[06:15] <Drag0nhunter> hi all
[06:17] <cpaelzer> Good morning
[06:18] <lordievader> Good morning
=== led2 is now known as led1
[09:00] <Neo4> Hi
[09:01] <Neo4> What is difference between trusted and untrusted certificate?
[09:01] <Neo4> Why validated certificate is secure and self signed not secure?
[09:01] <Neo4> who know scheme how PKI works?
[09:02] <Neo4> server has privet key, then it gives user public key and user encrypt data using this public key yes?
[09:03] <Neo4> guy who is sitting on the middle can get public key but he can't decrypt data encrypted by user, It can only do server who has privet key or other person with privet key
[09:04] <Neo4> I have many questions, Who know answers?
[09:04] <mojtaba> Hello, do you know how can I encrypt my home directory and swap partition after installation of the ubuntu?
[09:04] <Neo4> mojtaba: no
[09:05] <Neo4> how does SSL/TLS work?
[09:05] <mojtaba> Neo4: Thanks for your participation.
[09:05] <mojtaba> Anyone else?
[09:05] <Neo4> we have server and user who speak with server,
[09:06] <ducasse> mojtaba: there are scripts for that in the ecryptfs package
[09:06] <Neo4> server send public key for user, and how user can get encrypted server massage?
[09:06] <mojtaba> ducasse: Even for swap partition?
[09:06] <ducasse> Neo4: this isn't an ubuntu question, look for an appropriate channel or ask in #freenode
[09:06] <ducasse> !alis | Neo4
[09:06] <ubottu> Neo4: Alis is an IRC service to help you find channels. For help on using it, see "/msg Alis help list" or ask in #freenode. Example usage: "/msg Alis list http"
[09:06] <ducasse> mojtaba: yes
[09:07] <mojtaba> ducasse: thanks
[09:07] <Neo4> user send server encrypted messages by public key, but how can server encrypt messages for user understand them?
[09:07] <Neo4> ok
[09:07] <Neo4> ducasse: ok
[09:31] <lordievader> Neo4: A self signed cert is untrusted because the chain of trust cannot be validated.
[09:33] <Neo4> lordievader: and I need full scheme PKI - public key infrustructure, Do you know how it works?
[09:34] <lordievader> You need a trusted CA (like LetsEncrypt or Verisign, etc) to sign your certificate. That way a browser can validate the chain of trust.
[09:35] <Neo4> lordievader: and I'm interesting in WHMCP web host manager control panel, We must use it? Can you give recomandation how to set up VPS on ubuntu and all needed applications
[09:35] <lordievader> How you set up your VPS is up to you, how you want it, what purpose it serves, etc.
[09:35] <Neo4> lordievader: yes, do you know Main in the middle attack?
[09:36] <lordievader> Yes? What about it?
[09:36] <Neo4> lordievader: I want to set up it using standard
[09:37] <Neo4> lordievader: and explain how valid certificate will protect you from tampered request?
[09:37] <lordievader> You lost me. Do you want to set up a web server?
[09:37] <Neo4> I want
[09:38] <Neo4> I did it but it difficult support and envision situation I find a client and offer him creat site on wordpress and what I must set up on VPS?
[09:39] <Neo4> it might have to be WHMCP at least?
[09:39] <Neo4> he won't use command line
[09:39] <lordievader> I'm sorry I don't understand what you are saying.
[09:39] <Neo4> lordievader: can you give recommendation on this account?
[09:40] <lordievader> What is your native language? Perhaps there is a native Ubuntu support channel for you. Might be easier.
[09:40] <Neo4> lordievader: no, I wholly understand you
[09:40] <Neo4> lordievader: what is your English level?
[09:41] <Neo4> I'm good in English enough for speak about, intermediate level it's very high
[09:42] <lordievader> Neo4: I understand you want to setup a web server. What you want furthermore is unclear to me.
[09:42] <Neo4> lordievader: See let's I approach to you fro other side. What applications do you install on your VPS, For it should be some standard set of apps that so called 'must have always'
[09:43] <Neo4> lordievader: I want control panel
[09:43] <Neo4> Does exists some standard for VPS?
[09:44] <lordievader> I don't run a control panel. But there are many available. Look for what you want and install that, I'd say.
[09:44] <Neo4> lordievader: it's like for hosting, What is for hosting necessary?
[09:45] <lordievader> Depends on what you want to offer. If you want one-click installs of Wordpress, for example, the demands are quite different than if you only want to host static HTML pages.
[09:45] <Neo4> lordievader: compare usual shared hosting, and we need all of that put in ours, Do you see there always exists WHMCP? Always, User won't create it manualy or hire specialist for add subdoman, Obviously we need Control panel, I think about webmin
[09:45] <lordievader> In other words, read into the topic, setup a list of requirements, then install whatever is needed to meet those requirements.
[09:46] <Neo4> lordievader: I want to offers standard servise, creating sites on wordpress, Client pay me, I will buy domain, set up VPS, set up wp site and give users access to site, to control panel, I want something like this
[09:47] <Neo4> lordievader: plan?
[09:47] <Neo4> you are right
[09:47] <lordievader> I believe cpanel does most (or all) of that.
[09:47] <Neo4> lordievader: Cpanel is paid, and client usually wants all for free
[09:48] <Neo4> they want pay for Cpanel, we can predict this variant as well, cPanel or ISPmanager only when we get rich client, for star will use some free like webmin, Do you agree?
[09:49] <Neo4> from free panels webmin is the best?
[09:49] <lordievader> I have no idea. I rarely do anything  with web panels. Dislike them.
[09:49] <Neo4> it is said that webmail is the most popular for nodays
[09:49] <Neo4> lordievader: you are like me :)
[09:55] <TJ-> Has anyone prepared a bootable image for a PCEngines APU2 ?
=== strigazi_ is now known as strigazi
[10:38] <_ruben> TJ-: i installed mine using the netinstaller from an usb stick
[10:45] <TJ-> _ruben: I'm trying to pre-build a bootable image, don't want to use an installer on the device, was trying to figure out the layout
=== strigazi is now known as strigaz_
=== strigaz_ is now known as strigazi_
=== strigazi_ is now known as strigazi
=== beatzz_ is now known as beatzz
=== uptime is now known as downtime
[12:20] <RattleBattle79> is ubuntu 18.04 supposed to ship with that live thing?
[12:55] <_ruben> TJ-: layout of what?
[12:56] <TJ-> _ruben: sorted it, the USB boot device I was using had too old a kernel on it
[12:56] <_ruben> ah :)
[12:56] <TJ-> I'm trying not to disturb pfsense so I can archive it, then replace with 18.04, and want to explore first
[12:57] <TJ-> _ruben: also was in an embedded ARM mindset forgetting this thing is x86 :)
[14:33] <ddstreet> smoser hi, re: lp #1686437 it looks like your merge request has to be actually merged by someone from the server team... freyes has acked it, so should be ready to merge and then upload i think
[14:33] <ubottu> Launchpad bug 1686437 in simplestreams (Ubuntu Xenial) "[SRU] glance sync: need keystone v3 auth support" [Medium,Confirmed] https://launchpad.net/bugs/1686437
[14:34] <ddstreet> we can upload to xenial if you don't have time, but i don't think we can merge into simplestreams:ubuntu/xenial-devel repo
[15:03] <smoser> ddstreet: if you want to ACK that merge proposal i'm ok to upload. but really i just put the merge proposal to provide something to easily test.
[15:22] <ddstreet> smoser ok cool, thanks, will do
[15:23] <nacc> ddstreet: smoser: it's not a 'real' merge
[15:23] <nacc> ddstreet: smoser: someone just needs to upload tag it in the repo (for now) and then dput can be done
[15:23] <nacc> smoser has such permissions
[15:23] <ddstreet> ok yep...i'm not familiar with where simplestreams upstream is, so i assumed it was proposing upstream merge
[15:24] <ddstreet> i'll do review of diff in MR and ack it, and let smoser do the uploading
[15:24] <nacc> ddstreet: we have recently started toggling the 'default' Git repository in Launchpad for source packages we imported to our repository
[15:24] <nacc> ddstreet: so the URLs have changed
[15:24] <ddstreet> nacc is there documentation yet around how to use git-ubuntu to 'commit', i.e. upload?
[15:25] <ddstreet> i don't remember there being any docs on how to do that
[15:25] <nacc> ddstreet: not really, as it's going to change anyways
[15:25] <nacc> ddstreet: the eventual goal is to have `git ubunt build` write the hash of the commit being built into the source pacakge
[15:26] <nacc> ddstreet: then the importer can look for that special field in the source package publication downloaded and use that to search Launchpad (via an API)
[15:26] <ddstreet> ok, so for now i should stay with the legacy sponsor/upload mechanism and wait before i get into using git-ubuntu for actual sponsoring/uploading...?
[15:27] <nacc> ddstreet: right, the issue is that there is a limited permission set that can create tags (current method for giving 'rich history')
[15:27] <nacc> ddstreet: we don't necessarily want to broaden that, because those users can also fubar the repositories, if they aren't careful
[15:28] <nacc> ddstreet: you can always still dput like normal, after just using the MPs for reviews
[15:28] <nacc> ddstreet: you just won't get 'rich' history in the imported commit
[15:32] <smoser> even without the process or the tag in place, the merge proposal provides a very good way to review and share code
[15:32] <smoser> the tag and push on top of that is useful, but for many things (such as this) its only a bit of icing
[15:32] <nacc> right, that's my point just now
[15:32] <smoser> in my opinion.
[15:33] <nacc> yeah, especially for single changes
[15:33] <smoser> where the merge process and code sharing is the big thing.
[15:33] <nacc> because the git diff you get after import is almost the same
[15:33] <smoser> signed tag and push with magic launchpad upload, that would seal it all up.
[15:34] <nacc> smoser: right, we're going to (avoid) the signed tag bit, by the fact that you sign the upload
[15:34] <nacc> at least, that's my understanding, for now
[15:40] <smoser> nacc: right. i was saying in future world where launchpad signed the upload
[15:40] <smoser> based on me signing the tag
[15:41] <smoser> i thoguht that was a goal.... getting rid of the upload stage.
[15:41] <smoser> but anyway.
[15:41] <nacc> smoser: yeah, we may or may not ever get to that
[15:41] <nacc> smoser: but yeah, that's future+2 :)
[15:43] <smoser> ddstreet or freyes please ACK https://code.launchpad.net/~smoser/ubuntu/+source/simplestreams/+git/simplestreams/+merge/341215 also
[15:45] <freyes> smoser, ack, will review for artful as well
[15:45] <ddstreet> smoser i'll let freyes ack it, and i asked wolsen (more familiar with cloudy stuff than me) to review/ack them too
[21:35] <Guma> 	I was wondering if any one can share some good documents how to strengthen openssh server? How to disable various old cyphers and best practices
[21:35] <Guma> I do not care about compatibility ... Just most secure and up to date
[21:40] <dpb1> Guma: I'd suggest: https://askubuntu.com/questions/2271/how-to-harden-an-ssh-server?answertab=votes#tab-top
[21:45] <tomreyn> https://cipherli.st/ -> OpenSSH Server
[21:48] <JanC> rate limiting connection attempts to the server is probably useful too
[23:50] <lucas_ai> Anyone know how to make realtime video streaming that can be embedded in HTML or Iframes? Real time meaning less than 200ms delay. Similar to video conferencing found in facebook, skype, hangouts, etc.