=== markthomas is now known as markthomas|away [03:51] I was referred here from #ubuntu i am running Ubuntu Desktop but installed a PPP server on it. My Windows 10 systems can connect but are not getting default routes so they can't get to the internet. I need help resolving this [04:26] I was referred here from #ubuntu i am running Ubuntu Desktop but installed a PPP server on it. My Windows 10 systems can connect but are not getting default routes so they can't get to the internet. I need help resolving this [04:41] I was referred here from #ubuntu i am running Ubuntu Desktop but installed a PPP server on it. My Windows 10 systems can connect but are not getting default routes so they can't get to the internet. I need help resolving this [05:07] hi, trying to figure out why after a dist-upgrade to 14.04 for the latest updates it will now not boot my multipath server [05:48] Good morning. [06:38] ponyofdeath: how does it fail? Do you have / on a multipath device? [06:39] and did you try the usual initramfs debugging stuff [06:44] Does it boot a kernel/initramfs? Or does it fail before that? === markthomas|away is now known as markthomas [07:06] hi@ll, is there a solution to use the yubikey HMAC-SHA1 in the channelResponse mode under ubuntu?? :) === cipi is now known as CiPi === Lcawte|Away is now known as Lcawte === Lcawte is now known as Lcawte|Away === _ruben_ is now known as _ruben [09:13] hi@ll, is there a solution to use the yubikey HMAC-SHA1 in the channelResponse mode under ubuntu?? :) [09:26] Hiya, I have been looking around for a solution but clearly I don't know how to use Google. What should I be looking at to run Windows VMs on a Ubuntu Server host? Thanks in advance [09:28] OliverUK: KVM. [09:29] lordievader: Is this the only option? I was looking at KVM and it seemed a pretty steep learning curve [09:29] lordievader: Not a problem though if this is the way to go, I will sit and read :-) [09:29] I suppose there are alternatives but I know of KVM that it works very well. I run Lightroom that way. [09:35] OliverUK: apt-get install kvm virt-manager # virt-manager doesn't have a steep learning curve ;) [09:36] it's just a nice GUI to do the KVM fiddly bits for you [09:38] RoyK: Trying to not have a GUI at all :-) [09:38] Might have to look at it in test though :-) [09:38] OliverUK: not saying you should install X on the server - just use X on the client to avoid doing everything manually [09:39] OliverUK: Virt-manager can connect over ssh. Just install virt-manager on your workstation. [09:39] lordievader: Nice, thank you :-) [09:43] lordievader: probably better if he's using linux on the workstation ;) [09:44] lordievader: I'm using OS X on my laptop, so less hassle to just run it from the server [09:45] I thought I had seen virt-manager run on Windows somewhere, never looked into it though. [09:45] * lordievader dislikes X forwarding. === Lcawte|Away is now known as Lcawte [10:00] lordievader: x forwarding just works ;) [10:02] Meh, on crappy connections it is rather annoying. But then again, anything is. [10:05] yeah === deegee is now known as drussell === drussell is now known as Guest75778 [10:59] I want to share a folder on my home network to other ubuntu pc's, what is the best way to do this with authentication, so you need a password to acces the share? [10:59] I'd say Samba. [11:01] is it possible to share ext over samba? I want to preserve things like hardlinks, softlinks, ownership, permissions etc [11:01] Yes. [11:02] lordievader: cool, I'll use samba then. Thanks [11:17] frediz: any news on kimchi please? Do you have an ETA? === cz2 is now known as cz4 [11:44] hi I upgraded from 12.04 to 14.04 and now root keeps getting these security errors saying "SECURITY information for host" "problem with defaults entries ; TTY=pts/10 ; PWD=/home/user" I've done visudo -cf on sudoers and every file in /etc/sudoers.d without any issues. [11:44] I've found that this could be because I am connected to an active directory in this bug. https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/1249777 [11:44] Launchpad bug 1249777 in sssd (Ubuntu) "libsss-sudo generated nsswitch.conf leads to error messages upon sudo invocation" [Low,Confirmed] [11:44] I use sssd and it affects both local and remote users. [11:45] seems to indicate that sudo 1.11.7 will fix it. [11:45] will this upgrade ever come to ubuntu 14.04? [11:47] hi@ll, is there a solution to use the yubikey HMAC-SHA1 in the channelResponse mode under ubuntu?? :) [11:47] help [12:04] sry, wrong channel .... i retire my question. bb. === quantic_ is now known as quantic [12:14] what is considered a safe operating temperature for always-on harddisks? I"m testing my new WD disks now by writing to them from /dev/zero, and their at 33 C, is that OK? [12:14] *their temperature is at 33 C [12:17] trijntje: should't be a problem. drives normally likes it best < 50 degrees, 33 is nice. what drives don't like, is temperature varying a lot [12:18] RoyK: what would varying a lot be? My house has crappy isolation, so it goes between 20-30C in the summer and maybe 14-20 in the winter, on a 24 hour cycle [12:19] trijntje: I'd guess the drives get worn out a bit earlier, but hell, you're using RAID, right? ;) [12:21] RoyK: yeah, zfs mirror of the 2 disks, and backups of course [12:21] trijntje: also, drives normally won't keep room temperature - they naturally heat up - I don't think your situation varies very much from mine in terms of temperature diff, and I've been running these drives for 2-3 years without much issues (although one or two are having issues now) [12:21] 7-drive raidz2 [12:23] RoyK: thats good to know, thanks. I guess i'll write some automated scripts to keep an eye on the temperature, to get a feeling for how much it actually fluctuates [12:23] trijntje: smartmontools / smartd is always a good idea ;) [12:24] trijntje: also, the standard disk plugin for munin draws nice graphs of disk temp [12:25] trijntje: see pm [12:27] RoyK: I hadn't heard about munin, but thats pretty cool. Thanks for the pointer, I'll try that out for sure [12:28] trijntje: this is an old munin installation, mind, nicer graphs on 2.1.x [12:28] erm - on 2.0, I mean [12:28] this is old 1.4 [12:38] thanks again for the pointer to munin, I'll check it out for sure [12:38] it's in the repos and is easy to configure - an apt-get away ;) === deegee is now known as drussell [14:33] If I want to mount a disk using mount such that only root can access the mountpoint, how can I do this? [14:35] AEL-H: chown root:root /that/mountpoint ; chmod 0700 /that/mountpoint [14:36] Well what I have done at the moment is mounted it at /mymountpoint/, and when I do chmod 700 /mymountpoint/ as root user, nothing is happening [14:37] AEL-H: pastebin output of ls -ld /mymountpoint [14:38] It is just a one liner -- [14:38] drwxrwxrwx 1 root root 24576 Aug 1 19:14 /mymountpoint/ [14:38] what sort of fs? [14:39] standard windows -- should be ntfs [14:39] then, as root, mkdir /safe ; chmod 0700 /safe, mkdir /safe/mp, mount whatever /safe/mp [14:41] (replace some commas with ;) [14:41] so the problem is I can't chmod the folder, but I can mount it at a folder that has already been chmod'd? [14:42] mhm - ntfs doesn't use the linux filesystem perms [14:42] That makes sense, thanks [14:43] same applies to FAT [14:44] I can't unmount for some reason? It is saying the device is busy but I have no idea why that would be [14:45] probably an open file somewhere - check with lsof [14:51] I think smoser by be out this week, any volunteers for chairing this weeks ubuntu server irc meeting [14:52] i'm hree. and can chair [14:52] is that in 8 minutes ? [14:52] or 1:08 [14:52] oh smoser! [14:52] smoser, in 1:08 [14:52] thanks smoser === quantic is now known as Guest28583 === quantic_ is now known as quantic [16:08] my network card have a ip: 192.168.0.200/24 how to add other interface(alias) for listen too in the network: 192.168.1.200/24 thanks [16:08] ip addr add dev eth0 192.168.0.201/25 [16:08] or something [16:09] ip addr add dev eth0 addr 192.168.0.201/25 [16:09] perhaps [16:09] mmmm but i want work on network 192.168.1.200 [16:09] then change the address and mask [16:10] ip addr add dev eth0 addr 192.168.1.200/24 [16:10] why would you want two different networks on a single nic? [16:11] Error: an inet prefix is expected rather than "Addr" [16:11] i am change from my hose to work and other places... [16:11] then i want configure permanently both networks [16:11] i know with alias eth0:1 but not remeber the sintax [16:12] that's old stuff [16:12] yes [16:12] greetings! [16:13] is xen-api available on 15.04 too? there seem to be no related packages on the repository, but iirc there was a working version on LTS... [16:13] jak2000: ip address add 192.168.99.37/24 dev eth0 [16:14] ifconfig only show 192.168.0.200 [16:14] why? need restart the network services? [16:15] ip addr list [16:16] ifconfig is outdated [16:16] done.... [16:16] and if you want that permanent, add 'up ip addr add ...' in /etc/networks/int [16:16] and if you want that permanent, add 'up ip addr add ...' in /etc/network/interfaces [16:17] yes i want permanently [16:18] mmm wich line add? [16:19] "up" means "whenever the network is upped" [16:19] then the ip addr add thing [16:20] just below the nic config [16:20] ok [16:20] https://www.garron.me/en/linux/add-secondary-ip-linux.html [16:22] reading [16:47] RoyK done... [16:47] thanks [16:53] jak2000: did it work after a reboot? [16:55] yes [16:55] reboother [16:55] copied all the lines of eth0 and pasted, and changed eth0 to eth0:1 [16:55] no need for eth0:1 [16:56] that's deprecated [16:56] unless your still using ifconfig [16:56] just add "up ip address add ..." at the bottom of the eth0 config [16:56] I noticed my rhel7 machines dont even have ifconfig installed [16:56] I imagine that will break a lot of things for people [16:56] patdk-wk: that ip addr add things works with even 10.04 [16:57] I know, ifconfig has been dead for ages [16:57] patdk-wk: it broke a few things, but a yum install ifconfig worked well [16:57] wait [16:57] the url you gave me say add eth0:1 [16:57] patdk-wk: it broke vmware tools for one [16:57] changing [16:57] doesn't break vmwaretools for me [16:58] patdk-wk: perhaps it's updated now - first time I installed RHEL/CentOS7, vmware tools complained rather badly [16:58] right from vmware's repo [16:59] I have used it since it came out, though it was mostly unusable till 7.1 [16:59] but starting to push some production load to it now [16:59] guess I'd have to try without ipconfig again [17:00] or ifconfig [17:03] anyone know of a write once read many ( WORM ) media that is Linux friendly? Does a filesystem exist for this already? [17:03] patdk-wk: I don't know any filesystems supporting that [17:03] erm [17:04] ponyofdeath: that was for you, 19:03 < RoyK > patdk-wk: I don't know any filesystems supporting that [17:04] ponyofdeath: the ISO file system is exactly that. [17:04] RoyK: k thx [17:04] I wish ufs was more usable [17:05] ponyofdeath, the problem with worm, is it's very usecase dependent [17:05] jrwren: ok, but that is only encapsulating something already there correct [17:05] there are many of them in linux, like initramfs, squashfs, ... [17:06] there is also ltfs if you use lto tapes :) [17:06] ponyofdeath: it depends on what properties you expect out of a filesystem. Yes, I guess? Don't all filesystems deal with data that is already there? [17:06] ponyofdeath: or did you not mean the entire fs was write once, but maybe per file or something? [17:06] lol sorry this is for loggs [17:06] basically we want to make sure the logs are not tampered with [17:07] so if there is sometihng better that you guys know of besides WORM [17:07] just use off-system logs [17:07] and the old classic worm, a printer :) [17:19] patdk-wk: does ufs have worm? [17:20] is there any chance https://bugs.launchpad.net/ubuntu/+source/neutron/+bug/1453188 can be backported to trusty? (or who would I ask if not here?) [17:21] Launchpad bug 1453188 in neutron (Ubuntu Wily) "Incorrect path to binary in neutron-plugin-linuxbridge-agent" [High,Fix released] [17:40] crinkle, it should be available in the trusty kilo packages via the cloud archive. or are you actually using the 2014.1 packages shipped in trusty? [17:40] adam_g: no I'm using the cloud archive [17:41] crinkle, oh, it looks like that updates still waiting to be synced out to cloud-archive kilo -updates. [17:41] coreycb, jamespage ^ [17:42] crinkle, adam_g, kilo cloud archive should be released to -updates later wed or thurs [17:43] cool, thanks adam_g and coreycb [17:46] Anyone on ubuntu able to help with this https://gist.github.com/anonymous/8d38e61ab3d4ff3297ae trying to install mysql-server-5.6 smooth installation, configuring password however service fails to start [17:47] neredsenvy: why mysql? [17:47] ... [17:47] ..--.. [17:48] lets not do the which is better disscussion [17:48] *discussion [17:49] because obviously the answer is percona-server-server (-server) [17:49] beisner, testing is good from my end and yours at this point with kilo-proposed in the CA. can you plan on promoting to -updates wed pm or thurs? that'll have given us 7 days in -proposed. [17:50] well, if you're installing from git, try #mysql [17:51] coreycb, yep, i'll plan on it. [17:51] beisner, thanks [17:51] coreycb, thanks for all the updates! [18:20] could the tux3 versioning FS be used as WROM media? [18:23] write read once many ? [18:41] writable read only memory? that's an oxymoron ;P [18:42] no, it's about media that can be used for backups - only writable [18:42] that would be WORM [18:43] Write Once Read Many [18:59] waiting for the worms... [20:03] heh, is tux3 still alive [22:49] I'm on 14.04.01 with openssl 1.0.1f [22:49] How can I tell if I'm vulnerable to heartbleed? [22:49] I have self signed certificates [22:49] acmehandle: have you ran 'apt-get update; apt-get upgrade' yet? [22:50] also consider that self-signed certs are BAD if the site is in the wild and publicly accessible [22:50] because there's no 'trust' in place [22:50] One of the first things I did earlier this year when I first got it up and running [22:50] Ah. Ok. [22:50] acmehandle: i mean, have you run that since [22:50] Nope. [22:50] Should probably do that. [22:51] It is an experimental vps. so nothing live on it. But I still want to know. [22:51] acmehandle: well, there's always https://filippo.io/Heartbleed/ [22:51] if the VPS has a domain tied to the 'experimental' stuff, point it there. [22:51] alternatively... [22:51] um... [22:51] you can install the unattended-upgrades package [22:51] that too [22:51] but also http://serverfault.com/questions/587839/is-there-a-way-to-manually-check-for-openssl-cve-2014-0160-vulnerability <-- first answer for testing perhaps [22:52] hmm [22:52] it'll keep the thing up to date even if you don't log in often. granted, some services probably require restarting to make the updates work -- especially for e.g. openssl updates, your web servers or whatever need to be restarted [22:52] there's a lot of test scripts out there though :P [22:52] and yes, unattended-upgrades [22:52] sarnold: if a system is managed by Landscape can it still have unattended-upgrades installed and set for security only? [22:52] No, its good. I remember now. I tested it against another ssl/tls testing website [22:52] or would that be handled by Landscape instead [22:52] But I ran it against filippo.io just now [22:52] says all good [22:53] acmehandle: then you're all set, just remember that if you're going Live to the world, don't use self-signed [22:53] you'll get yelled at by people lol [22:54] hopefully qualys's check can handle all the other issues even if you are self-signed [22:54] it does [22:54] it just really downgrades your grade because self-signed [22:54] teward: I assume so, they have to have programmed it with the expectation that some package management will happen outside of landscape [22:54] sarnold: cool. [22:54] sarnold: BTW, i had fun with landscape. [22:54] landscape and gitlab on the same server [22:54] I guess I should just get a cheap certificate from ssl start [22:55] had to mess with a LOT of settings to make everything work, PLUS reverse-proxy via nginx xD [22:55] i'm writing up a blog post on it :P [22:55] teward: woo :) thanks for writing it up, I always like to read those sorts of things [22:55] sarnold: interesting tidbit: one of the bits of Landscape listens on port 8080. Gitlab's Unicorn implementation (for the Ruby handling) also listens on 8080 [22:56] gotta change the Gitlab one xD [22:56] sarnold: i'mma write it with the "Caveats, Headaches, and Why This Is Evil" [22:56] sarnold: it'll be aggregated on planet.u.c, once i publish [22:56] apt-get update should be enough right? [22:57] maybe it can make it into the newsletter, i gotta poke pleia2 possibly [22:57] acmehandle: that updates the list of software available, apt-get upgrade executes the actual updates [22:57] it'll do everything right? Because it just flew right past didnt do a thing except check stuff [22:57] oh, heh [22:57] (unattended-upgrades does that automatically though) [22:57] acmehandle: it's a two-stage process -- update updates lists, upgrade (or dist-upgrade) downloads and installs packages [22:57] ^ that [22:57] as i said :) [22:57] openssl is not in the list it seems. [22:58] Why do i even bother with a vps, everyone is going to the cloud. [22:58] acmehandle: apt-cache policy openssl [22:58] but I dont wanna go to the cloud [22:59] "the cloud" can be more expensive, depending upon what you're doing. [23:00] I'm getting *** 1.0.1f [23:00] ubuntu 2.7 0 [23:00] pastebin the whole output lol [23:00] !pastebin [23:00] For posting multi-line texts into the channel, please use http://paste.ubuntu.com | To post !screenshots use http://imgur.com/ !pastebinit to paste directly from command line | Make sure you give us the URL for your paste - see also the channel topic. [23:00] What if I just run apt-get upgrade instead?