/srv/irclogs.ubuntu.com/2014/10/16/#ubuntu-server.txt

Patrickdk	why do we care about poodle?	00:13
Logos01	CVE-2014-3566	00:14
uvirtbot	Logos01: The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue. (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566)	00:14
Patrickdk	yes, it's a client side issue	00:14
Patrickdk	and it's only marked as a medium security risk	00:15
Patrickdk	unlike the memleak that is marked as HIGH	00:15
Logos01	Patrickdk: No, it is a MitM attack.	00:15
Logos01	not client-side only.	00:15
Patrickdk	no it's not	00:15
Patrickdk	it requires you to be mitm in order to use it	00:15
Logos01	Which makes it not a "client-side issue"	00:16
Patrickdk	it is nothing new over beast	00:16
Patrickdk	yes it is	00:16
Patrickdk	it first requires a vaunerable client	00:16
Patrickdk	it requires you to mitm	00:17
Patrickdk	and it requires you to infect the client somehow first	00:17
Logos01	Yes. MitM vulnerabilities are not client-side vulnerabilities, as a matter of classification.	00:17
Logos01	You do NOT "infect the client somehow"	00:17
Logos01	The client never notices the action. You do nothing to the client.	00:17
Patrickdk	you need to inject the padding into the stream, that is done from the client	00:17
Logos01	What?	00:18
Patrickdk	you can use the mitm to force the downgrade, but that alone is not an issue	00:18
Logos01	Dude, that's not even close to how MitM attacks work.	00:18
Patrickdk	I know	00:18
Logos01	...	00:18
Patrickdk	why I said it is not a mitm	00:18
Patrickdk	but mitm is one one part	00:18
Logos01	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566	00:18
Patrickdk	only one	00:18
uvirtbot	Logos01: The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue. (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566)	00:18
Logos01	ffs.	00:18
Patrickdk	yes it is a client side issue, that makes mitm possible	00:19
Patrickdk	as I said, mitm is only a part of the issue	00:19
Finetundra_	anyone here ever setup a server with xrdp?	00:19
Patrickdk	the issue is the client first	00:19
Logos01	Welp, you're on ignore now. I have better things to do than argue with blatant trolls.	00:19
Patrickdk	:)	00:19
Patrickdk	I made a friend!	00:19
=== Nigel_ is now known as G
=== markthomas is now known as markthomas\|away
=== The_Pugi1 is now known as The_Pugilist
=== cryptodan_tablet is now known as cryptodan
=== cryptodan is now known as cryptodan_androi
=== peter is now known as Guest28071
=== cryptodan_androi is now known as cryptodan_tablet
=== x__ is now known as xpistos
xpistos	my touchpad is a bit sensitive	03:49
=== Sachiru_ is now known as Sachiru
Myrth	hi, during do-release-upgrade, grub-pc asked to be reconfigured and gave option /dev/xvda and /dev/xvda1 to install boot. I chose /dev/xvda - is that correct? thanks	05:07
Myrth	don't want the cloud vps not boot the next time..	05:07
=== havanasdog is now known as havanamint
=== FreezingAlt is now known as FreezingCold
=== kickinz1\|afk is now known as kickinz1
=== liam_ is now known as Guest14268
lordievader	Good morning.	06:44
=== bilde2910\|away is now known as bilde2910
=== bilde2910\|away is now known as bilde2910
=== _ruben_ is now known as _ruben
=== caribou_ is now known as Caribou
=== bilde2910\|away is now known as bilde2910
=== nath\|off is now known as nathema
Caribou	rbasak: is there any command to cleanup uvtool images, other than going to /var/lib/uvtool & cleaning up ?	10:02
rbasak	Caribou: what sort of cleaning up?	10:06
rbasak	Caribou: syncing new images removes the old ones.	10:06
Caribou	rbasak: well, for instance, I no longer want saucy, oneiric images any command to remove them ?	10:07
rbasak	To delete more than that, "uvt-simplestreams-libvirt purge" is the sledgehammer which removes all uvtool-managed libvirt images, but that is everything including images still in use.	10:07
rbasak	Caribou: ah. No, sorry.	10:07
Caribou	rbasak: yeah, I saw that	10:07
Caribou	rbasak: no worry, maybe I should try to come up with something	10:07
Caribou	rbasak: right now, I grep pubname in the metadata & remove the metadata & image fiels	10:08
Caribou	files	10:08
rbasak	Caribou: make sure nothing is using the images you're using. Then shut down libvirtd, and remove the image from both /var/lib/uvtool/libvirt/images/ and /var/lib/uvtool/libvirt/metadata/	10:08
rbasak	That should be OK I think.	10:08
Caribou	rbasak: ok, thanks!	10:08
rbasak	Or, actually	10:08
rbasak	There's an even better way	10:08
rbasak	Just remove the metadata file.	10:08
rbasak	When you next sync, I think uvtool will remove the libvirt image.	10:09
rbasak	(but only when the image is unused)	10:09
Caribou	rbasak: ok, I'll check that out!	10:09
sander^work	Do anyone recommend any program for creating a bunch of remote users on various servers?	11:13
sander^work	shell users.	11:13
=== Sachiru_ is now known as Sachiru
sander^work	How can I create users with the right ssh public keys on remote servers with salt?	11:20
sander^work	obs	11:20
=== kickinz1 is now known as kickinz1\|afk
[1]Az	hi	12:14
[1]Az	is there a list of possible config settings for /etc/apt/apt.conf.d/10periodic	12:14
lordievader	[1]Az: I suppose it is documented somewhere, in a manpage or something.	12:14
sarnold_	[1]Az: try apt.conf(5) and apt_preferences(5)	12:14
=== kickinz1\|afk is now known as kickinz1
zul	coreycb: do you want to take swift ill take nova	12:28
coreycb	zul, sounds good	12:30
sarnold_	hmm, who else 'owns' the cloud archive when utlemming is offline? https://bugs.launchpad.net/ubuntu/+bug/1380922	12:49
uvirtbot	Launchpad bug 1380922 in ubuntu "Checksums Invalid for Precise Vagrant Images" [Undecided,New]	12:49
Odd_Bloke	sarnold_: That would be rcj and/or myself.	12:50
sarnold_	Odd_Bloke: excellent :) thanks	12:51
rcj	sarnold, yes, we'll take a look	12:53
=== kickinz1 is now known as kickinz1\|afk
=== kickinz1\|afk is now known as kickinz1
GothPaw	Hello Hello. I have a headless server (12.04) which does many things like httpd, mysqld,bind, and much more..... Trying to determine just how safe it is to upgrade it to 14.04 and what problems "could" arise.	13:21
cfhowlett	!server \| GothPaw	13:21
ubottu	GothPaw: Ubuntu Server Edition is a release of Ubuntu designed especially for server environments, including a server specific !kernel and no !GUI. The install CD contains many server applications. Current !LTS version is !Trusty (Trusty Tahr 14.04) - More info: http://www.ubuntu.com/products/whatisubuntu/serveredition - Guide: https://help.ubuntu.com/12.04/serverguide/C/ - Support in #ubuntu-server	13:21
sarnold_	GothPaw: apache 2.4 changed acls significantly over apache 2.2, that feels most likely to be annoying out of what you've mentioned so far	13:22
GothPaw	sarnold_: was hoping to not hear something like that, lol.	13:23
RoyK	GothPaw: make sure you have a backup, though	13:24
GothPaw	all data is easy to backup just need to remove the 20TB worth of hard drives.	13:24
RoyK	always make sure you have a backup :P	13:24
GothPaw	except for config files that is	13:24
RoyK	I hope you have a raid on that thing ;)	13:24
GothPaw	only my config files and db files, etc actually reside on the master drive. all data files have their own drives	13:24
GothPaw	no raid.... just ALOT of 3 & 4 TB drives	13:25
GothPaw	budget just isnt enough to have 20TB in raid (of 20TB there is only 2.4TB of space left	13:26
sarnold_	ouch :)	13:27
GothPaw	yea I know :( even more ouch is that this 'desktop' acts as a server and is 10 years old.	13:28
GothPaw	and it hosts EVERYTHING, lol	13:28
GothPaw	even acts as an external media server via PMS, dlna, etc	13:28
jrwren	GothPaw: i have one of those too. I use LVM mirroring for important stuff like family photos and videos, and less important things like audio/video product is not mirrored.	13:29
GothPaw	jrwren: I'll have to look into that as my Photography business is also hosted and run from this machine which houses approx. 12TB of photo's (but I keep those on their own drives)	13:31
jrwren	GothPaw: backups too!	13:32
zul	jamespage/coreycb: nova done..ill do trove	13:46
Gargoyle	Hi. I've made modifications to $PATH in /etc/environment, but these don't seem to be carrying over to "sudo" shells. Should I be updating somewhere else too?	13:56
sarnold_	Gargoyle: check sudo vs sudo -i	13:57
esde	http://askubuntu.com/questions/128413/setting-the-path-so-it-applies-to-all-users-including-root-sudo	13:57
zul	jamespage/coreycb: trove done, doing ceilometer next	14:03
jamespage	zul, I've got glance	14:08
zul	jamespage: ack	14:09
jamespage	zul, and neutron	14:13
jamespage	zul, glance and neutron done	14:31
zul	jamespage: cool ceilometer done	14:31
jamespage	zul, shall I take cinder?	14:31
zul	jamespage: if you wish	14:31
jamespage	zul, ack will do	14:31
zul	jamespage/coreycb: taking heat	14:32
zul	(not litterally of course)	14:32
jamespage	zul, ack	14:35
jamespage	coreycb, if you want to join in - swift?	14:35
coreycb	jamespage, yep I'm on it. doing the config changes too.	14:35
jamespage	coreycb, in the lab? awesome	14:37
coreycb	jamespage, oh shoot, that bug is for juno+1	14:38
coreycb	jamespage, bug 1379285 - will revisit that later	14:38
uvirtbot	Launchpad bug 1379285 in swift "Review provision of configuration files from debian/*.conf" [High,Triaged] https://launchpad.net/bugs/1379285	14:38
jamespage	coreycb, yeah to late this cycle	14:40
coreycb	jamespage, yeah	14:40
=== kickinz1 is now known as kickinz1\|afk
=== nathema is now known as nath\|off
jamespage	coreycb, zul: I started - https://blueprints.launchpad.net/ubuntu/+spec/servercloud-1411-openstack	14:44
zul	jamespage: keener	14:45
Gargoyle	thanks esde	14:45
jamespage	zul, ok cinder in the queue	14:45
zul	jamespage: just doing a test build for heat	14:45
zul	jamespage: mind taking horizon :)	14:46
jamespage	zul, sure	14:46
coreycb	jamespage, awesome on the blueprint	14:47
jamespage	coreycb, zul: link any bugs for next cycle to that	14:47
zul	jamespage: ack	14:47
jamespage	zul, we can work out that calendar based on monthly milestones as well	14:47
jamespage	and template it for each release	14:47
coreycb	jamespage, +1	14:47
coreycb	jamespage, zul: swift https://i187498007.restricted.launchpadlibrarian.net/187498007/fb9f1b3e-5543-11e4-a88c-002481e91f22.txt?token=QqzpC97w51WjLWj0rHsRM9PdM9SG00vV	14:52
coreycb	yikes, https://code.launchpad.net/~corey.bryant/swift/2.2.0/+merge/238572	14:52
zul	jamespage/coreycb: heat done	14:53
coreycb	zul, what's left?	14:53
jamespage	coreycb, I've got horizon	14:54
jamespage	coreycb, ironic?	14:54
zul	ill take a look	14:54
jamespage	zul, keystone!	14:54
coreycb	jamespage, k I'll take ironic	14:54
zul	oh right ill take keystone	14:54
coreycb	jamespage, ha!	14:54
jamespage	coreycb, zul: horizon done	15:02
zul	jamespage/coreycb: keystone just buidling	15:02
coreycb	jamespage, zul: I'm waiting on ironic to release	15:03
jamespage	coreycb, ack	15:03
jamespage	jdstrand, are the outstanding MIR security reviews going to make it for utopic release?	15:04
jamespage	specifically bug 1349868 and bug 1381450	15:05
uvirtbot	Launchpad bug 1349868 in python-pysnmp4-mibs "[MIR] new build dependencies for ceilometer" [Undecided,Fix committed] https://launchpad.net/bugs/1349868	15:05
uvirtbot	Launchpad bug 1381450 in libnetfilter-queue "[MIR] conntrack, libnetfilter-queue, libnetfilter-cttimeout, libnetfilter-cthelper" [Medium,Fix committed] https://launchpad.net/bugs/1381450	15:05
Odd_Bloke	sarnold_: Those checksums are fixed now. :)	15:08
sarnold_	Odd_Bloke: thanks!	15:08
Odd_Bloke	(And shouldn't break again)	15:08
sarnold_	even better :)	15:08
Odd_Bloke	:)	15:10
lunaphyte_	hi. i seem to be unable to install a targeted kernel with 14.04.1. i'm wondering if others might have had this experience and know what's wrong	15:15
lunaphyte_	"an error was returned while trying to install the kernel into the target system"	15:16
lunaphyte_	looking at syslog, it appears to have something to do with a dpkg failure when installing linux-image-3.13.0-32-generic	15:17
lunaphyte_	but it doesn't happen when selecting a generic kernel	15:17
jamespage	sarnold_, ah - I see the remaining tasks on bug 1349868 are assigned to you!	15:19
uvirtbot	Launchpad bug 1349868 in python-pysnmp4-mibs "[MIR] new build dependencies for ceilometer" [Undecided,Fix committed] https://launchpad.net/bugs/1349868	15:19
sarnold_	jamespage: indeed, but I'm at linux plumbers atm so it's hard to get traction on in-depth reviews	15:20
jamespage	sarnold_, reckon that will make release? just deciding what we need todo with ceilometer	15:21
jamespage	its been stuck in dep-wait for a while now	15:21
sarnold_	jamespage: when's that date again? next week i'm sprinting in dc and will have ample time to devote to it, but this week is quite busy with travel and conference	15:22
jamespage	sarnold_, utopic release is 7 days away	15:23
jamespage	so that might just work!	15:23
sarnold_	jamespage: pfew :)	15:23
sarnold_	jamespage: .. assuming I like what I see, that ought ot work fine then	15:23
jamespage	sarnold_, ack - we'll leave things as they are for now	15:23
=== satyag is now known as zz_satyag
zul	coreycb/jamespage: keystone done looking at swift	15:30
jamespage	zul, awesome	15:31
zul	jamespage/coreycb: ok i think we are done	15:48
jamespage	zul, awesome	15:48
coreycb	jamespage, zul: yeah just waiting on ironic	15:56
zul	oh yeah i forgot about ironic :)	15:56
=== markthomas\|away is now known as markthomas
=== Lcawte\|Away is now known as Lcawte
coreycb	zul, jamespage: https://code.launchpad.net/~corey.bryant/ironic/2014.2/+merge/238597	16:41
zul	coreycb: ironic is done	17:09
coreycb	zul, thx	17:09
adam_g	zul, jamespage you may want to consider patching this in nova, i dont know why the bug wasnt escalated for the release. it totally breaks ubuntu images on clouds with only ec2 metadata (no config drive)	17:14
zul	adam_g: bug number?	17:14
adam_g	oops	17:15
adam_g	https://bugs.launchpad.net/nova/+bug/1380792	17:15
uvirtbot	Launchpad bug 1380792 in nova "requests to EC2 metadata's '/2009-04-04/meta-data/security-groups' failing" [High,In progress]	17:15
kinky	good evening. Did anyone here successfully mitigate poodle exploit while still supporting SSLv3 due to WinXP / IE6 (deactivating CBC SSL3 ciphers)? SSLLABS seems to grade the sites 'C' no matter which ciphers I choose.	17:24
zzxc	Sooo I'm pretty sure I already know the answer to this. But if I'm getting the "/dev/xvdh1 will be checked for errors at next reboot" message. I can cirsumvent the fsck on the drive by unmounting the drive and running fsck on it correct?	17:29
=== matsubara is now known as matsubara-afk
jamespage	thanks adam_g - will add to the picks :-)	19:14
wxl	just wanted to bring to your attention this bug negatively affecting 14.10 final	19:57
wxl	oops https://bugs.launchpad.net/apt/+bug/1380774	19:57
uvirtbot	Launchpad bug 1380774 in apt "debian-installer does not find kernel" [Critical,Triaged]	19:57
wxl	an upstream fix is linked	19:58
wxl	so should be an easy fix but i encourage you to "grease the wheels" as you can because there is little time before release!	19:58
wxl	lubuntu can survive without a debian-installer iso. people will complain, but most will be fine. i know this isn't true of ubuntu server so wanted to bring it to your attention	20:00
=== matsubara-afk is now known as matsubara
=== Eu is now known as Guest16531
=== Guest16531 is now known as knoxy
=== markthomas is now known as markthomas\|away
=== bilde2910 is now known as bilde2910\|away
tafa2	would anyone know how to automate a checkinstall command?	21:13
=== markthomas\|away is now known as markthomas
sheap	if I pass a variable to the preseed through boot parameters, like "sudouser=username" and have a package named "sudouser" that is installed and has a debconf prompt that goes "sudouser sudouser/question1 string ${sudouser}", how do I get this to work? Right now the installer is taking the "${sudouser}" literally instead of replacing it with the username....any help?	21:36
vedit	Hi, I am running 12.04 64bit server. When I update the reposotiry (apt-get update), I see that it is hitting the url which provide backported packages, multiverse, universe, restricted etc. I want to slim down my server to reduce unnecessary load	21:38
vedit	What package sources should I remove?	21:38
vedit	using tasksel I have already removed "Basic server". Only selected option in that is Openssl server as I am connecting to that server from remotely	21:39
vedit	I will be using that server for running nginx and one more wsgi server which I will down using source	21:40
vedit	How to reduce package source list.	21:40
vedit	Anybody?	21:43
vedit	When I update the reposotiry (apt-get update), I see that it is hitting the url which provide backported packages, multiverse, universe, restricted etc. I want to slim down my server to reduce unnecessary load	21:44
teward	is it relatively safe to run `do-release-upgrade -s` to generate a list of packages to upgrade without affecting anythng on the system?	21:57
vedit	teward: Is "apt-get upgrade" same as do-release-upgrade ?	21:58
teward	vedit: no. i wasn't talking in relation to your issue. `apt-get upgrade` updates your software within your release (i.e. precise) but `do-release-upgrade` upgrades you to a later release of Ubuntu (i.e. precise -> trusty)	21:59
vedit	teward: I see. No I don't want to move to other release. 12.04 LTS is good and 14.04 is very recent	22:00
teward	vedit: i still wasn't talking in relation to your issue :P (I'm asking a different question for myself :P)	22:00
vedit	teward: Thanks for answering :)	22:01
vedit	your question got answer for me :)	22:01
teward	vedit: also, your question is unrelated	22:02
vedit	yea	22:03
teward	vedit: what you want to do is reduce the amount of times it has to check the same source.	22:03
vedit	teward: yea and also when I upgrade, it should only pull security patches	22:03
teward	well you'll need to disable -updates and -proposed, but you should not remove universe or multiverse unless you're CERTAIN your packages that you use aren't in those pockets	22:05
teward	vedit: you'll also miss huge bugfixes, at times. pastebin your /etc/apt/sources.list file	22:06
teward	mine's far different from standard :P	22:06
vedit	teward: http://pastebin.com/YydqYDt2	22:09
teward	(next time use paste.ubuntu.com, just an FYI)	22:09
teward	vedit: consider using this instead - https://pbin.dark-net.net/view/raw/590b9be1	22:11
teward	vedit: i've commented out the precise-updates lines, and the precise-backports lines.	22:11
teward	vedit: but make a HUGE note that you'll miss other bugfixes, and will only get security updates	22:12
vedit	teward: but why the bug fix releaes lines were commented?	22:12
teward	vedit: because you only want security patches	22:12
teward	vedit: for those cases you only pull -security	22:12
teward	[14/10/16 18:03:56] <vedit> teward: yea and also when I upgrade, it should only pull security patches <--	22:13
teward	that IS what you asked	22:13
vedit	teward: I think I can safely comment universe and multiverse as I am looking to install from source	22:13
teward	vedit: 'install from source' as in manual compiling?	22:13
vedit	yea	22:13
teward	vedit: https://pbin.dark-net.net/view/raw/0a9d34f2 then	22:15
teward	(comments out even more lines)	22:15
vedit	wow	22:15
teward	ooopses	22:15
teward	wait	22:15
vedit	teward: Why not first two package lines	22:15
teward	i broke it	22:15
teward	vedit: because `main`	22:16
vedit	ok	22:17
teward	vedit: https://pbin.dark-net.net/view/raw/fbd26f70 <-- this	22:17
teward	i split off `main` and `restricted` into two separate lines, for standard and for -security	22:17
vedit	hmm... ok	22:17
teward	wouldn't hurt to also pull restricted, but...	22:17
teward	i also don't think it's that much extra load to pull an extra couple of megs of data for a source list	22:18
teward	but meh	22:18
=== Lcawte is now known as Lcawte\|Away

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!