[04:50] <zepka1> Hello people
=== caitanya is now known as Muhammad
=== Muhammad is now known as Muhammadiz
=== Muhammadiz is now known as JEESUS
=== JEESUS is now known as jeesus
[09:55] <lordievader> Good morning.
=== Isla_de_Muerte is now known as NwS
[12:46] <halvors1> Hi. AppArmor is apparantly destroying my VPN conncetion with StrongSwan, any way to fix this? http://pastebin.com/21V17bVP
[12:48] <sdeziel> halvors1: try adding: "owner @{PROC}/@{pid}/fd/ r," to /etc/apparmor.d/local/usr.lib.ipsec.charon
[12:49] <sdeziel> halvors1: then reload the profile with: apparmor_parser -r -T -W /etc/apparmor.d/usr.lib.ipsec.charon
[12:49] <halvors1> sdeziel: Isn't this something that would be corrected in the strongswan package?
[12:50] <sdeziel> halvors1: yes but testing the manual fix first would be useful
[12:53] <halvors1> sdeziel: The VPN tunnels works for several hours at first.
[12:53] <halvors1> Then it goes down and doesn't come up again unless i restart it manually.
[12:54] <halvors1> So there is no way to be sure that this fix works before it has gone several hours from now.
[12:54] <sdeziel> halvors1: which version of strongswan do you have installed?
[12:57] <halvors1> Linux strongSwan U5.3.5/K4.2.0-34-generic
[12:57] <halvors1> So 5.3.5 :)
[12:58] <sdeziel> that's one odd mix of kernel/userland versions
[12:59] <sdeziel> 5.3.5 only shipped with Xenial yet you have Wily's kernel
[13:00] <halvors1> sdeziel: I know. Trying to use 5.3.5 from xenial repo on wily since i had so much trouble with wily's build.
[13:00] <halvors1> Same issue duo.
[13:01] <halvors1> sdeziel: Do you want me to use the wily version instead?
[13:04] <sdeziel> halvors1: I'd suggest to open a bug in LP describing your environment (including a list of all the packages related to Strongswan).
[13:05] <sdeziel> halvors1: I never ran into this denial but we have different testing environments. I only ever used Stronswan on Trusty and Xenial
[13:05] <sdeziel> halvors1: if that's feasible, you could try to reproduce the issue with a clean/pure Xenial machine?
[13:08] <halvors1> sdeziel: Ok, haha another solution is just to disable apparmor.
[13:08] <halvors1> Really it's almost only trouble.
[13:09] <sdeziel> halvors1: you can try that too but I'd recommend to only disable the charon profile
[13:10] <sdeziel> halvors1: FYI, Apparmor might only be a red herring like it was in https://bugs.launchpad.net/ubuntu/+source/strongswan/+bug/1549436
[13:10] <halvors1> sdeziel: How do i do that?
[13:10] <ubottu> Launchpad bug 1549436 in strongswan (Ubuntu) "AppArmor kills StronSwan daemon 'charon'" [Undecided,Confirmed]
[13:11] <sdeziel> halvors1:
[13:11] <sdeziel> https://help.ubuntu.com/community/AppArmor#Disable_one_profile
[13:14] <halvors1> sdeziel: Thanks, i'll monitor the connection with your proposed fix first.
[13:15] <halvors1> sdeziel: Should "owner" be replaced with the user or just stay as it is?
[13:16] <sdeziel> halvors1: "owner" requires the executable to be run by the same user as the file/dir owner for the rule to match.
[13:26] <CrummyGummy> Hi, do any of you know of a security ppa for Natty? I realise it's unsupported but I need to upgrade openssl quite urgently.
[13:27] <henkjan> CrummyGummy: there is no security ppa for Natty
[13:27] <CrummyGummy> then any src for an up to date openssl deb?
[13:28] <henkjan> CrummyGummy: you can try to point your /etc/apt/sources.list.dist to old-releases.ubuntu.com
[13:28] <Pici> Since it EOL'd in October 2012, you're not going to get any updates dated past then.
[13:29] <CrummyGummy> I know :(
[13:29] <henkjan> installing an openssl .deb from a new release will give you headaches i'm afraid
[13:29] <CrummyGummy> Any idea how risk it would be to install by hand?
[13:29] <CrummyGummy> I have it compiled and ready to install. Just a bit nervous...
[13:30] <henkjan> why would you even try to update openssl as the rest of your system has gaping holes al around?
[13:30] <CrummyGummy> Just to make connectivity work to a client.
[13:31] <CrummyGummy> we're moving away from this server slowly. It's one of those legacy boxes that we're to scared tu update.
[13:32] <CrummyGummy> there's always one...
[13:36] <patdk-wk> the thing about openssl is
[13:36] <patdk-wk> it will just work, or you will have to recompile everything that uses it :(
[13:37] <patdk-wk> and that is when you stay within the same version :(
[14:50] <runelind_q> if I'm doing a repository, do I want to delete the Packages file every time before re-running dpkg-scanpackages?
[14:57] <runelind_q> I guess it is re-creating it since I'm doing > Packages.gz
=== MikaT_ is now known as MikaT
[15:54] <cyphermox> hey, if someone cares a lot about ntp; this seems like it might be a relatively easy bug to fix: https://bugs.launchpad.net/ubuntu/+source/ntp/+bug/1558125
[15:54] <ubottu> Launchpad bug 1558125 in ntp (Ubuntu) "ntpd doesn't synchronize to local clock (ntpd 4.2.8p4/xenial)" [High,Triaged]
[15:55] <cyphermox> ^ I'm pointing it out here because ntp is subscribed by the server team, I may otherwise get up to it $later
[15:57] <nacc> kickinz1: --^ ?
[15:58] <cyphermox> if you need help reproducing I can perhaps get the reporter or his manager or someone to get more info quickly.
[16:27] <tuor> Hi, I'm working on a preseed file. I trying to add an apt repo while installing. This is my preseed file: https://paste.ubuntu.com/15402527/
[16:27] <tuor> My goal: add the puppetlabs repos directly during the installation.
[16:28] <tuor> What I tried now: Add Ubuntus "ch" archiv as repo.
[16:29] <tuor> Problem: When installing, I get an error in the "select and install software" stage.
[16:30] <tuor> Line 162 of my preseed file is the intresting part. What am I doing wrong? Or how can I find out what I'm doing wrong?
[16:31] <tuor> If I remove the 2 lines 162 and 163 it works.
[16:47] <kickinz1> nacc, cyphermox looking
[16:52] <nacc> kickinz1: thanks!
=== alexisb is now known as alexisb-afk
[17:23] <tuor> It's working now. I just don't know what is different^^
=== alexisb-afk is now known as alexisb
[18:58] <jjrabbit443> hello
[18:59] <jjrabbit443> is creating a swap file on ubuntu the equivalent of having a pagefile on windows?
[19:02] <lordievader> Pretty much.
[19:03] <jjrabbit443> if you are low on RAM isn't a swap file on an SSD drive pretty much as good as using RAM anyway?
[19:03] <jjrabbit443> as far as I/O speed
[19:04] <sarnold> not even close; ram on high-end cpus can run at ~60 gigabytes per second; an ssd connected via sata can only run at 500 megabytes per second
[19:04] <sarnold> don't get me wrong, ssds are way better than hard drives
[19:04] <sarnold> s/hard drives/spinning metal/
[19:05] <sarnold> but there's no substitute for real ram when you need it
[19:06] <jjrabbit443> wow ok nevermind
[19:06] <jjrabbit443> sounds like even old ass RAM sticks would blow SSD I/O out of the water
[19:08] <sarnold> yeah :) old-ass ram may only go 20 gigabytes per second or something -- check intel's ARK for details for your processor -- but it's still better than swap by a lot :)
=== guampa is now known as Guest46127
=== guampa_ is now known as guampa
=== Isla_de_Muerte is now known as NwS
[23:01] <l1meon> Hello, I have a question. How can I run a script for web using ipv6 instead of ipv4? Say I have ipv4: 55.55.55.55, and 4 ipv6: 2e2e:xxx:xxx
[23:03] <sarnold> l1meon: do you mean, something like a php script that you run in apache's mod_php or fastcgi or similar?
[23:04] <sarnold> l1meon: does i already work with ipv4? is there something preventing your apache from binding to the ipv6 addresses you want?
[23:27] <antonispgs> hey guys nice to be here
[23:28] <antonispgs> so the script for rtorrent i used on a remote seedbox created a nice website where i can see my downloads
[23:28] <antonispgs> https://IP/download/user/
[23:28] <antonispgs> i am now transferring stuff that are going in folders inside https://IP/download/user/rtorrent/downloads at which point i get a 403 forbidden error
[23:29] <antonispgs> is there a way to get access further into the subfolders?
[23:33] <sarnold> antonispgs: it depends upon the program; it might just require removing some code that prevents that.. or it might require larger changes
[23:33] <sarnold> maybe there's a configuration option for the script?
[23:34] <antonispgs> it was made via nginx
=== Bray90820_ is now known as bray90820
[23:55] <lunaphyte> i suppose if i don't want to be a hypocrite, i'd better move it over here :)
[23:55] <tarpman> ;)
[23:55] <lunaphyte> i see references to both frontend and priority, but only the defaults seems to be indicated in files in /var/cache/debconf/
[23:55] <lunaphyte> but when i set them with dpkg-reconfigure, they do seem to be remembered, so they've got to be specified somewhere
[23:56] <lunaphyte> plus, it seems like i don't ever remember being prompted for this sort of thing when doing an install, which is i guess sort of a side note
[23:58] <tarpman> hm. I'm not aware of any other locations where things are saved. all the non-defaults I can remember configuring are in /var/cache/debconf/config.dat
[23:59] <lunaphyte> oops, you are right
[23:59] <lunaphyte> there it is
[23:59] <lunaphyte> that's got a little bit of an openldap slapd-config feel to it :)