[00:00] <geigerCounter> What does this mean?
[00:00] <sarnold> geigerCounter: yay :D
[00:00] <geigerCounter> Yes, yay. Now how do I get roundcube to do that?
[00:01] <nacc> geigerCounter: it presumably means your exim4 configuration is fine
[00:01] <nacc> https://github.com/roundcube/roundcubemail/wiki/Configuration ?
[00:01] <nacc> tls:// for the smtp server
[00:01] <sarnold> smtp_user and smtp_pass perhaps?
[00:02] <geigerCounter> Hmm
[00:02] <geigerCounter> It's supposed to use the same user and pass that was used for logging into imap
[00:03] <geigerCounter> And yeah, lemme go take a looksee at the roundcube wiki.
[00:03] <nacc> geigerCounter: as in, you want to?
[00:03] <geigerCounter> Thanks you guys.
[00:03] <nacc> geigerCounter: %u
[00:04] <geigerCounter> nacc: I don't know if this affects anything but to authenticate successfully, I have to use <user>@<hostname>,<password>
[00:04] <geigerCounter> For both imap and smtp
[00:04] <geigerCounter> Is that normal? That wouldn't confuse smtp applications, would it?
[00:04] <nacc> geigerCounter: that i don't know :/
[00:05] <patdk-lap> heh?
[00:06] <patdk-lap> it's it just username and password
[00:06] <patdk-lap> why would something matter if a username contained an @ in it or not
[00:06] <geigerCounter> patdk-lap: Because that's the way my exim is configured, it's gotta match the hostname as part of the username.
[00:07] <patdk-lap> "That wouldn't confuse smtp applications", why would "smtp applications" care in the first place?
[00:07] <geigerCounter> I don't know.
[00:07] <geigerCounter> I wouldn't think it would.
[00:18] <geigerCounter> Hmm. Well roundcube still says authentication failed.
[00:18] <geigerCounter> Hmm
[00:20] <nacc> cpaelzer: would you be able to follow-up on LP: #1644530 ?
[00:37] <geigerCounter> nacc: Suggestions on what else to try? I'm reading the wiki still
[00:37] <sarnold> what do the postfix logs say?
[00:37] <sarnold> maybe they're more specific on the failure than the roundcube logs
[00:37] <geigerCounter> sarnold: Not using postfix
[00:37] <sarnold> sorry, force of habit, everyone else is.. hehe
[00:38] <sarnold> so, what's the exim4 logs say? :)
[00:38] <nacc> i assume you can get exim4 to be more verbose
[00:38] <nacc> either run it in the foreground, ro configure it to be noisy
[00:38] <geigerCounter> Mm
[00:39] <nacc> *or
[00:40] <geigerCounter> Wait wait.
[00:40] <geigerCounter> I just got roundcube to be noisier.
[00:40] <geigerCounter> I'm looking at the auth it's sending. It's not right.
[00:41] <geigerCounter> OH.
[00:41] <geigerCounter> I see now.
[00:41] <geigerCounter> ...
[00:41] <geigerCounter> Roundcube isn't including the nulls.
[00:42] <geigerCounter> How do I get it to do that?
[00:42] <nacc> geigerCounter: i believe they have an IRC channel :-P
[00:42] <geigerCounter> Heh yeah.
[00:42] <geigerCounter> On freenode?
[01:06] <geigerCounter> That's weird. Based on my debugging, Roundcube is only sending my username and not my password
[01:06] <nacc> geigerCounter: not sure, but i had to ask for some help when i was fixing it for php7
[01:07] <geigerCounter> No it's fine. I just got it.
[01:07] <geigerCounter> c:
[01:08] <nacc> geigerCounter: cool
[01:08] <geigerCounter> Yep.
[01:09] <geigerCounter> I realized that it wasn't appending the password key to the auth string, so I just set the password to an empty string and added the password substitution token to the user name field, since that was actually being sent.
[01:09] <geigerCounter> "\0%u\0%p"
[01:09] <geigerCounter> And lo, it worked. :D
[01:10] <geigerCounter> It feels kinda weird to do it this way, but it's no less secure I suppose.
[01:10] <geigerCounter> And it actually works now.
[01:12]  * patdk-lap wonders why it's using login though at all
[01:21]  * geigerCounter shrugs
[04:24] <drab> anybody knows if it's possible to force the veth hostname on the host for unprivileged containers?
[04:24] <drab> wtih a lot of containers and monitoring on the host it'd be pretty useful to be able to name those something sensible
[04:25] <drab> like veth_$hostname_#
[07:57] <cpaelzer> nacc: I subscribed and will follow up later today
[08:10] <lordievader> Good morning.
[08:39] <zioproto> zul: just wanted to report that I tested again nova upgrade from Mitaka to Newton, and with the new packages everything works just fine. We are just waiting for release of the packages in SRU at this point. Thank you
[10:57] <jamespage> bug 1667033
[10:57] <cpaelzer> jamespage: oO not working for you ?
[10:58] <jamespage> cpaelzer: just needed the link
[10:58] <jamespage> :-)
[10:58] <cpaelzer> puh
[11:54] <ztane> is there a specific day for 1204 LTS support dropping?
[11:57] <hateball> ztane: https://www.ubuntu.com/info/release-end-of-life
[11:58] <hateball> oh specific *day*
[12:01] <ztane> yes
[13:24] <patdk-wk> early april
[13:33] <frickler> zul: coreycb: I'm seeing https://bugs.launchpad.net/horizon/+bug/1643964 reappear with 3:10.0.2-0ubuntu1 proposed for yakkety/newton: http://paste.ubuntu.com/24130835/ . The bug only mentions Ocata, can you check this, please?
[13:39] <zul> frickler: yep will have a look today
[13:40] <coreycb> zul, frickler: 10.0.2 isn't in proposed yet
[13:41] <frickler> coreycb: zul: it is queued for yakkety
[13:41] <coreycb> zul, frickler: if you refreshed static assets for that version, i'd recommend trying without the static assets refreshed
[13:41] <zul> coreycb: yeah frickler is using a ppa version that i uploaded  for him to a ppa
[13:41] <coreycb> frickler, thanks for testing that :)
[13:42] <frickler> seems like 3:10.0.0-0ubuntu1~cloud0 is fine, while 3:10.0.1-0ubuntu1~cloud0 shows the same issue, but I need to retry the latter on a fresh machine
[13:43] <frickler> or it may be some python dependency that got updated in the last three weeks
[13:44] <coreycb> zul, s/static assets / xstatic deps/
[13:44] <coreycb> frickler, ok if you see this with 10.0.1 too, let us know please
[15:16] <zioproto> hello. I am trying a Trusty to Xenial upgrade for my nova compute nodes (Mitaka). My neutron agent are broken with this stacktrace: http://paste.openstack.org/show/601784/
[15:16] <zioproto> does this 'sudo: policy plugin failed session initialization' ring a bell to anyone ?
[15:27] <wimpog> Hello, I've got PCI compliance scan failure for CVE-2016-2183. Here is the version of my system: http://pastebin.com/DkReaJe1 What can I do to resolve this reported failure?
[15:38] <rbasak> wimpog: see https://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-2183.html
[15:39] <rbasak> wimpog: follow the usn links for instructions.
[15:40] <nacc> cpaelzer: thanks!
[15:40] <wimpog> rbasak: thank you. I have looked at it. Does that mean it is fixed? I have OpenSSL 1.0.1f 6 Jan 2014
[15:42] <rbasak> wimpog: fixed in which package?
[15:42] <wimpog> rbasak: openssl
[15:42] <rbasak> wimpog: the upstream version is not relevant for security fixes in distribution packages. You need to report the package version.
[15:43] <wimpog> rbasak: the openssl version?
[15:43] <wimpog> rbasak: openssl version: OpenSSL 1.0.1f 6 Jan 2014
[15:43] <rbasak> The version string of the openssl package.
[15:43] <rbasak> You are reporting the upstream version, not the package version.
[15:44] <wimpog> rbasak: how do I get it?
[15:44] <wimpog> dpkg-query -l | grep openssl
[15:44] <wimpog> ii  libgnutls-openssl27:amd64            2.12.23-12ubuntu2.6                  amd64        GNU TLS library - OpenSSL wrapper
[15:44] <wimpog> ii  openssl                              1.0.1f-1ubuntu2.22                   amd64        Secure Sockets Layer toolkit - cryptographic utility
[15:44] <rbasak> Right, so 1.0.1f-1ubuntu2.22
[15:45] <rbasak> According to the page I linked, CVE-2016-2183 was fixed in 1.0.1f-1ubuntu2.20.
[15:45] <rbasak> If you have 1.0.1f-1ubuntu2.22 installed then you are not affected by CVE-2016-2183 according to the data.
[15:45] <rbasak> For the openssl package.
[15:46] <patdk-wk> assuming the services that use it, where restarted
[15:46] <wimpog> rbasak: thank you! That's what I thought, but still don't why why this PCI scan is failing
[15:46] <patdk-wk> because, PCI scanners are idiots
[15:47] <patdk-wk> they only bother to check what version they detect, they do not CHECK to see if you are actually vaunerable
[15:47] <patdk-wk> to them, you are vaunerable until proven not to be
[15:47] <wimpog> rbasak, patdk-wk: thank you!
[15:47] <wimpog> rbasak: patdk-wk I'll probably submit a dispute with them
[15:48] <patdk-wk> yes, you will always have to
[15:48] <patdk-wk> and include the version installed and a link to the USN above
[15:48] <wimpog> patdk-wk: the link that rbasak has posted? https://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-2183.html ?
[15:49] <patdk-wk> yes
[15:49] <jbicha> hi, I'm pinging about bug 1667195
[15:51] <rbasak> jbicha: looks reasonable. jgrimm: ^?
[15:51] <rbasak> I'm not sure I follow why we want it in supported-misc-servers at all.
[15:51] <rbasak> Is it a leaf package that server users even expect?
[15:51] <rbasak> jbicha: so I have no objection, but OOI, what creates your interest in this?
[15:52] <rbasak> emacs25?
[15:53] <jbicha> rbasak: my interest is I don't think gconf and old obsolete gnome2 libraries should be in main any more
[15:53] <rbasak> Fair enough :)
[15:54] <rbasak> kirkland: ^ opinion on unseeding mdbtools from supported-misc-servers please?
[15:54] <rbasak> We're seeding mdbtools. I'm not sure why.
[15:55] <jgrimm> rbasak, why was it in main to begin with?
[15:55] <jgrimm> i just did a quick look for MIR bug, but didn't see anything
[15:55] <rbasak> Looking
[15:56] <jgrimm> but if it was just pulled in as a dependency seems that no longer exists, +1
[15:56] <rbasak> It was seeded directly
[15:59] <rbasak> I'm failing at bzr here.
[15:59] <rbasak> The seeds were restructured in r1171 in 2008; the seeding of mdbtools predates this.
[16:01] <rbasak> Here we are: http://bazaar.launchpad.net/~ubuntu-core-dev/ubuntu-seeds/platform.zesty/revision/400
[16:01] <rbasak> Date: 2005-09-15 07:29:51 UTC
[16:02] <jgrimm> rharper, smoser, caribou, rbasak: server irc mtg
[16:02] <rbasak> "add mdbtools, mdbtools-gmdb. JET format supported by OOo2."
[16:02] <rbasak> jgrimm: it was added to "supported", then moved to "supported-misc-servers" later. Since it mentions OOo2, I think maybe the intention is a desktop thing.
[16:02] <jgrimm> rbasak, indeed, thinking the same
[16:03] <rbasak> jgrimm, jbicha: we should move it to the desktop seed, or drop if they don't want it.
[16:03] <frickler> zul: coreycb: o.k., so the 10.0.1 package by itself is fine. upgrading to 10.0.2 or installing 10.0.2 directly fails. after upgrading also downgrading again is broken: http://paste.ubuntu.com/24131501/ so I guess the xstatic refresh within the ppa build broke things
[16:03] <jbicha> some sort of support for using LO Base to work with Microsoft Access files or something but I don't know anyone that does that
[16:03] <rbasak> Yeah
[16:03] <jbicha> mdbtools isn't installed by desktop either
[16:03] <rbasak> I think it doesn't make sense for Ubuntu to be seeding it now, but that's a question for ~ubuntu-desktop.
[16:04] <rbasak> mdbtools-gmdb is also seeded in supported-sysadmin-desktop
[16:04] <jgrimm> agreed, agruably it is a servery thing, but doesn't seem to really need to be seeded for its original reason, but yes, please check
[16:05] <jbicha> rbasak: could you or someone comment from server's side on the bug then?
[16:05] <rbasak> Sure I'll comment.
[16:05] <jbicha> and I'll try to get desktop to comment then we just need to someone to adjust the seeds based on that
[16:07] <jgrimm> rbasak, jbicha: thank you
[16:10] <rbasak> jbicha: if ~ubuntu-desktop agree I'd be happy to unseed it.
[16:14] <coreycb> frickler, ok that's good that 10.0.1 works.  I think zul is uploading a new 10.0.2 without refreshing xstatic files.
[16:38] <nacc> rbasak: are you seeing a git-commit-tree failure with tftp-hpa?
[16:41] <rbasak> nacc: yes
[16:41] <rbasak> 03/07/2017 16:24:31 - DEBUG:stderr: fatal: invalid date format: None
[16:42] <nacc> bah
[16:43] <rbasak> nacc: is this due to the refactoring for the devel pointers?
[16:44] <nacc> rbasak: possibly, let me debug locally
[16:45] <nacc> rbasak: could you undo that change locally and --no-push --no-clean to see?
[16:45] <rbasak> Yeah
[16:45] <nacc> i'm adding some debugging locally to see if i can figure it out
[16:47] <rbasak> nacc: yeah it works with 1aa0f46
[16:47] <nacc> rbasak: ok, i'll work on a fix, if you want to just import with that version for now
[16:47] <rbasak> nacc: thanks. Happy for me to push that to lpusdi?
[16:47] <rbasak> Or I can keep it local if you prefer.
[16:48] <nacc> rbasak: yeah that's fine
[16:48] <rbasak> ack
[17:01] <rbasak> Pushed.
[17:04] <nacc> rbasak: thanks -- i think i have the fix as well
[17:33] <hhee> after update from 14 to 16, apt-get update, got " Ignoring file '50unattended-upgrades.ucf-dist' in directory '/etc/apt/apt.conf.d/' as it has an invalid filename extension"
[17:33] <hhee> what is going wrong?
[17:33] <patdk-wk> nothing
[17:33] <hhee> how to fix it?
[17:33] <patdk-wk> you don't
[17:34] <patdk-wk> when you upgraded, it asked if you wanted to update that file, and you said no
[17:34] <patdk-wk> so it created that file with the new changes in it
[17:34] <patdk-wk> you either merge those changes into your existing file, don't merge those changes
[17:34] <patdk-wk> then when you happy, delete that file
[17:35] <hhee> patdk-wk, got it. thx!
[18:07] <zul> coreycb: cloud-archive should be good again
[18:08] <coreycb> zul, ack
[18:11] <quadHelix> Ubuntu 14.04LTS Server.  I am trying to disable the arcfour cipher in ssh for PCI Compliance.  I have googled and gone through many articles, both ssh_config and sshd_config do not reference "arcfour".  Could anybody point me in the right direction?  Do I have to compile from source or something?
[18:16] <patdk-wk> https://wiki.mozilla.org/Security/Guidelines/OpenSSH
[18:20] <quadHelix> thank you sir, I will read this article forth-with ;)
[18:21] <quadHelix> Actually, I had been through that article once.  When I run ssh -Q cipher <ip addr> it was still showing me arcfour
[18:22] <patdk-wk> yes
[18:23] <patdk-wk> and why would you expect it not to?
[18:23] <quadHelix> ignorance perhaps?  I am new to this realm.  I didnt even know that arcfour is RC4 ;)
[18:23] <patdk-wk> "The various algorithms supported by a particular OpenSSH version can be listed with the following commands: "
[18:23] <patdk-wk> supported!=enabled
[18:24] <quadHelix> understood.  thank you.
[18:36] <sarnold> quadHelix: it's a bit of a joke. RSA didn't patent RC4; when other people started using it, they tried to claim it as a 'trade secret' in court to stifle people from using it; so some people took to calling it 'arcfour' as in, "apparently rc4", so they could say it's apparently rc4 but not necessarily the thing rsa was using.
[18:37] <drab> lol, didn't know that one, thanks for sharing :)
[19:06] <quadHelix> ty sarnold, I like to know the back story.
[20:02] <jancoow> Hi. My ubuntu server installation hangs on a purple screen everytime
[20:03] <jancoow> It says detection hardware.. or something
[20:03] <jancoow> and then something with copying cdrom
[20:03] <jancoow> and then only purple screen with white bar underneath
[20:10] <patdk-wk> is it a dell?
[20:10] <patdk-wk> oh he left
[20:39] <Doow> What is it that's supposed to trigger starting apache on boot? Since yesterday it
[20:39] <Doow> 's not starting anymore for me, no errors in logs or anything, and starting the service manually works fine
[20:39] <sarnold> what release?
[20:40] <Doow> 16.10
[20:40] <Doow> sudo systemctl enable apache2.service just says that it's not configured to be enabled/disabled but started some other way
[20:41] <Doow> I added a service of my own making yesterday and I wonder if that might have blocked it somehow?
[20:41] <Doow> I looked in apaches own logs, syslog and journalctl
[20:44] <sarnold> systemd requires a service to be wanted by multiuser.boot or something like that
[22:22] <Doow> I'm still trying to figure out if apache is even trying to start at boot, I can't find anything in the logs, but it's enabled in /etc/rc2-5.d
[22:22] <Doow> any ideas?
[22:23] <Doow> I haven't done anything to try and turn it off, but it's just not starting anymore
[22:24] <Doow> I'm suspecting a collision with mysql (i.e. maybe mysql hasn't started before apache) but that's just a guess
[22:24] <Doow> this is what systemctl tells me http://pasteall.org/284600/text
[22:55] <quadHelix> Doow have you tried netstat -tnlp and looked for your listening port?