[00:41] <eatingthenight> can anyone help me out. Can i reformat a hard drive for raid autodetect to ext4 without losing the data on it?
[00:41] <eatingthenight> I broke up the partion and cleared the super blocks on both of the drives
[00:41] <eatingthenight> however I can't mount them now since the partion table is not a valid one you can specify
[00:42] <patdk-l2> what does that even mean?
[00:42] <patdk-l2> there is no such thing as raid autodetect
[00:42] <patdk-l2> what is it really?
[00:42] <eatingthenight> that is what fdisk -l specifies it as
[00:43] <tarpman> I think he means the type code in the partition table
[00:43] <patdk-l2> yes, but that has nothing to do with what is actually on that partition
[00:43] <eatingthenight> yeah sorry you are right
[00:43] <eatingthenight> that is just the system it's listed as
[00:43] <patdk-l2> blkid
[00:46] <eatingthenight> o
[00:46] <eatingthenight> interesting
[00:46] <eatingthenight> sudo blkid /dev/sdd1 shows type ext4
[00:46] <eatingthenight> which is the one that was listing as raid auto detect in fdisk
[00:46] <eatingthenight> so i should be able to just mount it?
[00:47] <patdk-l2> probably
[00:47] <patdk-l2> try readonly first
[00:48] <eatingthenight> ugh. when i mount with sudo mount /dev/sdd1 /media/store -r -t ext4
[00:48] <eatingthenight> i get a ton of checksum for ground (somenumber)
[00:49] <eatingthenight> has failed
[00:49] <patdk-l2> how was this setup?
[00:50] <eatingthenight> haha, yeah i made this raid1 like 2 years ago. But do you mean how did i make the raid or how did i break it apart?
[00:50] <patdk-l2> how the raid1 was made is important
[00:50] <eatingthenight> well shit
[00:51] <patdk-l2> normally raid1 are mirror images
[00:51] <patdk-l2> but it has options also to not be mirrors, to increase speed
[00:51] <patdk-l2> if it isn't a real mirror, you won't be able to read it without raid
[00:52] <eatingthenight> I am guessing it was the default 1 for 1 setup because when i made it i had to wait a ton of time for them to sync
[00:52] <patdk-l2> that is true no matter what option you pick
[00:53] <patdk-l2> except raid0
[00:53] <eatingthenight> o ok, alright guess i have to dig into it some more
[00:53] <eatingthenight> yeah sorry it's just been so long since i set it up
[00:54] <eatingthenight> thank you for the help though :)
[04:55] <NemoV> hi everyone
[04:56] <NemoV> when a running webserver online with several domains does it matter what your server name is? should it be one of the domains you are hosting?
[04:57] <sarnold> I don't think it matters
[04:59] <NemoV> hmm okay
[05:30] <lordievader> Good morning.
[06:25] <roo79x> hi all I'm running ubuntu server vivid, tried to setup mpd (music player daemon) for the first time ever..  everything worked but had no sound, could someone please point me to a good tutorial for beginners? thanks
[08:47] <medfly> hey guys
[12:19]  * RoyK is in Liverpool :)
[13:03] <moneylotion> any idea how one might ssh tunnel a vpn?
[13:03] <moneylotion> ipsec
[13:04] <patdk-wk> what does that mean?
[13:05] <moneylotion> vpn > ssh tunnel > vpn
[13:05] <lordievader> moneylotion: Why do you want to do that?
[13:05] <patdk-wk> again, that means nothing
[13:05] <lordievader> Ipsec already does encryption.
[13:05] <moneylotion> school is blocking my vpn to dynamic ip address, but not to vps server
[13:05] <patdk-wk> ssh tunnel ONLY supports tcp, or does it do udp
[13:05] <patdk-wk> ipsec doesn't support either
[13:06] <patdk-wk> they aren't blocking ipsec, they likely are just not supported nat outside of normal tcp/udp
[13:07] <moneylotion> it worked for about an hour
[13:07] <lordievader> moneylotion: Are the ipsec ports open and is the protocol allowed?
[13:07] <moneylotion> i can vpn in from the coffee shop
[13:08] <patdk-wk> also, unless they are running an ipsec helper
[13:08] <patdk-wk> only one user behind that firewall can connect to the same ipsec vpn server at a time
[13:08] <patdk-wk> without confusing the crap out of it
[13:08] <patdk-wk> sometimes only one user can use it at a time
[13:08] <patdk-wk> depending on how horrible their firewall is
[13:28] <brane_> anyone have exclusive locks on CLVM working in 14.04?
[13:32] <jcastro> stokachu: yo, so I filed a bug today on our stuff: https://github.com/Ubuntu-Solutions-Engineering/openstack-installer/issues/672
[13:33] <stokachu> jcastro: thanks we got it, we'll get it fixed asap
[13:33] <jcastro> stokachu: do you happen to know why we have Canonical-Ltd and Ubuntu Solutions Engineering as separate github orgs?
[13:33] <jcastro> I thought I was going to be clever and just find it where everything else was
[13:34] <stokachu> i think when we created our teams org we didn't know about canonicalltd
[13:34]  * jcastro nods
[13:35] <stokachu> once lauchpad's git is on par with bzr features we'll probably move it back there
[13:47]  * jcastro nods
[18:39] <prudentmav> when I use adduser I want to also create /var/www/$user/public how can I do that?
[18:41] <shauno> look for adduser.local in man adduser.  adduser does allow for a script to be run at the end of the process which is passed the username etc
[18:42] <prudentmav> thanks
[19:06] <prudentmav> any reason to chgrp www-data of public_html vs keeping it as the user?
[19:07] <patdk-wk> if a cgi needs to write to it
[19:07] <patdk-wk> not normally a good idea
[19:08] <patdk-wk> but might be needed for say, cache or something
[19:08] <patdk-wk> but really that stuff should live outside publically accessable folders
[19:08] <patdk-wk> though people program stupid
[19:09] <teward|web> is arm64 officially 'fully supported' yet?
[19:12] <sarnold> teward|web: it doesn't look like it https://wiki.ubuntu.com/SecurityTeam/FAQ#Architectures
[19:12] <teward|web> sarnold: so I should not be worried about https://bugs.launchpad.net/ubuntu/+source/nginx/+bug/1491978 ?
[19:15] <sarnold> teward|web: depends on why it's broken, I guess. feel free to ignore it until he gets back to you with logs.
[19:15] <teward|web> sarnold: I intend to :p
[19:15] <teward|web> when people don't provide debug data I tell them to then move on xD
[19:15] <teward|web> just glad the apport hooks that get us USABLE debug data exist
[19:15] <sarnold> *nod*
[19:15] <teward|web> too bad people don't leverage apport-bug /var/crash/THECRASHFILE to actually GET us debug data
[19:17] <sarnold> or just 'ubuntu-bug nginx'
[19:17] <sarnold> heh
[19:18] <teward|web> sarnold: meh, true, but i know it makes a crash and i don't want unnecessary other superfluous data
[19:18] <teward|web> :)
[19:22] <sarnold> hehe :)
[19:43] <qman__> account de set status '159 | Don't ask to ask a question, just ask'
[19:43] <qman__> oops, ignore that
[21:47] <MoPac> Hello. On a new server installation, the default "Ubuntu" boot fails (some odd characters, a "probe failed" message, and then stuck on "starting version 219"). However, choosing the second grub option, rescue/recovery mode, then "resume normal boot" works fine.
[21:48] <MoPac> I'm wondering what to look for in the grub config files to make the normal boot do what the alternate boot is doing...
[22:19] <sarnold> MoPac: "219" sounds like you made it to some part of userland -- that sounds like a systemd version number, to me: https://launchpad.net/ubuntu/+source/systemd
[22:20] <sarnold> MoPac: I have a vague feeling that messing with grub might not help as much as you'd like
[22:21] <MoPac> sarnold: Well, but the root directory is in an encrypted LUKS volume, and when the default boot has failed, I have not yet been prompted for the password
[22:21] <MoPac> So I must not have gotten *all* that far..
[22:22] <sarnold> MoPac: ah :D
[22:23] <DalekSec> sarnold: So hello.  I have an updated package that uses openssl.  I of course use pbuilder chroots to build it against the target system.  I have the same exact package on each system, but different versions of OpenSSL of course.  Now, wily and Debian testing interact properly, but trusty-vivid can't connect with them, but they can connect with each other.  The errors I get: 1.0.1f-1ubuntu11.4:
[22:23] <DalekSec> "hmac authentication error, received invalid packet could be an attack, or just corruption or a synchronization error."; 1.0.2a-1ubuntu1: "protocol version 1.150." (Should be 1.0); 1.0.2d-0ubuntu1 Works fine.
[22:25] <sarnold> DalekSec: ooof, that is a beast of a problem :) is the application using the "use ..._v23() function, disable ssl2, disable ssl3" idiom in the connection setup portions?
[22:25] <MoPac> sarnold: Anyway, I figure I'm sort of in luck because the "resume normal boot" in recovery mode works fine, right? Would that really be the result of a post-grub config change? If if won't work to do some kind of diff between 20_linux and 30_linux_xen, I'm out of ideas
[22:25] <sarnold> DalekSec: are both endpoints configured to use the same ciphersuites?
[22:26] <sarnold> MoPac: sorry, i ran out of ideas right at "encrypted root", hehe :(
[22:27] <DalekSec> sarnold: I did a quick grep and didn't see those.  If I pull libssl from wily into vivid, it all works there.  I thusly presumed that it was an OpenSSL issue.
[22:28] <sarnold> DalekSec: ah :) it certainly could be.. it's complicated code :(
[22:29] <DalekSec> sarnold: Oh, package is CVS snapshot of gvpe.
[22:30] <sarnold> DalekSec: the functions involved would be SSLv23_server_method or SSLv3_server_method, SSLv23_client_method or SSLv3_client_method
[22:39] <DalekSec> sarnold: Hmm.  Not actually seeing those.
[22:42] <Demon_Jester> Hey guys, I changed my default port for ssh, and I get a connection timed out when I try to ssh, people say that I use ufw to modify firewall for ssh port, but I don't see ufw on my server.
[22:44] <DalekSec> sarnold: I did try rebuilding with disabling SSLv3, didn't seem to make any difference.  So far, vivid is really of no concern, but more the trusty incompatibility.  I'm not really sure what else I can privide you with.
[22:44] <DalekSec> Rebuilding openssl that is.
[22:48] <sarnold> DalekSec: I don't see anything obvious skimming through connection.c...
[22:51] <sarnold> DalekSec: it looks like there are some configration directives that have to match identically on both peers (config_packet::chk_config()) -- what are the chances that one or the other might have different values?
[22:52] <sarnold> DalekSec: if it doesn't stand out to you, it's probably best to file a bug on openssl. someone else may know what's going on, or spot it quickly..
[22:53] <DalekSec> sarnold: I poked mdes laur about it, but he didn't seem to have the time and his only idea was to recompile OpenSSL without SSLv3 support.  Yes the config must match, and it does down to line breaks.
[22:54] <sarnold> DalekSec: that error messageis near a compression config #ifdef.. I get the impression that gvpe is doing its own compression and not using openmssl's compression, but that might be one more thing to check
[22:54] <sarnold> DalekSec: I thuoght we'd disabled compression in openssl on all releases, but I could be wrong..
[22:59] <DalekSec> sarnold: All changelogs have 'Disable compression to avoid CRIME systemwide', and a quick grep of 'compress' in debian/ -R shows the same for all 3 versions.  Thanks for that idea.
[23:00] <sarnold> DalekSec: thanks for checking. it was a longshot anyway :/
[23:00] <DalekSec> (-Ri to be precise.)  Hey no, thanks.  And thanks for all the help so far!
[23:01] <DalekSec> More progress than I've made otherwise.
[23:09] <DalekSec> sarnold: FWIW, I'm using a cvs snapthot as the version in Ubuntu as tiny keysizes, such that it's not really secure.  The snapshot is protocol incompatible, but that doesn't matter if you are running the snapshot on all systems.  The reason there isn't a release, upstream was going to add curve support (IIRC), so yet another protocol breakage and he didn't want to do that twice.  Otherwise he says
[23:09] <DalekSec> it's fine to run it.  I have the packaging in git if that'd help, and a csv → git repo of upstreams code too.  I didn't go to the openssl channel as I presume they'll want me to just use a current version of openssl, and I'm sure that won't get backported. :P  Anywho, thanks again for all the help, even if the problem isn't fixed it's great to have someone else take a look at it. :)
[23:11] <sarnold> DalekSec: hmm, I -was-  cheating a bit and just using the sources.debian.net archive...
[23:11] <sarnold> but those changes might be significantnenough
[23:12] <DalekSec> https://bitbucket.org/unit193/gvpe/src is upstream, and I can send you a link of the packaging vcs too if needed.
[23:13] <sarnold> oh that feel smuch less archaic than the viewvc thing.. :)
[23:13] <sarnold> thanks
[23:13] <DalekSec> Indeed.  Of course.
[23:14] <DalekSec> (There's http://loki.unit193.net/cgit/users/unit193/gvpe.git/, but that shouldn't matter.)
[23:25] <sarnold> DalekSec: I'm not spotting anything here, either :/; it all looks normal enough..
[23:25] <DalekSec> Dang.  Well thanks for trying!
[23:26] <sarnold> good luck :)
[23:26] <DalekSec> Well, in this case it's been cheat: Vivid gets wily's libssl, trusty sadly gets no connection.
[23:27] <sarnold> :(