50] oh no search... dan [19:50] Hey folks, is it possible to configure an FTPd (say VSFTPd) to allow multiple users to access the same directory (/var/www) and have file ownership sorted so web server can read and users can modify / delete? [19:53] it's called, group permissions [19:53] or, go crazy nuts, and use acl's [19:53] but ftp doesn't do acl's [19:54] Patrickdk: ok so owner remains as user that uploads, group it www-data and that should just work? [19:55] I'm going crazy, I need ldap running [19:56] that bug was reported on 2012 and it still present... WTF guys [20:14] pakcjo: how big is your data/database? possibly install a test 12.04 vm and import the db to see if that works === pmatulis_ is now known as pmatulis [20:15] pmatulis: shouldn't be that big... [20:15] pmatulis: but that's not the case, I upgrade and ended up in this state... [20:16] pakcjo: sure but it can help you get back the original install by comparing [20:16] pakcjo: what errors do you see in the logs? [20:16] slapd shows as iF ... So, there's what seems to be my bug in that page https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1003854 but how can I recover? [20:16] Launchpad bug 1003854 in openldap "Database upgrade/migration fails with nested db directories (lucid to precise)" [Medium,Confirmed] [20:16] it was the same as the log, what I did was to create /var/lib/ldap/accesslog and it started [20:17] but doesn't seem to be stable and package is still in iF state... how can I resolve that? [20:17] pakcjo: ah, so slapd is up again? [20:17] comment #5 suggested something but after modifying it, I don't know what else to do [20:18] pmatulis: yes, but not in a good state, kerberos can't connect to it [20:19] iF slapd 2.4.28-1.1ubuntu4.4 OpenLDAP server (slapd) [20:19] how can I fix that... it's in iF state... [20:19] i need like to reinstall it but using the modified scripts and not the ones from the package (which seems to be broken since 2012) [20:19] pakcjo: not sure what 'iF' is. not 'if'? [20:20] dpkg -l | grep slapd [20:20] shows "iF" [20:20] ok, i see the output [20:21] I tried to ask about this in #debian but they are sure that slapd upgrade is not broken there... [20:21] so I have a half installed slapd or whatever, and the data is (probably) all wrong [20:22] so, what can I do? === thesheff17_ is now known as thesheff17 [20:23] pakcjo: it would be great to know what 'iF' means. everywhere i look does not mention 'F' [20:23] pakcjo: did you check the dist-upgrade logs? [20:24] pmatulis: where can I find them? [20:24] pakcjo: /var/log/apt/dist-upgrade , something like that [20:24] 2014-05-28 20:43:04 status half-configured slapd 2.4.28-1.1ubuntu4. [20:25] it's normal to have lines like that. keep looking. /var/log/dist-upgrade [20:26] screenlog.0: Backing up /etc/ldap/slapd.d in /var/backups/slapd-2.4.21-0ubuntu5.5... done. [20:26] screenlog.0: Loading from /var/backups/slapd-2.4.21-0ubuntu5.5: [20:26] screenlog.0:dpkg: error processing slapd (--configure): [20:26] screenlog.0: slapd [20:27] pakcjo: were you using the old-style config system with slapd.conf? [20:27] screenlog.0:Installing new version of config file /etc/init.d/slapd ... [20:27] screenlog.0: Backing up /etc/ldap/slapd.d in /var/backups/slapd-2.4.21-0ubuntu5.5... done. [20:27] screenlog.0: Loading from /var/backups/slapd-2.4.21-0ubuntu5.5: [20:27] screenlog.0:dpkg: error processing slapd (--configure): [20:27] screenlog.0: slapd [20:28] pmatulis: no that I know, but it sounds to me that this is the same as https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1003854 [20:28] Launchpad bug 1003854 in openldap "Database upgrade/migration fails with nested db directories (lucid to precise)" [Medium,Confirmed] [20:28] it looks like you were (/etc/ldap/slapd.d) but can you confirm you were not using slapd.conf? [20:29] (if it's running now what does 'ps ax | grep slapd' show?) [20:29] pmatulis: yes [20:29] /usr/sbin/slapd -h ldap:/// ldapi:/// -g openldap -u openldap -F /etc/ldap/slapd.d [20:29] ok [20:31] # dpkg-reconfigure slapd /usr/sbin/dpkg-reconfigure: slapd is broken or not fully installed [20:31] should I force it? [20:31] pakcjo: and you were indeed using nested databases? [20:31] pmatulis: yes [20:31] pmatulis: I didn't set it up, so I'm not 100% sure, actually I know nothing about ldap [20:32] just that before the upgrade it was working fine, now it doesn't [20:32] at least I need to get that package out of iF state [20:33] half installed or whatever... [20:33] pakcjo: accesslog is not necessary for running. you can take the simplification approach and remove it from the config until everything is stable [20:33] pakcjo: F = Half-configured [20:34] TJ-: same as 'if' ? [20:34] TJ-: so I need to do: dpkg-reconfigure --force slapd [20:34] The "i" means installed [20:35] yeah, but the 'f' and 'F' [20:36] ok, I'll take what's on /var/backup back into /var/lib/ldap, modify the scripts in /var/lib/dpkg/info/slapd.* according to the bug report, and then run dpkg-reconfigure --force right? [20:37] dpkg reports "iF", two flags, first means installed, second means Half-configured see "man dpkg-query" [20:38] ok, looks like 'f' has now become 'F' [20:40] ok, now I'm getting a prompt when it says if I want to omit openldap server configuration ??? what is this [20:41] pakcjo: it wants to know if you want to include the config database into the reconfigure command. i would say 'no' [20:41] pakcjo: the configuration of slapd is itself a database within slapd [20:43] ok so I would say no [20:43] but i don't want an initial configuration, i want to migrade the old one... [20:44] saying 'y' shouldn't hurt [20:44] already said no... it asked about values with the old ones, but now it's asking about password... i don't have that [20:44] empty will use the same? [20:45] asking about password? [20:46] hmmm ok, it's up again, still kerberos can't connect [20:47] pakcjo: not sure what you mean by that. you have kerberos data inside one of your databases? [20:47] when I try to connect it get conn=1001 op=0 do_extended: unsupported operation "1.3.6.1.4.1.1466.20037 [20:47] kerberos uses ldap [20:58] pakcjo: that's the only log message? try running slapd in debug mode (prolly easiest to invoke binary manually but add '-d -1') [20:59] pmatulis: I'm currently trying to see a way to drop ldap form kerberos... [20:59] pakcjo: prolly need to add some quotes: [20:59] /usr/sbin/slapd -h 'ldap:/// ldapi:///' -g openldap -u openldap -F /etc/ldap/slapd.d -d -1 === Ursinha-afk is now known as Ursinha [20:59] do other operations work? [20:59] I don't have that many users and probably it will just be better to have a normal database, it seems that krb supports its own db2 stuff [20:59] pmatulis: no, it ask for password, i didn't enter anything so [21:00] not sure what you mean [21:01] the only reason that I have ldap here is to work as a database for kerberos, to authenticate users, someone thought that will be a good idea... [21:02] slapd can be good to have around for other future projects [21:02] yeah, well, if it is going to break on every upgrade... I rather not [21:03] don't use nested databases, that's not good form [21:05] pmatulis: no idea what is that... there are like 10 users only, no idea why it was nested on the first place [21:05] anybody here use a CLI email client exclusively? [21:06] pakcjo: prolly b/c whoever set it up didn't know any better [21:06] fridaynext: mutt [21:06] pakcjo: do you have specific reasons why you use it exclusively? [21:07] fridaynext: because i don't like anything else [21:07] fridaynext: I use i3wm and it looks good in it [21:08] pakcjo: well that looks cool. === Ursinha is now known as Ursinha-afk [21:44] thanks Patrickdk - got it all working now === blake_r_ is now known as blake_r [22:23] is there a way to list everything that is in the ldap database? [22:39] pakcjo: of course [22:41] pakcjo: do you know the index number of that database? if you have 2 (accesslog and "normal") then it would be "1" and "2". the config database is "0" [22:42] pakcjo: the simplest is with: 'sudo slapcat -n 0 > slapcat.config' ; where the index is given by '-n #' [22:45] thanks pmatulis === swebb is now known as zz_swebb === zz_swebb is now known as swebb