=== Sachiru_ is now known as Sachiru
=== Sachiru is now known as Guest59613
=== Sachiru_ is now known as Sachiru
=== Sachiru_ is now known as Sachiru
=== peter is now known as Guest17135
[01:56] <phunyguy> hey in mdadm, what does "2 near-copies" mean on a RAID10 array?
[03:09] <Patrickdk> it's the type of raid1
[03:09] <Patrickdk> basically means, normal raid1 where each disk is identical
[03:09] <Patrickdk> where far, would be kindof useful for high seeks
=== ayr_ton is now known as ayr-ton
=== CripperZ- is now known as cripperz
=== cripperz is now known as CripperZ-
=== Nivex_ is now known as Nivex
=== arrrghhhAWAY is now known as arrrghhh
=== mikal_ is now known as mikal
[05:30] <kernel13> is there a way to generate preseed file from existing server..just like kickstart file in centos. i need for cobbler.thanks
=== arrrghhh is now known as arrrghhhAWAY
=== arrrghhhAWAY is now known as arrrghhh
=== arrrghhh is now known as arrrghhhAWAY
=== Sling_ is now known as Sling
[06:42] <linuxgeek_> RoyK, looks like there was a physical connectivity issue. we plan to wire the ports and check.
[06:43] <abhishek__> I want to install ubuntu-server in blade that will go for production.Please give me tips for partition
[06:43] <abhishek__> I am planning to give /boot swap and / partitions only
=== urda is now known as Guest96095
=== ttx` is now known as ttx
[08:04] <sebastianlutter> I need to install nginx, but I need to avoid that it tries to start on port 80 / 443 while it installes (ports are already used). Is there a way to tell apt-get that it should NOT start the service after installation?
[08:16] <dasjoe> sebastianlutter: imho the cleanest way would be to manually configure nginx to use a different port before installing it, by having /etc/nginx/sites-available/default exist before starting the install
=== CripperZ- is now known as cripperz
=== ikonia_ is now known as ikonia
[08:42] <sebastianlutter> dasjoe, very nice, thanks
=== cripperz is now known as CripperZ
=== Pupeno_ is now known as Pupeno
=== CripperZ is now known as CripperZ-
[10:00] <irgendwer4711>  hello, anyone using Ubuntu 10.04 LTS with openssl/postfix, having this error in log: "ccs received early"? seems to be related with CVE-2014-0224
[10:00] <uvirtbot> irgendwer4711: OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake, aka the "CCS Injection" vulnerability. (http://cve.mitre.org/cgi-bin
[10:05] <irgendwer4711> TLS encrytion could be worthless!
[10:08] <cfhowlett> irgendwer4711, might ##linux know more?
[10:08] <irgendwer4711> this is an ubuntu problem
[10:08] <cfhowlett> irgendwer4711, it's a LINUX problem.
[10:09] <irgendwer4711> old debian squeeze hasnt this problem, this use 0.9.8o
[10:09] <irgendwer4711> openssl
[10:09] <cfhowlett> !openssl
[10:09] <cfhowlett> !ssl
[10:12] <irgendwer4711> what are you doing
[10:14] <irgendwer4711> maybe youre right, should write it to #linux
[10:14] <cfhowlett> irgendwer4711, this helps???  http://askubuntu.com/questions/478042/how-to-patch-the-vulnerability-cve-2014-0224-in-openssl
[10:14] <uvirtbot> cfhowlett: OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake, aka the "CCS Injection" vulnerability. (http://cve.mitre.org/cgi-bin/cve
[10:15] <irgendwer4711> ubuntu fixed that, but wrong
[10:21] <irgendwer4711> cfhowlett: https://launchpad.net/ubuntu/+source/openssl/0.9.8k-7ubuntu8.18
[10:21] <irgendwer4711> there they tried to fix this
[10:22] <cfhowlett> irgendwer4711, I don't have enough knowledge to advise in meaningful fashion.  sorry.
[10:24] <irgendwer4711> mdeslaur: maybe we asked him :-)
[10:33] <rbasak> jamespage: ping
[10:34] <rbasak> irgendwer4711: are you sure your log message is a real problem?
[10:34] <irgendwer4711> yes
[10:34] <rbasak> Why?
[10:35] <irgendwer4711> rbasak: TLS got  useless
[10:35] <rbasak> So you're saying that TLS doesn't work at all?
[10:35] <irgendwer4711> rbasak: in this case, I think so. postfix is sending this mail without TLS
[10:37] <irgendwer4711> rbasak: maybe NSA wrote this crappy bugfix ;-)
[10:37] <rbasak> irgendwer4711: can you confirm that downgrading to the package version prior to the security update makes TLS work again? In that case you may have a security regression.
[10:37] <rbasak> If so, then please file a bug detailing steps to reproduce, and the security team will take a look at it.
[10:38] <irgendwer4711> rbasak: noone of them online now?
[10:38] <rbasak> My only reservation is that it may be that the TLS configuration you have is incompatible with current best-practice (because I haven't seen it).
[10:38] <rbasak> Sometimes the security team have to make hard choices when issuing security updates.
[10:38] <irgendwer4711> rbasak: my config worked well until openssl-0.9.8k-update
[10:38] <rbasak> So I think it's best to first detail steps to reproduce, and then the security team can take a look.
[10:38] <irgendwer4711> wrote a mail :-D
[10:39] <rbasak> You can find the security team in #ubuntu-hardened, but really I think they'll want steps to reproduce to be able to look into it.
[10:39] <irgendwer4711> they just need a ubuntu 10.4.4 tls with running postfix
[10:39] <rbasak> Also, they have a process for triaging bugs to make sure these things don't get missed. Emails and IRC messages don't end up in a queue to look at.
[10:40] <rbasak> Please provide steps to reproduce. Really. See http://www.chiark.greenend.org.uk/~sgtatham/bugs.html for reasons why.
[10:40] <irgendwer4711> first I try at #ubuntu-bugs
[10:40] <rbasak> #ubuntu-bugs is for triaging bugs, not for reporting them. See the channel topic there.
[10:40] <irgendwer4711> hm no #ubuntu-hardend
[11:20] <pmatulis> morning
=== _ruben_ is now known as _ruben
[12:52] <bentech4you> hi, anyone please help me to get it work. i am always getting invalid user
[12:52] <bentech4you> i have followd http://www.linuxintro.org/wiki/Guacamole
[12:54] <bentech4you> any help please
[13:05] <ikonia> bentech4you: that sounds like you need to talk to the guacamole people as the auth looks like it's internal tot he app
[13:06] <ikonia> which is the war file you deployed in tomcat
[13:06] <ikonia> bentech4you: I assume you read the part that says "it is not possible to login yet" and you have to go down approx 10 steps to configure the users
[13:16] <bentech4you> guacamole.war file.
[13:16] <bentech4you> i renamed to that . i am getting login page from this. but user is not able to login to that
[13:18] <bentech4you> yea , i have created all config files too https://sourceforge.net/p/guacamole/discussion/1110834/thread/83f6d29c/
[13:24] <ikonia> bentech4you: that's not what I said
[13:32] <bentech4you> yea i configured user also
[13:32] <bentech4you> i have pasted my user conf file on that link
[13:34] <ikonia> so then it's an application problem
[13:34] <ikonia> an application that's not part of ubuntu
[13:34] <ikonia> so take it to the guys who support it
[13:34] <ikonia> more so as you've changed the names of the war files and made changes to the process in that document
=== kickinz1 is now known as kickinz1|bbs
=== kickinz1|bbs is now known as kickinz1
=== lamont` is now known as lamont
=== niemeyer_ is now known as niemeyer
=== sync0new is now known as sync0pate
[15:51] <lordievader> Good afternoon.
[16:57] <fridaynext> I've got my Hackintosh plugged into an APC UPS.  Is there a way to share that signal with my Ubuntu 14.04 box running NUT?
[17:02] <RoyK> fridaynext: should be quite possible, but then, NUT isn't my strongest side :P
[17:02] <fridaynext> RoyK: I just found a tutorial online that should help me figure it out.
[17:02] <fridaynext> RoyK: thanks though.
=== FreezingAlt is now known as FreezingCold
[17:33] <Fishscene> Are there any known issues with isc-dhcp-server on Ubuntu Server 14.04 and Virtualbox
[17:34] <Fishscene> err… narrowing that down a bit… The other day, I tried setting up an LTSP server standalone and configured virtualbox with an Internal network. But for the life of me, I could not get it to hand out DHCP addresses.
[17:35] <jhobbs_> use wireshark or tcpdump to debug how far traffic is making it
=== jhobbs_ is now known as jhobbs
[17:36] <jhobbs> watch for dhcp requests on your server, if you don't see them there, figure out why it's not seeing them
[17:36] <jhobbs> if you do, figure out why it's not responding
[17:36] <Fishscene> hmm.. I hadn't thought of that. I'll try that out if my VM rebuild yields the same issue.
[17:40] <streulma> hello, in my VPS template, the /var/cache directory is deleted. How can I restore this?
[17:40] <sarnold> Fishscene: check dmesg for apparmor DEN lines, dhcp is .. funny
[17:41] <sarnold> streulma: on my system /var/cache is root:root 755
[17:41] <streulma> sarnold: the WHOLE directory is away
[17:42] <sarnold> streulma: I hoped whatever needed it would re-create their own dirs within when needed..
[17:42] <streulma> no sarnold :( apt-get update fails and dpkg also
[17:42] <sarnold> streulma: if not, here's the rest of the dirs in mine: http://paste.ubuntu.com/8047132/
=== lazyPower_ is now known as lazyPower
[17:46] <streulma> sarnold, only apt directory is for the moment important
[17:47] <sarnold> streulma: if it needs more still: http://paste.ubuntu.com/8047158/
[17:48] <streulma> sarnold and debconf because dpkg is also broken :)
[17:48] <streulma> I don't know why they remove cache dir in Debian and Ubuntu template
[17:49] <streulma> CentOS has the fault that yum is broken, more, python is broken...
[17:49] <streulma> I repaired, and after a while it was the same, again broken
[17:49] <sarnold> streulma: /var/cache/debconf/ http://paste.ubuntu.com/8047175/
=== Lcawte|Away is now known as Lcawte
=== Mogwai is now known as Guest82958
[18:35] <mdeslaur> QEMU security update call for testing: https://lists.ubuntu.com/archives/ubuntu-server/2014-August/006955.html
[19:09] <sarkis> how can i see what version of the kernel will be installed with apt-get? i tried apt-cache policy linux-general
[19:15] <RoyK> sarkis: it'll normally just upgrade the current kernel to a newer subversion (unless something has changed recently)
[19:25] <rberg> 'aptitude show linux-image' will show what versions are available
[19:28] <rberg> or sometimes I use 'apt-get upgrade -d' just to see whats being downloaded
=== keithzg_ is now known as keithzg
[19:57]  * keithzg totally forgot about the /var/www/ -> /var/www/html/ switch in Debian, was super confused when a bunch of internal websites ceased working after upgrading from 12.04 -> 14.04 today, haha
[20:05] <Lord255> hi all, i have insalled firefox to my server, i have a win client, i use putty to connect. xming installed on my pc and x11 fwd is enabled in putty. when i try to run firefox it goes to defunct. do you have any advices whats wrong or something?
[20:07] <sarkis> hmmm how can i upgrade the version of the kernel?
[20:07] <sarkis> somehow one of my machines has 3.5.x and others are on 3.2.x
[20:08] <Lord255> apt-get dist-upgrade
[20:08] <sarkis> maybe this is an issue with --dry-run
[20:08] <sarkis> but i do apt-get dist-upgrade --dry-run
[20:08] <sarkis> i don't see it trying to grab 3.5x
[20:09] <dasjoe> sarkis: your machines are on different kernels because one of them is using a different HWE stack, see https://wiki.ubuntu.com/Kernel/LTSEnablementStack
[20:09] <sarkis> how the hell
[20:11] <dasjoe> Lord255: I'd try connecting with http://mobaxterm.mobatek.net/ as I've had more success with MobaXterm than a manual setup
[20:12] <dasjoe> Lord255: also make sure your /etc/ssh/sshd_config contains "X11Forwarding yes"
[20:15] <Lord255> fwd in sshd conf is ok. i will try the one which you have sent.
[20:38] <Lord255> dasjoe: it goes to deunct as well
[20:38] <keithzg> Lord255: Have you tried anything lighter than Firefox?
=== _monokrome is now known as monokrome
[20:39] <sarkis> dasjoe: thanks, that was it, not sure how the hell it happened though
[20:39] <sarkis> dasjoe: i mean both are still reporting it as 12.04.4 yet that 1 box does have -quantal
[20:40] <Lord255> however it opened the window now
[20:40] <Lord255> if that prog works why xming doesnt?:o
[20:40] <Lord255> and idk why a defunct irefox appears
[20:41] <keithzg> X11 on Windows == a nightmare hell ride ;)
[20:41] <Lord255> lol :D
[20:53] <Icabash> Hello, I'm having trouble installing Ubuntu Server x86 on one of my machines - The install hangs and does not continue when it reaches "load debconf preconfiguration file". Any advice on how to get this working?
[20:53] <Icabash> I've got the install screen up right now, so I'm happy to give any information required to solve this problem :)
[21:06] <Icabash> Ah, I just tried the installation again. Now it's stopping with the message: "Your installation CD-ROM couldn't be mounted. This probably means that the CD-ROM was not in the drive. If so you can insert it and try again.
=== sarkis_ is now known as sarkis
=== Lcawte is now known as Lcawte|Away
=== Ursinha is now known as Ursinha-afk
=== Ursinha-afk is now known as Ursinha
[23:52] <Matt3o12> Hello.
[23:53] <Matt3o12> Is it save to remove the root password (`passwd -d root`) on my Ubuntu server? When I installed the server, I was given a root password but I wonder whether it is necessary to use root since I still can use sudo.
[23:54] <sarnold> Matt3o12: should be be safe; my /etc/shadow has root:!:..
[23:54] <sarnold> Matt3o12: and if things ever go really wrong you can always boot into init=/bin/sh and fix whatever needs fixing
[23:55] <Matt3o12> And what about user mod -s /usr/sbin/nologin ?
[23:57] <sarnold> hrm, I wouldn't, I'd worry about a program running as root deciding what shell to use with getpwent or similar
[23:59] <Matt3o12> And is it save to allow ssh connections without a valid public (and just with a password)? I'm worry about losing all data on my computer...