[03:51] <ElevyNJ> I was referred here from #ubuntu  i am running Ubuntu Desktop but installed a PPP server on it. My Windows 10 systems can connect but are not getting default routes so they can't get to the internet. I need help resolving this
[04:26] <ElevyNJ> I was referred here from #ubuntu  i am running Ubuntu Desktop but installed a PPP server on it. My Windows 10 systems can connect but are not getting default routes so they can't get to the internet. I need help resolving this
[04:41] <emanu_> I was referred here from #ubuntu  i am running Ubuntu Desktop but installed a PPP server on it. My Windows 10 systems can connect but are not getting default routes so they can't get to the internet. I need help resolving this
[05:07] <ponyofdeath> hi, trying to figure out why after a dist-upgrade to 14.04 for the latest updates it will now not boot my multipath server
[05:48] <lordievader> Good morning.
[06:38] <jelly> ponyofdeath: how does it fail?  Do you have / on a multipath device?
[06:39] <jelly> and did you try the usual initramfs debugging stuff
[06:44] <lordievader> Does it boot a kernel/initramfs? Or does it fail before that?
[07:06] <deepquestions> hi@ll, is there a solution to use the yubikey HMAC-SHA1 in the channelResponse mode under ubuntu?? :)
[09:13] <deepquestions> hi@ll, is there a solution to use the yubikey HMAC-SHA1 in the channelResponse mode under ubuntu?? :)
[09:26] <OliverUK> Hiya, I have been looking around for a solution but clearly I don't know how to use Google.  What should I be looking at to run Windows VMs on a Ubuntu Server host?  Thanks in advance
[09:28] <lordievader> OliverUK: KVM.
[09:29] <OliverUK> lordievader: Is this the only option?  I was looking at KVM and it seemed a pretty steep learning curve
[09:29] <OliverUK> lordievader: Not a problem though if this is the way to go, I will sit and read :-)
[09:29] <lordievader> I suppose there are alternatives but I know of KVM that it works very well. I run Lightroom that way.
[09:35] <RoyK> OliverUK: apt-get install kvm virt-manager # virt-manager doesn't have a steep learning curve ;)
[09:36] <RoyK> it's just a nice GUI to do the KVM fiddly bits for you
[09:38] <OliverUK> RoyK: Trying to not have a GUI at all :-)
[09:38] <OliverUK> Might have to look at it in test though :-)
[09:38] <RoyK> OliverUK: not saying you should install X on the server - just use X on the client to avoid doing everything manually
[09:39] <lordievader> OliverUK: Virt-manager can connect over ssh. Just install virt-manager on your workstation.
[09:39] <OliverUK> lordievader: Nice, thank you :-)
[09:43] <RoyK> lordievader: probably better if he's using linux on the workstation ;)
[09:44] <RoyK> lordievader: I'm using OS X on my laptop, so less hassle to just run it from the server
[09:45] <lordievader> I thought I had seen virt-manager run on Windows somewhere, never looked into it though.
[09:45]  * lordievader dislikes X forwarding.
[10:00] <RoyK> lordievader: x forwarding just works ;)
[10:02] <lordievader> Meh, on crappy connections it is rather annoying. But then again, anything is.
[10:05] <RoyK> yeah
[10:59] <trijntje> I want to share a folder on my home network to other ubuntu pc's, what is the best way to do this with authentication, so you need a password to acces the share?
[10:59] <lordievader> I'd say Samba.
[11:01] <trijntje> is it possible to share ext over samba? I want to preserve things like hardlinks, softlinks, ownership, permissions etc
[11:01] <lordievader> Yes.
[11:02] <trijntje> lordievader: cool, I'll use samba then. Thanks
[11:17] <rbasak> frediz: any news on kimchi please? Do you have an ETA?
[11:44] <stemid> hi I upgraded from 12.04 to 14.04 and now root keeps getting these security errors saying "SECURITY information for host" "problem with defaults entries ; TTY=pts/10 ; PWD=/home/user" I've done visudo -cf on sudoers and every file in /etc/sudoers.d without any issues.
[11:44] <stemid> I've found that this could be because I am connected to an active directory in this bug. https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/1249777
[11:44] <stemid> I use sssd and it affects both local and remote users.
[11:45] <stemid> seems to indicate that sudo 1.11.7 will fix it.
[11:45] <stemid> will this upgrade ever come to ubuntu 14.04?
[11:47] <deepquestions> hi@ll, is there a solution to use the yubikey HMAC-SHA1 in the channelResponse mode under ubuntu?? :)
[11:47] <deepquestions> help
[12:04] <deepquestions> sry, wrong channel .... i retire my question. bb.
[12:14] <trijntje> what is considered a safe operating temperature for always-on harddisks? I"m testing my new WD disks now by writing to them from /dev/zero, and their at  33 C, is that OK?
[12:14] <trijntje> *their temperature is at 33 C
[12:17] <RoyK> trijntje: should't be a problem. drives normally likes it best < 50 degrees, 33 is nice. what drives don't like, is temperature varying a lot
[12:18] <trijntje> RoyK: what would varying a lot be? My house has crappy isolation, so it goes between 20-30C in the summer and maybe 14-20 in the winter, on a 24 hour cycle
[12:19] <RoyK> trijntje: I'd guess the drives get worn out a bit earlier, but hell, you're using RAID, right? ;)
[12:21] <trijntje> RoyK: yeah, zfs mirror of the 2 disks, and backups of course
[12:21] <RoyK> trijntje: also, drives normally won't keep room temperature - they naturally heat up - I don't think your situation varies very much from mine in terms of temperature diff, and I've been running these drives for 2-3 years without much issues (although one or two are having issues now)
[12:21] <RoyK> 7-drive raidz2
[12:23] <trijntje> RoyK: thats good to know, thanks. I guess i'll write some automated scripts to keep an eye on the temperature, to get a feeling for how much it actually fluctuates
[12:23] <RoyK> trijntje: smartmontools / smartd is always a good idea ;)
[12:24] <RoyK> trijntje: also, the standard disk plugin for munin draws nice graphs of disk temp
[12:25] <RoyK> trijntje: see pm
[12:27] <trijntje> RoyK: I hadn't heard about munin, but thats pretty cool. Thanks for the pointer, I'll try that out for sure
[12:28] <RoyK> trijntje: this is an old munin installation, mind, nicer graphs on 2.1.x
[12:28] <RoyK> erm - on 2.0, I mean
[12:28] <RoyK> this is old 1.4
[12:38] <trijntje> thanks again for the pointer to munin, I'll check it out for sure
[12:38] <RoyK> it's in the repos and is easy to configure - an apt-get away ;)
[14:33] <AEL-H> If I want to mount a disk using mount such that only root can access the mountpoint, how can I do this?
[14:35] <RoyK> AEL-H: chown root:root /that/mountpoint ; chmod 0700 /that/mountpoint
[14:36] <AEL-H> Well what I have done at the moment is mounted it at /mymountpoint/, and when I do chmod 700 /mymountpoint/ as root user, nothing is happening
[14:37] <RoyK> AEL-H: pastebin output of ls -ld /mymountpoint
[14:38] <AEL-H> It is just a one liner --
[14:38] <AEL-H> drwxrwxrwx 1 root root 24576 Aug  1 19:14 /mymountpoint/
[14:38] <RoyK> what sort of fs?
[14:39] <AEL-H> standard windows -- should be ntfs
[14:39] <RoyK> then, as root, mkdir /safe ; chmod 0700 /safe, mkdir /safe/mp, mount whatever /safe/mp
[14:41] <RoyK> (replace some commas with ;)
[14:41] <AEL-H> so the problem is I can't chmod the folder, but I can mount it at a folder that has already been chmod'd?
[14:42] <RoyK> mhm - ntfs doesn't use the linux filesystem perms
[14:42] <AEL-H> That makes sense, thanks
[14:43] <RoyK> same applies to FAT
[14:44] <AEL-H> I can't unmount for some reason? It is saying the device is busy but I have no idea why that would be
[14:45] <RoyK> probably an open file somewhere - check with lsof
[14:51] <arosales>  I think smoser by be out this week, any volunteers for chairing this weeks ubuntu server irc meeting
[14:52] <smoser> i'm hree. and can chair
[14:52] <smoser> is that in 8 minutes ?
[14:52] <smoser> or 1:08
[14:52] <arosales> oh smoser!
[14:52] <arosales> smoser, in 1:08
[14:52] <arosales> thanks smoser
[16:08] <jak2000> my network card have a ip: 192.168.0.200/24  how to add other interface(alias) for listen too in the network: 192.168.1.200/24 thanks
[16:08] <RoyK> ip addr add dev eth0 192.168.0.201/25
[16:08] <RoyK> or something
[16:09] <RoyK> ip addr add dev eth0 addr 192.168.0.201/25
[16:09] <RoyK> perhaps
[16:09] <jak2000> mmmm but i want work on network 192.168.1.200
[16:09] <RoyK> then change the address and mask
[16:10] <RoyK> ip addr add dev eth0 addr 192.168.1.200/24
[16:10] <RoyK> why would you want two different networks on a single nic?
[16:11] <jak2000> Error: an inet prefix is expected rather than "Addr"
[16:11] <jak2000> i am change from my hose to work and other places...
[16:11] <jak2000> then i want configure permanently both networks
[16:11] <jak2000> i know with alias eth0:1 but not remeber the sintax
[16:12] <RoyK> that's old stuff
[16:12] <jak2000> yes
[16:12] <sonne> greetings!
[16:13] <sonne> is xen-api available on 15.04 too? there seem to be no related packages on the repository, but iirc there was a working version on LTS...
[16:13] <RoyK> jak2000: ip address add 192.168.99.37/24 dev eth0
[16:14] <jak2000> ifconfig only show 192.168.0.200
[16:14] <jak2000> why? need restart the network services?
[16:15] <RoyK> ip addr list
[16:16] <RoyK> ifconfig is outdated
[16:16] <jak2000> done....
[16:16] <RoyK> and if you want that permanent, add 'up ip addr add ...' in /etc/networks/int
[16:16] <RoyK> and if you want that permanent, add 'up ip addr add ...' in /etc/network/interfaces
[16:17] <jak2000> yes i want permanently
[16:18] <jak2000> mmm wich line add?
[16:19] <RoyK> "up" means "whenever the network is upped"
[16:19] <RoyK> then the ip addr add thing
[16:20] <RoyK> just below the nic config
[16:20] <jak2000> ok
[16:20] <RoyK> https://www.garron.me/en/linux/add-secondary-ip-linux.html
[16:22] <jak2000> reading
[16:47] <jak2000> RoyK done...
[16:47] <jak2000> thanks
[16:53] <RoyK> jak2000: did it work after a reboot?
[16:55] <jak2000> yes
[16:55] <jak2000> reboother
[16:55] <jak2000> copied all the lines of eth0 and pasted, and changed eth0 to eth0:1
[16:55] <RoyK> no need for eth0:1
[16:56] <RoyK> that's deprecated
[16:56] <patdk-wk> unless your still using ifconfig
[16:56] <RoyK> just add "up ip address add ..." at the bottom of the eth0 config
[16:56] <patdk-wk> I noticed my rhel7 machines dont even have ifconfig installed
[16:56] <patdk-wk> I imagine that will break a lot of things for people
[16:56] <RoyK> patdk-wk: that ip addr add things works with even 10.04
[16:57] <patdk-wk> I know, ifconfig has been dead for ages
[16:57] <RoyK> patdk-wk: it broke a few things, but a yum install ifconfig worked well
[16:57] <jak2000> wait
[16:57] <jak2000> the url you gave me say add eth0:1
[16:57] <RoyK> patdk-wk: it broke vmware tools for one
[16:57] <jak2000> changing
[16:57] <patdk-wk> doesn't break vmwaretools for me
[16:58] <RoyK> patdk-wk: perhaps it's updated now - first time I installed RHEL/CentOS7, vmware tools complained rather badly
[16:58] <patdk-wk> right from vmware's repo
[16:59] <patdk-wk> I have used it since it came out, though it was mostly unusable till 7.1
[16:59] <patdk-wk> but starting to push some production load to it now
[16:59] <RoyK> guess I'd have to try without ipconfig again
[17:00] <RoyK> or ifconfig
[17:03] <ponyofdeath> anyone know of a write once read many ( WORM ) media that is Linux friendly? Does a filesystem exist for this already?
[17:03] <RoyK> patdk-wk: I don't know any filesystems supporting that
[17:03] <RoyK> erm
[17:04] <RoyK> ponyofdeath: that was for you, 19:03 <            RoyK > patdk-wk: I don't know any filesystems supporting that
[17:04] <jrwren> ponyofdeath: the ISO file system is exactly that.
[17:04] <ponyofdeath> RoyK: k thx
[17:04] <patdk-wk> I wish ufs was more usable
[17:05] <patdk-wk> ponyofdeath, the problem with worm, is it's very usecase dependent
[17:05] <ponyofdeath> jrwren: ok, but that is only encapsulating something already there correct
[17:05] <patdk-wk> there are many of them in linux, like initramfs, squashfs, ...
[17:06] <patdk-wk> there is also ltfs if you use lto tapes :)
[17:06] <jrwren> ponyofdeath: it depends on what properties you expect out of a filesystem. Yes, I guess? Don't all filesystems deal with data that is already there?
[17:06] <jrwren> ponyofdeath: or did you not mean the entire fs was write once, but maybe per file or something?
[17:06] <ponyofdeath> lol sorry this is for loggs
[17:06] <ponyofdeath> basically we want to make sure the logs are not tampered with
[17:07] <ponyofdeath> so if there is sometihng better that you guys know of besides WORM
[17:07] <patdk-wk> just use off-system logs
[17:07] <patdk-wk> and the old classic worm, a printer :)
[17:19] <RoyK> patdk-wk: does ufs have worm?
[17:20] <crinkle> is there any chance https://bugs.launchpad.net/ubuntu/+source/neutron/+bug/1453188 can be backported to trusty? (or who would I ask if not here?)
[17:40] <adam_g> crinkle, it should be available in the trusty kilo packages via the cloud archive. or are you actually using the 2014.1 packages shipped in trusty?
[17:40] <crinkle> adam_g: no I'm using the cloud archive
[17:41] <adam_g> crinkle, oh, it looks like that updates still waiting to be synced out to cloud-archive kilo -updates.
[17:41] <adam_g> coreycb, jamespage ^
[17:42] <coreycb> crinkle, adam_g, kilo cloud archive should be released to -updates later wed or thurs
[17:43] <crinkle> cool, thanks adam_g and coreycb
[17:46] <neredsenvy> Anyone on ubuntu able to help with this https://gist.github.com/anonymous/8d38e61ab3d4ff3297ae trying to install mysql-server-5.6 smooth installation, configuring password however service fails to start
[17:47] <RoyK> neredsenvy: why mysql?
[17:47] <neredsenvy> ...
[17:47] <RoyK> ..--..
[17:48] <neredsenvy> lets not do the which is better disscussion
[17:48] <neredsenvy> *discussion
[17:49] <jelly> because obviously the answer is percona-server-server (-server)
[17:49] <coreycb> beisner, testing is good from my end and yours at this point with kilo-proposed in the CA.  can you plan on promoting to -updates wed pm or thurs?  that'll have given us 7 days in -proposed.
[17:50] <RoyK> well, if you're installing from git, try #mysql
[17:51] <beisner> coreycb, yep, i'll plan on it.
[17:51] <coreycb> beisner, thanks
[17:51] <beisner> coreycb, thanks for all the updates!
[18:20] <ponyofdeath> could the tux3 versioning FS be used as WROM media?
[18:23] <OerHeks> write read once many ?
[18:41] <ObrienDave> writable read only memory? that's an oxymoron ;P
[18:42] <RoyK> no, it's about media that can be used for backups - only writable
[18:42] <ObrienDave> that would be WORM
[18:43] <ObrienDave> Write Once Read Many
[18:59] <pmatulis> waiting for the worms...
[20:03] <jelly> heh, is tux3 still alive
[22:49] <acmehandle> I'm on 14.04.01 with openssl 1.0.1f
[22:49] <acmehandle> How can I tell if I'm vulnerable to heartbleed?
[22:49] <acmehandle> I have self signed certificates
[22:49] <teward> acmehandle: have you ran 'apt-get update; apt-get upgrade' yet?
[22:50] <teward> also consider that self-signed certs are BAD if the site is in the wild and publicly accessible
[22:50] <teward> because there's no 'trust' in place
[22:50] <acmehandle> One of the first things I did earlier this year when I first got it up and running
[22:50] <acmehandle> Ah.  Ok.
[22:50] <teward> acmehandle: i mean, have you run that since
[22:50] <acmehandle> Nope.
[22:50] <acmehandle> Should probably do that.
[22:51] <acmehandle> It is an experimental vps.  so nothing live on it.  But I still want to know.
[22:51] <teward> acmehandle: well, there's always https://filippo.io/Heartbleed/
[22:51] <teward> if the VPS has a domain tied to the 'experimental' stuff, point it there.
[22:51] <teward> alternatively...
[22:51] <teward> um...
[22:51] <sarnold> you can install the unattended-upgrades package
[22:51] <teward> that too
[22:51] <teward> but also http://serverfault.com/questions/587839/is-there-a-way-to-manually-check-for-openssl-cve-2014-0160-vulnerability  <-- first answer for testing perhaps
[22:52] <teward> hmm
[22:52] <sarnold> it'll keep the thing up to date even if you don't log in often. granted, some services probably require restarting to make the updates work -- especially for e.g. openssl updates, your web servers or whatever need to be restarted
[22:52] <teward> there's a lot of test scripts out there though :P
[22:52] <teward> and yes, unattended-upgrades
[22:52] <teward> sarnold: if a system is managed by Landscape can it still have unattended-upgrades installed and set for security only?
[22:52] <acmehandle> No, its good.  I remember now.  I tested it against another ssl/tls testing website
[22:52] <teward> or would that be handled by Landscape instead
[22:52] <acmehandle> But I ran it against filippo.io just now
[22:52] <acmehandle> says all good
[22:53] <teward> acmehandle: then you're all set, just remember that if you're going Live to the world, don't use self-signed
[22:53] <teward> you'll get yelled at by people lol
[22:54] <sarnold> hopefully qualys's check can handle all the other issues even if you are self-signed
[22:54] <teward> it does
[22:54] <teward> it just really downgrades your grade because self-signed
[22:54] <sarnold> teward: I assume so, they have to have programmed it with the expectation that some package management will happen outside of landscape
[22:54] <teward> sarnold: cool.
[22:54] <teward> sarnold: BTW, i had fun with landscape.
[22:54] <teward> landscape and gitlab on the same server
[22:54] <acmehandle> I guess I should just get a cheap certificate from ssl start
[22:55] <teward> had to mess with a LOT of settings to make everything work, PLUS reverse-proxy via nginx xD
[22:55] <teward> i'm writing up a blog post on it :P
[22:55] <sarnold> teward: woo :) thanks for writing it up, I always like to read those sorts of things
[22:55] <teward> sarnold: interesting tidbit: one of the bits of Landscape listens on port 8080.  Gitlab's Unicorn implementation (for the Ruby handling) also listens on 8080
[22:56] <teward> gotta change the Gitlab one xD
[22:56] <teward> sarnold: i'mma write it with the "Caveats, Headaches, and Why This Is Evil"
[22:56] <teward> sarnold: it'll be aggregated on planet.u.c, once i publish
[22:56] <acmehandle> apt-get update should be enough right?
[22:57] <teward> maybe it can make it into the newsletter, i gotta poke pleia2 possibly
[22:57] <teward> acmehandle: that updates the list of software available, apt-get upgrade executes the actual updates
[22:57] <acmehandle> it'll do everything right?  Because it just flew right past didnt do a thing except check stuff
[22:57] <acmehandle> oh, heh
[22:57] <teward> (unattended-upgrades does that automatically though)
[22:57] <sarnold> acmehandle: it's a two-stage process -- update updates lists, upgrade (or dist-upgrade) downloads and installs packages
[22:57] <teward> ^ that
[22:57] <teward> as i said :)
[22:57] <acmehandle> openssl is not in the list it seems.
[22:58] <acmehandle> Why do i even bother with a vps, everyone is going to the cloud.
[22:58] <teward> acmehandle: apt-cache policy openssl
[22:58] <acmehandle> but I dont wanna go to the cloud
[22:59] <sarnold> "the cloud" can be more expensive, depending upon what you're doing.
[23:00] <acmehandle> I'm getting *** 1.0.1f
[23:00] <acmehandle> ubuntu 2.7 0
[23:00] <teward> pastebin the whole output lol
[23:00] <teward> !pastebin
[23:00] <acmehandle> What if I just run apt-get upgrade instead?