[04:25] good morning [06:39] Good morning [08:47] <_ruben> Checkmate: if /home isn't a separate filesystem from /, how is moving /opt to /home gonna help anything? [09:44] I think I messed up my /boot or something. [09:44] During `apt full-upgrade`, dpkg complained that there's not enough space (though I didn't check exactly which volume ran out of space). [09:44] Now the machine can't boot into Ubuntu [09:45] It just shows the boot menu where I can choose ubuntu or advanced options. [09:45] And if I choose ubuntu, the screen goes black for a moment, and loops right back to the boot menu. [09:45] Is there any easy way to fix that? Given that I have a live USB as well. [09:49] By "boot menu", I mean GRUB [09:52] k_sze: choose Advanced, then pick an older kernel version from the menu. The problem will be the /boot/ ran out of space whilst writing the new /boot/initrd.img [09:53] (I didn't realise that I should regularly purge old kernels from /boot until today) [09:54] I just kept installing updates without purging. [09:54] I hope I still have a bootable old kernel. XD [09:54] But what do I do once I get it booting? [09:55] `apt autoremove` shall do the right thing? And then I can `apt full-upgrade` again? [10:00] Hmm, and now I can't start a GNOME session. [10:01] I get the "Failed to start session" message when I attempt to log into GNOME. [10:02] k_sze: once it's booted, you manually delete the /boot/initrd.img-XXX files for the versions of linux-image-* that "apt autoremove" says it wants to remove [10:02] I kept thinking this is a ubuntu server. I guess I'll ask in the normal #ubuntu channel. [10:03] k_sze: I wrote a script to do it automatically if you want to try it [10:25] Seems like everything works now. [10:25] Thanks for the help. === downtime is now known as uptime [11:48] hi, Who know what means "musti-server"? http://pix.toile-libre.org/?img=1523620041.png [11:50] Can I install on VM DNS server, VPS and other apps for test? [11:50] I want to install a 10 times all and get a skill :) [11:51] so muscle training ) === miguel is now known as Guest50751 [12:38] ahasenack: good morning! [12:38] ahasenack: I'm looking at some server-next bugs. [12:38] ahasenack: any opinion on my comment in bug 1659223 please? [12:38] bug 1659223 in clamav (Ubuntu Xenial) "apparmor regression blocking freshclam process info" [Undecided,New] https://launchpad.net/bugs/1659223 [12:38] hello rbasak [12:40] rbasak: agreede, fixed in bionic [12:41] regarding xenial, it would need the change from https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1658239 fixed in xenial [12:41] Launchpad bug 1658239 in apparmor (Ubuntu) "base abstraction missing glibc /proc/$pid/ things" [Undecided,Fix released] [12:41] ahasenack: do you think we should do it? [12:42] or just include that change in clamav's profile [12:43] I don't know if it's just a warning, I can't remember [12:43] ahasenack: yeah. But is it worth it? If it doesn't actually impact anything apart from the log message. [12:43] ahasenack: how about I Won't Fix for Xenial for now, but invite people to reopen if there's a functional problem? [12:43] I would test it to see if freshclam works or not, I think that's the crux of the issue [12:44] also, the bug says "regression", I would check if that's true [12:44] I'm not too worried about that, because the bug itself seems unimportant and is resolved in the development release. [12:45] So I see no need to dig further - but if someone does and finds something worthy of attention, that's still fine. [13:08] cpaelzer, ahasenack: as I'm going through the server-next bugs, there are a number I want to drop from that queue because I don't think they're important enough. Would it be worth us running through the list together in a HO perhaps? [13:14] I don't have the spare cycles :/ [13:30] OK [13:30] We can defer it. [13:59] Guys, how easy manage your server? [14:01] is it way for speed up? [14:01] https://www.amazon.com/Managing-Linux-Systems-Webmin-Administration/dp/0131408828/ref=sr_1_fkmr0_3?ie=UTF8&qid=1523628016&sr=8-3-fkmr0&keywords=managin+unix+system+with+webmin [14:01] I have this book [14:02] for effective manage your system we need set up control panel, doesn't it? [14:02] don't it* [14:03] I'm a newbie, Who know how I can rapidly learn web hosting? [14:03] I am interestiong everything that relate to VPS [14:03] rbasak: tag them as "should-drop" or something. [14:05] Good idea, thanks. [14:05] dpb1: What control panel do you use? [14:05] see this https://www.virtualmin.com/ [14:05] I don't know what chose [14:05] :( [14:05] wirtualmin or webmin [14:06] bash4life [14:06] the best ISPmanager [14:06] dpb1: ??? [14:07] dpb1: what is bash4life ? [14:08] dpb1: what contral panel do you sugest to use? [14:08] what dpb1 is telling you is that you don't need a control panel. You just do stuff in the commandline. [14:08] What will you do when your controlpanel says "ERROR" ;p [14:09] webhosting is fairly easy, given you have enough experience with the shell. [14:09] it's difficult, I do, but for install VPS I spend 4 hours and more [14:09] you want to host vps's? [14:09] yes [14:09] I want to learn this theme [14:09] and you have no experience with the commandline? [14:09] have, and not good impressions [14:10] I used ISPmanager, it's very nice , here I would able to change php versions easy [14:10] the best you can use I guess is virt-manager whic is a GUI on top of virtlibd [14:10] allrighty.. [14:10] set up database user, create db, create FTP account [14:10] is anyone else confused here? [14:10] vps or website hosting. [14:11] php version, dbs and ftp accounts seem to relate to webhosting, not vps hosting. [14:11] for vPS too [14:12] m1dnight_: of course I can use SSH, but if I want to give access somebody, suppose for some folder for test something, I couldn't give SSH access [14:12] sure you can [14:12] you can chroot a user into his home directory [14:13] yes, all of this I can doing manyally and spend much time [14:13] ftp is an ancient protocol and should not be used. [14:13] I think to try some panes, sudenly there all will faster? [14:13] i have no idea about admin panels that allow you to do all this. [14:13] So I can't help you, sorry [14:15] m1dnight_: read this, they have very attractive features, haven't they? [14:15] http://pix.toile-libre.org/?img=1523628871.png [14:15] I didn't use them, but it looks like if you will use it will much better that do all manually [14:16] than* [14:16] I'm interesting what people use here? [14:16] anyone use control panel for desctop? [14:16] it is said it's frequently unix linux users use it [14:17] home users prehaps ... [14:17] most professionals will simply use the shell [14:18] ogra_: why? maybe opposite? Home use shall and professional control panel? [14:18] (and specifically webmin being a pile of security holes is likely something nobody will use in a professional environment .... it was removed from the debian and ubuntu archives for a reason) [14:19] professionals don't want to spend type type comands, they will rather use interface [14:19] ok [14:19] ogra_: what has ubuntu in archive ? [14:19] most professionals i know want control and not abstraction [14:19] what panels has ubuntu in archive? [14:20] no idea, i never used any [14:20] you have the paid ubuntu landscape thing, no? I actually have no idea what that does, though.. [14:21] ogra_: you didn't use any, is it now time to try some? :) [14:21] not really :) [14:21] m1dnight_: noither am I [14:22] ogra_: neither am I) [14:22] no I will use, better tried and then say it's bad [14:23] ogra_: see what I found https://www.rosehosting.com/blog/best-open-source-hosting-control-panels/ [14:23] this things are thrived, it means they are actively used, perhaps [14:24] are thriving* [14:25] we don't have to be a command line guru in order to manage simple web site [14:25] no, you can do it with simple commands. [14:25] Instead of forcing your way around the commandline, bite the bullet :p [14:26] it's all just files anyway.. [14:27] yes, I can do, but my future clients won't, They will require CP [14:28] for to be expert I must learn at least a few of theme [14:28] okay [14:28] I've only used one.com and they rolled their own I think. [14:29] Cpanel and ISPmanager, it's obligate, and one opensource [14:29] m1dnight_: I used ISPmanager, Used and skill to install and customzie are different things [14:30] m1dnight_: by the way do you know what could mean 'multi-server'? [14:30] http://pix.toile-libre.org/?img=1523629807.png [14:32] well, if you want to sell services using these tools,i'd suggest to do a security audit and usablility research and then pick the best ... after all you are giving your business into the hands of the developers of that panel software [14:32] who know what means "multi-server"? [14:33] ogra_: I'm going to build site using wordpress, 'online stores' and for this I need VPS, What I will say my client, use command line? [14:33] ... if their tool does a minor mis-configuration of a database or website and all credit card data of all users of your customers are exposed online all of a sudden your business will quickly be broke :) [14:34] ogra_: oh, no, there not credit cards in database nor other data [14:35] if i'd use any of such panels i'd hire a security specialist and have her review the tools from the ground up (including the source) before giving my business in the hands of the devs of these tools [14:35] the databases will be empty *magic* [14:35] ogra_: TLS [14:35] ?? [14:35] ABC [14:35] ogra_: force user to use TLS [14:36] see, i cn trhow around acronyms too :) [14:36] m1dnight_: https://xkcd.com/327/ ? [14:36] ogra_: web interface, there all security it's TLS and use strong password [14:36] Neo4, and that helps how ? [14:36] ABC :D [14:37] if the interface code has a bug and breaks security of your webserver, it doesnt matter if your users interact securely with it [14:37] Neo4: the point here is that its very easy for a bug in the webpanel to execute a command that has unwanted side effects [14:37] ogra_: TLS, encrypt all data and adversary can't access site [14:37] Neo4: but it's not adversaries you're worried about [14:37] endusers are just as dangerous... [14:38] ogra_: man in the middle, this is the main problem, if client strong care about security you must install valid certificate and force him use strong password [14:38] lol [14:38] that's not really true. the CA model for TLS certificates is fundamentally broken and shouldn't be considered "secure" for most intents and purposes. [14:39] man in the middle is a possible attack vector, but surely not "the main problem" [14:39] m1dnight_: do you sink client can harm site using CP? [14:39] yes. [14:39] and don't do something as silly as for instance zabbix, which indeed is a nice system, but all passwords are stored as non-salted md5 hashes [14:39] assume so, unles you had the aforementioned security audit... [14:39] blackflow: who will care out attack on simple online store? You don't need somebody. [14:39] RoyK: still? in 2018? [14:40] blackflow: yes [14:40] lol. [14:40] such security. [14:40] Neo4: just saying that using TLS does not make it magically "secure". the whole model relies on trusted CAs, which have repeatedly proven untrusted. [14:41] ogra_: for WEB it's main, what could be other problems? As it said broken CPanel itself. I think many users are using it and they would long ago niticced it and corrected [14:41] m1dnight_, well, how else would the callcenter support verify you are you if they couldnt see your cleartext password on their screen ;) [14:41] ... [14:41] Youre kidding right? [14:41] blackflow: users don't know what is certificate, Do you know many people who know what is TLS? [14:42] blackflow: they will accept easy invalid certificate if attacker will send it, I think for little store it's not problem [14:42] oh, didn't pick up on the sarcasm there, ogra_ :p sorry [14:42] Neo4: what does that have to do? you mentioned MITM. TLS does not absolutely protect against MITM with the current CA model. [14:42] m1dnight_, i'm never kiddng ... ;) [14:42] not exists person who has motive to broken that shity store [14:43] Neo4: do customers input credit card data in that store? [14:43] blackflow: in 99% cases its protect [14:43] m1dnight_, there is actually a current case where telekom.at stores passwords in clear text only and callcenter employees can see the first 4 chars in theit UI [14:43] *their [14:44] jezus :p that's horrible [14:44] one would think such a big company would know better :) [14:44] blackflow: who indentionaly want kill you something like USA gavernment of course they decrypted it, bride VPS host and get privet key or will use other ways [14:44] ... [14:44] Who want you they find ways hit you [14:44] :D [14:45] but you don't need those people, TLS enough secure for our aims [14:45] Neo4: do you intend to operate in EU? [14:46] blackflow: they want, they will leave their phones and data where deliver product, then manager will call them and will give bank number where they will pay and then they will send product [14:46] and, will customers input credit card data through that connection to the webstore, even if you don't store the CC data locally? [14:47] blackflow: or send product and then user pay on the postofice, [14:47] so, no CC payments? [14:47] its for Ukraine clients, I haven't learned schemes how it works yet [14:48] blackflow: no, in Ukraine exists 'private bank' they has his own pay and when you order something little manger call you and then send SMS with account number [14:48] you send there money and recall manager, then he send product, [14:49] alrighty. [14:49] but he offer you pay in time getting in the post office, you can pay immidiately or when it arrived [14:49] blackflow: they also afraid whether you pay or not [14:49] blackflow: Here not like in Amazon or Ebay, you must pay instantly [14:51] but I'm going to do online stores on WP for English people as well, for other client, need to learn their pay systems [14:51] we deviated from theme... :) [14:55] well, as we see this domain not popular here, all users prefer use command line, and even barely heard about them... [14:55] I always though in ubuntu server must sitting users who work with web hosting [14:56] Neo4: i think we can conclude that most people will either use the commandline, or roll their own CMS for webhosting. [14:56] it's like "who don't know they are speak and who know they are silence" [14:56] It has been mentioned *numerous* times at this point, that most of the free webpanels out there are unsecure heaps of crap. If you want to use one, make sure you use a secure one, but my guess is you won't find one. [14:56] m1dnight_: yes, more easier command use command line [14:57] the webhosting standard is cPanel, but that doesn't run on Ubuntu. [14:57] m1dnight_: ok, I will be know [14:57] blackflow: why? [14:57] why what? [14:57] Cpanel could be run on any Unix like OS? [14:58] no, only CentOS [14:58] Ok, I didn't know that [14:58] It used to run on Debian iirc, but for several years now it's CentOS only. [14:58] I used ISPmanager on ubuntu [14:59] well... like m1dnight_ said, the free ones are unsecure heaps of... [14:59] it was when I first time install my VPS I bought it with ISP, there had to pay for license [14:59] There is also VestaCP but I know little about it. Supposedly runs on Ubuntu. [15:00] thing is, if you want to get into webhosting industry, you really have just one choice - cPanel or Plesk. The users will require it, especially for one-click migrations, even if you had something else. [15:00] (one choice = I meant one set of choices, between the two) [15:01] The VPS industry is a bit different. There's Proxmox, and of course VMWare proprietary stuff, as well as OpenStack. [15:01] blackflow: see, ISP manager is secure? We can for not serious client use not secure opensource panel cause we won't have motivated serious adversaries, and for good client that I think I won't have we could use Cpanel [15:02] Neo4: however, definitely not something you should be getting into WITHOUT years of experience administering servers WITHOUT panels. [15:02] blackflow: yes, it's broad domain [15:03] blackflow: do you know people who has lack of knowledge for them it's difficult even use Cpanel [15:03] ordinary people know only how to turn on computer and sing in in social network [15:03] ordinary people do not buy hosting services. webmasters do. [15:04] it's majority, you need to orient on this sort of person [15:04] the only way you should start a shared web hosting business in 2018, if at all, is with a deployment framewórk aat its core, with a light user self service web panel as a frontend to queue tasks. [15:04] btw, I'm in the hosting industry since early 2000s. [15:04] blackflow: if person has some little busness he can order online store for 200 - 300$ and have hostingtoo [15:04] they buy [15:05] yes, that's software as a service, SaaS. you can buy turnkey Magento solutions for that, for example, and iirc it can even get cheaper than that, to start with. [15:05] it's not true, not everybody has money to hire personal, even average bussnes, Who has money they will appeale to real good firms for do shop, not for you [15:06] Neo4: yeah but what are we talking about here? What do you want to offer? What kind of service? shared hosting with a panel for webmasters? managed online store SaaS? what? [15:06] tomreyn: I watched on youtube there you can resell prapeared hosting [15:06] yes, cPanel resellers. Cheapest and most numerous. [15:07] Neo4: so you're business will be based on watching youtube videos? [15:08] ok i guess that's off topic here, i won't push this further. [15:08] blackflow: yes, online store on wordpress, registered domain, and VPS with cpanel, + TLS certificate, Client pay me for example 300$ and I did these all and in the end give him all access to site and instruction how to use it [15:08] wordpress is a blog platform. you should not be basing an online store business on it. There are far better tools, specialized, and far more secure, than WP. [15:08] blackflow: it could be not bad bissness, I watch firms that do sites from 1000$, but for start we can take 200 - 300 untill will well work scheme [15:09] blackflow: no, it has woocomerce, that is the moust popular online store platform for a while [15:09] all based on wordpress? [15:10] tomreyn: yes, buy prapered theme on themforest, put to wordpreess, install woocomerce and all needed plugins, write config and site is done [15:10] Neo4: see, that's the problem, you lack experience. all those WP modules are hacks atop of a blogging platform. Take a look at their code internally and you'll see why that is. Encoding fields as [tags] in the main "body" of a "post" to simulate data.... [15:11] WP is a blogging platform. If you want to get serious about online shops, there's specialized tools designed for that. [15:11] blackflow: there don't need programming nothing, only customization, of course you need know CSS and HTML [15:11] just because everyone and their dog rush to WP (and most of them regret installing random plugins), that's another story. [15:12] blackflow: no, you understand nothing, I see you dont know anything about wordpress [15:13] lol. [15:13] if you say so. [15:14] blackflow: https://wordpress.org/plugins/woocommerce/ [15:14] blackflow: the most popular shot in the world for a while [15:15] most popular based on what audit? [15:15] the bigest number of shotps use woocomerce as well as the biggest number of sites use wordpress [15:16] blackflow: I forgot, I read about that in some blog, or in book, It's not precise data [15:19] you mean it's random, unverified and you don't even have the source of it. Got it ;) [15:19] Neo4: but okay. you seem to know all what you need and want to use. Good luck in your business. [15:20] blackflow: Thank, I know what I need, but I stupid to implement it... [15:24] then start playing with it. after a while you'll gain knowledge and experience. [15:25] ok [15:25] I'll try [15:51] I would like to pull a package and all associated dependencies, but rather than install them throw the debs on my package mirror [15:51] Is there a simple way, other than finding each dependency and manually getting each one [15:52] boxrick: I would use chdist and --download-only for that. [15:53] Any example commands, or shall I just look through the man pages? [15:54] boxrick: what do you want to do? Remove dependencies? [15:54] In this case, I want to download a package, all its dependencies and throw it into an aptly repo [15:54] aptly ( package mirror ) [16:29] what read about DNS? I badly know how it works [16:29] want to improve knowledge [16:31] I've got this book [16:31] https://www.amazon.com/Security-Management-Press-Networks-Services/dp/1119328276/ref=sr_1_1?ie=UTF8&qid=1523636451&sr=8-1&keywords=dns+security+management [16:31] is it good one? Worth to read it? [16:32] that book looks like not my level [18:25] Is there a way to find out what or who deleted a folder? After rebooting my server /var/run/mysqld/ went poof. I checked my bash history and didn't delete it myself [18:26] are you sure you're looking in the right place? /var/run is a symlink to /run on my system, and /run is a tmpfs [18:26] it goes away *every* reboot [18:26] Hmm good point. The problem is mysqld couldn't create a socket or pid file [18:27] Had to manually create the directory with the right perms [18:27] strictly speaking, yes, you can install auditd rules to watch for unlink, rmdir, and rename syscalls, but you have to install the rules beforehand [18:27] I'll try rebooting and see if it does it again [18:28] Hmm yep it's gone again. So I guess the question is why can't it create the file it needs? === devil is now known as Guest61956 [18:29] anything in dmesg? mysql logs? [18:33] Didn't see anything in dmesg, checking elsewhere [18:35] This seems to be a problem for two different machines with similar configurations [18:38] I think it narrowed it down to the fact that the default service creates that folder, but the mariadb@ services don't [18:41] Probably a bug I get to report... yay [18:44] if nothing else, the logs collected by the bug report tool may help point out the problem :) [18:45] I'm comparing /lib/systemd/system/mariadb.service and mariadb@.service and it is missing the step where it creates that directory [18:45] Among other things [18:48] Missing this line [18:48] ExecStartPre=/usr/bin/install -m 755 -o mysql -g root -d /var/run/mysqld [18:50] Thanks for your help once again :) I'll take this up with the mariadb people [18:50] woot [18:52] ProCycle: RuntimeDirectory=mysqld is probably better [18:54] I figure that's a holdover from init.d [18:54] MySQL's service unit has: [18:54] RuntimeDirectory=mysqld [18:54] RuntimeDirectoryMode=755 [18:56] Oracle mysql? === iarp_ is now known as iarp [18:58] I'm going to add an override... once I can remember how to do it [18:59] systemctl edit $foo [18:59] ProCycle: yes, mysql as provided by the mysql-server package in Ubuntu [19:03] Does it have a mysqld@.service file? Do they do the same in that one? [19:04] It seems that RuntimeDirectory= gets deleted when the service stops so it wouldn't be appropriate for multiple services all using the same runtime directory [19:05] Though maybe a better way is to simply create a /var/run/mariadb%I directory for each [19:07] ProCycle: with MySQL on Xenial, there is only 1 unit: https://paste.ubuntu.com/p/ktv9Np5GPF/ [19:07] Ah so to run multiple instances you need to use mysqldmulti or whatever it was called [19:08] I guess so [19:08] I like mariadb's way, it's so much easier to manage through systemd instead of yet another manager [19:09] sans this one bug === devil is now known as Guest55708 [19:51] nacc: do you have a moment to review https://code.launchpad.net/~ahasenack/ubuntu/+source/autofs/+git/autofs/+merge/343237 ? It's a simple revert of the immediate previous change and fixes a segfault. Test included in the mp [19:51] nacc: I can then start reviewing g-u again [19:52] ahasenack: looking [19:52] thx [19:53] ahasenack: you've already tested this, i assume? do you need me to upload? [19:53] yes and yes [19:53] ahasenack: ok one moment [19:54] bug reporter confirmed that not linking with tirpc fixes it for him, and I confirmed as well [19:54] and you can try the test case, it's quick [19:54] the ppa built the debs already, they are just not published yet [19:55] ack [19:55] I used wget https://launchpad.net/~ahasenack/+archive/ubuntu/autofs-no-tirpc-1745817/+build/14756265/+files/autofs_5.1.2-1ubuntu3~ppa1_amd64.deb [20:01] ahasenack: looks good [20:01] nacc: did you try it? [20:02] ahasenack: yeah [20:02] cool [20:02] if I had more time, that would make an excellent dep8 test [20:13] nacc: I'm starting with https://code.launchpad.net/~nacc/usd-importer/+git/usd-importer/+merge/343143 [20:13] nacc: I have to run to an appt in a few, but I'll continue when I'm back [21:57] ahasenack: sure, thanks [22:59] back