[00:01] <hallyn> upstart had problems?  bah!
[00:05] <RustyShackleford> well this is more an osx question, but regarding ssh
[00:05] <RustyShackleford> I am setting up a dotfiles repo to back up and share my dotfiles between computers
[00:05] <RustyShackleford> attemping to ln -s ~/dotfiles/sshconfig ~/.ssh/config
[00:06] <RustyShackleford> if I instead cp the file, it works as expected. But with the symlink, it doesn't seem to follow the symlink
[00:13] <sarnold> RustyShackleford: ssh is picky about permissions. make sure the file is chmod 600, and the directory is 700. Even then it may not work, but that might help.
[00:13] <RustyShackleford> I will double check
[00:15] <RustyShackleford> yeah those are the permissions
[00:17] <RustyShackleford> I suppose copying it isn't the worst thing every
[00:17] <RustyShackleford> but it would be nice to edit it, have the changes reflected in my git repo, and then push it up
[00:17] <sarnold> RustyShackleford: okay, next step, tracing the thing
[00:17] <sarnold> RustyShackleford: I can't remember os x very well, it's probalby something like "kdump ssh localhost" followed by "ktrace"
[00:18] <sarnold> RustyShackleford: look for the open() systemcall that refers to the ~/.ssh/config file
[00:18] <sarnold> (searching for "config" is probably the best bet)
[00:18] <sarnold> I'm curious if your ssh client uses the O_NOFOLLOW open flag. (mine doesn't.)
[00:19] <RustyShackleford> hm kdump is not found
[00:20] <RustyShackleford> okay what the heck is going on here?!
[00:20] <RustyShackleford> well it works lol
[00:21] <RustyShackleford> I had tried this a week ago, gave up when it was not working. So I just set it up again and this time it works :/
[00:23] <sarnold> hah :)
[00:23] <sarnold> maybe you need to install some developer's kit to get decent syscall tracing tools on OS X?
[00:24] <RustyShackleford> how would you feel about keeping private keys in a (private) dotfiles repo as well
[00:24] <sarnold> if your passphrase on the keys is decent, it's alright
[00:25] <RustyShackleford> I usually use no passphrase hah
[00:25] <RustyShackleford> i'm not so secure sometimes for the sake of convenience. I should also find a more secure way to store my passwords
[00:33] <nastronaut> RustyShackleford: have you tried verifying that the symlink actually worked? if you do an `ls -al` should return something like this:
[00:33] <nastronaut> lrwxr-xr-x   1 user staff   37 Aug 25 11:31 config -> /Users/user/dotfiles/ssh_config
=== Mobutils_ is now known as Mobutils
[00:58] <ndboost> evening folks
[00:58] <ndboost> regarding an iptables question, using s3 what do i need to allow inbound for it to work
[02:28] <RustyShackleford> do you think home internet connections throttle port 22?
[02:28] <teward> RustyShackleford: depends on the ISP
[02:28] <RustyShackleford> comcast
[02:29] <RustyShackleford> just curious how I could test that
[02:29] <RustyShackleford> also curious if you get less spambots if you use an alternate port
[02:29] <teward> RustyShackleford: IIRC they don't filter traffic in/out or throttle things on those ports, but only Comcast would have the answer
[02:29] <sarnold> it'd be easier to just test rather than trying to -talk- to someone there who would know
[02:29] <teward> RustyShackleford: security through obscurity only works... for a little bit.  OBscuring the port is fine, but disable password auth, use key auth, etc.
[02:29] <teward> yep.
[02:30] <RustyShackleford> sarnold: you need to be on hold for an hour before you can speak to someone worth a damn
[02:30] <sarnold> RustyShackleford: only an hour? that's better than I expected :)
[02:31] <RustyShackleford> I had a server exposed to the internet for a while
[02:31] <teward> RustyShackleford: Really?  I have at least twenty :P
[02:31] <RustyShackleford> its crazy how many people try to log into my random ip address
[02:32] <teward> RustyShackleford: service scanners, brute forcers, botnets, etc.  drivebys most likely
[02:32] <RustyShackleford> fail2ban helps a bit
[02:32] <teward> RustyShackleford: though, that's *anything* connected to the internet.
[02:35] <RustyShackleford> do you think they scan only 22, 80 and the obvious ones?
[02:35] <RustyShackleford> I wonder how much using 22000 or something would cut down on drive-bys
[02:36] <sarnold> I put mine up on 2222 when I travel, and it gets plenty of scans; don't pretend it'll be silent up there
[02:36] <sarnold> it may be less, but whole-internet scanning is commonplace and cheap these days
[02:38] <Ben64> they don't scan every port though
[02:38] <RustyShackleford> can't remember if the ssh logs show which port they attempt to connect on
[02:39] <RustyShackleford> I could enable them both and see which gets more hits
[02:39] <RustyShackleford> er, the difference in the number of hits
[02:40] <Ben64> 22 wins for sure
[02:43] <Ben64> over 2000 hits on my ssh in the past 24 hrs
[02:44] <Ben64> 99.3% for root
[02:44] <Ben64> don't even have root ssh enabled, you silly bots
=== php_ is now known as php
[04:47] <RustyShackleford> I need a domain for this server
[04:47] <RustyShackleford> i'm so uncreative
[06:17] <Seveas> RustyShackleford: uncreative.space :P
[07:00] <Choups>  how do i run tor, in a ubuntu 16.04 ?
[07:00] <Choups> i need an app to use tor as proxy
[07:00] <Choups> so i need tor to be runing on the machine
[07:00] <Choups> how do i do it?
[08:00] <jamespage> coreycb, I remember that it was suggested that was a good idea
[08:49] <cpaelzer> jamespage: I pushed the openvswitch changes to the repo and uploaded
[08:49] <cpaelzer> jamespage: I also added the ubuntu1 release you had in the repo and tagged yours and mine so that repo matches reality
[08:50] <jamespage> cpaelzer, good morning!
[08:50] <jamespage> sorry yesterday was frenetic for a number of reasons
[08:50]  * jamespage looks
[08:51] <cpaelzer> jamespage: totally fine - as I said I want to help not to disturb :-)
[08:51] <cpaelzer> jamespage: so I did what I announced to you and know that in case of blergh we can still fix and upload more if needed
[08:51] <cpaelzer> jamespage: I also have something written up for the ovs-dpdk charming that I'm about to send
[08:52] <cpaelzer> jamespage: anyone but you to add as CC on that?
[08:52] <cpaelzer> a.k.a did get that work to be done by somebody else?
[08:52] <jamespage> cpaelzer, no it will get in the right queue
=== _degorenko|afk is now known as degorenko
=== Malediction_ is now known as Malediction
[10:34] <Pjusur> Whats the major difference between a standard Ubuntu server install and a minimal one? just fewer packages install by default?
[10:39] <rbasak> Pjusur: if you're referring to the options in the traditional installer, then that's the only difference.
[10:40] <Pjusur> rbasak: Yes :), the F4 option after boot before install, tnx mate
[11:04] <rbasak> powersj: for bug 1629890, my understanding of the typical use case for mongodb says that it's more than wishlist for the process limit to be so low - I'd make it High rather than Wishlist
[11:04] <ubottu> bug 1629890 in mongodb (Ubuntu) "/lib/systemd/system/mongodb.service should set LimitNOFILE" [Wishlist,Triaged] https://launchpad.net/bugs/1629890
[11:04] <rbasak> Also bitesize perhaps?
[12:38] <zioproto> hello
[13:19] <coreycb> jamespage, is network access in unit tests limited to ppas?  python-k8sclient tests are getting 404's when backporting to the staging ppa, but ran ok on yakkety.
[13:19] <coreycb> lack of network access, that is
[13:19] <jamespage> coreycb, hmm
[13:20] <jamespage> the builders all have limited egress
[13:20] <coreycb> jamespage, ok, interesting
[13:50] <gargsms> I am trying to write a custom log for Apache. For any log entry ending with 0, I am using this declaration, just to test ```CustomLog "|/bin/bash -c 'if [ awk \'{print $NF}\'` -eq 0 ]; then logger -s ; fi" combined``` Nothing gets logged to syslog in this case. However, if I just do logger -s, then the entry is logged completely.
[14:16] <powersj> rbasak, ok - however the link you provided makes me think we shouldn't yet
[14:18] <rbasak> powersj: I stuck it in the backlog. Perhaps we should just check deeper that mongodb doesn't use FD_SET.
[14:18] <rbasak> (it seems unlikely)
=== JanC is now known as Guest96823
=== JanC_ is now known as JanC
[16:23] <kaslcrof> Does anybody know the way to propose changes to UCA(Ubuntu Cloud Archive). There is problem with file io.murano.zip [1] which is contained in murano-common package [2] . The problem is file io.murano.zip exist in package (murano-common) but it is in the wrong directory(/usr/share/murano-common/ but should be in /var/cache/murano/meta/).[1] https://review.openstack.org/#/c/250436/ [2] http://mirror.regionone.osic-cloud1.openstack.org/ubuntu-clou
[16:23] <kaslcrof> <kaslcrof> d-archive/pool/main/m/murano/
[16:23] <jgrimm> coreycb maybe ^^
[16:25] <coreycb> kaslcrof, hi which release of openstack is this for?
[16:55] <kaslcrof> coreycb, it is for newton
[17:02] <coreycb> kaslcrof, I think it makes sense where it is stored in /usr/share/murano-common.  but if you want we can switch over to #openstack-pkg and we can chat with zigo to get his thoughts (since this package originates in debian).
[17:08] <jgrimm> thanks coreycb
[17:10] <kaslcrof> coreycb, many thanks.
[17:48] <zul> coreycb: barbican uploaded
[17:48] <coreycb> zul, thanks
[17:51] <dannf> smb: thx for the libvirt SRU upload! will verify asap
[18:39] <coreycb> jamespage, zul, ddellav: I had to manually backport python-k8sclient to newton-staging.  for some reason backport_package couldn't backport it successfully (maybe interference with port 8080?).
[18:39] <zul> coreycb: ack
[20:08] <zul> coreycb: bug deweeding is so much fun
[20:09] <coreycb> zul, what are you up to?
[20:09] <zul> coreycb: deweeding ubuntu/nova bugs on launchpad
[20:10] <coreycb> zul, awesome