[00:20] <keithzg> Yeesh, I guess I'm done buying ASUS motherboards ever. Got a response from their customer service and the only way to patch the Intel ME vulnerability is indeed to run the updater which only works on Windows.
[00:22] <sarnold> what is it with firmware / hardware people..
[00:24] <sdeziel> not even providing a bootable ISO with something like freedos is really bad
[00:43] <keithzg> Yeah, I mean frankly anything involving updating firmware on a motherboard you'd think you'd want to be able to do without relying on an installed OS!
[00:45] <metastable> I enjoy my MSI boards for that reason. Insert stick, push button. BIOS flash, even from soft-brick.
[00:58] <keithzg> metastable: To be fair though, the Intel Management Engine is an additional, somewhat self-contained entity with its own firmware, so the ease of flashing "BIOS" isn't necessarily an indicator that they'd get *this* right. I tried checking MSI's support pages to check how they've been handling Intel ME updates but I keep getting 504 errors from nginx on their servers . . .
[01:03] <keithzg> Hmm from what little information MSI provides on https://www.msi.com/news/detail/tbzkKfKPAi1ALASqaWkS99rxLH-FNw7O9AC8b2jsPHSoz1kSuAag52YLmCGiuuD9LhFJ7_wgczjFmbrnR5UGCA~~ it seems like they might also require you to run Windows to update the Intel Management Engine.
[01:23] <cncr04s> anyway to have mdadm scrub a raid array to look for inconsitencies ?
[01:31] <Sling> cncr04s: thats what you'd have raid 1 or raid 5 for
[01:31] <Sling> what kind of inconsistencies ar eyou expecting?
[02:26] <metastable> Ew. RAID 5...
[02:26] <metastable> cncr04s: echo check > /sys/block/mdX/md/sync_action
[02:27] <metastable> cncr04s: Where 'mdX' is the md device number of the mdadm array. Check /proc/mdstat for this.
[05:05] <cncr04s> i have a raid5 and a raid 6 array
[06:35] <cpaelzer> good morning
[06:44] <lordievader> Good morning
[06:46] <cpaelzer> hiho lordievader
[06:48] <lordievader> Hey cpaelzer
[06:48] <lordievader> How are you doing?
[07:04] <cpaelzer> lordievader: good, you as well I'd hope
[07:04] <lordievader> Yes, doing allright.
[07:04] <cpaelzer> great
[07:05] <lordievader> My zabbix experiments seem to pay off somewhat.
[07:05] <lordievader> We want to create some triggers wich compare the data of today with yesterday.
[07:05] <lordievader> So I build a graph which does that.
[10:54] <gun1x> guys, quick question
[10:54] <gun1x> just got an ubuntu server up on an infra that i do now own
[10:55] <gun1x> and i have something strange in terminal ... i get some strange characters
[10:55] <gun1x> does anybody know an apt command to install missing packages so i have all characters ?
[10:59] <Frickelpit> what do you mean by "strange characters"? did you check your locales settings?
=== downtime is now known as uptime
=== albech1 is now known as albech
[17:01] <add1ctus> I was enabling firewall on my server. Just added all the ports I need (22, 80, 443) to allowed list and did ufw enable. Everything else had default settings. Since then connections slowed down towards the server, and I disabled it immediately. But connections are still slow, and even apachectl status doesn't give any output. Checking with htop, it says server isn't under any load. Anything I could do?
[17:04] <rbasak> Slow how?
[17:04] <rbasak> Could it be reverse DNS timing out?
[17:06] <add1ctus> When I try rapidly checking tracert, every third request gets stuck. The website hosted on the server is also slow (Chrome gets stuck on Connecting..)
[17:09] <sdeziel> add1ctus: I'd make sure ICMP is authorized to have PMTU working
[17:10] <sdeziel> I think ufw allows what's needed by default but I don't know for sure
[17:14] <add1ctus> @sdeziel: I didn't kinda understand what you're trying to say. How should I check that?
[17:16] <sdeziel> add1ctus: A quick way to check this would be to add those 2 rules: sudo iptables -I INPUT -p icmp -j ACCEPT; sudo iptables -I OUTPUT -p icmp -j ACCEPT
[17:24] <rbasak> add1ctus: every third request getting stuck is a Cisco signature IIRC. I'd ignore that.
[18:40] <HackeMate> hello
[18:41] <HackeMate> i have some servers that i need to maintain, so i wanted to use something like teamviewer but for server (it means bypass firewalls)
[18:41] <HackeMate> exists a tool like that in ubuntu, or any way to do that?
[18:42] <HackeMate> both computers connect to a common servers via http port and share data
[19:27] <sdeziel> HackeMate: it's not like teamviewer but you can remote administer servers and transfer files using SSH
[19:31] <HackeMate> yes i know, but i cant pass trought firewalls or vlans
[19:31] <HackeMate> i dont know how teamviewer gets that
[19:37] <sdeziel> I think that teamviewer has the agent phone home to essentially build a HTTPS tunnel. You can then connect to teamviewer servers and access your servers through that.
[19:37] <sdeziel> HackeMate: this feels like a MITM to me so I prefer SSH :)
[19:38] <HackeMate> yes, thats the reason i want use an own method
[19:42] <sdeziel> HackeMate: you have several options. 1) you could tweak the firewall to expose your server's SSH via port forwarding 2) you could setup a VPN that connects to a server you trust 3) you could run tor on the servers to use it as a backchannel to SSH in
[19:42] <sdeziel> HackeMate: and probably a lot more
[21:39] <RoyK> hm - seems I'm getting this when attempting to install ubuntu 16.04 in a kvm/libvirt vm on jessie: Checking installer location failed: Could not find media '/data/iso/Linux/x64/Ubuntu/ubuntu-16.04.3-server-amd64.iso'.
[21:39] <RoyK> any ideas?
[21:42] <TJ-> RoyK: looks like a libvirt issue on the host based on the path
[21:44] <RoyK> TJ-: everything looks right, permissions and so on
[21:51] <TJ-> RoyK: have you refreshed the pool with "virsh pool-refresh default" (assuming it's using the default pool)
[22:06] <RoyK> TJ-: afaik it's not a pool, just "local" file
[22:07] <TJ-> RoyK: right, but the 'pool' should list it for the guest if I recall correctly
[22:17] <ahasenack> RoyK: was that error inside the vm, or in virt-manager?
[22:17] <TJ-> it's a virsh/libvirt error
[22:18] <RoyK> virt-manager - interesting, regardless of file rights, I tried to ln (not -s) the file to where the debian iso was, and that works, meaning it's quite possibly a pool thing - I've never seen that issue before
[22:21] <TJ-> I've seen it in the past, when I manually added an ISO rather than adding it to the pool, and had to refresh the pool for the guest to see it
[22:22] <RoyK> I didn't try to refresh the guest pool, though - I don't know too much about these pools
[22:24] <RoyK> TJ-: anyway - thanks
[22:28] <rbasak> cpaelzer, ahasenack: BTW, mail-stack-delivery is something I've wanted to deprecate for years, but never got round to driving.
[22:28] <ahasenack> rbasak: it seems handy, but I can see how it would be a maintenance burden
[22:29] <rbasak> But it doesn't really cause us any pain except in merges, because I think barely anyone actually uses it
[22:29] <ahasenack> it's in the lts guide
[22:29] <rbasak> Yeah so it's quite a bit of work to deprecate and remove :)
[22:29] <ahasenack> yeah
[22:29] <ahasenack> we just have to remember to update it with what is considered best practices that year :)
[22:30] <ahasenack> smtpd_tls_mandatory_protocols = SSLv3, TLSv1 <-- that isn't, for example
[22:30] <ahasenack> SSLv3
[22:30] <ahasenack> something I'm raising in my review
[22:32] <ahasenack> defaults from postfix:
[22:32] <ahasenack> # postconf -d smtpd_tls_mandatory_protocols
[22:32] <ahasenack> smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
[22:33] <ahasenack> maybe we should leave it at the postfix's default instead of hunting down what's bad and what is not
[22:34] <rbasak> I think that's a good idea. Make sure it's matches the postfix's packages default too. Eg. if postfix ships a conffile with an important setting that gets overriden by mail-stack-delivery, that could be a problem.
[22:34] <rbasak> Sort of like you found it as it is now :)
[22:57] <morphine> hi guys, anyone here ever came across a situation where Apache 2.4 just wouldn't log rewrite activity no matter what you set the LogLevel rewrite:trace directive to?
[22:59] <sarnold> morphine: if you deliberately break the configuration in some blatant obvious way do you see that take affect as you expect? (I'm curious if perhaps the file you're editing is being ignored entirely)
[22:59] <morphine> yeah, this configuration is working perfectly and as expected. The context here is that I'm debugging a single rewrite rule
[23:00] <morphine> I went ahead and enabled rewrite logging, and two hours later I'm still trying to figure out why that never shows up on any of the logs
[23:00] <morphine> doesn't seem to be a unique problem, found a couple forum threads about it but no actualy solution
[23:00] <morphine> already tried a million things up to and including defining a vhost that has next to no configuration but the rewrite/log settings
[23:01] <morphine> (and no, I didn't forget to reload/restart Apache :)
[23:01] <sarnold> :)
[23:05] <sarnold> morphine: nothing in the docs stands out :/ it might be worth a bug report
[23:06] <morphine> could be, but it's probably some obtuse and apparently-unrelated setting
[23:06] <morphine> which has been my experience with Apache 2.4 in particular
[23:08] <sarnold> reminds me of the day I lost due to a '/' on the end of a directory name.
[23:11] <ahasenack> morphine: can you see the rule checks progressing until your rule is hit? Or not even that?
[23:11] <ahasenack> (in the debug logs)
[23:11] <ahasenack> I was in that situation a few times, it was always *something*
[23:11] <morphine> that's the whole problem, I don't see the rule logs *anywhere*
[23:12] <ahasenack> did you set LogLevel?
[23:12] <sarnold> are they maybe going to syslog rather than a file? or file rather than syslog?
[23:13] <ahasenack> that's new in 2.4, according to what I'm reading
[23:13] <ahasenack> "Those familiar with earlier versions of mod_rewrite will no doubt be looking for the RewriteLog and RewriteLogLevel directives. This functionality has been completely replaced by the new per-module logging configuration mentioned above."
[23:14] <morphine> yeeeep
[23:14] <morphine> because it made sense before, so it had to change!
[23:14] <morphine> (sorry)
[23:14] <ahasenack> mod_rewrite made sense?
[23:14] <ahasenack> :)
[23:14] <morphine> har
[23:15] <morphine> don't even get me started on the Log/ErrorLogFormat mess
[23:15] <ahasenack> http://httpd.apache.org/docs/current/mod/core.html#loglevel
[23:15] <ahasenack> hope that helps
[23:16] <morphine> I already tried like 10 variations of the LogLevel line (including some obtained from forums/how-tos)
[23:16] <morphine> but I might as well try a couple more
[23:16] <ahasenack> try setting it for other things, see if you get that to work
[23:17] <ahasenack> if not even that changes the logs you are seeing, then something else is going on
[23:17] <ahasenack> gotta go, g'night
[23:20] <morphine> thanks for the input