[00:08] <sarnold> hey Plizzo, sorry to hear it's still happening :/
[00:09] <sarnold> Plizzo: it might be worth storing off the dmesg every ten minutes or something and see if you can find the issue in the logs before the whole thing hangs
[00:09] <sarnold> Plizzo: it might be worth installing mcelog too, perhaps it's a machine check exception
[00:09] <Plizzo> sarnold: No worries, I’m just trying to get an understanding of why it’s doing that. If I can’t find a way to fix it it might be quicker to do a whole clean install.
[00:11] <sarnold> Plizzo: it has the feeling of something that wouldn't go away with a clean install. :/
[00:11] <Plizzo> sarnold: Here is my last syslog
[00:11] <Plizzo> http://paste.ubuntu.com/9290289/
[00:12] <Plizzo> sarnold: Sorry, I meant to say dmesg
[00:13] <sarnold> Plizzo: wow, that looks pretty clean.
[00:14] <Plizzo> sarnold: Yeah, from what I can see. All my logs are perfectly clean…
[00:19] <Plizzo> sarnold: I think a clean system install might be faster than to debug this..
[00:20] <Plizzo> sarnold: I will never update my Ubuntu release again, this happens every time I upgrade, last year also..
[00:22] <tarvid> Still recovering from my last upgrade. Joined this discussion late. What is the problem
[00:25] <Plizzo> tarvid: I upgraded from 11.10 to 13.10 using ”do-release-upgrade”, and started experiencing seemingly random hogging/freezing of my entire machine and system. I then today tried to upgrade to 14.04 LTS to remedy this issue, but to no avail. The upgrade to 14.04 does seem to have had the opposite effect. The first freeze now occured after approx. 2 hours. Any ideas what could be causing this?
[00:27] <Plizzo> tarvid: Once it freezes, there are no records in the logs and it’s impossible to reach the server over SSH. It completes disappeares and becomes unreachable. I have to perform a hard restart in order to get it back on track.
[00:28] <Plizzo> tarvid: But I’m just waiting for it to freeze again..
[00:29] <tarvid> Haven't seen that issue. I upgraded from 12.04 to 14.04 and had many apache2 issues. I did have one halt on reboot
[00:30] <tarvid> I am now looking for an inexpensive KVM over IP to avoid the 6 hour drive to press the reset button
[00:31] <Plizzo> tarvid: I also had some apache2 issues with htpasswd etc, but got most of them sorted out.
[00:48] <sarnold> tarvid: you might just want to look for e.g. a remote-control power switch, some PDUs have them, some UPS have them
[00:48] <sarnold> Plizzo: oh, so e.g. 11.10 worked fine? I wonder if 12.04 LTS might work for you, that's still supported for another 2~3 years..
[00:56] <Plizzo> sarnold: Yeah, everything worked perfectly on 11.10 - but since it was an old release I figured I should upgrade. That’s when the freezing hell broke loose.
[01:00] <tarvid> sarnold, I have an old APC PDU, that would do for a power bounce but I had the damnedest  urge for a peek at the monitor.
[01:02] <tarvid> Plizzo, I wonder if the grub boot options changed and you now have a feature enabled that is not stable. I had that happen years ago when ACPI was enabled
[01:02] <Plizzo> tarvid: Maybe so, what option could that be?
[01:03] <tarvid> How old is the motherboard?
[01:03] <sarnold> tarvid: oh you want to know -why- it doesn't come back from a reboot ;) picky picky :)
[01:04] <Plizzo> tarvid: The motherboard is about three years old. But this just happened after software update, and it’s happened before. Only way I’ve been able to fix it is with a clean install.
[11:21] <filipsohajek> Hi, can you please help me? My postfix server (with MySQL) is sending and recieving to one domain, but other domains can only send
[12:59] <lnxmen> Hello.
[13:00] <lnxmen> Is there possibility to set priority of usage on memcached clients? I have production server with 40% usage of RAM and other two VPSes with 40% and 6% usage of RAM. How to make my VPSes more encumbered? Generally, is there any point in doing it?
[13:07] <mirexx> hello, I'm facing some problems with installation of oracle weblogic server, could some1 help with that ? pm pls, thanks :]
[13:28] <lnxmen> mirexx: firstly, paste your log
[13:30] <John_John_> i want to setup a mail server in ubuntu 14.04 but i dont have a registered domain. does this prevent me from completing the task ?
[13:32] <maxb> Rather depends on what you mean by mail server (smtp, imap, pop3) and how you want mail to reach it
[13:37] <John_John_> postfix and dovecot
[13:37] <John_John_> and imap
[13:37] <John_John_> http://www.krizna.com/ubuntu/setup-mail-server-ubuntu-14-04/
[13:38] <John_John_> here …i want to follow this guide.
[13:59] <John_John_> do you know ?
[14:00] <SCHAAP137> John_John_: yes, you need your own domain
[14:00] <John_John_> OHHH
[14:00] <SCHAAP137> domains are cheapo
[14:00] <SCHAAP137> *cheap
[14:00] <John_John_> is there a work around ?
[14:00] <John_John_> i want it for educational purposes only!!
[14:01] <SCHAAP137> you could e-mail based on IP-address, or some crappy subdomain
[14:01] <SCHAAP137> but it's uncommon, and probably spamfilters will not like it
[14:01] <SCHAAP137> some kind of domain, with control over the DNS entries, is needed
[14:01] <SCHAAP137> at least to set MX records and such
[14:01] <SCHAAP137> A, MX, SPF, DKIM, DMARC, TLSA, whatever
[14:02] <John_John_> all i want is just to send from myself to me
[14:02] <SCHAAP137> it can be accomplished without a domain, but also for educational purposes, it's better to do it the right way
[14:02] <SCHAAP137> which is, with a unique domain name
[14:02] <tanob> hi, i've installed ubuntu server using the netinstall and during install it detects and sets up wireless, but after restart I dont see the wireless configured, what's the simplest way to get it working and persistent across restarts?
[14:02] <John_John_> i see your point
[14:02] <SCHAAP137> domains are cheap John_John_, i mean, $3 per year or so
[14:02] <SCHAAP137> of $5
[14:02] <John_John_> where can i get one cheap ?
[14:02] <SCHAAP137> *or
[14:03] <John_John_> really ???
[14:03] <John_John_> that cheap ?
[14:03] <SCHAAP137> what do you want? a .com? .nl ?
[14:03] <John_John_> i didnt know
[14:03] <SCHAAP137> sure
[14:03] <SCHAAP137> even .eu is only 7 euros a year or so
[14:03] <John_John_> com, eu or gr or .net
[14:03] <SCHAAP137> i got my domains at www.transip.nl
[14:03] <John_John_> or anything that is cheap i guess
[14:03] <SCHAAP137> they have .nl's for 2 euros a year
[14:04] <SCHAAP137> .com for 7 euro a year
[14:04] <SCHAAP137> or 6
[14:04] <SCHAAP137> not sure
[14:04] <SCHAAP137> you should check
[14:04] <SCHAAP137> but remember, a domain, is just a domain
[14:04] <John_John_> i ll check it out now and buy one i guess :))
[14:04] <SCHAAP137> which is, a bunch of DNS records
[14:04] <John_John_> which means what ?
[14:04] <SCHAAP137> to assign a particular name to particular IP-addresses
[14:04] <SCHAAP137> it's not a server, or a machine, in itself
[14:04] <SCHAAP137> it's just DNS registration
[14:04] <John_John_> yes yes i know tah
[14:05] <SCHAAP137> good
[14:05] <John_John_> that*
[14:05] <SCHAAP137> i built my own mailserver as well, with ubuntu and postfix
[14:05] <John_John_> but then i can set up myserver like machinename.mydomain.com for example ?
[14:05] <SCHAAP137> multiple domains
[14:05] <SCHAAP137> yes, definitely
[14:05] <John_John_> aha
[14:06] <SCHAAP137> that's just an A record
[14:06] <John_John_> tell me more about your setup please ?
[14:06] <John_John_> what do you use exactly ?
[14:06] <John_John_> http://www.krizna.com/ubuntu/setup-mail-server-ubuntu-14-04/
[14:06] <John_John_> is this guide a good one to follow ?
[14:06] <SCHAAP137> i followed this guide
[14:06] <SCHAAP137> http://www.pixelinx.com/2013/09/creating-a-mail-server-on-ubuntu-postfix-courier-ssltls-spamassassin-clamav-amavis/
[14:06] <SCHAAP137> long time ago
[14:06] <SCHAAP137> since that time i tweaked and improved on it
[14:07] <John_John_> i am interested in imap too
[14:07] <John_John_> is it easy to change between pop3 and ima ?
[14:07] <John_John_> imap*
[14:07] <SCHAAP137> you can serve both
[14:08] <John_John_> very nice!!!
[14:08] <SCHAAP137> but i would recommend just serving pop3-ssl and imap-ssl
[14:08] <SCHAAP137> not the unencrypted ones
[14:08] <SCHAAP137> if you wanna do it really properly, get an SSL certificate as well from a CA
[14:08] <SCHAAP137> set up a webmail as well, with RoundCube or squirrelmail
[14:08] <SCHAAP137> set up an SPF record, set up DKIM
[14:09] <John_John_> are ssl certificates cheap ?
[14:09] <SCHAAP137> some of them are
[14:09] <SCHAAP137> Comodo PositiveSSL is like $10 a year
[14:09] <SCHAAP137> for a single domain
[14:09] <John_John_> ok nice to know that
[14:09] <SCHAAP137> depends on the type of certificate
[14:09] <SCHAAP137> wildcard certs, or EV certs, can be very expensive
[14:10] <John_John_> but for the moment i need the simplest setup possible
[14:10] <SCHAAP137> the guide i pasted the URL from, is a good way to get you started
[14:10] <SCHAAP137> it uses virtual users as well, in a mysql database
[14:10] <John_John_> really thanks for the info :)
[14:10] <SCHAAP137> no need to create actual unix user accounts
[14:10] <John_John_> aha
[14:10] <SCHAAP137> for the mail users
[14:10] <SCHAAP137> which is an advantage
[14:11] <John_John_> yes thats what i am interested in actually !!!
[14:12] <SCHAAP137> it will take a moment to set up, but when it's working, you will be happy
[14:12] <SCHAAP137> and then you can expand it slowly
[14:12] <SCHAAP137> add more advanced features, better security, etc
[14:12] <John_John_> another importan question
[14:13] <SCHAAP137> or, if you are REALLY lazy, you can check this out
[14:13] <SCHAAP137> https://mailinabox.email/
[14:13] <SCHAAP137> it does everything for you
[14:14] <John_John_> this is talking for the cloud yes ?
[14:15] <John_John_> so i need to have linux on the cloud ?
[14:15] <SCHAAP137> not necessarily
[14:15] <SCHAAP137> just linux anywhere is good
[14:15] <John_John_> i have 14.04 server installed locally
[14:15] <SCHAAP137> but, for a good mailserver, u want it to be online all the time
[14:15] <SCHAAP137> and fast
[14:15] <SCHAAP137> a nice VPS in a datacenter or something
[14:15] <John_John_> not in my concern for now
[14:16] <John_John_> but please tell me where can i buy a vps cheap from ?
[14:16] <SCHAAP137> hehe, i got mine from TransIP.nl as well
[14:17] <SCHAAP137> first month is half price, $5 instead of $10
[14:17] <SCHAAP137> gives you 1 core, 50 GB HDD, and 1GB RAM
[14:17] <SCHAAP137> i run a medium one, with 2 cores, 4GB RAM, and 150GB HDD
[14:17] <John_John_> i see
[14:18] <John_John_> problem is i dont understand duch
[14:18] <John_John_> so i need something in english or greek :)
[14:18] <SCHAAP137> it's better to get one geographically close to you
[14:18] <SCHAAP137> for better performance during control sessions, speed, etc
[14:18] <John_John_> we are not far actually :)
[14:19] <John_John_> but its ok i ll find one
[14:19] <SCHAAP137> http://www.pointer.gr/en/vps
[14:19] <SCHAAP137> seems a bit expensive this one
[14:19] <John_John_> i am only interested in the domain name only right now i guess
[14:19] <John_John_> we ll see about vps later
[14:20] <John_John_> is my 14.04 server local machine enough for now ?
[14:20] <SCHAAP137> depends on your network setup
[14:20] <SCHAAP137> does your ISP block any ports?
[14:20] <John_John_> nope
[14:20] <SCHAAP137> some ISPs block port 25 on consumer lines
[14:20] <SCHAAP137> then it should be sufficient
[14:21] <John_John_> ok then
[14:21] <SCHAAP137> but for a "production" mailserver, you want more sense of security, uptime, etc
[14:21] <John_John_> how can i learn if my isp blocks port 25 ?
[14:21] <John_John_> i dont need any production right now
[14:21] <SCHAAP137> no idea, pbly only by testing it
[14:21] <John_John_> i just need it for development server
[14:22] <SCHAAP137> by sending out mail
[14:22] <John_John_> how can i test that now easily ??
[14:22] <SCHAAP137> mail servers talk on port 25, outbound, but also inbound / amongst eachother
[14:22] <SCHAAP137> hmm, difficult
[14:22] <SCHAAP137> you need a mailserver to test it i think :P
[14:22] <John_John_> lol ok
[14:22] <mardraum> telnet to some remote mailserver on port 25
[14:23] <SCHAAP137> ah yeah, indeed
[14:23] <John_John_> telnet from inside ubuntu you mean ?
[14:23] <John_John_> can you give me the shell command please ?
[14:23] <SCHAAP137> telnet smtp.yourmailprovider.gr 25
[14:24] <John_John_> wait a sec please
[14:24] <mardraum> no, you want NOTyourmailprovider
[14:24] <SCHAAP137> ah yeah true
[14:24] <mardraum> they should certainly allow you to connect to their server
[14:24] <John_John_> ok i got it
[14:24] <John_John_> i ll use my work’s email server
[14:24] <John_John_> just a sec
[14:25] <John_John_> is this command correct ?
[14:26] <John_John_> ok it is sorry
[14:26] <SCHAAP137> after connecting, you need to identify yourself with HELO or EHLO
[14:26] <SCHAAP137> followed by your IP or domainname, of your internet line
[14:27] <mardraum> if you can connect at all, it's enough to establish your ISP isn't blocking outbound on port 25, assuming the server tested isn't also allowed by them
[14:28] <John_John_> Microsoft ESMTP MAIL Service ready……
[14:28] <John_John_> is this correct ?
[14:28] <SCHAAP137> for testing inbound, you would need a mailserver locally
[14:28] <mardraum> uh huh
[14:28] <SCHAAP137> yes, it means it connected
[14:28] <SCHAAP137> so outbound port 25 is clear
[14:28] <John_John_> ok nice one :)))
[14:28] <John_John_> but i ididnt identified myself ok ?
[14:29] <SCHAAP137> not a problem, the connection is there
[14:29] <SCHAAP137> like mardraum said
[14:29] <John_John_> thanks
[14:29] <John_John_> how can i disconnet now :)
[14:29] <SCHAAP137> usually QUIT
[14:29] <SCHAAP137> or BYE
[14:29] <SCHAAP137> i thought
[14:30] <John_John_> ok it wotrked
[14:30] <John_John_> so i only have to buy my domain name right ?
[14:30] <SCHAAP137> correct, then you can set an A record in your DNS control panel
[14:30] <SCHAAP137> of the domainname
[14:30] <John_John_> is the ubuntu server i just installed ok ?
[14:30] <SCHAAP137> A record should point to your IP
[14:30] <John_John_> should i better install a desktop too ?
[14:31] <SCHAAP137> not necessary
[14:31] <John_John_> ok
[14:31] <John_John_> because i am on a mac and have the ubuntu server as a VM now
[14:31] <John_John_> thats my setup already actually
[14:31] <SCHAAP137> ah, okay, that changes things
[14:32] <John_John_> geeeee
[14:32] <SCHAAP137> the VM, how does it connect?
[14:32] <John_John_> bridge
[14:32] <SCHAAP137> it uses a bridged adapter, or virtual NAT ?
[14:32] <SCHAAP137> ah bridge, nice
[14:32] <SCHAAP137> so it has an IP on the physical network?
[14:32] <SCHAAP137> then it should be okay
[14:32] <John_John_> yes it is like that
[14:34] <John_John_> how do i change the server name after i got my domain ?
[14:35] <SCHAAP137> what do you mean exactly?
[14:35] <SCHAAP137> ah, you want to give your server a domain name?
[14:35] <SCHAAP137> you create an A record, to point to your IP-adress
[14:35] <SCHAAP137> with some kind of name
[14:35] <SCHAAP137> lets say
[14:36] <John_John_> yes
[14:36] <SCHAAP137> mail in A 1.2.3.4
[14:36] <John_John_> how do i create an A record ?
[14:36] <SCHAAP137> then you have mail.domain.name pointing to that IP-adress
[14:36] <SCHAAP137> in the DNS control panel, from the provider where u have the domain name
[14:37] <teward> John_John_: you have to set it up in the DNS provider, whether its third party or wherever you have the domain.
[14:37] <SCHAAP137> after making the A record (name pointing to IP)
[14:37] <SCHAAP137> then u create the MX record
[14:37] <teward> wow lagggggy here...
[14:37] <SCHAAP137> which will be pointing to the (full) name from the A record
[14:37] <John_John_> aha so when i buy a domain i have a panel too ?
[14:37] <John_John_> i didnt know that
[14:37] <SCHAAP137> at TransIP yes, you get a control panel for the DNS settings
[14:38] <SCHAAP137> so for example you have the domainname maestro.gr
[14:38] <SCHAAP137> you make an A record
[14:38] <SCHAAP137> mail in A 1.2.3.4
[14:38] <SCHAAP137> so then mail.maestro.gr will point to 1.2.3.4
[14:38] <John_John_> ok please give me 5 minutes so i can find a domain provider in greece please and i ll get back to you ok ?
[14:38] <SCHAAP137> then after, you make an MX record
[14:38] <John_John_> hold on
[14:38] <SCHAAP137> @ in MX mail.maestro.gr.
[14:39] <SCHAAP137> @ in MX      10 mail.maestro.gr.
[14:39] <John_John_> i cant catch it all from the start
[14:39] <John_John_> i am new to this :)
[14:39] <John_John_> wait please ?
[14:39] <SCHAAP137> i cannot explain everything, you will need to learn and inform yourself as well :P
[14:39] <SCHAAP137> how DNS works etc
[14:39] <John_John_> lol of course
[14:39] <SCHAAP137> what an A record is, what an MX record is, IP-adress, etc :P
[14:39] <John_John_> i will follow the guide anyhow right ?
[14:39] <SCHAAP137> cool, good luck
[14:40] <John_John_> thanks but maybe ill need your help for the first step if thats ok with you
[14:40] <SCHAAP137> if i'm around here i will try to answer
[14:40] <John_John_> thanks :)
[14:40] <SCHAAP137> other ppl here should also know about it, i guess
[14:41] <SCHAAP137> i cannot be the only one to know about setting up mail
[14:41] <SCHAAP137> :PO
[14:41] <SCHAAP137> ;P
[14:41] <SCHAAP137> you will get there
[14:43] <SCHAAP137> setting up your own DNS server is harder than setting up your own mail server, with externally managed DNS
[14:44] <SCHAAP137> once you have mail up and running, it can be intriguing to host your own DNS as well
[14:44] <SCHAAP137> gives extra possibilities
[14:44] <SCHAAP137> like DNSSEC, TLSA and such
[14:44] <SCHAAP137> the options for setting different DNS records, with a managed DNS service, are more limited
[14:44] <teward> of course setting those up isn't the most trivial task either
[14:45] <SCHAAP137> that is definitely true
[14:45] <teward> if your ultimate goal is just to have a web server with a domain and a mail server the whole DNS setup process is likely overkill, and you can explore DNS setups in virtual environments at home in sandbox environments
[14:46] <teward> case in point the 25 sandbox VMs I have for various purposes (IPSec VPN, mail server, Apache, nginx, DNS, the list goes on)
[14:46] <SCHAAP137> that's a good method for testing setups indeed
[14:46] <teward> and you can break things allll you want and then fix em without nuking your servers in the process
[14:46] <teward> granted, I have actual hardware for virtualization here, got a whole ESXi server sitting at home
[14:47] <teward> and a new ESXi server in four days coming in ;)
[14:47] <SCHAAP137> indeed nice, i have some clusters in datacenters around holland i can play with
[14:47] <teward> mhm.
[14:47] <SCHAAP137> not at home though
[14:47] <SCHAAP137> also vSphere based
[14:48] <teward> true, but to some extent VMWare Workstation can manage the server a little, and since most of my VMs start in a Workstation environment, it's just a case of click and upload
[14:48] <teward> anyways, that's going into the techie, paranoid level of crazy :P
[14:48] <teward> (security on my network is equally intense)
[14:48] <teward> but i digress :)
[14:48] <SCHAAP137> ah, being a bit paranoid is good
[14:48] <SCHAAP137> i'm very security-minded as well
[14:48] <teward> s/a bit paranoid/overly crazy paranoid/
[14:48] <SCHAAP137> big fan of security through obscurity
[14:49] <teward> my home net has a whole firewall appliance at the edge - pfSense with Snort and IPSec VPN
[14:49] <teward> waaaaaaay overkill for a typical home network
[14:49] <teward> (VLAN'd out the wazoo too)
[14:49] <SCHAAP137> i assume you're already disabled SSL 3.0 everywhere
[14:49] <SCHAAP137> *you've
[14:49] <teward> first thing i did when i ran updates :P
[14:49] <SCHAAP137> with the whole POODLE thing
[14:49] <SCHAAP137> hehe, cool
[14:49] <teward> i use nginx, so it's as simple as putting an `ssl.conf` into /etc/nginx/conf.d/
[14:50] <teward> and set ssl rules across each server as a sort of global argument
[14:50] <SCHAAP137> i edited my apache's source code to include SPDY and NPN
[14:51] <SCHAAP137> and change the default EC params to something other than the prime256v1 curve
[14:51] <SCHAAP137> secp521r1 ftw
[14:51] <SCHAAP137> can't wait for a QUIC module @ apache
[14:52] <SCHAAP137> tried running nginx/apache compiled with LibreSSL already?
[14:53] <SCHAAP137> hope OpenSSL will implement the CHACHA20-POLY1305 cipher as well soon
[15:01] <mirexx> hello, I just installed jboss server on my localmachine, I want to reach it from my virtualhost but I can't, what should I do  pls? (I have installed apache and tomcat and both are reachable from virtual machine) thanks
[15:05] <John_John_> can you please suggest me a domain registration provider with default language of english or greece which you know that a control panel is included in the price ?
[15:10] <John_John_> www.europeregistry.com
[15:10] <John_John_> i found this one
[15:10] <John_John_> can you confirm please ?
[15:11] <andol> John_John_: Do you only need a registrar or do you also need dns hosting to be included?
[15:11] <SCHAAP137> not sure if they provide a DNS control panel as well
[15:11] <John_John_> i guess dns hosting too since its very hard to set up my own dns right ?
[15:12] <andol> John_John_: Anyway, https://www.gandi.net/ is generally a good choice.
[15:12] <John_John_> https://europeregistry.secure-admin.com/login?__utma=137147300.1225744559.1417273584.1417273584.1417273584.1&__utmb=137147300.6.9.1417273760872&__utmc=137147300&__utmx=-&__utmz=137147300.1417273584.1.1.utmgclid=CK3bq8KLoMICFYvItAodgWsAXQ|utmccn=(not%20set)|utmcmd=(not%20set)&__utmv=-&__utmk=71004752
[15:12] <John_John_> see this please
[15:12] <SCHAAP137> andol, i think John_John_ would also need a kind of DNS control panel for the domain name, does gandi provide that?
[15:12] <SCHAAP137> to make A and MX records etc
[15:13] <John_John_> please follow the link above i think it has it all ?
[15:13] <SCHAAP137> like, a domain including some kind of managed DNS
[15:13] <andol> SCHAAP137: Yepp.
[15:13] <SCHAAP137> seems useful John_John_, the suggestion from andol
[15:13] <John_John_> ok i ll check that out now
[15:15] <jak3000> hi all how to open port 3306? i try: sudo iptables -A INPUT -p tcp --dport 3306 -j ACCEPT      and sudo ufw 3306 allow    but can connect from other pc
[15:16] <SCHAAP137> it is probably a mysql server setting, jak3000
[15:16] <SCHAAP137> to only allow connection from localhost
[15:17] <SCHAAP137> 3306 is mysql right?
[15:17] <jak3000> yes mysql
[15:17] <SCHAAP137> probably server-side setting, to only allow connection from localhost
[15:17] <jak3000> how to check? in my.ini right?
[15:18] <SCHAAP137> i think so, i am not a mysql expert
[15:18] <SCHAAP137> probably initial setup made this config
[15:18] <SCHAAP137> try to just allow non-root access from outside
[15:18] <SCHAAP137> keep root user access only on localhost
[15:18] <jak3000> ok.
[15:18] <jak3000> thanks
[15:18] <SCHAAP137> yw
[15:18] <jak3000> good idea because i typed similar rules for port 22 and worked(cann connecT)
[15:19] <SCHAAP137> yes, but sshd is different
[15:19] <SCHAAP137> it is made for remote access
[15:19] <SCHAAP137> usually u want mysql database to only talk with local services
[15:19] <SCHAAP137> like webserver, or software running locally
[15:20] <SCHAAP137> you don't want SQL over the network, you want the applications to talk over the network, with encryption
[15:20] <SCHAAP137> and local databases to interpret the data locally
[15:21] <jak3000> understand
[15:23] <jak3000> SCHAAP137 friend.
[15:23] <jak3000> ak3000: remove bind-address= and skip-networking from my.cnf and grant permission to the external 'user'@'host' and remove any firewall rules blocking port 3306 and make sure no overrides on the mysqld commandline. See  http://hashmysql.org/index.php?title=Remote_Clients_Cannot_Connect
[15:24] <SCHAAP137> indeed, that should be it
[15:24] <SCHAAP137> but still, it is not common practice i think
[15:24] <SCHAAP137> it is 'unsafe'
[15:25] <SCHAAP137> maybe you can make some kind of VPN for the SQL traffic that traverses the network, or a VLAN
[15:25] <jak3000> ye sunderstand
[15:25] <SCHAAP137> or just use iptables to limit the access
[15:26] <SCHAAP137> is not a perfect solution ofcourse
[15:27] <SCHAAP137> if the iptable rule breaks for a moment, it will allow access for someone, potential attack vector, and it is not encrypted by default
[15:27] <jak3000> Thanks SCHAAP137 for your time, i tell you, if win or not win.. :)
[15:27] <SCHAAP137> hehe cool, let me know
[15:35] <jak3000> commented the line bind-adress and worked
[15:35] <jak3000> :)
[15:35] <SCHAAP137> okay
[15:36] <SCHAAP137> but still, remember that a different solution is nicer
[15:36] <SCHAAP137> to nót have SQL traffic over the network, just locally on the machine
[15:36] <SCHAAP137> let the applications talk something else, and SQL only locally in the machine from application to database
[15:36] <jak3000> ok
[15:36] <jak3000> ok thanks
[15:37] <SCHAAP137> yw
[15:37] <SCHAAP137> because it means, other machines can potentially access the SQL now as well
[15:38] <SCHAAP137> or you contain it with iptables?
[15:38] <SCHAAP137> if u allow external access, you should define the rules in iptables, for the IP's that should have access to the mysql service on port 3306
[15:38] <SCHAAP137> and block others
[15:38] <jak3000> ok
[15:39] <jak3000> understand i am working now in this step: allow ips and block others
[15:39] <SCHAAP137> best firewall policy is the 'default-deny' idea
[15:39] <SCHAAP137> everything is disallowed, expect the things u define
[15:39] <SCHAAP137> *except
[15:39] <SCHAAP137> iptables is not perfect
[15:39] <SCHAAP137> pf, from OpenBSD, is nicest
[15:40] <jak3000> a quesiton
[15:40] <jak3000> iptables and uwf can work at same time, or need disable one?
[15:41] <SCHAAP137> i don't know uwf
[15:41] <SCHAAP137> ah
[15:41] <SCHAAP137> uwf is a method to make easier iptables configuration
[15:42] <SCHAAP137> so both is good i guess
[15:42] <SCHAAP137> https://help.ubuntu.com/community/UFW
[15:43] <teward> jak3000: ufw will supersede the iptables rulesets, on its own
[15:43] <rsully> is there a specific room or person i should talk to about the certified images released for the joyent public cloud?
[15:43] <teward> jak3000: you will need to use either ufw or iptables - ufw ultimately sets iptables rules, that's why
[15:43] <jak3000> ok, then no problem if type any rules with iptables and others with uwf, thanks
[15:44] <SCHAAP137> does uwf 'replace' other custom iptables rules teward ?
[15:44] <teward> SCHAAP137: haven't tested.
[15:44] <SCHAAP137> like, some iptables stuff in /etc/rc.local, and afterwards uwf commands
[15:44] <teward> SCHAAP137: i know there's a way to add custom rulesets to ufw outside the bounds of ufw's commands, but as the uber techie I prefer iptables over ufw
[15:44] <SCHAAP137> good question indeed
[15:45] <teward> besides i have special masquerade rules that ufw breaks in any situation so i stick to an iptables ruleset
[15:45] <SCHAAP137> i'm more of a /etc/pf.conf kind of person, but i prefer iptables over uwf (i guess) as well
[15:45] <teward> and the only things open are to local, private IPs (or on my remote servers, specific system IPs), so... there's no real 'openings' in my own computer clients' systems, or my remote servers
[15:46] <teward> (and at home everything's behind the pfSense, called 'darkness', so... :P)
[15:48] <teward> SCHAAP137: i could spin up a VM and test, but i'm on battery power for now, on the bus...
[15:48] <teward> so meh
[15:48] <teward> (infinite bandwidth though - my phone is my hotspot instead of the bus's wifi)
[15:50] <SCHAAP137> ah, riding a bus atm?
[15:50] <teward> yep, from my hometown to my actual home in harrisburg :P
[15:51] <teward> IPSec VPN is evil on this hotspot but i've had worse....
[15:51] <teward> only got an hour of battery on the laptop
[15:52] <teward> 6 + 6 (with the external battery pack) for the phone
[15:52] <SCHAAP137> IPsec is just IP-header stuff right
[15:52] <SCHAAP137> not actual data encryption
[15:52] <SCHAAP137> why not an SSLVPN ?
[15:52] <Patrickdk> heh?
[15:52] <Patrickdk> ipsec is much better than sslvpn
[15:52] <Patrickdk> just ipsec doesn't passthough firewalls cleanly like sslvpn
[15:53] <SCHAAP137> SSLVPN over an IPsec tunnel, even better
[15:53] <Patrickdk> no, that would be horrible
[15:53] <Patrickdk> your mtu would be crap
[15:53] <teward> L2TP over IPsec is okay but its still bleh
[15:53] <teward> and i just need IPSec so the data doesn't look like it originates from my location :P
[15:53] <SCHAAP137> i think with pf.conf you could let IPsec tunnels pass cleanly over different networks
[15:53] <teward> that and i'm accessing my media server :)
[15:54] <Patrickdk> I just do ipsec, no l2tp
[15:54] <teward> ... back at home :)
[15:54] <SCHAAP137> on an OpenBSD system
[15:54] <teward> Patrickdk: yeah, it's tricky to do ipsec+l2tp, but my pfSense firewall has IPSec but not the hybrid of that and l2tp
[15:54] <SCHAAP137> through NAT and whatever
[15:54] <SCHAAP137> shouldn't be an issue
[15:54] <teward> SCHAAP137: yeah i have nat traversal outbound on my ipsec vpn
[15:54] <Patrickdk> heh?
[15:54] <teward> but its not like i need it to be infinite security - it's only me on it :P
[15:54] <Patrickdk> there is nothing special about ipsec+l2tp, they are two totally different things
[15:54]  * teward shrugs
[15:55] <teward> Patrickdk: windows expects it unfortunately
[15:55] <Patrickdk> you just run ppp over the ipsec link and boom, you have ipsec+l2tp
[15:55] <teward> ootb anyways it does
[15:55] <teward> linux, it works fine with just the IPsec, just need a few extra plugins
[15:55] <hadifarnoud> how can I keep the owner of files in a directory the same? with every git pull some new files become root:root
[15:56] <teward> hadifarnoud: are you running the pull as root?
[15:56] <hadifarnoud> teward: I am.
[15:56] <teward> that's your problem
[15:56] <teward> hadifarnoud: don't run the pull as root xD
[15:56] <teward> or have an extra recursive chown
[15:57] <teward> chown --recursive foo:bar /path/to/dir
[15:57] <teward> (replace what's relevant)
[15:57]  * Patrickdk makes sure to add some suid binaries into that git
[15:57] <teward> heheh
[15:57] <hadifarnoud> teward: so I can't make ubuntu keep the owner then?
[15:57] <Patrickdk> ubuntu has nothing to do with it
[15:58] <Patrickdk> use the correct user to do it, would be best
[15:58] <Patrickdk> tell git to do it
[15:58] <Patrickdk> or use a stick bit
[15:58] <Patrickdk> lots of options
[15:58] <lordievader> Strongswan with virtual ip is nice :D
[15:58] <teward> hadifarnoud: it's not an ubuntu issue - it's a pebkac user
[15:58] <teward> s/user/issue/
[15:58] <teward> hadifarnoud: your issue is that running the git pull as root makes it assume `superuser` default settings, i.e. root:root
[15:59] <teward> hadifarnoud: the solution is to NOT run the git pull as root, and instead as the user you intend to have the permissions set for
[15:59] <hadifarnoud> teward: that would be www-data
[15:59] <teward> hadifarnoud: or add an extra command to the pull at the end, and set it as the combo you want, via the chown command i said
[16:00] <teward> hadifarnoud: well then your other solution is run the pull as root and then add a command, either by using a script to handle the pull AND the chown, or... manually
[16:00] <Patrickdk> well, into the git postpull script
[16:00] <teward> right
[16:00] <teward> or do what i do, scripts for everything, all of em run on their own xD
[16:00]  * teward overcomplicates administration :)
[16:01] <hadifarnoud> cool. will do teward. have to google how to add a script to git pull
[16:01] <teward> postpull perhaps
[16:01] <teward> Patrickdk is likely more fluent with git than I
[16:01]  * teward has been learning bzr which has effectively squished his git knowledge >.>
[16:02] <Patrickdk> everyone uses git :)
[16:02] <Patrickdk> besides ubuntu using bzr
[16:02] <Patrickdk> and companies using perforce
[16:02] <ScottK> And people that still use svn.
[16:02] <ScottK> Or even, shudder, cvs.
[16:02] <Patrickdk> people don't normally start new stuff in svn
[16:02] <Patrickdk> I hated cvs
[16:02] <Patrickdk> svn was ok
[16:02] <ScottK> Sure, but lots of stuff still around using it.
[16:03] <teward> Patrickdk: i use bzr because i'm pushing stuff for the CVE tracker (as ScottK knows, theres quite a few cves that're WRONG against wireshark so i've been... kinda doing cleanup_
[16:03] <teward> that and i use the bzr method of package merges >.>
[16:03] <Patrickdk> I only know alittle git
[16:03] <Patrickdk> use it for a few things
[16:03] <teward> same, git clone, git commit, git push...
[16:03] <Patrickdk> but mainly use it for illumos commits
[16:03] <teward> mhm
[16:04] <Patrickdk> lots of git rebase :)
[16:04] <ScottK> One of the nice things about bzr is that for people that want to, you can use it exactly like svn, just do bzr command instead of svn command.  That makes it a nice bridge into the world of DVCS for projects where some people are stuck in the old paradigm.
[16:04]  * teward shrugs
[16:04] <teward> ScottK: i'm still a stickler for old fashioned packaging: pull the source package, tweak, changelog entry, rebuild
[16:04] <teward> then debdiff xD
[16:05] <Patrickdk> main reason I have never used bzr, why bother learning yet another
[16:05] <ScottK> That's generally true about tools.  There's little point in learning them for their own sake.
[16:05] <Patrickdk> git I was pretty much forced to, as everything switched to it
[16:06] <Patrickdk> svn I used for years
[16:06] <ScottK> teward: I mostly use diff and patch to get stuff into/out of the VCS, so I hear you.
[16:06] <Patrickdk> cvs I was forced to use, once, and I dropped that
[16:06] <teward> ScottK: yeah, i'm even worse, i nitpick upstream commits, and at times have had to actually manually recreate the patches via quilt
[16:06] <teward> 'twas painful
[16:06] <teward> but not unexpected...
[16:07] <Patrickdk> quilt makes it easy
[16:07] <teward> yeah, well, reading the upstream diff and converting that to manual edits is tricky sometimes
[16:07] <Patrickdk> attempt to strip out 40+ commits from fork, and attempt to remerge them
[16:07] <teward> especially with gedit having changed crazy between 10.04 and now
[16:07] <teward> Patrickdk: eheheh
[16:07] <Patrickdk> and remove extra fluf
[16:07] <Patrickdk> and fix *missing* parts
[16:07] <ScottK> I recently went through a process where I made a local branch in git and used git cherry-pick to pull the subset of upstream changes I wanted and then exported the commits as patches.
[16:08] <ScottK> Then it was mostly a matter of adding the patches to debian/patches/series.
[16:08] <ScottK> That way most of the hard work of resolving the differences we done in Git.
[16:08] <Patrickdk> my issue is, someone opted to change a whole style of atom locks
[16:08] <Patrickdk> causing all kinds of fun conflicts
[16:09] <ScottK> Probably nothing will help you there.  Just fun all around.
[16:09] <mirexx> could I install 32bit version of weblogic on 64bit ubuntu?
[16:09] <teward> ScottK: ahh, yeah, i work command line manually, and by doing the patches by hand i learn the underlying software...
[16:09] <teward> that's my thinking on manual patch recreation anyways
[16:09] <Patrickdk> if you install all the 32bit libs it wants, sure
[16:09] <mirexx> ty
[16:10] <teward> mirexx: you can do that easy by installing the 32bit dependencies, via package:i386
[16:10] <teward> unless it needs manual building of the deps :)
[16:10] <teward> (then it can get tricky i believe)
[16:10] <Patrickdk> if your building, it shouldn't really matter
[16:11] <Patrickdk> but you can't build weblogic :)
[16:11] <teward> true
[16:11] <teward> Patrickdk: build deps of the dep you have to build though
[16:11] <teward> depending on the software, that can get VERY tricky and time consuming
[16:12] <Patrickdk> ya, I spent 3 days working on that for dovecot
[16:13] <Patrickdk> building all the deps I needed in omnios so I could build a fully featured dovecot
[16:13] <mirexx> yes, I didn't find the 64bit version of weblogic :/ so I need to install 32bit version
[16:13] <teward> heh
[16:13] <Patrickdk> actually, building them wasn't the horrible part, but I was attempting to package it correctly, so I wouldn't have to do it again :)
[16:15] <teward> Patrickdk: ahahahahh, yeah THAT gets tricky
[16:17] <teward> Patrickdk: kinda glad i don't have to worry about the naxsi packages in nginx nowadays though, that isn't trivial to maintain
[16:17] <teward> (thank goodness debian dropped them, from Vivid onwards I can have relatively easy maintenance... :) )
[16:20] <Lartza> I know one should really REALLY not run own mail servers, but I have to. There's literally no easy way still and you have to configure everything meticulously?
[16:21] <SCHAAP137> there is
[16:21] <SCHAAP137> https://mailinabox.email/
[16:22] <Patrickdk> the problem with email servers is, everyone has different kinds of spam, so everyone blocks it differently and uses different things to process and reject/filter/...
[16:22] <Lartza> SCHAAP137, That requires a fresh box :/
[16:22] <SCHAAP137> true
[16:22] <Patrickdk> if it wasn't for that, a standard postfix/dovecot stack would be simple
[16:22] <SCHAAP137> http://www.pixelinx.com/2013/09/creating-a-mail-server-on-ubuntu-postfix-courier-ssltls-spamassassin-clamav-amavis/
[16:23] <SCHAAP137> this guide is good as well
[16:23] <Patrickdk> oh evil, courier
[16:23] <teward> wheeeeee laggy
[16:23] <Patrickdk> save yourself a ton of pain and use dovecot :)
[16:23] <mirexx> can I add 32bit libraries through these commands: 1. sudo dpkg --add-architecture i386  then 2. sudo apt-get update ?
[16:23] <SCHAAP137> i heard good stories about dovecot, i use courier-imap-ssl myself
[16:24] <SCHAAP137> users, domains, aliases, all virtual in mysql, mapped in postfix
[16:24] <SCHAAP137> opendkim
[16:24] <Lartza> Is amavis like spamassassin?
[16:25] <SCHAAP137> still wanna do TLSA
[16:25] <SCHAAP137> but need my own DNS for that
[16:25] <Patrickdk> no, amavis *includes* spamassassin
[16:25] <Patrickdk> ya, I'm fully tlsa
[16:25] <SCHAAP137> i use 4096-bit DKIM keys, some servers have a hard time verifying them
[16:25] <Patrickdk> I mainly use my email via webmail, and use tlsa for mx and to verify my webmail link
[16:26] <Patrickdk> 4k for dkim is kindof insane
[16:26] <Patrickdk> I hate google killed dkim for everyone
[16:26] <Patrickdk> your suppost to rotate your dkim keys weekly or monthly, but since google didn't everyone must suffer
[16:26] <SCHAAP137> true
[16:26] <teward> whoopsies
[16:27] <Patrickdk> maybe that is something I should start tracking
[16:27] <Patrickdk> keep track of dkim verifications
[16:28] <Patrickdk> and if I see the same key again, over x days old, derate it
[16:28] <Patrickdk> I used a 768bit dkim rotated weekly, for years
[16:29] <Patrickdk> or well, used to
[16:30] <Lartza> I'm literally thinking of buying a VPS for mail in a box now...
[16:30] <SCHAAP137> still need to set up my own nameserver
[16:31] <SCHAAP137> so i can do some TLSA
[16:31] <Lartza> But I think I'll just get around to installing all this
[16:31] <SCHAAP137> secondary caching/forwarding with some ip checks pbly
[16:33] <SCHAAP137> still need to learn some shit about DNSSEC before proceeding
[16:33] <Patrickdk> dnssec is simple
[16:34] <Patrickdk> but just don't be stupid, when you rotate your keys
[16:34] <SCHAAP137> need moar DNS knowledge in general tbh
[16:36] <ScottK> Patrickdk: DKIM key less than 1024 bits is not a great idea.
[16:36] <ScottK> SCHAAP137: 4096 is overkill though.
[16:36] <Patrickdk> why?
[16:36] <SCHAAP137> 4096 all the way yo
[16:36] <Patrickdk> bits only dictate how long till it's bruteforced
[16:36] <SCHAAP137> relaxed/simple
[16:36] <Patrickdk> if you rotate often, and expire the old key, not an issue
[16:36] <ScottK> Patrickdk: Yes, and with 768 it's not that long.
[16:37] <Patrickdk> the problem was, people where not doing so
[16:37] <Patrickdk> and google was using a 512bit key for years
[16:37] <teward> 4096 is overkill, but if you're security-paranoid like i am... :P
[16:37] <ScottK> That's true, but there are some systems that decline to trust keys < 1024.
[16:37] <Patrickdk> yes, cause of that google problem
[16:37] <ScottK> Patrickdk: They were using 512 until they got brute forced.
[16:37] <Patrickdk> they said, lets make 1k the limit
[16:38] <ScottK> Doesn't change the fact that if you use 768 many receivers will ignore your signature.
[16:38] <Patrickdk> why would they?
[16:38] <SCHAAP137> i am, teward
[16:38] <SCHAAP137> in different ways pbly
[16:38] <Patrickdk> and as I said, if you read, BEFORE 1k became the limit, I used 768bit rotated weekly
[16:38] <Patrickdk> afterwards, well, I had to change
[16:38] <ScottK> Because most people don't do key rotation.
[16:38] <Patrickdk> people not doing rotation is insane
[16:39] <Patrickdk> like not rotating your ssl certs, dnssec keys, and everything else
[16:39] <ScottK> opendkim, which is the most common implementation for Sendmail/Postfix use has a 1024 limit.
[16:39] <teward> i have an 8192bit ssh key too, which is REALLY overkill xD
[16:39] <teward> (just sayin)
[16:39] <Patrickdk> opendkim is relatively new
[16:40] <ScottK> Not really.
[16:40] <Patrickdk> teward, I attempting that before, openssl had no support using >4k
[16:40] <ScottK> It's a fork of dkim-milter which was an update of dk-milter.
[16:40] <Patrickdk> scottk, opendkim wasn't widely used till around the google 512bit key incident
[16:40] <teward> Patrickdk: openssl or openssh?  (ssh keys 8192 worked for me since 11.04)
[16:41] <Patrickdk> teward, yes, and that is pretty new :)
[16:41] <Patrickdk> I mean back in like 2002
[16:41] <Patrickdk> it could *make* 32k keys
[16:41] <Patrickdk> but it coulding use anything >4k
[16:41] <Patrickdk> totally pissed me off :)
[16:41] <teward> ahhh right
[16:42] <teward> Patrickdk: yeah I am REALLY overkill with my ssh keys ;)
[16:42] <ScottK> Since dkim didn't exist in 2002, it's completely true that all the software for the protocol didn't exist either.
[16:42] <Patrickdk> who is talking about dkim in 2002?
[16:42] <ScottK> Nevermind then.
[16:42] <Patrickdk> ssh != dkim
[16:43] <ScottK> The oldest supported Ubuntu release (10.04) has opendkim.
[16:43] <ScottK> It's also the last one with dkim-milter.
[16:43] <ScottK> So I think it's not that new.
[16:43] <teward> yep
[16:43] <Patrickdk> and google had their key compromised in nov 2012
[16:44] <Patrickdk> considering it takes people a year or two to upgrade to the newest version
[16:44] <Patrickdk> yes, I would say I was pretty right on
[16:44] <Patrickdk> people started using opendkim heavily around when google 512bit was compromised
[16:47] <ScottK> opendkim 1.0 was released in 2009 (and that's when it entered Debian/Ubuntu).
[16:47] <ScottK> The reason it was forked from dkim-milter is the author changed jobs.
[16:47] <ScottK> Before that, dkim-milter was the predominate implementation for Sendmail/Opendkim.
[16:52] <Patrickdk> yes, I still use dkim-filter
[16:52] <Patrickdk> but I pretty much forked it myself
[16:52] <Patrickdk> as it's completely mysql backed
[16:56] <Lartza> Anyone have experience with iRedMail?
[16:57] <Lartza> Oh needs a fresh server too
[16:57] <Lartza> Mhh
[16:58] <ScottK> opendkim supports mysql.  Not sure why you'd stay with ancient, unsupported software, but meh.
[16:59] <Patrickdk> hmm, I can't find anything in the documentation about it
[16:59] <Patrickdk> was just reviewing it again
[16:59] <Patrickdk> guess maybe the documentation is lacking
[17:02] <Patrickdk> and unsupported only means, someone other than my supports it
[17:03] <Patrickdk> as I said I forked it
[17:03] <Patrickdk> that was long before opendkim existed though
[17:11] <ScottK> See the --with-sql-backend config option described in INSTALL.
[17:22] <Patrickdk> ya, but not described in the config file manual
[17:22] <Patrickdk> I did see a readme.sql in the source
[17:22] <Patrickdk> but I don't normally look at the source for documentation
[19:10] <mirexx> hello guys, I'm using ubuntu 64bit and I'm trying to install oracle weblogic server but after I put this command : java -jar wls_121200.jar to the terminal  it's output is following: The OpenJDK JVM is not supported on this platform.
[19:10] <mirexx> The Oracle Universal Installer failed.  Exiting.
[19:11] <mirexx> what I am suppose to do to run this properly?
[19:11] <Patrickdk> it told you
[19:11] <Patrickdk> use oracle jvm
[19:11] <Patrickdk> why are you using openjdk?
[19:14] <mirexx> I am newbie in this.. :/
[19:14] <mirexx> so first thing I have to do is to install oracle jvm right?
[19:38] <shaan> hey guys what is a lightweight secure email server
[19:38] <shaan> ??
[19:38] <shaan> i just need simple E-mail and IMAP
[19:41] <mirexx> ok Patrickdk got it now, thx very much for  your help ;]
[19:41] <JanC> postfix + dovecot is reasonably lightweight
[19:42] <sheptard> why not get email hosted by google
[19:43] <JanC> privacy probably?
[19:44] <Patrickdk> gmail is *private*
[19:46] <JanC> it might even be illegal if he is inside the EU and has personal data about other people in his email/contacts
[19:47] <Patrickdk> or in ma, usa
[20:09] <maxb> What is not lightweight is doing your own spam & virus checking
[20:09] <maxb> spamassassin and clamav are pretty good, but require CPU time and admin care and feeding
[20:10] <qman> rolling your own antispam/antivirus is hard, I use scrollout F1
[20:18] <mirexx> guys, I'm trying to start my weblogic  server but, when I execute startWebLogic.sh it says: Can't open .../Oracle/Middleware/oracle_common/common/bin/commEnv.sh      #I don't  even have that directory..
[20:19] <mirexx> where is the problem ? :(
[20:20] <bekks> Well, it tells you it cant start because that directory and that file mentioned doesnt exist.
[20:21] <mirexx> yes I know that, but what I need to do about that ? I didn't find nothing about this problem so far..
[20:22] <bekks> mirexx: You need to install the WebLogic server properly, I guess.
[20:43] <allen> How can I make sure that my entire wordpress directory is readable, writable, and executable by my user?
[20:44] <allen> Like I want full privileges, and no permission related issues for this directory and all its subdirectories and files lower in the heirarchy
[20:45] <bekks> Where is your wordpress directory located?
[20:45] <RoyK> allen: the easiest, though not safest choice, is to chown -R youruser /path/to/wordpress/dir
[20:45] <allen> in /var/www/html/wordpressdirectory
[20:46] <bekks> That directory should not be owned by your user.
[20:46] <RoyK> bekks: why not? so long that it's readable by the apache group, it doesn't matter
[20:47] <bekks> RoyK: Well, it opens the door for vulnerabilities by using the users account.
[20:47] <RoyK> allen: btw, /var/www/html/... is typically a redhat/centos thing - I don't think I've see the html dir in any debian-based distros
[20:47] <RoyK> bekks: he's saying full rwx to his user, so yes
[20:47] <allen> RoyK,its like that on ubuntu-server 14.04
[20:49] <Patrickdk> royk, ubuntu *or debian* gave in a few years ago
[20:49] <allen> Thanks guys, I think its working, I'm not to stressed about security right now
[20:49] <allen> i just need things working, i'll tighten it up later
[20:50] <RoyK> allen, Patrickdk: I was looking at wheezy and some older ubuntu release - seems there's a html there now, yes
[20:50] <RoyK> allen: then chown -R
[21:36] <John_John__> what desktop to install in 14.04 server ?
[21:36] <bekks> The one you want, basically. :)
[21:36] <John_John__> ok i need the most stable one
[21:37] <bekks> All available desktops in the Ubuntu repos are considered to be stable.
[21:38] <John_John__> ok which one is the most featured and which one is the lightest ?
[21:41] <RoyK> John_John_: why would you want to install a desktop environment on a server?
[21:42] <RoyK> John_John_: if it's a desktop you want, just install ubuntu desktop and the server packages you need.
[21:42] <John_John_> because ….i think might have a better experience ?
[21:42] <RoyK> probably not
[21:42] <John_John_> actually i cant paste from my mac into ubuntu
[21:43] <RoyK> linux servers are configured on the commandline, although there exists other solutions, but not remotely as good
[21:43] <RoyK> just ssh into the server and paste into the terminal
[21:43] <John_John_> aha
[21:43] <John_John_> can you give me the exact command please ?
[21:44] <RoyK> on the mac, open terminal and type "ssh user@host" wher "user" is your username and "host" is the hostname or ip address of the server
[21:44] <John_John_> connection refused...
[21:45] <RoyK> then apt-get install ssh
[21:45] <RoyK> on the server
[21:47] <John_John_> yep :)
[21:47] <John_John_> thanks alot !
[21:47] <John_John_> so no need a gui at least for now i guess
[21:47] <John_John_> question....
[21:48] <John_John_> when i installed the server i installed LAMP too
[21:48] <John_John_> now i cant seem to be able to stop mysql serice for example
[21:48] <John_John_> i mean it seems it restarts by itself when i stop it
[21:48] <RoyK> John_John_: that would be the first 5 minutes of a linux 101 ;)
[21:49] <RoyK> John_John_: which ubuntu version?
[21:49] <John_John_> 14.04
[21:49] <RoyK> service mysqld stop should work well
[21:50] <John_John_> mysqld: unrecognized service
[21:50] <RoyK> mysql, perhaps
[21:50] <John_John_> something missing in my path maybe ?
[21:50] <RoyK> nope
[21:50] <RoyK> service mysql
[21:50] <RoyK> not mysqld
[21:51] <RoyK> my fault
[21:51] <John_John_> mysql stop/waiting
[21:51] <John_John_> what it means ?
[21:51] <RoyK> it means it's stopping
[21:51] <RoyK> but that may take a few seconds
[21:51] <RoyK> commiting transactions etc
[21:51] <RoyK> try service mysql status
[21:52] <John_John_> sudo service mysql status
[21:52] <John_John_> and still the same answer
[21:52] <RoyK> wait a wee while
[21:52] <John_John_> lol how while ???
[21:52] <John_John_> how much*
[21:53] <John_John_> i think something is wrong!
[21:53] <John_John_> still stop/waiting
[21:53] <John_John_> any thoughts ?
[21:53] <John_John_> a bug maybe ?
[21:53] <bekks> It's stopped, when you got the command prompt back.
[21:54] <RoyK> John_John_: ps axf|grep -v grep|grep mysql
[21:54] <qman> stop/waiting means it's stopped
[21:54] <qman> which is what you should expect, since you stopped it
[21:54] <John_John_> it gives me no answer
[21:54] <John_John_> aha
[21:55] <RoyK> qman: shouldn't that say just 'stopped'?
[21:55] <bekks> John_John_: It gave you a prompt back, where you typed service mysql status already.
[21:55] <John_John_> i see
[21:55] <qman> not from my experience
[21:55] <qman> upstart jobs say stop/waiting
[21:55] <RoyK> qman: ok
[21:55] <bekks> RoyK: The service is stopped and waiting for further instructions.
[21:55]  * RoyK doesn't like upstart
[21:55] <RoyK> ok
[21:55] <John_John_> mysql start/running, process 1711
[21:55] <John_John_> after i start it again
[21:55] <RoyK> good
[21:56] <John_John_> but it doewsnt give me the uptime info and all
[21:57] <John_John_> like this one command…udo /etc/init.d/mysql status
[21:57] <RoyK> John_John_: mysql ... "show global status;"
[21:58] <bekks> Because /etc/init.d/mysql status shows you the mysql stats, while service mysql status shows you the upstart status for the mysql service.
[21:58] <John_John_> show which method is the most secure/correct ?
[21:58] <RoyK> just use "service ..."
[21:59] <bekks> John_John_: Depends on which status you want to see.
[21:59] <John_John_> ok hear this
[22:00] <John_John_> i stopped with init.d and it doesnt stop at all!!!!
[22:00] <bekks> Why didnt you use service...?
[22:00] <John_John_> with service command it works fine i guess
[22:00] <John_John_> so i ll use that
[22:00] <bekks> Thats what you did before, yes.
[22:01] <John_John_> does the same work for apache2 too ?
[22:01] <bekks> Yes.
[22:01] <RoyK> John_John_: yes, or apache's own "apache2ctl (something)"
[22:01] <John_John_> udo service apache2 start
[22:01] <John_John_> worked
[22:02] <John_John_> so i am fine so far i guess
[22:02] <John_John_> one more question please ?
[22:03] <John_John_> i have installed parallels tools
[22:03] <Prezident> Hey
[22:03] <Prezident> sur.
[22:03] <John_John_> where can i find the mount ?
[22:05] <bekks> Which mount?
[22:05] <John_John_> its ok maybe they are installed correctly because i found my mac share folder under /media/psf
[22:05] <John_John_> but what exacly is /media/psf ?
[22:05] <John_John_> why psf ?
[22:06] <John_John_> can i give it an alias/shortcut ?
[22:06] <bekks> How are we supposed to know why you named your device "psf"? :)
[22:06] <John_John_> no no no noi didnt named that
[22:06] <bekks> Then it wouldnt be named like that ;)
[22:07] <John_John_> my device is called “Elements” and its under /media/psf/
[22:07] <bekks> So your user is named psf, then?
[22:07] <John_John_> no no
[22:07] <John_John_> my user is also displayed under psf too!!!!
[22:07]  * RoyK gets off to do something more productive, like drinking beer
[22:08] <bekks> RoyK: :)
[22:08] <John_John_> RoyK:  LOL
[22:08] <John_John_> maybe psf is a name that paralles created ? who knows
[22:09] <John_John_> but anyways can i give an alias to what is under /media/psf ?
[22:09] <bekks> "Parallels Shared Folder".
[22:09] <John_John_> right!!!!
[22:09] <John_John_> so what about the alias ?
[22:09] <bekks> Which alias?
[22:10] <John_John_> all i want is to say “Elements”
[22:10] <bekks> It says "Elements".
[22:10] <John_John_> and access /media/psf/Elements
[22:10] <John_John_> is that possible ?
[22:10] <bekks> And it is mounted under /media/psf - that how things work in Parallels.
[22:11] <John_John_> maybe i do not ask correctly
[22:11] <John_John_> anyways not so important
[22:11] <John_John_> hmm
[22:12] <John_John_> java -version
[22:12] <John_John_> The program 'java' can be found in the following packages:
[22:12] <John_John_>  * default-jre
[22:12] <John_John_>  * gcj-4.8-jre-headless
[22:12] <John_John_>  * openjdk-7-jre-headless
[22:12] <John_John_>  * gcj-4.6-jre-headless
[22:12] <John_John_>  * openjdk-6-jre-headless
[22:12] <John_John_> Try: sudo apt-get install <selected package>
[22:12] <John_John_> i just want the oracle jave 8
[22:12] <John_John_> what shoud i do ?
[22:13] <bekks> You have to install that manually.
[22:13] <bekks> http://askubuntu.com/questions/464755/how-to-install-openjdk-8-on-14-04
[22:14] <John_John_> no not open jdk
[22:14] <John_John_> i want this one!!!
[22:14] <John_John_> http://www.oracle.com/technetwork/java/javase/downloads/jdk8-downloads-2133151.html
[22:14] <bekks> http://tecadmin.net/install-oracle-java-8-jdk-8-ubuntu-via-ppa/
[22:16] <RoyK> John_John_: really, java?
[22:16] <RoyK> John_John_: java is for visiting, java coffee is for drinking, java in computing is for loathing
[22:17] <John_John_> lol why you say that ?
[22:17] <bekks> Because it is the truth.
[22:17] <John_John_> which other open source language/framework is close to microsoft’s .net ?
[22:17] <bekks> Mono.
[22:18] <John_John_> fuck mono…mono is shit
[22:18] <John_John_> are you a developer ?
[22:18] <bekks> It is far more close to .Net than Java.
[22:18] <John_John_> i dont think so really
[22:18] <John_John_> i know java is shit ok
[22:18] <bekks> Then you are denying technical facts.
[22:18] <John_John_> but php is better ?
[22:19] <bekks> PHP has entirely nothing to do with .net
[22:19] <John_John_> i know that
[22:19] <John_John_> but i need to develop and be safe
[22:19] <John_John_> i am adeveloper
[22:19] <bekks> Then dont use PHP at all.
[22:19] <John_John_> lol
[22:19] <bekks> PHP is a big pile of crap.
[22:19] <John_John_> what to use then ?
[22:19] <RoyK> C? HTML5?
[22:20] <bekks> Depends on your requirements - just naming different languages doesnt specify them.
[22:20] <John_John_> i need to create a mail client application
[22:20] <bekks> Arent there enough MUA already? :)
[22:21] <RoyK> apparently not....
[22:21] <John_John_> this is a long discussion now
[22:21] <John_John_> my mail client will have “special features”
[22:21] <bekks> Like?
[22:21] <RoyK> John_John_: anyway - what is it openjdk can't do?
[22:22] <John_John_> like departmental email management ?
[22:22] <bekks> John_John_: Thats nothing a client should handle, but your mailserver should do :)
[22:22] <RoyK> I don't think that is closely tied to a specific language
[22:22] <John_John_> i dont know openjdk but i hear is not compatible with oracle java sadly
[22:22] <bekks> "I hear" - thats not very reliable.
[22:23] <RoyK> John_John_: it's the other way around
[22:23] <John_John_> i agree
[22:23] <RoyK> John_John_: and if you're using it server-side, why bother?
[22:23] <John_John_> i need a server side technology that it is a stable one
[22:24] <bekks> So use OpenJDK 8.
[22:24] <John_John_> anyways i want to go with java for now
[22:24] <RoyK> bekks++
[22:27] <RoyK> John_John_: the code written for openjdk8 is compatible with the jvm from oracle, but that doesn't matter. So long the java stuff is done on the server, the users won't even need java installed (which is a jolly good thing)
[22:28] <John_John_> i am talking about me now and the tools i ll be using
[22:28] <John_John_> not the end users
[22:28] <RoyK> then use openjdk
[22:28] <John_John_> and why oracle supports only .rpm ?
[22:28] <RoyK> forget oracle
[22:29] <John_John_> that makes me think to move to CentOS i guess
[22:29] <John_John_> forget oracle ??????
[22:29] <RoyK> yes. forget. oracle.
[22:29] <RoyK> use openjdk
[22:29] <RoyK> it works
[22:29] <John_John_> i am not that good in java i guess and i dont have time for such risks
[22:30] <RoyK> omg
[22:30] <John_John_> i maybe think about it for a while
[22:30] <bekks> I still can see "I hear" is the main reason for assumptions in your design process.
[22:30] <John_John_> shame…and i like ubuntu!
[22:30] <RoyK> John_John_: if you don't know too much, learn more
[23:02] <JanC> John_John_: technically, Oracle JDK 8 is a commercial release fork of OpenJDK 8
[23:02] <John_John_> ok i have just installed the default jdk
[23:03] <JanC> and they probable use.rpm because that's what Oracle Linux uses  :p
[23:03] <John_John_> whis is openjdk 1.7
[23:03] <John_John_> is that ok ?
[23:03] <John_John_> for some reason it doesnt give me 1.8 by default
[23:03] <John_John_> only 1.7
[23:04] <John_John_> but if i want i can download the tar from oracle and install it locally in my home folder
[23:04] <JanC> that should give you support on older OS versions too, so unless you really need any JDK 8 (= 1.8) features JDK 7 should be fine
[23:05] <John_John_> i dont need 8 features no i guess
[23:05] <John_John_> how do i search for a package with apt get ?
[23:05] <John_John_> for example glassfish ?
[23:05] <JanC> apt-cache search
[23:06] <John_John_> is cache upto date ?
[23:07] <JanC> run 'apt-get update' to make it up-to-date
[23:07] <John_John_> i have done so
[23:08] <JanC> it's up-to-date until at the point in time when you last ran that  :)
[23:08] <John_John_> lol ok
[23:10] <John_John_> how can i download files from internet in console ?
[23:11] <Quoexl> wget?
[23:11] <JanC> there are several ways, but usually people use wget or curl
[23:12] <John_John_> thanks i ll check out how they work
[23:12] <Quoexl> wget http://whatever the download link is
[23:12] <JanC> wget is probably the easiest for simple downloads
[23:13] <Quoexl> or install links2 and use the text based browser
[23:14] <John_John_> how can i tell to what directory should download ?
[23:15] <Quoexl> it downloads right where you are sitting
[23:15] <Quoexl> if you have access to write to that dir
[23:15] <John_John_> ok that works for me
[23:15] <John_John_> actuall i am in my home dir
[23:15] <Quoexl> then it will drop right where you sit
[23:15] <John_John_> which is totally empty
[23:16] <John_John_> no predefined dir structure like dokuments and downloads in server edition ?
[23:16] <JanC> wget also has a -P/--directory-prefix option
[23:16] <JanC> but the default is '.', so "wherever you are"
[23:17] <JanC> John_John_: I doubt it's totally empty (likely has some .dotfiles)
[23:18] <John_John_> yes only those
[23:18] <JanC> but you can create directories as you like, of course
[23:18] <John_John_> ok so ill create my Downloads directory i guess :)
[23:18] <John_John_> with mkdir right ?
[23:19] <JanC> most of those directories don't make sense on a server anyway
[23:19] <JanC> yes
[23:19] <John_John_> so where an expert user downloads things on a server ?
[23:19] <JanC> wherever you need/want them?
[23:20] <John_John_> i need to download glassfish app server
[23:20] <John_John_> where is a good location to download and extract ?
[23:20] <John_John_> is inside the home folder a safe bet ?
[23:21] <JanC> I have no idea; ultimately you probably want/need it to be in some particular folder related to your project?
[23:21] <JanC> you can always copy/move it later though
[23:21] <John_John_> ok i guessed so
[23:21] <John_John_> ok thanks :)
[23:22] <JanC> _personally_ I tend to make some project directory where I store everything related to that project
[23:22] <John_John_> thats good i agree
[23:23] <JanC> seems like glassfish is already available in Ubuntu though?
[23:38] <John_John_> alrighty
[23:38] <John_John_> so far so good
[23:38] <John_John_> i have installed and run latest glasfish and work ok so far with openjdk 7
[23:39] <John_John_> for now i am good from the server side
[23:39] <John_John_> now my client/host is a mac
[23:39] <John_John_> ubuntu is on vm
[23:39] <John_John_> i have installed everything i need on my mac…java/ide etc
[23:40] <John_John_> can i use for example eclipse on my mac to access glassfish on ubuntu ?
[23:40] <John_John_> i have set up hosts already and i can reach glassfish console from my local browser on the mac
[23:45] <RoyK> John_John_: I'd suggest a separate machine, perhaps a raspberry pi or something, for the linux stuff
[23:45] <RoyK> John_John_: makes it easier to handle
[23:48] <Guest63112> i was woundering if i could get some help with my ubuntu server ive setup. its running a dhcp and its giving out ips correctly the only problem is that for android phones the device is not able to connect to anything untill its pinged from inside the network
[23:53] <Guest63112> is anyone monitoring this chat?
[23:59] <TheSpawnMan> @nomadjim how does this magic place work?