=== Lcawte is now known as Lcawte|Away
=== markthomas is now known as markthomas|away
=== zz_DenBeiren is now known as DenBeiren
[07:33] <rzeka> I am about to set automatic backups on server but I'm wondering. Is it better to connect to target machine from source or to source from target. In 1st case, when I have 3 different sources, I cannot tell if previous backup is done so I might get 2 backups running at the same time. In 2nd method, if backup server is hacked anyone may get access to other servers with ease (login through ssh keys)
=== Lcawte|Away is now known as Lcawte
=== bilde2910|away is now known as bilde2910
[11:49] <vidarne> with taskset you can set a specific running program to a  core as root/superuser but is there a way for a regular user to be allowed to set what core a program shall use ?  i have 3 game servers runing and i dont want them to use core/treds 1-3.
[11:51] <vidarne> is it visudo i have to use for that ?
=== bilde2910 is now known as bilde2910|away
[12:01] <DonRichie> vidarne: You can give root permission for specific commands with sudo
[12:57] <Kartagis> postfix/smtp[8844]: connect to mail.example.com[xxx.xxx.xxx.xxx]:25: Connection refused how come?
[13:08] <Kartagis> guys, it seems that I can't receive any mail and I re
[13:08] <Kartagis> ceive this in the log
[14:00] <Lartza> Not sure if I should ask this on php or apache so... Running Apache2 with php5-fpm and proxypassmatch, problem with aliases on webapps like phpmyadmin
[14:00] <Lartza> Getting a "primary script unknown" error but there's no better info anywhere
[14:01] <Lartza> I use ProxyPassMatch pointing to fcgi://127.0.0.1:9000/var/www/html/$1 and Alias /phpmyadmin /usr/share/phpmyadmin
[14:09] <Lartza> Fixed I think :)
=== bilde2910|away is now known as bilde2910
=== Lcawte is now known as Lcawte|Away
[15:51] <dav1dp0101> Hey, does anyone know how to remove the X windowing system and any display manager and graphics manager I may have installed? I think I installed a few different types but I don't remember what.
=== Lcawte|Away is now known as Lcawte
=== markthomas|away is now known as markthomas
[17:14] <jsonperl> hiya, I have a fairly non-ubuntu related "disaster recovery" question, but you folks are sharp :)
[17:14]  * patdk-wk goes around popping balloons
[17:15] <jsonperl> I want to host a backup web app, ready to failover if my "primary" app has issues
[17:15] <patdk-wk> and?
[17:15] <jsonperl> My initial thought was to take care of it via a CNAME change when said issue occurs
[17:15] <jsonperl> And keep an A record already pointing to the "spare"
[17:16] <patdk-wk> doesnt matter
[17:16] <jsonperl> Though now I'm thinking I'll still have the same issues with TTL as I would with just a straight A record
[17:16] <patdk-wk> so your question is ONLY related to dns failover?
[17:16] <jsonperl> failover in general
[17:16] <patdk-wk> nothing else in the scope? like failover disk data, the application itself, webservers, ....
[17:16] <jsonperl> You would likely use a load balancer, and redirect?
[17:16] <jsonperl> Just the webserver
[17:17] <patdk-wk> there are like 5 good ways to do it
[17:17] <jsonperl> Do you have a pref?
[17:17] <patdk-wk> but every method has it's own time and scaling issues
[17:17] <jsonperl> I like the CNAME route, since it's drop dead simple
[17:17] <jsonperl> but DNS prop may be a bit of an issue
[17:17] <jsonperl> and it's obviously not automated
[17:18] <jsonperl> but this is a disaster situation, so I'm somewhat unconcerned about that
[17:18] <patdk-wk> why is it not automated?
[17:18] <jsonperl> cname switching?
[17:18] <patdk-wk> ya
[17:18] <jsonperl> I mean, it could be I spose
[17:18] <patdk-wk> it always was for me
[17:18] <patdk-wk> I had each dns server test reachability
[17:18] <patdk-wk> and only serve whatever one was usable
[17:18] <jsonperl> I'm not running my own dns
[17:18] <jsonperl> I'm on route 53
[17:18] <patdk-wk> if the dns servers can't test, then you just have to go *best* guess
[17:19] <jsonperl> perhaps they have some automation for that though
[17:19] <patdk-wk> and assume the dns servers have the same reachability as your testing location
[17:19] <jsonperl> btw happy new year pat
[17:19] <patdk-wk> they do
[17:19] <patdk-wk> but I hadn't used it too much, so can't remember if it's good enough, think it is though
[17:19] <jsonperl> that may be the best solution
[17:19] <jsonperl> least moving parts
=== martinst is now known as martins-afk
[18:58] <Novice201y> Hi. How can I limit TLS version to ingore SSL3 on my Ubuntu 12.04 Server?
[19:22] <Novice201y> Hi. I run OpenVPN Access Server on VPS's Ubuntu 12.04 and want to limit TLS version that accessing /admin via https will try something higher that SSL3.
[19:25] <qman> You will need to adjust the web server's SSL configuration
=== duxklr| is now known as duxklr
[19:25] <qman> How precisely you do that depends on which web server you're running
[19:27] <Novice201y> qman: I don't think so - I installed only OpenVPN Access Server on this Ubuntu, changes options under SSL tab, but still ask for SSL3 on conection.
[19:27] <qman> A pretty decent guide for securing SSL on some common softwares: https://wiki.mozilla.org/Security/Server_Side_TLS
[19:28] <qman> If the OpenVPN Access Server runs its own web server, you will have to check with their documentation on how to configure it
=== Lcawte is now known as Lcawte|Away
[19:30] <qman> The algorithm selection is handled by the service, it's not a systemwide setting
[19:32] <Novice201y> qman: Thanks
[19:54] <Aison> hello
[19:54] <Aison> I would like to setup several vlans
[19:55] <Aison> with network/interfaces it works
[19:55] <Aison> and I guess with network/interfaces vconfig is used
[19:55] <Aison> but now I would like to use GVRP to announce the VLAN
[19:55] <Aison> this can be done eg. with
[19:56] <Aison> ip link add link eth0 eth0.260 type vlan id 260 gvrp on loose_binding on
[19:56] <Aison> can I somehow define a VLAN device inside network/interfaces so that GVRP is used?
[20:00] <Aison> or maybe I need to define a inet manual device?!?
=== markthomas is now known as markthomas|away
[21:35] <jvwjgames> Hi
[21:35] <jvwjgames> I need emergency help with my website
[21:43] <jvwjgames> my website is sufering sever probems
[21:44] <jvwjgames> i need help can someone please help me
[21:44] <cryptodan> what kind
[21:44] <jvwjgames> let me explain
[21:44] <jvwjgames> here is my website
[21:45] <jvwjgames> try to goto it
[21:45] <jvwjgames> http://jvwjgames.net
[21:45] <cryptodan> whats the issue
[21:46] <jvwjgames> my customers recive an http error 504 gateway timeout error
[21:46] <cryptodan> I can get to it
[21:46] <jvwjgames> really
[21:47] <cryptodan> http://i.imgur.com/YmI2sPF.png
[21:47] <jvwjgames> hmmm
[21:48] <jvwjgames> my phone i use mobile data and get an http error 504
[21:48] <jvwjgames> but interal network can get to it
[21:48] <cryptodan> when i use www.jvwjgames.net I get a not found
[21:49] <jvwjgames> ya that expected cause i don't have an A record for www.jvwjgames.net only jvwgjames.net
[21:49] <cryptodan> but without the www's I get to it
[21:49] <jvwjgames> *jvwjgames.net
[21:49] <jvwjgames> ya
[21:50] <jvwjgames> but for some odd reason my phone can't from out side my network
[21:50] <jvwjgames> is it my server issue or is it tmobile issue
[21:51] <cryptodan> tmobile
[21:51] <jvwjgames> yes tombile
[21:51] <cryptodan> you can check via www.network-tools.com or another site like it
[21:56] <jvwjgames> ok this is strange
[21:57] <jvwjgames> it says it is ok on a website tester i used but my phone it has an http error 504
[21:57] <jvwjgames> hmmm
[21:57] <cryptodan> then its a tmobile issue
[22:00] <jvwjgames> hmm i just don't get it
[22:00] <jvwjgames> cause all other websites work
[22:02] <jvwjgames> on tmobile
[22:03] <jemejones> does anyone know of a tool that can see if any packages that i have installed have a known vulnerability (by pulling a feed from a cve database)?
[22:03] <jemejones> i think maybe nessus can do it
[22:03] <cryptodan> yes nessus can
[22:04] <jemejones> i'm trying to figure out if openvas (a fork of nessus from way-back-when) can do it
[22:04] <jemejones> ok - awesome
[22:04] <cryptodan> jvwjgames: could be an issue between tmobile and comcast
[22:05] <jvwjgames> comcast?
[22:05] <jvwjgames> did you do an ip lookup
[22:05] <jvwjgames> lol
[22:05] <cryptodan> jvwjgames: yup
[22:05] <jvwjgames> nice
[22:06] <cryptodan> but it works for me so its an issue with tmobile
[22:07] <jvwjgames> i have a tracert program on my android phone and it can do a tracrt just fine
[22:07] <jvwjgames> from mobile data
[22:07] <cryptodan> traceroute is performed via ICMP or UDP it doesnt care about port 80
=== markthomas|away is now known as markthomas
[22:14] <jvwjgames> this is really strange
[22:15] <jvwjgames> i can get to the site via mobile data if i use https but can't if i use http
[22:17] <jvwjgames> ok
[22:17] <jvwjgames> i found the problem
[22:17] <jvwjgames> This is a known problem with US T-mobile - they fail to route to certain web services, including to Memsource. However, there is a workaround: Always use https for all communication, including using https from Memsource Editor. That should get you connected.
[22:17] <jvwjgames> You should report this issue to T-Mobile, so that they fix this. Their users seem to have similar problems connecting not just to Memsource:
[22:18] <jvwjgames> so this is a know issue on T-Mobile apperantly
[22:23] <cryptodan> now I know another reason not to use tmobile
=== TheRealCrell is now known as Crell
=== akaWolf1 is now known as akaWolf
=== dw2 is now known as dw1
=== rcj is now known as Guest87135
=== thesheff17_ is now known as thesheff17
=== bilde2910 is now known as bilde2910|away