=== m1dnight1 is now known as m1dnight_
=== Monthrect is now known as Piper-Off
=== cpaelzer is now known as cpaelzer_afk
=== cpaelzer_afk is now known as cpaelzer
=== cpaelzer is now known as cpaelzer_afk
=== Lcawte|Away is now known as Lcawte
=== Piper-Off is now known as Monthrect
=== Lcawte is now known as Lcawte|Away
=== Lcawte|Away is now known as Lcawte
=== stevenroose|BNC is now known as stevenroose
[17:27] <bill_> does 14.03 server distribution not support wirelss network?
[17:27] <rbasak> Ubuntu Server connects to wireless networks fine.
[17:27] <bill_> it won't recognise my card
[17:27] <rbasak> You may need to install the wpasupplicant package though, and you will need configure /etc/network/intefaces as usual.
[17:28] <rbasak> I believe it should recognise anything that Ubuntu generally does. If there's no support then it may be a Linux-wide thing.
[17:28] <bill_> 14.04 desktop uses it when i boot the cd
[17:28] <rbasak> Maybe you need a firmware package or something.
[17:28] <bill_> all other distributions use it
[17:29] <rbasak> If Ubuntu on the desktop can work with it then it can be made to work on Ubuntu Server. They share the same core platform, including kernel.
[17:29] <bill_> i thought it should...but it doesn't
[17:29] <TJ-> bill_: -desktop installs network-manager whereas -server doesn't. network-manager handles a lot of the background plumbing for WiFi so it 'just works'.  You can use network-manager service (without any GUI components) on -server, too
[17:29] <bill_> i will run the disk check on the install cd
[17:29] <bill_> maybe it's broken
[17:30] <bill_> i will try that
[17:30] <bill_> thank you TJ
[17:30] <rbasak> TJ-: if it's just a single wireless network that needs connecting to, then no need for network-manager. Just wpasupplicant and /etc/network/interfaces can achieve all that network manager can in terms of that.
[17:30] <bill_> at the moment i have 14.04 desktop almost installed
[17:31] <bill_> i'll strip out the desktop 'fluff and install some more serveices
[17:31] <rbasak> network manager is much higher up the stack than plain wireless driver problems.
[17:32] <bill_> i only want it to store the backups from other computers on the network
[17:32] <bill_> thanks for your help
[17:32] <bill_> i'll revisit this later
=== cpaelzer_afk is now known as cpaelzer
[17:53] <toor> Hello, I am trying to set up my ubuntu server as a mailserver but I can't get it to send the mails, it only receives them.
[17:54] <slidinghorn> toor: what error(s) do you receive when attempting to send mail?  What are the logs telling you?  Also, which version of Ubuntu Server are you using?
[17:55] <toor> There are no errors and I cannot find any error logs. Ubuntu 14.04 TLS.
[17:56] <toor> LTS*
[17:57] <slidinghorn> toor: are you using postfix or sendmail or something else?
[17:57] <toor> postfix, dovecot and I used the mail command.
[17:59] <slidinghorn> toor: you should be able to view your postfix log in /var/log/mail.log
[17:59] <toor> "No such file or directory"
[18:01] <slidinghorn> toor: then you've likely changed some kind of configuration on your system telling it to log elsewhere
[18:01] <toor> There is no such file anywhere on the system.
[18:02] <slidinghorn> toor: again, that's because you've changed something from the postfix default...please pastebin the result of postconf -n     and link it here
[18:03] <TJ-> Cound be there's no syslog service, too
[18:03] <toor> http://pastebin.com/21wJeY2L
[18:06] <slidinghorn> toor: have you restarted postfix & rsyslog?   sudo service postfix restart && sudo service rsyslog restart
=== cpaelzer is now known as cpaelzer_afk
[18:12] <toor> postfix/postfix-script: fatal: the Postfix mail system is already running
[18:12] <toor>                                                                          [fail]
[18:14] <TJ-> sounds like a PID file is present but the process has died, or else you started the process manually
[18:15] <toor> I wrote "service postfix start" when the computer booted.
[18:17] <toor> Is there a guide or something that works in all cases?
[18:19] <toor> Could it be that it's Ubuntu's fault? I don't remember having problems installing on Debian
[18:21] <jelly> it's not likely ubuntu's QA would allow for completely broken packaging of postfix that did not log by default
[18:22] <toor> Well I could try to reinstall and try from scratch..
[18:22] <toor> Could you private message me a tutorial that would work if I did that?
[18:23] <jelly> it would be better to try and understand the current state and the desired working state, instead of reinstalling blindly
[18:24] <toor> It's too complicated for me.
[18:24] <jelly> toor: for example: if the service command says the service is already running, can you verify that by looking at the process list?  There should be a process named "master".
=== cpaelzer_afk is now known as cpaelzer
[18:27] <jelly> toor: some amount of basic unix knowedge and analytical skills is needed to run a linux server.
=== cpaelzer is now known as cpaelzer_afk
=== hxm is now known as Guest96070
=== hxm- is now known as hxm
[21:11] <Sling> if i plan a cronjob for lets say 1 2 3 1,3 0 /path/to/script.sh
[21:12] <Sling> it runs at 2:01 on the 3rd of january and march
[21:12] <Sling> what would the 'dow' parameter do here, only run it when that date is a sunday?
[21:12] <bekks> Yes.
[21:13] <Sling> hm so i would want that to be * I guess :)
[21:13] <bekks> Yes. :)
[21:13] <Sling> would be a funny 'why didnt my letsencrypt certs renew' debug session
[21:20] <patdk-lap> heh mine are on manual
[21:21] <patdk-lap> lets encrypt is not very friendly much other than a certificate
[21:21] <patdk-lap> cannot use certificate pinning/dane/... with it, cause it changes so often, and you need to renew, but delay using it
[21:21] <Sling> patdk-lap: then you're pinning the wrong certs I guess
[21:21] <patdk-lap> how so?
[21:22] <Sling> well you can also pin the letsencrypt intermediate for example
[21:22] <patdk-lap> pinning an intermediate or ca certificate is a horrible thing to do
[21:22] <patdk-lap> it means anyone that uses that same ca, can spoof you
[21:22] <patdk-lap> and it assumes they dont rotate them out, most ca's rotate the intermediates yearly
[21:23] <patdk-lap> letsencrypt hasn't said how they plan to do it yet
[21:23] <Sling> true
[21:23] <patdk-lap> so you might just pin outself out of a useful website
[21:23] <Sling> (I don't have pinning atm)
[21:23] <patdk-lap> and there is no way to fix that, other than hope your old certificate isn't expired
[21:24] <patdk-lap> and the pin expiration time is highly short, and having it short is a bad idea
[21:24] <devster31> why can't you pin them?
[21:24] <patdk-lap> well, I normally use 6month pins
[21:24] <patdk-lap> letsencrypt is only good for 3
[21:25] <patdk-lap> I cannot pin a new one, till everyone knows about it
[21:25] <patdk-lap> so say, I give it a 1month overlap
[21:25] <patdk-lap> so the new cert is not useful for atleast 1 month
[21:25] <patdk-lap> I add it to my websites pin
[21:25] <patdk-lap> then after a month, I switch to it
[21:25] <ianorlin> patdk-lap: then maybe not use letsencrypt for this
[21:25] <patdk-lap> and have the pin expire in a month
[21:26] <patdk-lap> use it for a month, and start process to new one again
[21:26] <Sling> renewing doesn't imply using a new private key though
[21:26] <Sling> so you could still use the same pin?
[21:26] <patdk-lap> using the same key is possible
[21:26] <patdk-lap> but kindof defeats the point
[21:26] <patdk-lap> half the point of getting a new cert, is to rotate the keys
[21:26] <patdk-lap> so the bruteforce would have to start over
[21:27] <patdk-lap> if you start reusing the keys, your likely going get yourself into trouble
[21:28] <Sling> not pinning the leaf isn't that bad though, plenty of people do it that way
[21:28] <Sling> even companies like github
[21:28] <Sling> they pin their root CA
[21:29] <Sling> anyway I still need to dive into that topic someday, first getting all my boxes set up with autmatic renewal + LE
[21:29] <ianorlin> I think someone could setup certs worse than letsencypt
[21:30] <patdk-lap> yes, I just wish they had a 6month option
[21:30] <patdk-lap> for usecases like this
[21:30] <patdk-lap> 3months is fine for if you don't need any leadtime for the cert
[21:32] <patdk-lap> atleast I got it programmed to update dane automatically
[21:32] <patdk-lap> but haven't picked a solution to delay activation yet
[21:33] <patdk-lap> probably will patch their program to keep two certs in the folder, and only use the old one
[21:40] <andol> patdk-lap: Another option might be to pregerante key+csr, publish parallel dane/tlsa record, and then renew based on on that explicit csr.
[21:42] <patdk-lap> but pinning is based only on the cert
[21:43] <patdk-lap> I think
[21:44] <andol> patdk-lap: No, pinning is based on the key material, and you can/should generate a backup pin based on an existing csr.
[21:44] <patdk-lap> actually it's both
[21:44] <andol> patdk-lap: How do you mean that it's both?
[21:45] <patdk-lap> you can do it either way
[21:45] <patdk-lap> pin by cert
[21:45] <patdk-lap> or pin by public key
[21:45] <andol> Ok, my bad.
[21:45] <andol> Only seen pins based on the public key.
[21:45] <andol> Why would you want to do it any other way?
[21:46] <patdk-lap> easier to do :)
[21:47] <andol> Well, writing that helper script is a one time thing in both cases.
[21:48] <patdk-lap> if everyone could write that :)
[21:48] <patdk-lap> most of the people using certificates have no idea how they work
[21:48] <patdk-lap> let alone there are two parts to them
[21:49] <andol> Not sure if one should try out HPKP unless one really knows what ones is doing? :-)
[21:50] <patdk-lap> that is the problem
[21:50] <patdk-lap> boss tells you to do it :)
[21:50] <patdk-lap> or, you are new into that department
[21:50] <patdk-lap> managing certs isn't exactly the highest and most important thing in a company view generally
[21:51] <patdk-lap> it's easy to kindof tell, based on all the dnssec issues
[21:51] <patdk-lap> certificate is annoying, and generally easily fixable, or worked around
[21:51] <patdk-lap> dnssec is normally very noticable
[21:51] <andol> Hmm, I think most DNSSEC issues are more about people not doing DNS right, which then becomes more much visable then you add DNSSEC.
[21:54] <andol> But yeah, I agree with your more general point, about there being stuff like certs, dns(sec), etc which isn't given the needed importance.
=== Lcawte is now known as Lcawte|Away
=== Monthrect is now known as Piper-Off