| === nolan__ is now known as nolan_ | ||
| === cpaelzer__ is now known as cpaelzer | ||
| lordievader | Good morning | 07:57 |
|---|---|---|
| hwpplayer1 | lordievader : Good morning | 08:01 |
| lordievader | waveform: | 08:01 |
| lordievader | Whoops, I meant 👋 | 08:01 |
| Repox | Hello. I'm having some issues with Ubuntu 18.04 and netplan (apparently). After doing some package updates on my server, network is now unreachable. I don't have much experience with netplan and now my hosting provider stopped responding as they "don't provide software support". I've been down for the past three hours, sadly. | 09:47 |
| === nolan__ is now known as nolan_ | ||
| lordievader | If you don't have experience with netplan you can ditch it for something you do know. | 10:05 |
| Repox | I wasn't aware. Can I just disable it? ifupdown isn't installed currently, and because I can't get online I can't install that package. | 10:07 |
| kiokoman | Repox: you can still create/modify /etc/network/interfaces and reboot/restart networkmanager | 10:23 |
| Repox | kiokoman I tried adding /etc/network/interfaces and wrote a manual config and did systemctl restart systemd-networkd, but I still can't reach the network? | 10:25 |
| weedmic | i wrote a user creation programme that prompts the details for netplan | 10:27 |
| kiokoman | Repox: check with -> ip address <- if it's configured | 10:29 |
| kiokoman | or try ro reboot | 10:30 |
| deadrom | hi | 11:11 |
| deadrom | in 18.04, what's the preferred method to create regular full backups for bare metal restore to a network storage? | 11:12 |
| deadrom | ...of the OS | 11:16 |
| qman__ | deadrom: rsync | 12:56 |
| lordievader | Or a frontend of rsync: dirvish | 13:00 |
| rbasak | ahasenack: how's the MySQL my_bool change looking? Do you have any remaining packages that need fixing? | 13:10 |
| ahasenack | rbasak: I'm https://bugs.launchpad.net/ubuntu/+source/zoneminder/+bug/1859295working on the zoneminder runtime issues now, | 13:11 |
| ubottu | Launchpad bug 1859295 in zoneminder (Ubuntu) "zoneminder 1.32.3-2build1 does not work with MySQL 8" [Undecided,New] | 13:11 |
| ahasenack | rbasak: maybe take a look at clickhouse? | 13:12 |
| ahasenack | these are the two remaining ones (clickhouse and zonemindeR) | 13:12 |
| ahasenack | rbasak: for clickhouse, I have these notes: "clickhouse: my_bool typedef wasn't enough, it failed elsewhere now. Check LP #1840938" | 13:12 |
| ubottu | Launchpad bug 1840938 in clickhouse (Ubuntu) "Please remove clickhouse from the release pocket" [Undecided,Fix released] https://launchpad.net/bugs/1840938 | 13:12 |
| rbasak | ahasenack: OK, I'll loock at clickhouse | 13:15 |
| ahasenack | rbasak: my build attempt from the ppa: https://launchpad.net/~ahasenack/+archive/ubuntu/mysql8-my-bool-removal/+packages?field.name_filter=clickhouse&field.status_filter=published&field.series_filter= | 13:16 |
| cgi | anyone here who has setup a mongodb cluster recently? | 13:59 |
| cgi | When I do IP whitelisting - how secure is that to outside attacks? I am trying to run a dabase with 3 local machines, only accessible to 192.168.* | 14:00 |
| Ussat | How positive are you that no bad actor will ever have one of those ip's ? | 14:02 |
| tomreyn | cgi: i would not want to run mongodb or any database on a system with an internet connected network interface without a firewall. but YMMV, in the end it all comes down to "how sensitive is this data", and what's your effort / benefit evaluation? | 14:32 |
| rbasak | I would say that it's not just your data at risk, but your entire system. | 14:32 |
| rbasak | Plus your hosting/connection if a system is compromised and use for abuse | 14:33 |
| rbasak | used for abuse | 14:33 |
| rbasak | eg. spam | 14:33 |
| tomreyn | good point | 14:37 |
| cgi | tomreyn, if the port is closed for outside IPs - how does one attack it? | 14:47 |
| tomreyn | cgi: in the scenario you described, the port would not be closed to ingress traffic from the internet (unless there would be an additional firewall between the host and the internet) | 14:50 |
| tomreyn | cgi: should vulnerabilities become known which allow for circumventing source IP address based ACLs, or should software lack such in the first place (mongodb is well known for having had this specific issue), then (or should i say in general) you'll better have network segemntation in place. | 14:53 |
| alfatau | hi everybody. I'm planning to install a new ubuntu 18.04 server edition. Actually I'm running an old 12.04 that has been out of support since 2017. Can you advise me some free very-concise-and-practical documentation to basically learn the main differences and advantages between "legacy" administrative tools and newest one (e.g. ifconfig vs | 14:55 |
| alfatau | netplan, apt-get vs snap, ...). My target is to have an overview of what's new and why some tools have been replaced. Then I'll deepen each new tool when needed. thank you in advance | 14:55 |
| tomreyn | cgi: scenarios where you rely just on ACLs (but network connectivity is enabled FROM ANY) can also still be subject to traffic amplification attacks, potentially brute force attacks. | 14:55 |
| teward | rbasak: re: your reply on 1743592 today - I think it's too late in the cycle to consider that change - if only because there may be automated log parsers that are not configured properly for this (fail2ban for instance) which will detect a v6 IP and use ip6tables which might not catch the v4 traffic properly. | 15:02 |
| teward | I think any major fundamental change to the nginx logging mechanism in the default setup like this needs to happen way earlier in the cycle. | 15:02 |
| teward | and not 3 days before FF | 15:02 |
| teward | (my two cents as the nginx maintainer) | 15:03 |
| teward | which is why I had said in the bug that we should consider that as a 20.10 change | 15:03 |
| teward | i don't want to have to go fixing fail2ban, etc. this late in the cycle | 15:03 |
| teward | i don't disagree it's a 'good solution' but this close to FF and this late in the cycle I think it's too late to contemplate changing default logging format for IPs. | 15:04 |
| rbasak | teward: fail2abn is a good shout | 15:04 |
| rbasak | Though I would argue that this is what feature freeze is for - to stop changing things like default log formats, so other tooling can have bugs in their parsing fixed, etc | 15:04 |
| rbasak | I don't disagree with you though - it's an important consideration. I remain on the fence | 15:04 |
| teward | good point, I don't disagree, but i'm still hesitant making this the default 3 days before FF, and because I use F2B in many environments where nginx runs, I'm reallllllll hesitant to make this change until I do heavy-duty testing in a dev environment | 15:05 |
| teward | so I think for 20.04 I'm going to say "Let's defer the discussion of this change to 20.10, until we do more in-depth testing on how this will affect f2b and others we're aware of that parse logs for security purposes" | 15:05 |
| teward | because I'm realllllllllllllll hesitant changing that this late in the cycle (even though it's not FF< that's still 3 days away...) | 15:06 |
| teward | not opposed ot the discussion for 20.10 and beyond, but fully opposed to making that change for 20.04 at the moment | 15:06 |
| teward | 'cause I want to see what F2B does with that change in place from a logging perspective - it might "just work" or it might barf hard, but I want to make sure stuff "works" for the LTS :P | 15:06 |
| teward | rather than introduce a change and scrable to fix F2B and other Universe items (though I don't think their autopkgtests will catch it) | 15:07 |
| rbasak | I understand | 15:07 |
| teward | granted, I have no true say in it, but I'm thinking it's better to err on the side of caution :p | 15:07 |
| rbasak | You absolutely do have a say | 15:08 |
| rbasak | It'll be a collective decision | 15:08 |
| teward | forgive E:FailToMakeSense, I'm not caffeinated yet. | 15:08 |
| rbasak | But your opinion does weigh in | 15:08 |
| teward | E:BusyMorning | 15:08 |
| teward | glad to know it does :) | 15:08 |
| === hggdh-msft is now known as hggdh | ||
| === nolan__ is now known as nolan_ | ||
| cgi | is there a good place to install redis 5 for ubuntu 18.04LTS? | 22:22 |
| pragmaticenigma | can you be more specific in your question cgi? | 22:22 |
| pragmaticenigma | define "good place" for us | 22:23 |
| cgi | pragmaticenigma, I can install from source. Is there a better way to get redis 5? | 22:23 |
| pragmaticenigma | !info redis | 22:25 |
| ubottu | redis (source: redis): Persistent key-value database with network interface (metapackage). In component universe, is optional. Version 5:4.0.9-1ubuntu0.2 (bionic), package size 3 kB, installed size 70 kB | 22:25 |
| pragmaticenigma | cgi, redis v5 is already available in the repositories... no need to install from source | 22:26 |
| pragmaticenigma | cgi, "sudo apt-get install redis-server" should get you up and running | 22:26 |
| cgi | pragmaticenigma, 5:4.0.9-1ubuntu0.2 - which version is that 4.0.9? or 5.x? | 22:28 |
| tomreyn | upstream 4.0.9 | 22:32 |
| cgi | tomreyn, is there a place I can get 5.x redis for ubuntu 18.04LTS? | 22:34 |
| tomreyn | cgi: possibly, but not in ubuntu | 22:35 |
| tomreyn | i believe in your ability to run a web search | 22:35 |
| pragmaticenigma | cgi, Also, you can wait a couple months as redis 5 will be available in Ubuntu 20.04 | 22:36 |
| cgi | pragmaticenigma, is 20.04 an LTS coming out in april? | 22:41 |
| teward | cgi: yes | 22:43 |
| pragmaticenigma | !YY.MM | cgi | 22:44 |
| ubottu | cgi: Ubuntu version numbers are: YY.MM (YY=release year,MM=release month). Each year sees two releases, so just specifying YY is imprecise. See also https://www.ubuntu.com/about/release-cycle | 22:44 |
Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!