[08:16] <miphix_> xD
[08:18] <miphix_> How's every one doing?
[08:51] <lordievader> Good morning.
[12:21] <caraconan> Hi here. I'm a little bit confused here. I had a 12.10 server, and then after a "sudo do-release-upgrade" I can see "13.10" in my /etc/issue, but looking at https://wiki.ubuntu.com/Releases it's marked as end of life. What should I do to upgrade my server to the... "current" version? Thanks
[12:23] <caraconan> Ok, I can imagine that I'm missing another jump
[12:44] <lordievader> caraconan: Continue the upgrade procedure.
[12:44] <caraconan> ok thanks
[12:59] <dominic1134> hi there, we're looking for developers and package maintainers which would like to join our development team for an open source anti spam appliance project. check out www.openas.org . we're happy to hear from you :-)
[14:02] <thor77> hello, i have an ubuntu-vps with a nginx-webserver. i want to easily (without sudo) copy/edit files to /usr/share/nginx/ (the webserver's root). what's the easiest way to archive this?
[14:03] <teward> thor77: beat yourself with the guide to linux - there's a thousand safety reasons for why you don't do that.
[14:04] <teward> thor77: not to mention, you shouldn't put your web root in a package-maintained directory anyways, and should make an alternate directory, either as a subdirectory in there (as root/sudo) or elsewhere, so long as nginx has +x on the directories (and the ability to read the files)
[14:06] <teward> thor77: the biggest reason for me saying don't use /usr/share/nginx/ directly and either use a directory under that or move elswhere, is because https://bugs.launchpad.net/ubuntu/+source/nginx/+bug/1194074
[14:08] <teward> thor77: the second biggest reason is you don't want a hijacked user account to be able to edit the files without needing the sudo password - this is also why you should SSH Key Auth Only your server so you don't have rouge access in case your password gets stolen
[14:08] <teward> (and use a different password on your SSH key)
[14:11] <patdk-wk> teward, why?
[14:11] <thor77> teward: okey, okey, didnt thought about the security issues
[14:11] <patdk-wk> so your trading a stolen password for a stolen rsa key?
[14:11] <patdk-wk> you should use 2factor
[14:12] <thor77> tekk: and my server is using ssh key auth only
[14:12] <thor77> ssh key is protected with a password
[14:12] <patdk-wk> password + keyauth, keyauth + token, password + token, something
[14:12] <patdk-wk> ssh key can be brute forced
[14:12] <teward> patdk-wk: and you can brute force a 2048bit key in how long?
[14:13] <patdk-wk> it is not 2048 bit
[14:13] <teward> patdk-wk: then what's the bitstrength of a default generated ssh key in 14.04
[14:13] <teward> patdk-wk: point standing: it's easier to bruteforce a password than the privkey.
[14:13] <thor77> my ssh-key is 2048
[14:13] <patdk-wk> we aren't talking about the generated key
[14:13] <patdk-wk> we are talking about the PASSWORD protecting that key
[14:13] <thor77> the key is on my local computer
[14:14] <teward> patdk-wk: this is a discussion for elsewhere, IMO
[14:14] <patdk-wk> your password is also on your local computer
[14:14] <patdk-wk> till it got compromised :)
[14:14] <teward> patdk-wk: again, discussion for elsewhere
[14:14] <teward> thor77: i strongly suggest not changing the permissions for the folder, and use another path, but NOT in the home dir
[14:14] <teward> (there's other security considerations there)
[14:15] <thor77> teward: i will think about it, thanks for your suggestion
[14:15] <teward> patdk-wk: if only everyone followed the SANS recommendations: don't use the same password for everything
[14:15] <patdk-wk> that is good, but don't put all your credentials in one location :)
[14:15] <patdk-wk> that is even harder
[14:15] <patdk-wk> but 2factor helps that, storing two passwords for everything, in two locations
[14:15] <teward> patdk-wk: and the "Use Strong Passwords!  > 12 characters, alphanumeric+punctuation+special symbols, random
[14:15] <teward> patdk-wk: true
[14:16] <thor77> but if i use a new folder, is it a security issue when the web-user AND my normal-user have write acess to it?
[14:16] <patdk-wk> stolen laptop, stolen phone
[14:16] <patdk-wk> not likely for both to happen at once
[14:16] <teward> patdk-wk: my passcode db is inside a truecrypt container inside an ecryptfs container on a hardware-encrypted flash drive
[14:16] <patdk-wk> atleast for me
[14:16] <teward> which itself has a pincode that if yo ufail 10 times the data is nuked
[14:16] <thor77> you are very paranoic...
[14:16]  * teward may be a little paranoid :)
[14:17] <patdk-wk> lets see
[14:17] <patdk-wk> mine is in a keepass file
[14:17] <patdk-wk> on a encrypted drive
[14:17] <patdk-wk> that is secured via a usb token
[14:17] <patdk-wk> that is secured via a nother usb token
[14:17] <patdk-wk> that is secured via a password
[14:17] <teward> oop i forgot to mention the PGP encrypted files... eheheheheh
[14:17]  * teward keeps that on a separate device
[14:18]  * teward forgot he got more paranoid :)
[14:18] <patdk-wk> I attempt to use 25random char passwords :(
[14:18] <patdk-wk> so many places limit me to 15chars or sometimes less
[14:18] <teward> patdk-wk: wish there were ways to use yubikey cloud otps on everything but meh
[14:19] <patdk-wk> we did go paranoid with rsa keys, I forced them too though
[14:19] <patdk-wk> rsa logins work, but require token auth also
[14:19] <teward> patdk-wk: my keys are 8192bit strength so meh
[14:19] <teward> and they in turn require passwords that were randomgen'd > 64 characters
[14:19] <teward> so........
[14:19] <teward> :P
[15:03] <arcsky> hello, i have a few Ubuntu-servers running at my office. I wonder if there are any mangmenet open tool for lets say upgrade it and other mangment stuff
[15:04] <patdk-wk> apt-get
[15:04] <teward> patdk-wk: i think he means en masse management and such
[15:04] <teward> rather than connect to each manually
[15:05] <teward> landscape or puppet come to mind... but i'm not a fan of either
[15:05]  * teward prefers the manual touch :P
[15:05] <patdk-wk> yes, he wanted landscape
[15:05] <patdk-wk> but he also said open tool
[15:05] <teward> patdk-wk: heh
[15:05] <patdk-wk> and that means, basically no
[15:05] <arcsky> GUI crap
[15:05] <patdk-wk> puppet isn't exactly what he wanted :)
[15:06] <patdk-wk> plus again, not open, so chef, but still not what he wanted :)
[15:06] <arcsky> Puppet good?
[15:06] <patdk-wk> as good as the person setting it up and using it
[15:39] <marty_axel> can someone help me with vsftpd configuration?
[15:41] <thor77> marty_axel: use ssh
[15:41] <thor77> you dont need vsftpd, if you have sshd installed
[15:41] <thor77> you can use sftp and scp then
[15:41] <ppetraki> or rsync
[15:42] <marty_axel> mhmm...
[15:43] <marty_axel> i configured vsftpd from google. All perfect, but when i set pasv_address=my_public_ip and try to connect using my public ip, it`s not working. I can connect with localhost and 192.168.1.14, but not with public ip
[15:43] <teward> !crosspost | marty_axel
[15:43] <teward> (pick here or #ubuntu - stick to it - that's the most effective method)
[15:45] <rbasak> kickinz1: can you take bug 1412830 please? I can help you through it.
[15:52] <kickinz1> rbasak: looking
[15:54] <kickinz1> rbasak, ok
[16:02] <teward> server team meetings are public right
[16:02] <rbasak> teward: yes. In #ubuntu-meeting
[16:02] <teward> rbasak: i think i'll lurk today :)
[16:02] <rbasak> (on now)
[16:03] <rbasak> teward: please do!
[16:03] <teward> maybe i should o/ since i'm still on the 'team' on LP xD
[16:07] <teward> rbasak: it's helpful that i don't have a schedule full of classes on tuesdays now xD
[16:08] <rbasak> :)
[16:09] <bananapie> which program do I use to see all the files modified by a particular program? I think it was gdb or something like that, but I can't remember
[16:11] <rbasak> bananapie: strace maybe?
[16:11] <rbasak> strace -eopen is useful for that kind of thing
[16:12] <bananapie> Nice :)
[16:12] <bananapie> thanks :)
[16:14] <teward> rbasak: general question: nginx is on the server team's list of things they keep eyes on since the MIR, right?  (in this case, now, it's on my radar all the time, since updates no longer sit for 3 weeks before being looked at)
[16:15] <rbasak> teward: we do, but generally I look to see if you respond first, and usually you do :)
[16:16] <teward> rbasak: yep.
[16:16] <teward> :P
[16:16] <teward> rbasak: well, feel free to always throw things my way :)
[16:16] <teward> rbasak: especially given -devel is somewhere I lurk now :)
[16:17] <rbasak> Thanks!
[16:17] <thor77> is it possible to run a process in a virtual env with limited ressources?
[16:17] <rbasak> thor77: look into ulimit? Or for more control, maybe cgroups, LXC, etc.
[16:17] <thor77> thanks for the keywords
[16:18] <teward> rbasak: no problem - and if the server team always wants to throw things my way they're welcome to
[16:20] <rbasak> teward: remember, you're part of the server team :)
[16:20] <teward> rbasak: i meant as a regular thing in the meetings and such, if nginx becomes heavily more active
[16:21] <rbasak> teward: ack :)
[16:29] <teward> coreycb: hopefully you don't mind the nginx mention with the server team meeting - since nginx-core got into main (thanks to rbasak and sarnold and all for the MIR processing, again), it's definitely on my radar a ton more nowadays.
[16:29] <teward> especially since there's more people using it (according to all the errors I see on errors.u.c :P)
[16:29] <rbasak> teward: no problem, thanks for coming!
[16:30] <coreycb> teward, yes, not a problem whatsoever, that's what the meeting is for
[16:30] <coreycb> thanks for attending!
[16:30] <teward> coreycb: how fortunate my schedule isn't full nowadays
[16:31] <teward> i can attend the meetings more frequently now
[16:31] <rbasak> teward: 8678 popcon installs apparently
[16:31] <coreycb> teward, that's guaranteed not to last for long right? :)
[16:31] <coreycb> (the schedule not full part)
[16:33] <teward> coreycb: at least until finals week or midterms - my class schedule has only a 14:00-15:45 class tuesdays
[16:33] <coreycb> teward, oh man, I'm jealous :)
[16:33] <teward> come summer, back at the 9-5 job :P
[16:33] <teward> 09:00 - 17:00 job*
[16:33]  * teward needs to do 24-hour time notation by default now
[16:34] <teward> coreycb: and if i'm not able to attend, i'll drop a blurb to the -server mailing list for nginx updates that should be in the meeting - but as i said to rbasak, emails, bug reports, and pings in -devel -server    are the best way to get my attention (in that order)
[16:35] <coreycb> teward, sounds good, thank you
[16:36] <teward> you're welcome
[16:36] <teward> and the lovely thing about PPU rights is that the updates no longer sit in the sponsoring queue for 3 weeks xD
[16:36] <teward> so there's expedited processing of merges
[16:37] <teward> and non-security things outside of the development release (I loop in the security team for security-impacting Vivid updates for nginx now though)
[16:38] <teward> coreycb: i also know there was previous discussion adding nginx to the images, as something you can select and install.  But I don't know whether there's any need for such changes at this time.
[16:39] <coreycb> teward, I am not sure tbh. rbasak do you know?
[16:39] <teward> that request came into my email and on ask ubuntu and other locations, I believe, and prompted the MIR
[16:39] <teward> (which in turn prompted nginx-core's creation)
[16:41] <teward> it's probably an old discussion at this point
[16:41] <teward> at least a year or more
[16:42] <teward> oh, two years, almost...
[16:42] <rbasak> teward: I don't remember talking about adding an nginx option to the installer. Right now we just have LAMP I think, which does apache?
[16:43] <teward> rbasak: right.  i had a question come up in a bug (trying to remember!) which said "Will this be on the images"
[16:43] <rbasak> I see.
[16:43] <teward> at the time, i said "out of my purview"
[16:43] <rbasak> I have no major objection, although there are always space constraints, and the desire to reduce complexity rather than increase it.
[16:44] <teward> rbasak: indeed.
[16:44] <teward> rbasak: the discussion might come up in future, maybe closer to the next LTS, but i bet you there's a few people what would like it
[16:44] <rbasak> I'm also biased away from the images. I'm happy for the crowd who use them to continue to use them, but I don't.
[16:44] <teward> although i have no objection to leaving it off of the images.
[16:44] <rbasak> The future is in cloud images, rather than the traditional installer, IMHO.
[16:44] <teward> agreed
[16:44] <teward> rbasak: there are the traditionalists though xD
[16:45] <rbasak> Yes and they're welcome to look after the installer images :)
[16:46] <teward> rbasak: isn't part of QA's testing to test the traditional installer images...?  :/
[16:46] <teward> i think i remember seeing a testing task for it somewhere
[16:46] <teward> yep there's a test item >.>
[16:48] <teward> rbasak: what package do we provide for LAMP?  Or is it just a set of things to install, is all?
[16:53] <rbasak> teward: I think it just installs MySQL, Apache and PHP (libapache2-mod-php5 presumably).
[16:54] <teward> mmm
[16:55] <jpds> Isn't there a tasksel thing?
[16:55] <teward> rbasak: well i see a problem setting up an nginx+mysql+php stack with the images, in that php5-fpm (what is typically used with nginx) is universe
[16:55] <teward> if it too needs to be in main we open a can of worms, I believe
[16:56] <teward> might open*
[16:56] <patdk-wk> what about php5-cgi?
[16:56] <teward> rbasak: so it's a future discussion, obviously.  but at least nginx-core *is* in main and there's people who now actively maintain it  *points at self*
[16:56] <patdk-wk> you don't have to use fpm
[16:56] <teward> patdk-wk: wouldn't that require a fastcgi wrapper?
[16:56] <patdk-wk> you just need a fcgi or even cgi if you want :)
[16:56] <patdk-wk> teward, php5-cgi is a cgi AND fcgi
[16:57] <patdk-wk> fpm is a multi-fcgi wrapper
[16:57] <teward> patdk-wk: so php5-cgi could accept a fastcgi_pass then?
[16:57] <patdk-wk> yes, just using php5-fpm is normally *simpler* :)
[16:57]  * teward sets up a server VM to test!
[16:57] <patdk-wk> it would
[16:57] <patdk-wk> but you probably need to make init scripts and stuff for it
[16:57] <patdk-wk> whereas fpm already has it
[16:58] <patdk-wk> fpm is what made, going from a single fcgi php to per user php simple
[16:58] <teward> patdk-wk: yeah, the init scripts might be the pain - if LAMP is implied to work out of the box, and php5-cgi has no init, can that even be a viable solution
[16:58]  * teward won't write the init scripts :P
[16:58] <patdk-wk> well, pick your pain :)
[16:59] <teward> catch-22.  both options are equally painful :p
[16:59] <teward> i should blog about setting up an nginx+mysql+php5 stack on ubuntu 14.04+... hmmm
[17:00] <patdk-wk> personally, I like php5-fpm :)
[17:00] <teward> patdk-wk: agreed
[17:00] <teward> makes it less painful to set up :P
[17:01] <patdk-wk> put all my php.ini settings into it's per instance customization
[17:01] <patdk-wk> no more php update saying it needs to overwrite my php.ini :)
[17:01] <patdk-wk> makes happy sysadmin
[17:02] <teward> heh
[17:02] <patdk-wk> interesting
[17:02] <patdk-wk> today seems to be a spam day
[17:03] <rbasak> teward: I feel that php5-fpm is inadequately maintained currently for it to be in main.
[17:03] <teward> rbasak: you and I are in agreement
[17:03] <teward> hence the 'can of worms'
[17:03] <rbasak> teward: https://bugs.launchpad.net/ubuntu/+source/php5/+bug/1267255
[17:03] <rbasak> :)
[17:44] <teward> rbasak: *subscribed and watching*
[18:25] <sarnold> jamespage: we've got a backlog of reactive work at the moment; probably I'll get to 1407695 and the other MIR work next week at the earliest
[18:35] <teward> is server going to be on the testing tracker for alpha 2?
[19:29] <NoobsFlyVFR> I just installed xorg and i3-wm on my Ubuntu 14.04 LTS server and I am trying to install lightdm using sudo apt-get install lightdm. But it wants to install unity, and all other united related components.
[19:29] <NoobsFlyVFR> How do I install lightdm without installing unity and everything else?
[19:30] <sarnold> NoobsFlyVFR: maybe try installing lightdm-greeter alongside lightdm?
[19:30] <NoobsFlyVFR> That worked, sarnold. Thanks a lot.
[19:30] <sarnold> nice
[19:31] <sarnold> I figured this looked like the reason why unity was being brought in: Recommends: xserver-xorg, unity-greeter | lightdm-greeter | lightdm-kde-greeter
[19:31] <NoobsFlyVFR> Exactly.
[19:37] <antiPoP> HI, I have an ubuntu 12.04 server with automatic updates enabled. However some security updates are aplied automatically while others not. What is happening? here are the configs and relevant logs: https://gist.github.com/antiPoP/9c97efbc523caab148ea
[19:40] <sarnold> antiPoP: perhaps those updates were published after the periodic check run?
[19:49] <antiPoP> sarnold maybe, but I didn't did an apt-get update
[19:49] <sarnold> antiPoP: hmm
[19:49] <antiPoP> so how have been these fetched?
[23:14] <dtscode> hey guy... ive got a process that keeps saying this: dtscode@dragontoothsoftware:~/billbot$ warning: The echo canceller started acting funny and got slapped (reset). It swears it will behave now. is there any way to tell what is saying it?
[23:14] <sarnold> echo canceller sounds like a voice-over-ip thing
[23:15] <dtscode> oh. its probably my ts3 server then
[23:16] <dtscode> can i restart it and redirect all output to /dev/null?
[23:16] <sarnold> probably
[23:17] <sarnold> thogh you might want to investigate using an initscript or upstart script to manage it as a service, rather than just a program you have to 'nohup ./foo > /dev/null 2>/dev/null </dev/null'  ...
[23:17] <dtscode> would sudo service teamspeak3 restart > /dev/null work?
[23:17] <dtscode> oh ok
[23:18] <X123> screen! :)
[23:19] <sarnold> true, screen or tmux is nice too :)